A leaked document from the CleanIT project shows just how far internal discussions in that initiative have drifted away from its publicly stated aims, as well as the most fundamental legal rules that underpin European democracy and the rule of law.
The European Commission-funded CleanIT project claims that it wants to fight terrorism through voluntary self-regulatory measures that defends the rule of law.
The initial meetings of the initiative, with their directionless and ill-informed discussions about doing something to solve unidentified online terrorist problems were mainly attended by filtering companies, who saw an interesting business
opportunity. Their work has paid off, with numerous proposals for filtering by companies and governments, proposals for liability in case sufficiently intrusive filtering is not used, and calls for increased funding by governments of new filtering
The leaked document contradicts a letter sent from CleanIT Coordinator But Klaasen to Dutch NGO Bits of Freedom in April of this year, which explained that the project would first identify problems before making policy proposals. The promise to defend
the rule of law has been abandoned. There appears never to have been a plan to identify a specific problem to be solved – instead the initiative has become little more than a protection racket (use filtering or be held liable for terrorist
offences) for the online security industry.
CleanIT wants binding engagements from internet companies to carry out surveillance, to block and to filter (albeit only at end user - meaning local network - level). It wants a network of trusted online informants and, contrary to everything that
they have ever said, they also want new, stricter legislation from Member States.
CleanIT (terrorism), financed by DG Home Affairs of the European Commission is duplicating much of the work of the CEO Coalition (child protection), which is financed by DG Communications Networks of the European Commission. Both are, independently and
without coordination, developing policies on issues such as reporting buttons and flagging of possibly illegal material. Both CleanIT and the CEO Coalition are duplicating each other's work on creating voluntary rules for notification and removal
of possibly illegal content and are jointly duplicating the evidence-based policy work being done by DG Internal Market of the European Commission, which recently completed a consultation on this subject. Both have also been discussing upload filtering,
to monitor all content being put online by European citizens.
Key measures being proposed:
Removal of any legislation preventing filtering/surveillance of employees' Internet connections
Law enforcement authorities should be able to have content removed without following the more labour-intensive and formal procedures for 'notice and action'
Knowingly providing links to terrorist content (the draft does not refer to content which has been ruled to be illegal by a court, but undefined terrorist content in general) will be an offence just like the terrorist
Legal underpinning of real name rules to prevent anonymous use of online services
ISPs to be held liable for not making reasonable efforts to use technological surveillance to identify (undefined) terrorist use of the Internet
Companies providing end-user filtering systems and their customers should be liable for failing to report illegal activity identified by the filter
Customers should also be held liable for knowingly sending a report of content which is not illegal
Governments should use the helpfulness of ISPs as a criterion for awarding public contracts
The proposal on blocking lists contradict each other, on the one hand providing comprehensive details for each piece of illegal content and judicial references, but then saying that the owner can appeal (although if there was already a judicial ruling,
the legal process would already have been at an end) and that filtering such be based on the output of the proposed content regulation body, the European Advisory Foundation
Blocking or warning systems should be implemented by social media platforms -- somehow it will be both illegal to provide (undefined) Internet services to terrorist persons and legal to knowingly provide access to illegal content,
while warning the end-user that they are accessing illegal content
The anonymity of individuals reporting (possibly) illegal content must be preserved... yet their IP address must be logged to permit them to be prosecuted if it is suspected that they are reporting legal content deliberately and to permit reliable
informants' reports to be processed more quickly
Companies should implement upload filters to monitor uploaded content to make sure that content that is removed -- or content that is similar to what is removed -- is not re-uploaded
It proposes that content should not be removed in all cases but blocked (i.e. make inaccessible by the hosting provider -- not blocked in the access provider sense) and, in other cases, left available online but with the domain name
Smartphones are packed with private information. Unsurprisingly, law enforcement agencies now routinely seize and search phones. This occurs at traffic stops, during home or office raids, and during stops at the border.
Jimmy Wales, the founder of Wikipedia, has sharply criticised the government's snooper's charter , designed to track internet, text and email use of all British citizens, as technologically incompetent .
He said Wikipedia would move to encrypt all its connections with Britain if UK ISPs were mandated by the government to keep track of every single page accessed by UK citizens.
The entrepreneur said he was confident there would be a general move to encryption across the internet if British-based communication service providers were required to collect and store data for 12 months from overseas companies, such as Google and
Facebook, for possible access by the police and security services.
He said the British government would have to resort to the black arts of hacking to break encryptions: It is not the sort of thing I'd expect from a western democracy. It is the kind of thing I would expect from the Iranians or the Chinese and
it would be detected immediately by the internet industry, he told MPs and peers.
The latest Big Brother Watch report, A legacy of surveillance , looks at how the Regulation of Investigatory Powers Act has been used by both local and public authorities in recent years.
A decade on and more than three million authorisations later, Big Brother Watch research found how there is still a great deal of uncertainty about how and why the powers are being used -- and a clear need for the Coalition to go further to
protect civil liberties.
While the Coalition has changed the law to require local authorities to seek a magistrates warrant for RIPA surveillance and only to use it for serious crimes, this is not the end of the matter.
