On The Day We Fight Back Against Mass Surveillance (sign here if you haven’t already done so) I took a moment to glance through the draft report prepared by the European Parliament’s civil liberties, justice and home affairs committee (LIBE) on mass surveillance. It will be voted on tomorrow (Wednesday 12 February). It shows that some of our politicians (you can bet that there are few British politicians included) actually do care about our privacy and civil liberties.
After many legalistic pages of having regard to this and whereas that, it gets to the meat. Here’s an example from among many similar paragraphs:
Condemns in the strongest possible terms the vast, systemic, blanket collection of the personal data of innocent people, often comprising intimate personal information; emphasises that the systems of mass, indiscriminate surveillance by intelligence services constitute a serious interference with the fundamental rights of citizens; stresses that privacy is not a luxury right, but that it is the foundation stone of a free and democratic society; points out, furthermore, that mass surveillance has potentially severe effects on the freedom of the press, thought and speech, as well as a significant potential for abuse of the information gathered against political adversaries; emphasises that these mass surveillance activities appear also to entail illegal actions by intelligence services and raise questions regarding the extra-territoriality of national laws;…
That’s paragraph 9, and the rest are in similar vein. Paragraph 14 says:
Strongly rejects the notion that these issues are purely a matter of national security and therefore the sole competence of Member States; recalls a recent ruling of the Court of Justice according to which ‘although it is for Member States to take the appropriate measures to ensure their internal and external security, the mere fact that a decision concerns State security cannot result in European Union law being inapplicable’; recalls further that the protection of the privacy of all EU citizens is at stake, as are the security and reliability of all EU communication networks; believes therefore that discussion and action at EU level is not only legitimate, but also a matter of EU autonomy and sovereignty;…
Then follows 98 paragraphs of recommendations on what to do about it. Basically, it is ‘stop it’, ‘don’t do it again’, and ‘introduce these measures to prevent it’. Lest our American friends – and the American people are our friends – think this is just US-bashing, I should point out that certain EU member states are also criticised. Obviously this is primarily the UK and GCHQ; but the intelligence services of Sweden, Germany and France are also included.
Finally, the report
Instructs its President to forward this resolution to the European Council, the Council, the Commission, the parliaments and governments of the Member States, national data protection authorities, the EDPS, eu-LISA, ENISA, the Fundamental Rights Agency, the Article 29 Working Party, the Council of Europe, the Congress of the United States of America, the US Administration, the President, the Government and the Parliament of the Federative Republic of Brazil, and the United Nations Secretary-General.
It won’t happen of course. And even if it does, it will get no further. It will very rapidly get buried in European bureaucracy, largely at the instigation of the UK and the other major European players who have more to lose than gain in allowing their own citizens the rights they were born with.
But I am greatly fortified by the fact that this report shows some European politicians really do care about privacy and liberty.
I have been waiting for Neelie Kroes to announce the EU’s new proposals on digital identities. She was expected to announce them before the end of May; but either she hasn’t – or she has done it so quietly that I didn’t notice. The intent, as far as I understand it, is to rationalise digital identities across Europe. This will be contentious. There are those who will see it as a backdoor electronic ID card. So the UK, which has already fought off one attempt at the imposition of national ID cards will be particularly concerned.
Cameron and Clegg won’t be concerned. They will welcome the opportunity to grab more control over both the internet and the voter. They will claim firstly that it isn’t an ID card (don’t believe them; it will inevitably grow into more of a controlling digital ID card than Brown’s plastic physical card could ever do); and secondly they will claim that they have no choice, it is forced upon them by virtue of EU treaties that tie their hands.
But it will still be contentious, and both the EU and the UK governments would love to avoid that. The best way to slip something in is when people are looking the other way. And the UK is going to be doing a lot of looking the other way over the next couple of months. Right now we’ve got the Queen’s Jubilee, then we’ve got the football, and after that we’ve got the London Olympics. I shall be watching very closely to see exactly when the digital identities proposal is announced.
The best and most cynical time would be on this coming Monday or Tuesday when the entire UK will be involved in self-absorbed naval contemplation during the Jubilee celebrations.
The newswires are awash with news: ACTA is dead. Neelie Kroes, the European Commissioner in charge of the Digital Agenda, is quoted as accepting that ACTA is dead in Europe.
We can all breathe a sigh of relief and relax.
No we can’t. That’s exactly what they want us to do – and that’s what we must absolutely not do. The moment we take the pressure off our own MEPs, that moment will the silent and pervasive money-based pro-ACTA lobbying increase. While we’re still celebrating, ACTA will be ratified.
And even if it is rejected, it’s just a battle. The war will continue. If defeated, ACTA will simply return in a different name.
