The move comes after its international director, Muhammad Rabbani, a UK citizen, was arrested at Heathrow airport in November for refusing to hand over passwords. Rabbani, 35, has been detained at least 20 times over the past decade when entering the UK, under schedule 7 of terrorism legislation that provides broad search powers, but this was the first time he had been arrested.
Tras el ataque al Parlamento Británico ocurrido la semana pasada, los políticos británicos han exigido que Whatsapp y otras aplicaciones de mensajería instantánea proporcionen acceso a la policía y fuerzas de seguridad para así poder monitorear conversaciones terroristas. Sin embargo, los expertos en tecnología discuten que abrir las “puertas traseras” de los servicios de mensajería popular, las cuales usan cifrado de extremo a extremo, arrojaría una serie de problemas.
The European Union’s top court has severely undermined the British government’s mass surveillance powers in a new ruling that could rein in police and spy agency investigations.In a judgment handed down in Luxembourg on Wednesday, the European Court of Justice declared that the “general and indiscriminate retention” of data about people’s communications and locations was inconsistent with privacy rights. The court stated that the “highly invasive” bulk storage of private data “exceeds the limits of what is strictly necessary and cannot be considered to be justified, within a democratic society.”
Perhaps the most controversial aspect of the new law is that it will give the British government the authority to serve internet service providers with a “data retention notice,” forcing them to record and store for up to 12 months logs showing websites visited by all of their customers. Law enforcement agencies will then be able to obtain access to this data without any court order or warrant. In addition, the new powers will hand police and tax investigators the ability to, with the approval of a government minister, hack into targeted phones and computers.
A bill giving the UK intelligence agencies and police the most sweeping surveillance powers in the western world has passed into law with barely a whimper, meeting only token resistance over the past 12 months from inside parliament and barely any from outside.The Investigatory Powers Act, passed on Thursday, legalises a whole range of tools for snooping and hacking by the security services unmatched by any other country in western Europe or even the US.
Following on from our recent victory against unlawful surveillance by the British intelligence services, Privacy International is taking the British Government to court again. Why? Because it is using ‘general warrants’ to hack the electronic devices (computers, phones, tablets, and the increasing number of things that ‘connect’ to the internet) of sweeping groups of unidentified people at home and abroad. General warrants permit the government to target wide categories of people, places or property (e.g. all mobile phones in London) without any individualised suspicion of wrongdoing.
While most eyes are focused on the presidential race between Hillary Clinton and Donald Trump, three major events prove how widespread, and dangerous, mass surveillance has become in the West. Standing alone, each event highlights exactly the severe threats that motivated Edward Snowden to blow his whistle; taken together, they constitute full-scale vindication of everything he’s done.
Ten organizations – including Privacy International, the American Civil Liberties Union, and Amnesty International – are taking up the landmark case against the U.K. government in the European Court of Human Rights (pictured above). In a 115-page complaint released on Thursday, the groups allege that “blanket and indiscriminate” surveillance operations carried out by British spy agencies in collaboration with their U.S. counterparts violate privacy and freedom of expression rights.
The bulk collection of personal data by British spy agencies is vital in preventing terrorist attacks, an independent review of draft security legislation has found.David Anderson QC, the independent reviewer of terrorism legislation, concluded that laws giving MI5, MI6 and GCHQ the right to gather large volumes of data from members of the public had a “clear operational purpose”.
NEWLY DISCLOSED DOCUMENTS offer a rare insight into the secretive legal regime underpinning the British government’s controversial mass surveillance programs.The London-based group Privacy International obtained the previously confidential files as part of an ongoing legal case challenging the scope of British spies’ covert collection of huge troves of private data.
GCHQ, Britain’s national security surveillance agency, has been ordered to destroy legally privileged communications it unlawfully collected from a Libyan rendition victim.
The ruling marks the first time in its 15-year history that the investigatory powers tribunal has upheld a specific complaint against the intelligence services, lawyers have said. It is also the first time the tribunal has ordered a security service to give up surveillance material.
The IPT says GCHQ must destroy two documents which are legally privileged communications belonging to a former opponent of the Gaddafi regime, Sami al-Saadi, who was sent back to Libya in 2004 in a joint MI6-CIA “rendition” operation with his wife and four children under 12.
