Category Archives: Privacy

Japan launches extreme vetting: For smart phones


Targets of the new measures will be folks who use “burner phones” whilst doing nefarious deeds, a scenario familiar to anyone who watches cop shows.

From the Yomiuri Shimbun:

The communications ministry has asked an industry organization to thoroughly verify the identities of budget smartphone users when they form a contract, it has been learned.

It is often possible to complete subscription procedures on the internet for budget smartphones, which offer lower communication charges than ordinary smartphones, and there is a rapidly growing number of cases in which smartphones are acquired with forged ID documents and then misused for crimes such as bank transfer scams.

To address this situation, the Internal Affairs and Communications Ministry will strengthen countermeasures such as implementing administrative measures against malicious smartphone providers that shirk efforts to prevent fraud, according to informed sources.

The ministry has reportedly sent a written request to the Telecom Services Association, which comprises about 50 companies selling budget smartphones, including Rakuten Inc. and Line Corp. It called on the association to enhance training for staff in charge of user subscriptions, make sure to report to the police and other relevant authorities when possible frauds are discovered, and share information about fraud methods, the sources said.

In many cases, budget smartphone subscribers verify their identities by entering their name, address and other information on a subscription website, taking a picture of their driver’s license or health insurance card with a mobile phone camera and sending the photo through the website.

Chart of the day: They’ve got your number


From Americans and Cybersecurity, a new report from the Pew Research Center:

blog-hack

2016 proved a black year for personal privacy


In brief, new laws and executive orders have given uintelligence agencies in the U.S. and U.K. unprecedented powers to gather a near-infinite harvest of the digital traces of our lives.

And in the U.S., gleanings once accessible only to a handful of political, military, and diplomatic elites will now be open to a host of law enforcement agencies.

From the New York Times:

In its final days, the Obama administration has expanded the power of the National Security Agency to share globally intercepted personal communications with the government’s 16 other intelligence agencies before applying privacy protections.

The new rules significantly relax longstanding limits on what the N.S.A. may do with the information gathered by its most powerful surveillance operations, which are largely unregulated by American wiretapping laws. These include collecting satellite transmissions, phone calls and emails that cross network switches abroad, and messages between people abroad that cross domestic network switches.

The change means that far more officials will be searching through raw data. Essentially, the government is reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people.

Attorney General Loretta E. Lynch signed the new rules, permitting the N.S.A. to disseminate “raw signals intelligence information,” on Jan. 3, after the director of national intelligence, James R. Clapper Jr., signed them on Dec. 15, according to a 23-page, largely declassified copy of the procedures.

Previously, the N.S.A. filtered information before sharing intercepted communications with another agency, like the C.I.A. or the intelligence branches of the F.B.I. and the Drug Enforcement Administration. The N.S.A.’s analysts passed on only information they deemed pertinent, screening out the identities of innocent people and irrelevant personal information.

More from the Intercept:

The change was in the works long before there was any expectation that someone like Trump might become president. The last-minute adoption of the procedures is one of many examples of the Obama administration making new executive powers established by the Bush administration permanent, on the assumption that the executive branch could be trusted to police itself.

Executive Order 12333, often referred to as “twelve triple-three,” has attracted less debate than congressional wiretapping laws, but serves as authorization for the NSA’s most massive surveillance programs — far more than the NSA’s other programs combined. Under 12333, the NSA taps phone and internet backbones throughout the world, records the phone calls of entire countries, vacuums up traffic from Google and Yahoo’s data centers overseas, and more.

In 2014, The Intercept revealed that the NSA uses 12333 as a legal basis for an internal NSA search engine that spans more than 850 billion phone and internet records and contains the unfiltered private information of millions of Americans.

In 2014, a former state department official described NSA surveillance under 12333 as a “universe of collection and storage” beyond what Congress has authorized.

And a Snooper’s Charter takes effect in the U.K.

