The governments invasive mass snooping laws will be used to bring online bullies and trolls to justice, the Home Secretary says.
Theresa May reportedly says that surveillance powers, unveiled under the Investigatory Powers Bill last month, will be
used by police and spooks to track down and identify anonymous cyberbullies. The Times reports that 'officials' will be able to unmask users going by various aliases.
Previously the government has maintained that the far reaching Snooper's
Charter would be restricted to tracking serious crimes such as terrorism and child abuse.
Offsite Article: Theresa May wants to see your internet history, so we thought it was only fair to ask for hers
Apple has called for changes to the UK government's investigatory powers bill, over fears it would weaken the security of personal data of millions of law-abiding citizens .
In a submission to the bill committee the company expressed major
concerns and called for wholesale changes before the bill is passed. It siad:
We believe it would be wrong to weaken security for hundreds of millions of law-abiding customers so that it will also be weaker for the
very few who pose a threat. In this rapidly evolving cyber-threat environment, companies should remain free to implement strong encryption to protect customers
Apple highlighted the main areas of the bill that it wants to see changed.
It told the committee that passages in the bill could give the government the power to demand Apple alters the way its messaging service, iMessage, works. The company said this would weaken encryption and enable the security services to eavesdrop on
iMessage for the first time. In its submission, Apple said:
The creation of backdoors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers. A key left under
the doormat would not just be there for the good guys. The bad guys would find it too.
Apple said it was worried about the scope of the bill as many of the provisions in the bill apply to companies regardless of where they are based,
giving the bill international scope, despite being a purely domestic piece of legislation. It also runs the risk of placing companies in a damned if they do, damned if they don't position. The company said:
businesses affected will have to cope with a set of overlapping foreign and domestic laws. When these laws inevitably conflict, the businesses will be left having to arbitrate between them, knowing that in doing so they might risk sanctions. That is an
unreasonable position to be placed in.
Thailand's Interior Minister Anupong Paojinda has responded to public criticism and scrapped the dreadful idea to include occupation and salary details on people's ID cards.
Social media exploded on Saturday after the military ruler, prime minister
Prayut Chan-o-cha, suggested that inclusion of wage and occupation data should be included on Thai ID cards by 2017.
Today, however, General Anupong clarified that such information would only be included in an internal ministry database. He
claimed that use of the data would not violate people's rights and the extra information was somehow being collected solely for the name of the public interest.
Human rights advocates opposed Gen Prayut's idea, calling it an invasion of privacy
and violation of basic human rights. They argued people's salary and occupation were personal data and should not be displayed on ID cards, even to electronic readers. The disclosure of such sensitive information could spur discrimination and put people
at risk of exploitation by criminals.
Gen Anupong said minimal additional funds would be needed to collect salary and occupation data, as only surveys were required, not the production of new ID cards or reader systems. Gen Prayut on Monday said
minimum-wage earners would remain exempt from taxes, but their incomes would still need to be recorded.
Thousands of Europe's drivers will be spied upon by their cars from 2018 when every vehicle sold could alert advertisers, insurers, councils, tax authorities, traffic wardens and police to their habits and locations, a European motoring
organisation is warning.
The Federation International de l'Automobile (FIA), a Brussels-based consumer body representing 111 motoring and touring clubs and 38 million drivers, has launched a campaign urging greater safeguards for the use of
information on drivers gathered by tracking devices that will soon become compulsory in all new cars. FIA spokeswoman Andrea Campbell said its:
My car, my data campaign reflected the fact that information gleaned from
cars is not protected by European data legislation.
From 2018, every new car will have a wireless box for road safety, and there is talk of retro-fitting telematics boxes into older cars. It's only a small step to offering
infotainment, traffic information and rest stop promotions.
Manufacturers can track you, and lock you in to their terms and conditions. So we are pushing for dedicated privacy legislation for consumer data protection, greater
consumer awareness, and a fair after-market for services.
Britain's AA motoring organisation is to join the campaign. Its president, Edmund King, said:
Connected cars offer drivers a vast array of
new and exciting services and they can also help with breakdowns and crashes. But drivers may be unaware of just what information is collected, how it is used, who owns it and how is it protected. We support the FIA's campaign aimed at ensuring greater
Data-connected cars gather information on driving styles, including the duration of journeys, speeds, acceleration and sudden braking, as well as details of where cars park, refuel or charge their batteries, and latest
destinations entered into on-board navigation systems. Smart systems can identify driving violations and mobile phone use, record the number of passengers and relay information about engine trouble to emergency services. Such data can be sold to
The French government is looking towards some of the powers enabled by the current state of emergency and is proposing several ideas to increase state surveillance, including blocks on encrypted Internet connections and a ban on public Wi-Fi networks.