The tribunal, chaired by Mr Justice Burton, ruled that GCHQ must give an undertaking that parts of those documents must be “destroyed or deleted so as to render such information inaccessible to the agency in the future”. The agency has to submit a secret report within 14 days confirming that the destruction has been carried out.
GCHQ has also been ordered to hand over a hard copy of the papers to the interception of communications commissioner within seven days. They will be kept safe for five years in case there are further legal proceedings or an inquiry.
The tribunal says that although the two documents contain information covered by legal privilege they did not disclose or refer to any legal advice: “The tribunal, after careful consideration, is [also] satisfied that there was no use or disclosure of the privileged information for the purpose of defending the civil claim brought by [Saadi] and others.”
This is a compensation claim against Jack Straw, the then foreign secretary, and the Foreign Office, being brought by Saadi along with another prominent opponent of Gaddafi, Abdel Hakim Belhaj and his family, for their role in their rendition and subsequent torture in Libya in 2004.
Access to pornography is recurring subject of much debate and strong views, and it’s back in the news again. The Conservatives have vowed to take existing filtering one stage further if they win the 2015 general election – if the party wins they plan to force adult content sites to employ strict age verification or be blocked from the internet. But is it possible, should it be done and is such a strict practice really needed?
Google has failed in its attempt in the court of appeal to prevent British consumers having the right to sue the internet firm in the UK.
A group known as Safari Users Against Google’s Secret Tracking wants to take legal action in the English courts over what it says is Google’s tracking of Apple’s Safari internet browser.
It has accused Google of bypassing security settings in order to track users’ online browsing and to target them with personalised advertisements.
Three judges have dismissed Google’s appeal over a high court decision against it and ruled that claims for damages can be brought over allegations of misuse of private information.
Friday’s ruling was a victory for Safari Users, including editor and publisher Judith Vidal-Hall, and Robert Hann and Marc Bradshaw, who are both IT security company directors. They say Google’s “clandestine” tracking and collation of internet usage between summer 2011 and early 2012 led to distress and embarrassment among UK users.
They accuse Google of collecting private information without their knowledge and consent by the use of “cookies” – a small string of text saved on the user’s device.
Britain’s laws governing the intelligence agencies and mass surveillance require a total overhaul to make them more transparent, comprehensible and up to date, parliament’s intelligence and security committee (ISC) has said in a landmark report prompted by the revelations of Edward Snowden, the former US National Security Agency contractor.
The 18-month inquiry finds that the existing laws are not being broken by the agencies and insists the bulk collection of data by the government does not amount to mass surveillance or a threat to individual privacy.
But it also says that the legal framework is unnecessarily complicated and – crucially – lacks transparency. The current laws could be construed as providing the agencies with a “blank cheque to carry out whatever actives they deem necessary”, it says.
In what it describes as its key recommendation it calls for all the current legislation governing the intrusive capabilities of the security and intelligence agencies to be replaced by a new, single act of parliament.
This new legal framework should for the first time explicitly set out surveillance capabilities, detailing the authorisation procedures, privacy constraints, transparency requirements, targeting criteria, sharing arrangements, oversight, and other safeguards.
The report will form a central pillar of the discussions in the next parliament on how to redraft UK surveillance laws, including a report from the Royal United Services Institute (Rusi) commissioned by Nick Clegg and work being undertaken by the commissioner on intelligence law.
This inquiry, disrupted by the last-minute resignation of the committee chairman, Sir Malcolm Rifkind, over allegations concerning cash for influence, has always been viewed sceptically by libertarians, who regard the ISC as the democratic voice for the agencies as opposed to their scrutineers.
lunes, 2 de marzo de 2015
Carmen Esquivel (PL)
Cuando aún está fresco en la memoria el escándalo por el espionaje masivo contra ciudadanos, instituciones y hasta dignatarios europeos, el tema vuelve a la palestra al revelarse ahora que otros objetivos estuvieron en la mira de los servicios de inteligencia estadounidenses.
El nuevo blanco de los ataques es la compañía holandesa Gemalto, primera de su tipo en el mundo en la fabricación de tarjetas SIM (Subscriber Identity Module), en español Módulo de Identificación de Abonados, usada en teléfonos celulares y módems.
Para dar una idea de la magnitud de lo que esto significa baste señalar que la firma produce cerca de dos mil millones de estos dispositivos al año para 450 empresas de telecomunicaciones, entre ellas T-Mobile, Vodafone, Orange, Verizon y Sprint.