Governments want control of the internet. It suits their purpose to gain that control by ‘supporting’ industry; it disguises their intent. So even if, as they eventually must, rightsholders realise they must adapt to rather than fight against new technology, the provisions of ACTA will return under another guise.
At the moment, Hollywood is merely bribing government to do what government already wants to do. ACTA will never die until governments understand that they are the servants and not the masters of the people. They are there to enact what we want, not what megalomaniac politicians want. It’s called democracy.
News stories for Thursday 3 May and Friday 4 May 2012:
OpBayBack announced by Anonymous look-alike: TheWikiBoat
It was only a matter of time before one hacktivist group or another would react to the UK court-ordered ISP block on The Pirate Bay.
04 May 2012
The UK Protection of Freedoms Bill this week; telecommunications surveillance next week?
A major plank of both the Conservative and LibDem election campaigns was to ‘roll back the database state’ and curtail invasive bureaucratic surveillance. But has the Coalition achieved this? And what about the proposed communications monitoring bill?
04 May 2012
Website infection hits Israeli Institute for National Security Studies
Israeli websites frequently come under cyber attack. Now Websense reports that the Israeli Institute for National Security Studies (INSS) has been infected with malicious code ultimately leading to a Poison Ivy variant.
04 May 2012
LOIC DDoS tool – is it ‘safe’ for the user?
The DDoS weapon of choice for Anonymous activists, the Low Orbit Ion Canon (LOIC), was downloaded from the internet 381,961 times during 2011. That number has already been exceeded in 2012, with daily downloads averaging more than 3400.
04 May 2012
SOCA knocked off the web by DDoS – again
The UK’s Serious Organised Crime Agency has today confirmed that a DDoS attack forced it take its website off-line at 22:00 Wednesday. As of writing, 14:30 Thursday, it is still down.
03 May 2012
UK wi-fi connectivity is inadequate
As the UK economy headed into another recession, a UKFast round table of business and technology experts, slated to discuss the digital wallet, inevitably discussed the economy and what government should do about it.
03 May 2012
The evolving role of the CISO – new study by IBM
A study by IBM’s Center for Applied Insights concludes that there are now three ‘types’ of CISO: influencers, protectors and responders. Evolution towards the ‘influencer’ role is necessary, and happening.
03 May 2012
Hackers levy an ‘idiot tax’ on Belgian bank
“While this could be called ‘blackmail,’ we prefer to think of it as an ‘idiot tax’ for leaving confidential data unprotected on a Web server,” announces an unidentified hacker group in a news statement on Pastebin.
03 May 2012
Before I go further I need to offer thanks to three sources. Firstly, to Monica Horten at the excellent IPtegrity blog who saw the connection. Secondly to the genius of Richard O’Brien who penned such a prescient prophesy. And thirdly to the authors of ACTA, without whom – well, I wish we were without whom.
The story reported by Monica is the jump to the left in the European Parliament (socialist rapporteur says he recommends that ACTA be rejected) followed by the step to the right (EPP Sarkozy-ite delays things to buy more time for the rightsholder lobbyists to regroup) – and it was Monica who made the connection with Richard O’Brien. (I’ve reported the ‘news’ side of this story on Infosecurity Mag) “ACTA: EU Parliament takes a step to the right,” is Monica’s headline. “It took a jump to the left…” is the first line.
“It’s just a jump to the left And then a step to the right” is the source in Richard O’Brien’s phenomenal Time Warp song from The Rocky Horror Picture Show. What I hadn’t realised is quite how accurate those lyrics turn out to be.
Hollywood/government lays out its intention for the internet: It’s astounding, time is fleeting – Madness takes its toll – But listen closely, not for very much longer – I’ve got to keep control
But users are lost in their own, innocent, dreamy vision of the internet: It’s so dreamy, oh fantasy free me – So you can’t see me, no not at all
This is such a romantic view of freedom and the internet! But Hollywood/government responds: In another dimension, with voyeuristic intention – Well-secluded, I see all – With a bit of a mind flip – You’re there in the time slip – And nothing can ever be the same
This is O’Brien at his most prophetic. Hollywood/government wishes, from a hidden point of view, to see everything that happens on the internet. And once they succeed, nothing will ever be the same again.
O’Brien goes on to foretell what will happen. The user concludes: Well I was walking down the street just a-having a think – When a snake of a guy gave me an evil wink – He shook me up, he took me by surprise – He had a pickup truck and the devil’s eyes. – He stared at me and I felt a change – Time meant nothing, never would again.
Hollywood/government wins. The Time Warp itself? They will just keep cycling round in a time warp, time and time again, until they succeed. Just beware when that snake of a guy gives you an evil wink – and make sure you never vote for him again!