It’s called the Investigatory Powers Act 2016, more familiarly known as the Snooper’s Charter [full text here].

The Guardian reported on the measure’s passage on 19 November:

A bill giving the UK intelligence agencies and police the most sweeping surveillance powers in the western world has passed into law with barely a whimper, meeting only token resistance over the past 12 months from inside parliament and barely any from outside.

The Investigatory Powers Act, passed on Thursday, legalises a whole range of tools for snooping and hacking by the security services unmatched by any other country in western Europe or even the US.

The security agencies and police began the year braced for at least some opposition, rehearsing arguments for the debate. In the end, faced with public apathy and an opposition in disarray, the government did not have to make a single substantial concession to the privacy lobby.

US whistleblower Edward Snowden tweeted: “The UK has just legalised the most extreme surveillance in the history of western democracy. It goes further than many autocracies.”

One major organization, the National Council for Civil Liberties [counterpart of the American Civil Liberties Union in the U.S.], is on the legal offensive.

From their website:

Liberty is launching a landmark legal challenge to the extreme mass surveillance powers in the Government’s new Investigatory Powers Act – which lets the state monitor everybody’s web history and email, text and phone records, and hack computers, phones and tablets on an industrial scale.

Liberty is seeking a High Court judicial review of the core bulk powers in the so-called Snoopers’ Charter – and calling on the public to help it take on the challenge by donating via crowdfunding platform CrowdJustice.

Martha Spurrier, Director of Liberty, said: “Last year, this Government exploited fear and distraction to quietly create the most extreme surveillance regime of any democracy in history. Hundreds of thousands of people have since called for this Act’s repeal because they see it for what it is – an unprecedented, unjustified assault on our freedom.

“We hope anybody with an interest in defending our democracy, privacy, press freedom, fair trials, protest rights, free speech and the safety and cybersecurity of everyone in the UK will support this crowdfunded challenge, and make 2017 the year we reclaim our rights.”

The Investigatory Powers Act passed in an atmosphere of shambolic political opposition last year, despite the Government failing to provide any evidence that such indiscriminate powers were lawful or necessary to prevent or detect crime. A petition calling for its repeal

Liberty will seek to challenge the lawfulness of the following powers, which it believes breach the public’s rights:

  • the Act lets police and agencies access, control and alter electronic devices like computers, phones and tablets on an industrial scale, regardless of whether their owners are suspected of involvement in crime – leaving them vulnerable to further attack by hackers.
  • the Act allows the state to read texts, online messages and emails and listen in on calls en masse, without requiring suspicion of criminal activity.

Bulk acquisition of everybody’s communications data and internet history

  • the Act forces communications companies and service providers to hand over records of everybody’s emails, phone calls and texts and entire web browsing history to state agencies to store, data-mine and profile at its will. This provides a goldmine of valuable personal information for criminal hackers and foreign spies.
  • the Act lets agencies acquire and link vast databases held by the public or private sector. These contain details on religion, ethnic origin, sexuality, political leanings and health problems, potentially on the entire population – and are ripe for abuse and discrimination.

The secret agreements giving those new laws more power

From a review [open access] of the implications of revelations contained in the Snowden leaks in the International Journal of Law and Information Technology:

The US and UK’s signals intelligence agencies, National Security Agency (NSA) and Government Communications Headquarters (GCHQ), have gained access to very large volumes of Internet communications and data, for extremely broad ‘foreign intelligence’ purposes. A declassified 2011 US court order shows that NSA was already accessing more than 250 million ‘Internet communications’ each year. GCHQ is recording 3 days of international Internet traffic transiting the UK and 30 days of ‘metadata’ about these communications, and has gained access to ‘the majority’ of European Internet and telephone communications. NSA and GCHQ ‘collection’ of data is via intercepts of Internet traffic flowing through international fibre optic cables operated by telecommunications companies, and through automated searches carried out by Internet companies such as Microsoft, Apple, Google and Facebook on their internal systems, as well as the provision of complete records of all US telephone calls by AT&T, Verizon and others. NSA Director Keith Alexander asked his staff in 2008: ‘Why can’t we collect all the signals all the time?’—and they have set out to implement this vision.

