Both the Snowden revelations and the CIA leak highlight the variety of creative techniques intelligence agencies can use to spy on individuals, at a time when many of us are voluntarily giving up our personal data to private companies and installing so-called “smart” devices with microphones (smart TVs, Amazon Echo) in our homes.So, where does this leave us? Is privacy really dead, as Silicon Valley luminaries such as Mark Zuckerberg have previously declared?
Una seria advertencia hicieron algunos miembros del Consejo Ciudadano de Observadores (CCO) respecto a que sólo actas de 1.300 cabildos de los más de 13.000 que están inscritos serán validadas e incluidas en el texto final del gobierno, debido a que la página web ha presentado deficiencias como el no contar con un sistema de autoguardado y problemas de conexión.
Internet service providers from around the world are lodging formal complaints against the UK government’s monitoring service, GCHQ, alleging that it uses “malicious software” to break into their networks.
The claims from seven organisations based in six countries – the UK, Netherlands, US, South Korea, Germany and Zimbabwe – will add to international pressure on the British government following Edward Snowden‘s revelations about mass surveillance of the internet by UK and US intelligence agencies.
The claims are being filed with the investigatory powers tribunal (IPT), the court in London that assesses complaints about the agencies’ activities and misuse of surveillance by government organisations. Most of its hearings are held at least partially in secret.
The IPT is already considering a number of related submissions. Later this month it will investigate complaints by human rights groups about the way social media sites have been targeted by GCHQ.
The government has defended the security services, pointing out that online searches are often routed overseas and those deemed “external communications” can be monitored without the need for an individual warrant. Critics say that such a legal interpretation sidesteps the need for traditional intercept safeguards.
The latest claim is against both GCHQ, located near Cheltenham, and the Foreign Office. It is based on articles published earlier this year in the German magazine Der Spiegel. That report alleged that GCHQ had carried out an attack, codenamed Operation Socialist, on the Belgian telecoms group, Belgacom, targeting individual employees with “malware (malicious software)”.
One of the techniques was a “man in the middle” attack, which, according to the documents filed at the IPT, bypasses modern encryption software and “operates by interposing the attacker [GCHQ] between two computers that believe that they are securely communicating with each other. In fact, each is communicating with GCHQ, who collect the communications, as well as relaying them in the hope that the interference will be undetected.”
The complaint alleges that the attacks were a breach of the Computer Misuse Act 1990 and an interference with the privacy rights of the employees under the European convention of human rights.
The organisations targeted, the submission states, were all “responsible and professional internet service providers”. The claimants are: GreenNet Ltd, based in the UK, Riseup Networks in Seattle, Mango Email Service in Zimbabwe, Jinbonet in South Korea, Greenhost in the Netherlands, May First/People Link in New York and the Chaos Computer Club in Hamburg.
Concerned about weaknesses in USA Freedom Act, Zoe Lofgren and colleagues pushing to prevent NSA from weakening online encryption with new amendment
US legislators concerned about weaknesses in a major surveillance reform bill intend to insert an amendment barring the National Security Agency from weakening the encryption that many people rely on to keep their information secure online, or exploiting any internet security vulnerabilities it discovers.
Congresswoman Zoe Lofgren, a California Democrat, told the Guardian that she and a group of colleagues want to prevent the NSA from “utilizing discovered zero-day flaws,” or unfixed software security vulnerabilities, and entrench “the duty of the NSA and the government generally not to create them, nor to prolong the threat to the internet” by failing to warn about those vulnerabilities.
Since the discovery of the Heartbleed bug afflicting web and email servers, the NSA has faced suspicions that it has exploited the vulnerability, which the agency has strenuously denied. Beyond Heartbleed, documents from whistleblower Edward Snowden have revealed that the NSA has weakened online encryption, causing consternation among technology companies as well as privacy advocates.
Lofgren intends to attach the provision to the USA Freedom Act, increasingly the consensus bill to reform surveillance in the wake of the Edward Snowden disclosures. The bill, mostly favored by civil libertarians and expected to go for a vote on the House floor as early as next week, does not include language stopping the NSA from undermining encryption.
In an indication of the difficulty legislators will face in recasting the USA Freedom Act to better protect privacy, Lofgren conceded that attaching the provision will be difficult, as House legislators do not want to upset a tenuous deal on surveillance reform by adding to the bill. She is currently seeking a parliamentarian ruling on the “germaneness” of her online security amendment in order to make it difficult for opponents to exclude it from consideration on the floor.
Lofgren said she and other civil libertarian-minded lawmakers will have limited opportunities to add amendments to the bill, and so are prioritizing measures they believe stand the best chance of winning House support.
Lofgren said she thought those would most likely include a ban on the NSA searching through its foreign-focused communications content troves for Americans’ information without a warrant; clarifying a Patriot Act prohibition on collecting Americans’ phone calls and email content; and permitting more detailed transparency for telecoms and internet companies to disclose the sorts of national-security orders they receive from the government for their customers’ data.
GCHQ, the government’s monitoring agency, acted illegally by developing spy programs that remotely hijack computers’ cameras and microphones without the user’s consent, according to privacy campaigners.
A legal challenge lodged on Tuesday at the investigatory powers tribunal (IPT) calls for the hacking techniques – alleged to be far more intrusive than interception of communications – to be outlawed. Mobile phones were also targeted, leaked documents reveal.
The claim has been submitted by Privacy International following revelations by the whistleblower Edward Snowden about the mass surveillance operations conducted by GCHQ and its US counterpart, the National Security Agency (NSA).
The 21-page submission details a host of “malware” – software devised to take over or damage another person’s computer – with such esoteric names as Warrior Pride, Gumfish, Dreamy Smurf, Foggybottom and Captivatedaudience.
Details of the programs have been published by the Guardian and the online magazine The Intercept run by the journalist Glenn Greenwald. They are said to allow GCHQ to gain access to “the profile information supplied by a user in registering a device [such as] … his location, age, gender, marital status, income, ethnicity, sexual orientation, education, and family”.
More intrusively, Privacy International alleges, the programs enable surveillance of any stored content, logging of keystrokes and “the covert and unauthorised photography or recording of the user and those around him”. It is, the claim maintains, the equivalent of “entering someone’s house, searching through his filing cabinets, diaries and correspondence, and planting devices to permit constant surveillance in future, and, if mobile devices are involved, obtaining historical information including every location he had visited in the past year”.
Such break-ins also leave devices vulnerable to attack by others “such as credit card fraudsters, thereby risking the user’s personal data more broadly”, Privacy International argues. “It is the modern equivalent of breaking in to a residence, and leaving the locks broken or damaged afterwards.”