background preloader

State Surveillance

Facebook Twitter

Finding Proportionality in Surveillance Laws – Andrew Murray. The United Kingdom Parliament is currently in the pre-legislative scrutiny phase of a new Investigatory Powers Bill, which aims to “consolidate existing legislation and ensure the powers in the Bill are fit for the digital age”. It is fair to sat this Bill is controversial with strong views being expressed by both critics and supporters of the Bill. Against this backdrop it is important to cut through the rhetoric and get to the heart of the Bill and to examine what it will do and what it will mean in terms of the legal framework for British citizens, and indeed for those overseas. The Investigatory Powers Bill Much of the Bill’s activity is to formalise and restate pre-existing surveillance powers. As a result the Bill restates much of the existing law in a way which should be more transparent and which, in theory, should allow for greater democratic and legal oversight of the powers of the security and law enforcement services.

Proportionality Like this: Like Loading... US government to continue to administer Safe Harbor after ECJ ruling. Peter/Flickr (CC) The US government says it will continue to administer the "Safe Harbor" program, a framework for transferring citizens' data between Europe and the US — despite it being struck down by Europe's top court earlier this month. Any Safe Harbor self-certifications issued by the US Department of Commerce since the ruling will not hold any legal weight with European authorities — meaning American companies who choose to take this route are opening themselves up to legal challenges from national regulators. The 2000 Safe Harbor decision was a way to unify Europe and America's disparate regulatory regimes, and streamline the transfer of data on citizens between the two regions for companies. It meant that US companies could self-certify with the Department of Commerce, and not have to worry about differences in regulation in over 20 European countries.

The ruling throws the around 4,500 American companies that relied on Safe Harbor into confusion and legal jeopardy. Dr. GCHQ can spy on MPs, tribunal rules. But following a challenge by Green MP Caroline Lucas and others, the IPT has ruled that is has no legal basis. • Fears GCHQ could be spying on MSPs Ms Lucas said the ruling was a “body blow for democracy” while a leading civil rights lawyer said it meant the doctrine was “not worth the paper it was written on”.

The tribunal panel, headed by Mr Justice Burton, also ruled the doctrine only applies to targeted, and not incidental, interception of Parliamentary communications. And it did not apply to members of devolved assemblies or MEPs. • Blanket surveillance is a stain on our democracy But even in cases of direct, targeted surveillance, the panel said the doctrine had no legal effect, save that in practice the Security and Intelligence Agencies must comply with their own guidance. The tribunal published some of that guidance for first time, including that of MI5 which read: “The Wilson Doctrine does not prohibit the interception of Parliamentarians’ communications. Plow. Ecf.dcd.uscourts. It’s No Secret That the Government Uses Zero Days for “Offense” Little by little, the government is opening up about its use of computer security vulnerabilities. Last month, the NSA disclosed that it has historically “released more than 91% of vulnerabilities discovered in products that have gone through our internal review process and that are made and used in the United States.”

There should probably be an asterisk or four accompanying that statement. But more on that in a minute. First, it’s worth examining why the government is being even the slightest bit forthcoming about this issue. Since 2014, EFF has been suing under the Freedom of Information Act to get access to what the government calls the Vulnerabilities Equities Process (VEP). We’ve had some real success. But in the VEP document released as part of EFF’s lawsuit, the government has been too coy about these offensive uses. Redacted text in the VEP Document released to EFF The same words unredacted in an older document So what to make of the NSA’s 91% statistic? NSA shuttered bulk email program in 2011, replaced with similar initiatives. Internet's root name servers DDoS attacks peak at ...

Two unusual DDoS attacks targeted several of the the internet's root name severs. Cybercrime article on Guardian site delivers malware via ... An archived article on The Guardian website that investigates cybercrime is providing more than information, it's delivering malware via the Angler Exploit Kit. NIST opens comment period on Framework for Improving ... The National Institute of Standards and Technology (NIST) will begin accepting comments and feedback starting on December 11 on its voluntary "Framework for Improving Critical Infrastructure Cybersecurity. " NSA Ordered to Stop Collecting, Querying Plaintiffs' Phone Records. Affirming his previous ruling that the NSA’s telephone records collection program is unconstitutional, a federal judge ordered the NSA to cease collecting the telephone records of an individual and his business.

The judge further ordered the NSA to segregate any records that have already been collected so that they are not reviewed when the NSA’s telephone records database is queried. The order comes 20 days before the NSA program is set to expire pursuant to the USA FREEDOM Act. United States District Judge Richard Leon issued the order in Klayman v. Obama, a case in which EFF appeared as amicus curiae. Judge Leon ruled in December 2013 that the program was unconstitutional because it violated the 4th Amendment’s prohibition on unreasonable searches. Judge Leon found that these two new plaintiffs had standing to sue the NSA both over the past phone records collection as well as the ongoing collection.

Judge Leon acknowledged that the program was due to expire in 20 days. It’s No Secret That the Government Uses Zero Days for “Offense” NSA shuttered bulk email program in 2011, replaced with similar initiatives. ODNI Announces Transition to New Telephone... The NSA sure breaks a lot of "unbreakable" crypto. This is probably how they do it. / Boing Boing. There have long been rumors, leaks, and statements about the NSA "breaking" crypto that is widely believed to be unbreakable, and over the years, there's been mounting evidence that in many cases, they can do just that. Now, Alex Halderman and Nadia Heninger, along with a dozen eminent cryptographers have presented a paper at the ACM Conference on Computer and Communications Security (a paper that won the ACM's prize for best paper at the conference) that advances a plausible theory as to what's going on.

In some ways, it's very simple -- but it's also very, very dangerous, for all of us. The paper describes how in Diffie-Hellman key exchange -- a common means of exchanging cryptographic keys over untrusted channels -- it's possible to save a lot of computation and programmer time by using one of a few, widely agreed-upon large prime numbers. Though that's not quite true. Based on the evidence we have, we can’t prove for certain that NSA is doing this.

Australia's new Data Retention laws

State surveillance privacy Freedom of expression. NSA backdoors in products. NSA Surveillance and PRISM. GCHQ allowed to spy on MPs and peers, secret court rules. Data Protection: filling the post-Safe Harbour vacuum. Study reports draft EU Data Protection Regulation leaves gaps in protection when it comes to Big Data, Internet of Things and smart devices | Technology Law Dispatch.

A study published 22 September 2015 criticises the EU’s development of its Digital Single Market (‘DSM’) strategy for being overly commercially and economically driven, with little attention to the key legal and social challenges regarding privacy and personal data protection. The development of the DSM should not be at the expense of individuals’ privacy rights, say the authors. The study was commissioned by the European Parliament’s Civil Liberties, Justice and Home Affairs Committee. The DSM strategy was unveiled earlier this year and is aimed at removing regulatory barriers so that digital services can operate seamlessly throughout the EU. However, despite promises made by the Commission and DSM Vice President to review the interplay between the e-Privacy Directive (2002/58/EC) and the DSM, the study finds that the strategy downplays the complexity of issues such as data anonymisation and minimisation in Big Data.

China and DP

Spain surveillance. Germany state surveillance. France surveillance. NSA PRISM program. NSA and GCHQ unlock privacy and security on the internet. State surveillance privacy Freedom of expression. Omniveillance. NSA backdoors in products.