Gemalto trabaja, además, con unas tres mil instituciones financieras porque elabora chips para tarjetas de crédito.
De acuerdo con documentos filtrados recientemente por Edward Snowden, ex analista de la Agencia Nacional de Seguridad (NSA, por sus siglas en inglés), las inteligencias estadounidense y británica lograron apropiarse de las claves de la compañía, lo cual les abrió las puertas a los celulares de medio mundo.
La NSA y el Cuartel General de Comunicaciones del gobierno de Gran Bretaña (GCHQ) obtuvieron las llaves al acceder a los servidores centrales de Gemalto, valiéndose de información privada de algunos ingenieros, fabricantes de tarjetas y proveedores.
De esta manera pudieron espiar las llamadas, mensajes y correos electrónicos de una persona o empresa sin necesidad de pasar por una operadora o de obtener una orden judicial y, lo más alarmante, sin dejar ningún tipo de rastro.
“Es imposible saber cuántos códigos robaron la NSA y el GCHQ, pero si nos basamos en hipótesis modestas, el número es impresionante”, afirmó el sitio digital The Intercept, que filtró la información.
Downing Street and the German chancellery are embroiled in a worsening dispute over intelligence-sharing and the covert counter-terrorism campaign because of conflicts arising from the surveillance scandals surrounding the US National Security Agency and Britain’s GCHQ.
According to German newspaper reports citing government and intelligence officials in Berlin, the Bundestag’s inquiry into the NSA controversy is being jeopardised by Britain’s refusal to cooperate and its threats to break off all intelligence-sharing with Berlin should the committee reveal any UK secrets.
The weekly magazine Focus reported last month that a national security aide to David Cameron had written to Peter Altmaier, Angela Merkel’s chief of staff, refusing all requests for help in the inquiry and warning that Britain would cease supplying terrorism-related intelligence to the Germans unless Berlin yielded.
It emerged during the NSA revelations that the Americans had hacked into Merkel’s mobile phone, generating outrage in Germany and feeding growing anti-American sentiment.
Internationally, the BND, Germany’s foreign intelligence service, is viewed as less than vigorous. In the secret war on terror, the Germans are said to be dependent on signals intelligence from the British and the Americans.
Gemalto, the French-Dutch digital security giant, confirmed that it believes American and British spies were behind a “particularly sophisticated intrusion” of its internal computer networks, as reported by The Intercept last week.
This morning, the company tried to downplay the significance of NSA and GCHQ efforts against its mobile phone encryption keys — and, in the process, made erroneous statements about cellphone technology and sweeping claims about its own security that experts describe as highly questionable.
Gemalto, which is the largest manufacturer of SIM cards in the world, launched an internal investigation after The Intercept six days ago revealed that the NSA and its British counterpart GCHQ hacked the company and cyberstalked its employees. In the secret documents, provided by NSA whistleblower Edward Snowden, the intelligence agencies described a successful effort to obtain secret encryption keys used to protect hundreds of millions of mobile devices across the globe.
The company was eager to address the claims that its systems and encryption keys had been massively compromised. At one point in stock trading after publication of the report, Gemalto suffered a half billion dollar hit to its market capitalization. The stock only partially recovered in the following days.
After the brief investigation, Gemalto now says that the NSA and GCHQ operations in 2010-2011 would not allow the intelligence agencies to spy on 3G and 4G networks, and that theft would have been rare after 2010, when it deployed a “secure transfer system.” The company also said the spy agency hacks only affected “the outer parts of our networks — our office networks — which are in contact with the outside world.”
Security experts and cryptography specialists immediately challenged Gemalto’s claim to have done a “thorough” investigation into the state-sponsored attack in just six days, saying the company was greatly underestimating the abilities of the NSA and GCHQ to penetrate its systems without leaving detectable traces.
“Gemalto learned about this five-year-old hack by GCHQ when the The Intercept called them up for a comment last week. That doesn’t sound like they’re on top of things, and it certainly suggests they don’t have the in-house capability to detect and thwart sophisticated state-sponsored attacks,” says Christopher Soghoian, the chief technologist at the American Civil Liberties Union. He adds that Gemalto remains “a high-profile target for intelligence agencies.”
