A leaked document from the CleanIT project shows just how far internal discussions in that initiative have drifted away from its publicly stated aims, as well as the most fundamental legal rules that underpin European democracy and the rule of law.
The European Commission-funded CleanIT project claims that it wants to fight terrorism through voluntary self-regulatory measures that defends the rule of law.
The initial meetings of the initiative, with their directionless and
ill-informed discussions about doing something to solve unidentified online terrorist problems were mainly attended by filtering companies, who saw an interesting business opportunity. Their work has paid off, with numerous proposals for
filtering by companies and governments, proposals for liability in case sufficiently intrusive filtering is not used, and calls for increased funding by governments of new filtering technologies.
The leaked document contradicts a letter sent from
CleanIT Coordinator But Klaasen to Dutch NGO Bits of Freedom in April of this year, which explained that the project would first identify problems before making policy proposals. The promise to defend the rule of law has been abandoned. There appears
never to have been a plan to identify a specific problem to be solved – instead the initiative has become little more than a protection racket (use filtering or be held liable for terrorist offences) for the online security industry.
wants binding engagements from internet companies to carry out surveillance, to block and to filter (albeit only at end user - meaning local network - level). It wants a network of trusted online informants and, contrary to everything that they
have ever said, they also want new, stricter legislation from Member States.
CleanIT (terrorism), financed by DG Home Affairs of the European Commission is duplicating much of the work of the CEO Coalition (child protection), which is financed by
DG Communications Networks of the European Commission. Both are, independently and without coordination, developing policies on issues such as reporting buttons and flagging of possibly illegal material. Both CleanIT and the CEO Coalition are duplicating
each other's work on creating voluntary rules for notification and removal of possibly illegal content and are jointly duplicating the evidence-based policy work being done by DG Internal Market of the European Commission, which recently completed
a consultation on this subject. Both have also been discussing upload filtering, to monitor all content being put online by European citizens.
Key measures being proposed:
Removal of any legislation preventing filtering/surveillance of employees' Internet connections
Law enforcement authorities should be able to have content removed without following the more labour-intensive and formal procedures for
'notice and action'
Knowingly providing links to terrorist content (the draft does not refer to content which has been ruled to be illegal by a court, but undefined terrorist content in general) will be an offence just like
Legal underpinning of real name rules to prevent anonymous use of online services
ISPs to be held liable for not making reasonable efforts to use technological surveillance to identify (undefined) terrorist
use of the Internet
Companies providing end-user filtering systems and their customers should be liable for failing to report illegal activity identified by the filter
Customers should also be held liable for knowingly
sending a report of content which is not illegal
Governments should use the helpfulness of ISPs as a criterion for awarding public contracts
The proposal on blocking lists contradict each other, on the one hand providing comprehensive
details for each piece of illegal content and judicial references, but then saying that the owner can appeal (although if there was already a judicial ruling, the legal process would already have been at an end) and that filtering such be based on the
output of the proposed content regulation body, the European Advisory Foundation
Blocking or warning systems should be implemented by social media platforms -- somehow it will be both illegal to provide (undefined) Internet
services to terrorist persons and legal to knowingly provide access to illegal content, while warning the end-user that they are accessing illegal content
The anonymity of individuals reporting (possibly) illegal content must
be preserved... yet their IP address must be logged to permit them to be prosecuted if it is suspected that they are reporting legal content deliberately and to permit reliable informants' reports to be processed more quickly
implement upload filters to monitor uploaded content to make sure that content that is removed -- or content that is similar to what is removed -- is not re-uploaded
It proposes that content should not be removed in all cases but blocked (i.e. make inaccessible by the hosting provider -- not
blocked in the access provider sense) and, in other cases, left available online but with the domain name removed.
Smartphones are packed with private information. Unsurprisingly, law enforcement agencies now routinely seize and search phones. This occurs at traffic stops, during home or office raids, and during
stops at the border.
Jimmy Wales, the founder of Wikipedia, has sharply criticised the government's snooper's charter , designed to track internet, text and email use of all British citizens, as technologically incompetent .
He said Wikipedia would move
to encrypt all its connections with Britain if UK ISPs were mandated by the government to keep track of every single page accessed by UK citizens.
The entrepreneur said he was confident there would be a general move to encryption across the
internet if British-based communication service providers were required to collect and store data for 12 months from overseas companies, such as Google and Facebook, for possible access by the police and security services.
He said the British
government would have to resort to the black arts of hacking to break encryptions: It is not the sort of thing I'd expect from a western democracy. It is the kind of thing I would expect from the Iranians or the Chinese and it would be detected
immediately by the internet industry, he told MPs and peers.