CISPA, the Cyber Intelligence Sharing and Protection Act, was rushed through the House of Representatives on Thursday last week. It was passed by 248 votes to 168. On the previous day, Wednesday, President Obama – or more specifically, the Office of Management and Budget – warned that he would veto the bill: “Legislation should address core critical infrastructure vulnerabilities without sacrificing the fundamental values of privacy and civil liberties for our citizens… for the reasons stated herein, if H.R. 3523 were presented to the President, his senior advisors would recommend that he veto the bill.”
Doesn’t mean he will veto the bill. Guantanamo? NDAA?
It’s a possibility not lost on Anonymous. On Friday it issued its own citizen call to arms. It’s not asking for the usual DDoS attack – at least not yet, because it’s not clear who would need to be attacked, but it does say:
President Obama has already stated that he will veto the bill, but this is also what was said about NDAA.
Anonymous’ call is:
We have defeated previous attempts to censor our only platform of true honest communication, the internet. SOPA was only the beginning.
Sign petitions, call your congressmen, and kill this act in the senate.
As a foreign observer I would say that one thing is very clear about CISPA: it is being sold to the American public on a tissue of lies, misconceptions, misleading claims and overarching FUD. It will do nothing to prevent terrorism. It will do nothing to curtail crime. But it will allow both US law enforcement and the entertainment industry to legally spy on the private and legitimate communications of both innocent US citizens and everyone else anywhere in the world. A specific misleading endorsement? Joel Kaplan, Vice President-U.S. Public Policy, Facebook, wrote:
Importantly, HR 3523 would impose no new obligations on us to share data with anyone –- and ensures that if we do share data about specific cyber threats, we are able to continue to safeguard our users’ private information, just as we do today [my ironic emphasis].
If the American citizen can expect the same from the US government as the Facebook user can from Facebook, then expect your personal data to be covertly extracted and sold to the highest bidder. It’s time to listen to those great advocates of US free speech: ACLU, EFF, CDT and, I have to say, Anonymous.
Vietnam is reportedly due to issue a new decree in June entitled “Decree on the Management, Provision, Use of Internet Services and Information Content Online”. It will among other things,
Force foreign companies that provide online services such as social networking, blogging, discussion forums and chat to cooperate with the Vietnamese government and provide it with the information it needs to crack down on activities banned by the decree.
(Reporters Without Borders)
It’s what we have come to expect from authoritarian undemocratic communist regimes. Thank god we have the Free West to protect our freedom, free speech and privacy. All that’s happening in the US is the Internet Rogering Act (otherwise known as Representative Michael Roger’s Cyber Intelligence Sharing and Protection Act – CISPA). And of course all CISPA does is allow companies like Facebook and Microsoft and Google and ISPs to share our personal data freely without just cause or due process or legal redress with themselves and the government because they feel like it.
Well at least we’ve got the UK, with its mother of parliaments, habeas corpus, proud history of tolerance, freedom, justice and other detriments to effective government. All the UK government (you remember, that one that condemned Labour’s authoritarian attitudes when it was in opposition) is doing is the preparation of an unnamed bill to be presented at the earliest opportunity and designed to force all ISPs to provide total traffic information on demand, in real-time, without just cause or due process or legal redress, on all UK citizens to the government’s spy agency (GCHQ). That’s everyone you speak to and every website you visit.
So they’ll know if you speak to a criminal (or terrorist) even if you don’t know it’s a criminal (or terrorist), and you will forever be associated with that criminal (or terrorist) even though you don’t know it. And they will know which websites you visit, whether it’s politically subversive (ie, not in line with government thinking), or pornography (eg, Sun Page 3), or whatever. They’ll know you’re going there probably before you even get there.
But don’t worry. All of us real criminals and terrorists will easily get round both the US and UK laws with encryption and foreign proxies and the onion web – so it’s only the innocent citizens that will actually be affected. Thank god we don’t live in Vietnam or China or Iran.
Security and Liberty are opposite ends of the same see-saw. If one end goes up, the other must necessarily go down. The problem is finding the right balance between the two. Unfortunately, those with responsibility over our security will always tip the balance in their own favour, thus reducing our liberty. This is dangerous when it is government, for it is an inevitable road to a police state – and both Europe and the US are already a long way down that road.
But it shows itself at every level. The security industry itself faces this dilemma every day: do they do everything they can to protect their customers, or do they temper their actions and beliefs with civil liberty issues?
Here’s a case in point. Apple’s response to the Flashback trojan is, says Wolfgang Kandek, CTO of Qualys, ‘innovative’. “Apple released today a new, quite innovative version of Java for Mac OS X 10.7 and 10.6. Innovative, because the new version does not fix any vulnerabilities, but instead addresses two of the current Java on Mac landscape problems,” he writes. Firstly, it erases known variants of Flashback; and secondly “it automatically disables Java when it has not been used for the last 35 days.”