Matthew Green, a cryptography specialist at the Johns Hopkins Information Security Institute, said, “This is an investigation that seems mainly designed to produce positive statements. It is not an investigation at all.”
The regime that governs the sharing between Britain and the US of electronic communications intercepted in bulk was unlawful until last year, a secretive UK tribunal has ruled.
The Investigatory Powers Tribunal (IPT) declared on Friday that regulations covering access by Britain’s GCHQ to emails and phone records intercepted by the US National Security Agency (NSA) breached human rights law.
Advocacy groups said the decision raised questions about the legality of intelligence-sharing operations between the UK and the US. The ruling appears to suggest that aspects of the operations were illegal for at least seven years – between 2007, when the Prism intercept programme was introduced, and 2014.
The critical judgment marks the first time since the IPT was established in 2000 that it has upheld a complaint relating to any of the UK’s intelligence agencies. It said that the government’s regulations were illegal because the public were unaware of safeguards that were in place. Details of those safeguards were only revealed during the legal challenge at the IPT.
An “order” posted on the IPT’s website early on Friday declared: “The regime governing the soliciting, receiving, storing and transmitting by UK authorities of private communications of individuals located in the UK, which have been obtained by US authorities … contravened Articles 8 or 10” of the European convention on human rights.
Philip Hammond has been criticised for not understanding the legislation surrounding government powers to sweep up and analyse huge volumes of electronic communications such as email.
Eric King, from rights group Privacy International, said the foreign secretary appeared “confused” while giving evidence to parliament’s intelligence and security committee. The committee is reviewing the need for new legislation to regulate the UK’s electronic espionage agency, GCHQ, in light of revelations on bulk data collection by Edward Snowden, a former contractor for US intelligence.
“It is clear that he [Hammond] is unfortunately confused about the effect of the warrants he is signing into force, how they deal with British communications and the difference between so-called internal communications and external communications,” said King. “This is one of the huge problems with having ministers sign warrants.”
Campaigners say that in testimony to the intelligence and security committee in October, Hammond appeared not to understand the details of how the warrants he was signing worked – including whether or not they allowed the interception of communications of UK residents.
During the session, Hammond – who oversees the work of GCHQ and the foreign intelligence agency MI6 – initially appeared to say that any email exchange in which either the sender or recipient was based in the UK was treated as an internal communication and therefore any government agency wanting to access it was subject to stricter controls under the Regulation of Investigatory Powers Act (Ripa).
Later he said that if either sender or recipient were outside the UK it was an external communication and therefore subject to a different warrant, which allows the foreign secretary to authorise much broader examination by the intelligence agencies than is the case with UK-based communications.
Britain’s legal regime governing mass surveillance of the internet by intelligence agencies does not violate human rights, a tribunal has ruled.
But the investigatory powers tribunal (IPT) said it had identified one area where it has concerns about the adequacy of legal safeguards.
The tribunal will decide whether the human rights groups that brought the case have had their communications intercepted unlawfully in the past and whether any interception discovered was proportionate. The judgment said: “We have left open for further argument the question as to whether prior hereto there has been such a breach.”
Human rights groups that brought the challenge said they would appeal to the European court of human rights in Strasbourg against the overall finding that the surveillance and information sharing with US agencies, such as the National Security Agency (NSA), is legal.
Snowden leaks, the right to be forgotten and the care data scare have swelled the workload of the Information Commissioner’s Offices, according to its annual report
The UK’s privacy regulator has asked for increased funding from government as it seeks to deal with a mounting workload sparked by a series of controversies around data security and privacy.
The Information Commissioner’s Office has been swamped with more complaints than ever before, according to its annual report released today, with its in-tray unlikely to clear any time soon.
That is partly due to a recent EU ruling on people’s right to have entries removed from Google’s search results as part of their “right to be forgotten”, which has since led to a heated debate about censorship of information that is in the public interest.
The ICO is also already dealing with a number of complaints around the data practices of social networks, including investigating a psychology study conducted by Facebook, in which researchers attempted to manipulate users’ moods.
Other factors cited by the ICO in its appeal for more funding include NSA contractor Edward Snowden’s leaks about GCHQ’s access to British citizens’ data, and the government-led Care.data project, with its plans to give GPs and hospitals access to shared databases of people’s healthcare records also running into opposition.
