British spies have snooped on people's visits to online porn websites, according to documents leaked by CIA whistleblower Edward Snowden .
The files appear to detail a top secret programme - creepily codenamed Karma Police - which has been storing
and analysing the browsing habits of every visible user on the internet for seven years.
They revelations were published by The Intercept, who say they obtained the information from Snowden.
The Karma Police system collected and
stored records of visits to Google, Facebook, Yahoo and Reddit - as well as porn website YouPorn. GCHQ have been correlating logs of websites visited with associated cookie information to identify the viewers.
The Snowden files give some idea of
how they mine this data on an unprecedented scale, with the aim of detecting suspicious behaviour by anyone in the world.
The system also allowed spooks to track people who had listened to particular online radio stations, which they say
were used to spread radical islamic ideas.
A report included in the leak showed how they selected one listener, from Egypt, and revealed they had also looked at porn site Redtube, Facebook, Yahoo, Flickr, Google, and a website about Islam. The
report does not say whether the user was suspected of a crime or had links to terrorism beyond listening to a radio station.
The Karma Police system shares its name with a Radiohead song, the chorus of which goes: This is what you'll get if you
mess with us.
As the head of MI5 launches a push for unparalleled powers, will he answer challenging questions on why banning encryption, or weakening it through compulsory backdoors, won't make us all less safe? By Julian Huppert
Apple has refuse a US court order to hand over texts sent using iMessage between two iPhones because its encryption system leaves the company unable to comply.
The order was obtained by the US Department of Justice during an investigation over the
summer and represents the first known direct face-off between the government and Apple over encryption.
The US government, led by the FBI, has been making increasingly strident calls for technology companies to stop providing ubiquitous encryption
to customers. In September 2014, the director of the FBI, James Comey, specifically criticised Apple's decision to enable end-to-end encryption in its then-new mobile operating system, iOS8, which is what prevents the company from reading its
users' messages. Comey said at the time:
I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the content of anyone's closet or their smart phone. The notion
that someone would market a closet that could never be opened -- even if it involves a case involving a child kidnapper and a court order -- to me does not make any sense.
Google is marketing their Android the same way: 'Buy our
phone and law-enforcement, even with legal process, can never get access to it.
According to a report by PC Authority the latest update to the Windows 10 EULA (End User Licence Agreement) says that Microsoft can block you from using pirated software and unauthorised hardware peripherial devices :
Sometimes you'll need software updates to keep using the Services. We may automatically check your version of the software and download software updates or configuration changes, including those that prevent you from accessing the
Services, playing counterfeit games, or using unauthorized hardware peripheral devices. You may also be required to update the software to continue using the Services.
And it seems that the definition of 'unauthorised' is left to the
whims of Microsoft.
A treason investigation into two journalists who reported that the German state planned to increase online surveillance has been suspended by the country's prosecutor general following protests by leading voices across politics and media.
Range, Germany's prosecutor general, said he was halting the investigation for the good of press and media freedom . It was the first time in more than half a century that journalists in Germany had faced charges of treason. Range said he would
await the results of an internal investigation into whether the journalists from the news platform netzpolitik.org had quoted from a classified intelligence report before deciding how to proceed.
His announcement followed a deluge of criticism and
accusations that Germany's prosecutor had misplaced priorities , having failed to investigate with any conviction the NSA spying scandal revealed by whistleblower Edward Snowden, and targeting instead the two investigative journalists, Markus
Beckedahl and Andre Meister.
In a scathing attack, the leading Green MP Renate Künast, who is also chair of the Bundestag's legal affairs committee, called the investigation a humiliation to the rule of law . She accused Range of
disproportionately targeting the two journalists, whilst ignoring the massive spying and eavesdropping [conducted] by the NSA in Germany . Se added: If it wasn't for investigative journalism, we would know nothing.
In articles that
appeared on netzpolitik.org in February and April, the two reporters made reference to what is believed to be a genuine intelligence report that had been classified as confidential, which proposed establishing a new intelligence department to monitor the
internet, in particular social media networks.
Update: Prosecution of state snooping whistleblowers terminated
After much public outcry, the treason investigation into German blog Netzpolitik.org was paused late last week. And now it hass been officially dropped .
This is a victory for the free press and the German public. The
investigation, if permitted to continue, would have chilled and intimidated journalists from covering one of the most pressing issues of the day-- i.e ., mass surveillance of law-abiding citizens. As Netzpolitik journalist Andre Meister told EFF:
The secret services of the world need to be controlled and checked by all other pillars in society--executive, legislative, judiciary and the free press. Post-Snowden, it's undeniable that reporting on surveillance
capabilities is integral for keeping those antidemocratic institutions at bay. Germany too needs a broader debate on its secret services.
After the investigation of Netzpolitik came under fire from the public, the
German government scrambled to show its continued dedication to the free press. On Friday, July 31, 2015--soon after the investigation of Netzpolitik was confirmed in the press--Germany's Justice Minister Heiko Maas told the chief federal prosecutor that
he doubted the leaked documents constituted state secrets whose publication would endanger the security of the country. The next day, thousands marched in Berlin to protest the investigation, and on Monday, August 3, German Chancellor Angela
Merkel issued a statement giving her full support to the Justice Minister.
But the chief prosecutor, Harald Range, doubled-down on his determination to proceed with the investigation, criticizing the Justice Minister for
interfering with his investigation--a response which only further ignited public outrage. The Justice Minister ultimately fired Mr. Range over his handling of the case. At a press conference last week, the Justice Minister stated, my trust in his
ability to fulfill the office has suffered lasting damage[.] And on Monday, August 10, the prosecutor's office accepted the Justice Ministry's assessment that Netzpolitik did not leak state secrets, officially terminating the investigation.