Wolfgang is pleased with the latter. “It makes total sense to me: we have been telling users to disable or uninstall Java if they do not need it, but we know very well that only very security conscious users will do so.” That’s a security man speaking. But my view is the opposite: Apple has no right to arbitrarily mess with my computer.
By taking away my responsibility for myself, by taking control of my security for me, Apple is simultaneously making me less likely to be personally responsible in the future, while also making me more likely to accept the security dictates of government. Already one of government’s standard arguments whenever it proposes some new form of surveillance is “if you haven’t done anything wrong, you don’t have anything to worry about.” And we actually think they have a point because our concept of our own freedom is constantly eroded.
But the reality is this: because I have done nothing wrong, you have no bloody right to spy on me. So whenever a security man, government or industry, says to you, we’ll look after your security, ask yourself at what cost?
Here’s a turn up. An organization whose members include the Entertainment Software Association (ESA), the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA) has been fighting censorship on the internet. True. No joke.
The organization is the Media Coalition, which bills itself as ‘defending the first amendment since 1973’. The censorship is Arizona’s anti-trolling law, H.B. 2549, which says “It is unlawful for any person, with intent to terrify, intimidate, threaten, harass, annoy or offend, to use any electronic or digital device and use any obscene, lewd or profane language or suggest any lewd or lascivious act, or threaten to inflict physical harm to the person or property of any person.” The intent is clear – to prevent cyber-bullying.
But, says Media Coalition, it amounts to censorship. It wrote to Gov Brewer, saying that Arizona’s law “takes a law meant to address irritating phone calls and applies it to communication on web sites, blogs, listserves and other Internet communication. H.B. 2549 is not limited to a one to one conversation between two specific people. The communication does not need to be repetitive or even unwanted. There is no requirement that the recipient or subject of the speech actually feel offended, annoyed or scared. Nor does the legislation make clear that the communication must be intended to offend or annoy the reader, the subject or even any specific person.”
On its website, MC explains further. “Because the bill is not limited to one-to-one communications, H.B. 2549 would apply to the Internet as a whole, thus criminalizing all manner of writing, cartoons, and other protected material the state finds offensive or annoying.” In short, this law amounts to censorship of the internet; something that the MPAA and RIAA could never countenance. Fear not intrepid users of the internet; the MPAA and RIAA will always fight to protect your freedoms.
In one small paragraph that buggers belief, UK members of parliament show that they are divorced from the reality of public opinion and bereft of internet knowledge.
Google acknowledged that it was possible to develop the technology proactively to monitor websites for such material in order that the material does not appear in the results of searches. We find their objections in principle to developing such technology totally unconvincing. Google and other search engines should take steps to ensure that their websites are not used as vehicles to breach the law and should actively develop and use such technology. We recommend that if legislation is necessary to require them to do so it should be introduced.
Joint Committee on Privacy and Injunctions – First Report: The role of search engines
These people, the cross-party Joint Committee on Privacy and Injunctions, are actually suggesting that Google should be forced, by law, to “develop and use” censorship.
There have been riots in European streets over ACTA’s censorship. The US government has been forced (however temporarily) to backtrack over SOPA’s censorship. The anti-censorship Pirate Party has won parliamentary seats in Germany. So much for being interested in public-opinion. And as for the internet. Almost 20 years ago John Gilmore said “The Net interprets censorship as damage and routes around it.” We’ve had two decades of immune system development since then. If it routed around in 1993, it will shrug off in 2012. All that will happen is that otherwise innocent people will be forced to break or by-pass the law in a natural curiosity about the truth.
But such supreme arrogance from our political master raises two important questions about the nature of democracy in the free democratic West.
- Do we elect people in order to delegate total responsibility to them, in order to say, ‘here you go, you make up my mind for me in future and just tell me what to do’; or do we elect people to enact what we wish them to enact?
- Is the rule of law sacrosanct; that is, once these people pass a law, do we have to obey that law under all circumstances?
To the first I say categorically that my elected representative is there to represent me and my wishes. He or she is not there to represent the wishes of business, other governments or anything or person other than me. And I say think again about your current attitude towards internet censorship and copyright protection.
To the second question I say that it is the duty of all citizens to reject the rule of law when their conscience demands it. War criminals are probably not law breakers: they uphold the rule of law in their own lands. You cannot say that the rule of law is sacrosanct here but not sacrosanct there. The rule of law must always be ultimately subservient to the rule of conscience.
So, to all members of government: remember your role. You are there to serve us; you are not there to usurp us.