According to the newspaper, Le Monde, the extension of the state of emergency could also stretch to requiring all rental cars to carry GPS, expansion of public video surveillance, two-year telecommunications data retention, and approval for police
to use IMSI-catchers (like the Stingray devices used in America to intercept mobile communications).
French news site Numerama.com adds that the matters under debate also include forced provision of messaging encryption keys. The proposals could
be up for enacting in law as soon as January, Numerama says.
The proposals stretch beyond shutting off the Wi-Fi at Parisian cafes to banning shared connections with criminal sanctions as enforcement. It would seem that the French
authorities want to be better able to correlate individuals with their internet communications by making sure that knowledge of an IP address ties down the communication to known and identified individual.
The proposals also indicate a desire to
snoop on VoIP conversations, again with encryption keys to be given to the police.
The Register details what ISPs will and will not be able to determine from your internet usage. However the article should be read with a little caution. Eg just because an ISP cannot determine which of your family members is accessing the websites on
the log doesn't mean the authorities can't. In fact the bill mentions specific capabilities to use context and tracking cookies etc to determine which family member access which sites.
UK surveillance bill could bring very dire consequences , warns Apple chief
The bill would preserve current blanket data retention requirements for communications data and add a new requirement for communications service providers to retain users' "Internet connection records" for up to 12
months. As described in the government's explanatory notes, this requirement means that the government could get a list of all the websites a person visits or online services they use for up to a year. Even though this would not provide access to the
specific pages of a website the person visited, it would be highly revealing of a person's online activity and could result in self-censorship with a chilling effect on free expression. It would also breach the right to privacy and to information, given
that it applies to all users regardless of whether they are under suspicion. Intelligence agencies and police would be able to access such communications data without a warrant or review by a judge. Although judicial approval is required for police to
gain access to journalists' sources, it would not be required for intelligence agencies to get this access.
Internet and social media companies will be banned from putting customer communications beyond their own reach under new laws to be unveiled on Wednesday.
Companies such as Apple, Google and others will no longer be able to offer encryption so
advanced that even they cannot decipher it when asked to, the Daily Telegraph can disclose.
Measures in the Investigatory Powers Bill will place in law a requirement on tech firms and service providers to be able to provide unencrypted
communications to the police or spy agencies if requested through a warrant. A Home Office spokessnoop said:
The Government is clear we need to find a way to work with industry as technology develops to ensure that,
with clear oversight and a robust legal framework, the police and intelligence agencies can access the content of communications of terrorists and criminals in order to resolve police investigations and prevent criminal acts.
means ensuring that companies themselves can access the content of communications on their networks when presented with a warrant, as many of them already do for their own business purposes, for example to target advertising. These companies' reputations
rest on their ability to protect their users' data.
to recent promises by Ministers that the government will not attempt to weaken or undermine encryption, the new obligation would require companies to ensure that they had the capability to decrypt any data they stored. This would particularly impact
cloud-based companies like Apple and Facebook, which have won consumer trust for the integrity of their Facetime and WhatsApp communications services by designing them with encryption that protects customer data even from the company itself.
End-to-end encryption means, for communications, that the message is encrypted by the sender with a key known only to the intended recipient. Thus Alice can Facetime Bob safe in the knowledge that Apple cannot access the
communication, even though Facetime communications need to be sent through servers run by Apple. End-to-end encryption also applies for data storage in the cloud: a business storing its corporate data in a cloud service like Amazon S3 or Google Glacier
will encrypt that data with a key that it knows and Amazon or Google does not.
The ability to support end-to-end encryption has been a crucial factor enabling adoption of cloud-based services as a viable alternative to traditional
applications run by corporate IT departments. Quite apart from any consumer backlash, prohibiting this capability would give pause to more security-sensitive businesses, that have a duty to protect the integrity of their customer data: if storing data in
the cloud means exposing customer data to the cloud-service provider, use of cloud services becomes much riskier. Recent high-profile breaches at TalkTalk, Vodafone and credit-rating agency Experian have greatly raised sensitivity to risk.
Councils, the taxman and dozens of other public bodies will be able to search the internet and social media activity of everyone in Britain, The Telegraph can disclose.
Technology firms will be required to keep records of the websites and apps
which people have used and details of when they accessed them for 12 months under new powers unveiled this week.
The new powers, contained in legislation which is published on Wednesday , will primarily be used by police and the security services
in pursuit of suspected terrorists and serious criminals.