As we stated in our earlier posts, mass surveillance is a matter of public concern for which Netzpolitik should be commended--not punished--for covering. We're glad the German government recognized this.
Netzpolitik noted in a recent post , the investigation of its sources remains pending--an investigation that threatens to chill future whistleblowing in Germany. Meister told EFF:
It's about time [the] ridiculous
investigation into us as journalists was dropped, but the investigations into our sources are supposed to go on. We demand an immediate end to all investigations into press and their whistleblowers. Whistleblowers are integral for investigative
journalism and they need protection not prosecution.
A high-speed anonymous way to browse the web has been developed by security researchers. The team, based in Zurich and London, say they have found a way to mask data that does little to slow it down.
Many anonymising systems are slow because data
is encrypted many times as it travels. But the new high-speed encryption system, Hornet, could theoretically move data around at speeds up to 93GBps, its creators say.
Hornet is conceptually similar to The Onion Router (Tor) network that many
people currently use to disguise from where they are browsing the web. Tor encrypts data as it hops randomly between the servers or relays that make up the network. However, encrypting and decrypting data many times adds a processing overhead, which
means browsing the web via Tor can be slow and frustrating.
Tor's design suffers from performance and scalability issues: as more clients use Tor, more relays must be added to the network , said the researchers in a paper describing their
Hornet avoids some of the problems that limit how many users a Tor-like system can handle by changing the way it handles information about where data is going. By removing some of this administrative overhead, it is possible to speed up the
passage of data through the network's anonymising core.
In addition, they wrote, these changes made Hornet less susceptible to some of the attacks that have been used to unmask people who use Tor.
France's highest authority on constitutional matters has approved a controversial bill that gives the state sweeping new powers to spy on citizens.
The constitutional council made only minor tweaks to the legislation, which human rights and
privacy campaigners, as well as the United Nations, have described as paving the way for very intrusive surveillance and state-approved eavesdropping and computer-hacking.
An 18-strong United Nations committee for human rights warned that
the surveillance powers granted to French intelligence agencies were excessively broad . It said the the bill grants overly broad powers for very intrusive surveillance on the basis of vast and badly defined objectives and called on
France to guarantee that any interference in private life must conform to principles of legality, proportionality and necessity .
Amnesty International warned that the French state was giving itself extremely large and intrusive powers
with no judicial control.
The bill gives the country's secret services the right to eavesdrop on the digital and mobile phone communications of anyone linked to a terrorist inquiry and install secret cameras and recording devices in
private homes without requesting prior permission from a judge.
Intelligence agencies can also place keylogger devices on computers that record keystrokes in real time. Internet and phone service providers will be forced to install black
boxes that will alert the authorities to suspicious behaviour online. The same companies will be forced to hand over information if asked. Recordings can be kept for a month, and metadata for five years.
A special advisory group, the National
Commission for the Control of Intelligence Techniques, made up of magistrates, MPs and senators from the upper house of parliament, will be consulted instead of a judge.
In a decision of great potential importance, the Divisional Court (a Lord Justice and High Court Judge sitting together) have declared section 1 of DRIPA, an Act of Parliament passed in 2014, to contravene the EU Charter of Fundamental Rights as it was
interpreted in the Digital Rights Ireland judgment of April 2014.
Digital Rights Ireland declared invalid the Data Retention Directive of 2006, an EU measure which had been promoted by the UK and which required all Member States to retain
telecommunications data for periods of between 6 and 24 months.
DRIPA (enacted under emergency procedures in July 2014, in only four days) was the UK's reaction to Digital Rights Ireland. Its purpose was to provide a statutory basis, replacing the
now-invalid Directive, for the requirement that service providers in the UK retain certain categories of data (e.g. sender/recipient, date/time/duration of communication, but not content or web browsing history) for 12 months.
The Divisional Court
judgment applied the Digital Rights Ireland principles to DRIPA, disapplying the Act of Parliament to the extent that it failed to respect the EU Charter of Fundamental Rights.
It remains to be seen whether the Government will appeal and,
if so, how quickly that appeal will be heard.
WhatsApp, Facebook Messenger and Snapchat could all potentially be banned under the latest revision of the Government's Snoopers Charter that's being drafted at the moment.
The Investigatory Powers Bill, mentioned in the
2015 Queen's Speech , would allow the government to ban instant messaging apps that refuse to remove end-to-end encryption.
Home Secretary Theresa
May reportedly plans to push the bill forward as quickly as possible, putting it in front of the Government by the Autumn.
The unconfirmed ban has caused an outcry on social media with reactions ranging from anger to disbelief that the Government
would be able to take on companies like Apple, Google and Facebook.
David Cameron hinted at such repressive measures earlier this year in the aftermath of the Paris shootings when he claimed that when implementing new surveillance powers he
would have no problem banning services like Snapchat if they didn't comply. He threatened:
In our country, do we want to allow a means of communication between people which even in extremes, with a signed warrant from
the Home Secretary personally that we cannot read.
My answer to that question is no we must not. If I am prime minister, I will make sure it is a comprehensive piece of legislation that makes sure we do not allow terrorist safe
spaces to communicate with each other.
In a damning report on government surveillance however ,
leading computer experts at MIT have claimed that the proposals by both the US and UK governments have 'failed to account for the risks' that are inherently associated with removing encryption. The report states:
proposals are unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm.
Facebook can recognise you from photos even it can't see your face. Researchers trained the software using 60,000 photos taken from Flickr It was able to correctly identify individuals with more than 83% accuracy