Opponents of the new legislation on surveillance being pushed through parliament this week say that it contains “sweeping new powers” to require communications and internet companies overseas to respond to requests from British government agencies for data.
But two issues appear to have been confused. The first is that of privacy, and the extent to which it is being eroded. The second is the geographic scope of the legislation. At the moment, if you are suspected of a crime, the police, security services and other agencies can request details from your mobile phone company about, for example, the time and date of calls you made or received and, using cell site analysis, where you were when the calls were made. True, everyone’s data is kept and there is the potential for abuse. But it has proved invaluable as an investigative tool in many serious cases of crime and terrorism.
So the question is not about greater intrusion into people’s privacy but extending the reach of existing legislation. If terrorists email each other and the communication is handled by servers based overseas, there is currently some doubt that an interception warrant would be successful, whereas if the servers were in Britain there would be no problem. The new legislation does not create more intrusive powers, but ensures that existing powers can be exercised when data is handled abroad. This is not about blanket surveillance, but targeted surveillance on specific suspected criminals.
The civil liberties lobby should be pressing for stronger safeguards regarding the use of the data, rather than protesting against the storage of it under any circumstances. That is why Liberal Democrats in government have, since a recent judgment of the European court of justice, been negotiating hard to build in greater protections. We have taken the opportunity that the judgment has given us to insist on a fundamental review of surveillance legislation to establish what the current threats to security are, and what a proportionate response to those threats might look like. To make sure this is done, no matter who forms the next government the new legislation will expire at the end of 2016.
Forty-nine MPs have voted against rushing the government’s emergency surveillance legislation through all its Commons stages in just one day.
A deal between the three major parties, however, secured the fast-track timetable by 436 votes to 49, despite accusations from one Labour MP that the move amounted to “democratic banditry resonant of a rogue state”.
The vote on the timetable motion for the data retention and investigatory powers bill, known as the Drip bill, came as it emerged that the home secretary was to accept Labour amendments strengthening its safeguards.
The government has accepted that the promised longer-term review of all surveillance legislation, known as Ripa, should be written into the Drip bill to put it on a statutory footing, and that there should six-monthly reviews of its operation by the interception commissioner.
The former Tory shadow home secretary David Davis told ministers that the rush to push through the Drip bill undermined parliament’s role.
• Details of the emergency surveillance legislation
• Miliband’s letter to Labour MPs explaining why Labour backs the bill
• Lunchtime summary, including highlights from the Cameron/Clegg press conference
Human Rights Watch has criticised the government for rushing this bill through parliament. This is from Izza Leghtas, a Human Rights Watch researcher.
Given what we know about the UK’s involvement in mass surveillance, it is outrageous that the government wants to rush through emergency legislation that allows the government to monitor people not suspected of any wrongdoing.
A proper debate about how to reform surveillance powers is long overdue and it has to happen now, not in 2016.
David Cameron and his Liberal Democrat deputy, Nick Clegg, have unveiled emergency surveillance legislation that will shore up government powers to require phone and internet companies to retain and hand over data to the security services.
The emergency legislation – due to be debated on Tuesday and complete all its parliamentary stages by Thursday next week – will also confirm that foreign-based companies should hand over data harvested in the UK, a move that implicitly accepts the revelations by former NSA contractor Edward Snowden may have disclosed surveillance activities that did not have international legal authority.
The government said it was forced to act after a European court of justice ruling on 8 April and because a growing number of foreign-based, predominantly American, phone companies were threatening to stop handing over details of UK customers’ data.
Speaking at a debate in University College London, Lady Neville-Jones, who has chaired Whitehall’s joint intelligence committee, backed calls for the law governing surveillance, the Regulation of Investigatory Powers Act (Ripa) to be tightened up.
Neville-Jones, who served as security and counter-terrorism minister between 2010 and 2011, is normally a staunch defender of the way the security services operate.
Earlier this week an explanation of the legal basis on which GCHQ, the monitoring agency, intercepts emails as well as searches on Google, Twitter, Facebook and YouTube, was published.
The government’s most senior security official, Charles Farr, said emails sent overseas or received from abroad, as well as most online searches, which use foreign servers, are deemed to be “external communications” and can therefore be monitored without the need for a specific intercept warrant. Critics accused him of exploiting a loophole in the law.