Nominally they will not be allowed to see which pages people have viewed or their searches while on the websites and apps, or the content of any messages, without a warrant, however it
would seem likely obtaining a warrant will be a rubber stamp exercise.
The Telegraph understands that a total of 38 bodies will also be entitled to access the records for the purpose of detecting or preventing crime .
source claims that access will be limited, targeted and strictly controlled and overseen by a new Investigatory Powers Commissioner, but such 'oversight' has never ever done anything to reign in the authorities in any previous incarnation of
Ministers are also planning to introduce a new offence to deter the abuse of powers which will result in significant fines. Councils will also be required to get requests signed off by a magistrate before they are authorised, but it
seems unlikely that a magistrate would ever side with anyone accused of a crime.
The authorities will be able to see which websites were visited, but not the exact page that they viewed.
The intelligence agencies, police and the National
Crime Agency will be the obvious users of the capability but other bodies including the Financial Conduct Authority, HMRC, councils, the Health and Safety Executive and the Department for Work and Pensions will be able to access the information.
A new chat tool has been launched in an effort to improve the security of online messaging.
Tor Messenger allows users to chat over the Tor (The Onion Router) network in a way which hides the location of participants. It means that the contents of
messages will only be visible to the participants. The service will also work with platforms like Facebook even in countries where they are banned.
The tool is currently in beta and will undergo security tests. It is not yet recommended for
users with current security requirements.
Users wishing to remain anonymous or access chat clients blocked in their own country could use Tor Messenger to chat via services like Facebook Chat, Google Talk, Twitter, Yahoo and Internet Relay Chat.
The European Parliament voted Thursday in support of a resolution that calls on member states to protect Edward Snowden from extradition.
The vote, which has no legal force, was 285-281. The resolution urges nations to drop criminal charges and consequently prevent extradition or rendition by third parties, in recognition of his status as whistle-blower and international human rights defender.
On Twitter, Snowden repsonded
This is not a blow against the US Government, but an open hand extended by friends. It is a chance to move forward.
In response to Thursday's vote, U.S.
State Department spokesman John Kirby said the U.S. policy on Snowden has not changed:
He needs to come back to the United States and face the due process and the judicial process here in the United States. That's been
our position from the beginning. It's our belief that the man put U.S. national security in great danger and he needs to be held account to that.
Alex Stamos, Chief Security Officer at Facebook, explains its new Notification for targeted attacks:
The security of people's accounts is paramount at Facebook, which is why we constantly monitor for potentially malicious
activity and offer many options to proactively secure your account. Starting today, we will notify you if we believe your account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state.
While we have always taken steps to secure accounts that we believe to have been compromised, we decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored. We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts.
It's important to understand that this warning is not related to any compromise of Facebook's platform or systems, and that having an account compromised in this manner may indicate that your computer or mobile device has been
infected with malware. Ideally, people who see this message should take care to rebuild or replace these systems if possible.
To protect the integrity of our methods and processes, we often won't be able to explain how we
attribute certain attacks to suspected attackers. That said, we plan to use this warning only in situations where the evidence strongly supports our conclusion. We hope that these warnings will assist those people in need of protection, and we will
continue to improve our ability to prevent and detect attacks of all kinds against people on Facebook.
Germany's Bundestag has voted for a new version of the data retention law that caused so much controversy in the past.
The new law will force telcos to store call and email records for 10 weeks, as well as metadata including information about who
called or emailed whom and when, and call duration. IP addresses will also be logged. Mobile phone location data will only be stored for four weeks.
The data is only to be used in the investigation of terrorism and other serious crimes (but all
crimes are defined as 'serious' crimes these days) and police must get a judge's consent before rifling through personal metadata, and the individual in question must be notified.
Justice Minister Heiko Maas defended the new law, saying that it
was proportionate, in contrast to earlier legislation, as less data would be stored and retained for a shorter time.
The Obama administration has announced that it will not be pursuing legislation to force tech companies to introduce encryption backdoors. National Security Council spokesman Mark Stroh said:
As the president has said,
the United States will work to ensure that malicious actors can be held to account -- without weakening our commitment to strong encryption. As part of those efforts, we are actively engaged with private companies to ensure they understand the public
safety and national security risks that result from malicious actors' use of their encrypted products and services.
The announcement came in the same week that Wikipedia founder Jimmy Wales called the British Prime Minister's
anti-encryption rhetoric moronic . He said:
It's too late, David. ...The genie is out of the bottle. ...It is not feasible in any sense of the word for the UK to ban end-to-end encryption. It's a completely
moronic and stupid thing to do. We all have a very strong interest in a safe and secure internet.