The latest Big Brother Watch report, A legacy of surveillance , looks at how the Regulation of Investigatory Powers Act has been used by both local and public authorities in recent years.
A decade on and more than three million
authorisations later, Big Brother Watch research found how there is still a great deal of uncertainty about how and why the powers are being used -- and a clear need for the Coalition to go further to protect civil liberties.
While the Coalition
has changed the law to require local authorities to seek a magistrates warrant for RIPA surveillance and only to use it for serious crimes, this is not the end of the matter.
The issue is of course that councils and public authorities don't have
to say what they are up to, why, how often and even whether they have convicted anyone as a result. It takes groups like Big Brother Watch to dig up the figures -- the next step is for the Government to take action and make this data publicly reported.
Secondly, the Coalition has started down the right path in limiting how councils can use these powers. Now it's time for a full and frank review of how RIPA functions -- before the landscape is complicated even further with any more surveillance
legislation that fiddles with the law in an effort to patch up existing failings.
Finally, judicial authorisation of surveillance should be the norm, not the exception.
A software engineer in my Facebook community wrote recently about his outrage that when he visited Disneyland, and went on a ride, the theme park offered him the photo of himself and his girlfriend to buy -- with his credit card information already
linked to it. He noted that he had never entered his name or information into anything at the theme park, or indicated that he wanted a photo, or alerted the humans at the ride to who he and his girlfriend were -- so, he said, based on his professional
experience, the system had to be using facial recognition technology. He had never signed an agreement allowing them to do so, and he declared that this use was illegal. He also claimed that Disney had recently shared data from facial-recognition
technology with the United States military.
West Midlands police are now able to ID crime suspects on the street after hi-tech fingerprint devices have been rolled out across the force.
The scanners are satellite linked to the national fingerprint database and will instantly alert police if
the scanned prints belong to a convicted criminal. Police will then be able to cross reference the information against the Police National Computer to find out if the person is wanted by the police or courts.
It is incredibly important that police
officers using this technology have reasonable suspicion that an individual has committed a crime before they are stopped. This appears to be an extension of stop and search powers already held by police officers and it is a cause for concern that this
could lead to an increase in innocent individuals being stopped by police.
Over the last few days there's been something of a firestorm of people claiming that Skype was letting police listen in on your calls.
So, to summarize:
Skype did make some infrastructure changes recently, but those changes likely were to increase the quality of the product, and had little to do with law enforcement/surveillance.
Skype has always had a
program to provide available information to law enforcement if legally required to do so, but appears not to have made any major change to that program in quite some time. That program does not appear to include the ability to listen to calls.
Skype to phone (or phone to Skype) calls have always been tappable, because they touch the public telephone network, where they can be intercepted.
Skype to Skype calls remain encrypted, making it more
difficult to tap them. However, because of the way Skype likely handles encryption keys, this does not mean that governments can't intercept the calls (or impersonate certain parties via Skype).
In the end, then, it
appears that much of this discussion is a whole lot of fuss about nothing particularly new -- but it is worth noting that your Skype calls probably were never quite as secure as you thought they were, even if they're somewhat more secure than some other
offerings with little or no encryption and a central server. But if you're looking for 100% secure communications, Skype isn't it -- but that's not because of any change. It's likely always been that way.
A new internet television service which allows viewers to catch up on shows from the BBC, ITV, Channel 4 and Channel 5 will change all that. Chaired by Lord Sugar, YouView allows broadcasters and their commercial partners to know exactly which programmes
you are watching, and when.
An internet connection from the box to the outside world tracks individual choices and reports the data back to the company. YouView will use the material to build up a profile of each user. And to help some of the
company's employees previously worked for Phorm, a US technology firm accused of developing advertising spyware.
Prospective viewers, however, may not be aware that the technology will record each channel being viewed. Each time you change
channels or start/stop recording a programme, YouView reports back to headquarters via the internet connection, telling the company what it is you are watching and what you are doing with the box.
YouView, which publishes its data-usage policy in
a click-through link at the bottom of its website, has been reluctant to answer detailed questions about privacy. The company unconvincingly told The Independent that the data from each box would be anonymised and only relates to the device and is
mainly technical in nature. Information will apparently be passed to third-party companies, allowing the introduction of advertising targeted at certain postcodes.
Other likely applications are features such as What's hot in your area showing what neighbours are watching, eg 40% are watching Downton Abbey, 31% Strictly Come Dancing and 3% shows on gambling or pornography.