The issue is of course that councils and public authorities don't have to say what they are up to, why, how often and even whether they have convicted anyone as a result. It takes groups like Big Brother Watch to dig up the figures -- the next
step is for the Government to take action and make this data publicly reported.
Secondly, the Coalition has started down the right path in limiting how councils can use these powers. Now it's time for a full and frank review of how RIPA functions -- before the landscape is complicated even further with any more surveillance
legislation that fiddles with the law in an effort to patch up existing failings.
Finally, judicial authorisation of surveillance should be the norm, not the exception.
A software engineer in my Facebook community wrote recently about his outrage that when he visited Disneyland, and went on a ride, the
theme park offered him the photo of himself and his girlfriend to buy -- with his credit card information already linked to it. He noted that he had never entered his name or information into anything at the theme park, or indicated that he
wanted a photo, or alerted the humans at the ride to who he and his girlfriend were -- so, he said, based on his professional experience, the system had to be using facial recognition technology. He had never signed an agreement allowing them to
do so, and he declared that this use was illegal. He also claimed that Disney had recently shared data from facial-recognition technology with the United States military.
West Midlands police are now able to ID crime suspects on the street after hi-tech fingerprint devices have been rolled out across the force.
The scanners are satellite linked to the national fingerprint database and will instantly alert police if the scanned prints belong to a convicted criminal. Police will then be able to cross reference the information against the Police National
Computer to find out if the person is wanted by the police or courts.
It is incredibly important that police officers using this technology have reasonable suspicion that an individual has committed a crime before they are stopped. This appears to be an extension of stop and search powers already held by police
officers and it is a cause for concern that this could lead to an increase in innocent individuals being stopped by police.
Over the last few days there's been something of a firestorm of people claiming that Skype was letting police listen in on your calls.
So, to summarize:
Skype did make some infrastructure changes recently, but those changes likely were to increase the quality of the product, and had little to do with law enforcement/surveillance.
Skype has always had a program to provide available information to law enforcement if legally required to do so, but appears not to have made any major change to that program in quite some time. That program does not appear to include the
ability to listen to calls.
Skype to phone (or phone to Skype) calls have always been tappable, because they touch the public telephone network, where they can be intercepted.
Skype to Skype calls remain encrypted, making it more difficult to tap them. However, because of the way Skype likely handles encryption keys, this does not mean that governments can't intercept the calls (or impersonate certain parties
In the end, then, it appears that much of this discussion is a whole lot of fuss about nothing particularly new -- but it is worth noting that your Skype calls probably were never quite as secure as you thought they were, even if they're
somewhat more secure than some other offerings with little or no encryption and a central server. But if you're looking for 100% secure communications, Skype isn't it -- but that's not because of any change. It's likely always been that way.
A new internet television service which allows viewers to catch up on shows from the BBC, ITV, Channel 4 and Channel 5 will change all that.
Chaired by Lord Sugar, YouView allows broadcasters and their commercial partners to know exactly which programmes you are watching, and when.
An internet connection from the box to the outside world tracks individual choices and reports the data back to the company. YouView will use the material to build up a profile of each user. And to help some of the company's employees previously
worked for Phorm, a US technology firm accused of developing advertising spyware.
Prospective viewers, however, may not be aware that the technology will record each channel being viewed. Each time you change channels or start/stop recording a programme, YouView reports back to headquarters via the internet connection,
telling the company what it is you are watching and what you are doing with the box.
YouView, which publishes its data-usage policy in a click-through link at the bottom of its website, has been reluctant to answer detailed questions about privacy. The company unconvincingly told The Independent that the data from each box would
be anonymised and only relates to the device and is mainly technical in nature. Information will apparently be passed to third-party companies, allowing the introduction of advertising targeted at certain postcodes.
Other likely applications are features such as What's hot in your area showing what neighbours are watching, eg 40% are watching Downton Abbey, 31% Strictly Come Dancing and 3% shows on gambling or pornography.
The government's Communications Data Bill will effectively create a giant centralised database of
everyone in the UK's web activities, MPs and peers have heard.
The bill would force telecoms companies to store details of internet use and communications for a year and also to implement a query interface so that the data can be used as if it were part of a massive centralised database.
Home Secretary Theresa May claimed that the data will not be held on a single government database. But security experts told the cross-party committee examining the bill it would operate in a similar way.
The communications bill was published in draft form earlier this year and is being examined in detail by a committee of MPs and peers before it begins its passage into law.
Civil liberties groups giving evidence to the committee suggested the query system could be used to mount fishing expeditions rather than targeted surveillance - something the Home Office has explicitly claimed will not happen.
Nick Pickles, director of Big Brother Watch, said:
The filtering provisions are so broadly worded and so poorly drafted that it could allow mining of all the data collected, without any requirement for personal information, which is the very definition of a fishing trip.
Internet freedom campaigner Jim Killock, of the Open Rights Group, said officials would be able to build up a complex map of individuals' communications by examining records of their mobile phone, their normal phone, their work email, their
Facebook account and so on .
The campaigners called on the committee to recommend scrapping the data communications bill, rather than making suggestions to improve it as they have been tasked to do by the government. 'Lack of trust'