The US and UK laws compel this cooperation by telecommunications and Internet companies (including ‘cloud computing’ providers that increasingly provide the infrastructure for Internet services).5 Other European governments cooperate with the USA–UK–Canada–Australia–New Zealand ‘Five Eyes’ intelligence alliance, notably an additional four countries in a ‘9-Eyes’ group (France, The Netherlands, Norway and Denmark) and a further five (Germany, Sweden, Spain, Belgium and Italy) in a ‘14-Eyes’ configuration.

NSA has further bugged EU offices and computer networks in Washington DC and New York, and gained access to UN internal videoconferencing systems. It has interception equipment and staff (jointly with the CIA) at 80 US embassies.

NSA has compromised at least 85,000 ‘strategically chosen’ machines in computer networks around the world; each device ‘in some cases … opens the door to hundreds or thousands of others.’ A new automated system is capable of managing ‘potentially millions’ of compromised machines for intelligence gathering and ‘active attack’. NSA conducted 231 ‘offensive operations’ in 2011, which represents ‘an evolution in policy, which in the past sought to preserve an international norm against acts of aggression in cyberspace, in part because U.S. economic and military power depend so heavily on computers’. NSA is spending $250 million each year to sabotage security standards and systems so that it can maintain access to encrypted data. GCHQ has developed methods to access encrypted data communications to Hotmail, Google, Facebook and Yahoo!

And if is those international agreements that magnify the impact of the increased panoptical powers in the United States and Great Britain.

And foremost among those pacts in the UKUSA Agreement, an accord granting London and Washington unparalleled access to each others intelligence gleanings.

Images of the day: Whistle while you work


First a tweet from security researcher Dan Staples, taking it to the man:

blog-nsa-shirt

And the image on his T-shirt [which you can find online here]:

blog-nsa-shirt-2

Headline of the day II: And still more curioser


A dramatic turnaround just posted by the New York Times:

‘I Think It Was Russia,’ Trump Says About D.N.C. Hacking

  • President-elect Trump conceded for the first time that Russia was behind the hacking of Democrats during the presidential campaign.
  • But at the news conference he vigorously denied the swirl of allegations about his ties to Russia.

Corporate predators lust for your Internet data


With Republicans now controlling the White House and Congress, corporate predators are moving in for the kill.

From the Washington Post:

Some of the nation’s biggest Internet providers are asking the government to roll back a landmark set of privacy regulations it approved last fall — kicking off an effort by the industry and its allies to dismantle key Internet policies of the Obama years.

In a petition filed to federal regulators Monday, a top Washington trade group whose members include Comcast, Charter and Cox argued that the rules should be thrown out.

“They are unnecessary, unjustified, unmoored from a cost-benefit assessment, and unlikely to advance the Commission’s stated goal of enhancing consumer privacy,” wrote the Internet & Television Association, known as NCTA.

The petition joins a bevy of others from groups representing telecom companies, wireless carriers, tech companies and advertisers.

The rules, which passed by a 3-to-2 partisan vote favoring Democrats at the Federal Communications Commission in October, are meant to keep Internet providers such as Comcast, Verizon and others from abusing the behavioral data they collect on customers as they regularly use the Internet.

Headline of the day: Idiocy of the first order


From the London Daily Mail:

Assange says a 14-year-old could have hacked Democratic emails as he reveals John Podesta’s password was ‘password’

  • Julian Assange claimed Clinton made no attemot to secure her party’s emails
  • He reiterated claims Russia was not behind hacks during presidential election
  • Emails stolen from DNC and Clinton’s campaign chairman were published online
  • But Assange said ‘source is not Russian government and it is not a state party’