archive-org.com » ORG » P » PRIVACYINTERNATIONAL.ORG

Total: 465

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Statement on the Science and Technology Committee’s report “Investigatory Powers Bill: technology issues” | Privacy International
    the draft Bill risks undermining security and privacy The Committee encountered almost universal confusion regarding the meaning of Internet Connection Records and what the collection of such records would entail As the Committee has said in their report to arbitrarily interfere with the right to privacy of all users of technology in the UK has the potential not only to damage the technology sector but in turn the larger economy Certain of the draft IP Bill s provisions risk damaging more than economic competitiveness but also the trust consumers place in technology companies located in or doing business with the UK A provider s duty to maintain the security of its systems and the privacy of its users data is of paramount importance The Committee s report shows that both small UK businesses and international companies like Apple should be and often are concerned about the draft Bill s potential to weaken encryption and sanction equipment interference or government hacking The draft IP Bill could affect the security of the systems that form the basis of our daily transactions like online banking and email In order to address these concerns the draft IP Bill must be revised Matthew Rice Advocacy

    Original URL path: https://privacyinternational.org/node/722 (2016-04-27)
    Open archived version from archive

  • Mind the gap: A review of the right to privacy at the UN in 2015 | Privacy International
    to the ever expanding surveillance industry and companies collection and use of personal data While the Special Rapporteur on privacy is the first and only UN mechanism specifically dedicated to the right to privacy other UN human rights experts and bodies have heightened their attention on the issues of privacy surveillance and new technologies The Special Rapporteur on freedom of expression dedicated his 2015 annual report to the Council on the issue of encryption and online anonymity In the face of efforts by some states to gain the power to override encrypted communications in the name of combatting terrorism the report considers how the use of increasingly popular encryption and anonymity tools and services can protect and promote human rights online particularly the rights to freedom of expression and privacy The report notes how encryption and anonymity provide individuals and groups with a zone of privacy online to hold opinions and exercise freedom of expression without arbitrary and unlawful interference or attacks Beyond adopting a resolution and appointing a dedicated Special Rapporteur the Human Rights Council through the Universal Periodic Review mechanism has also increased scrutiny of the right to privacy in specific countries In a positive development some governments such as Brazil Czech Republic Estonia Germany India Liechtenstein the Netherlands Slovenia Sweden Switzerland have begun to raise concerns about surveillance laws and practices of other countries and have made recommendations related to issues of privacy and surveillance in the 2015 Universal Periodic Review sessions including on Australia Austria Belarus Kenya Sweden Turkey and the USA While many of these recommendations are still formulated in general terms they constitute an important sign that the right to privacy is finally receiving due attention within the UPR framework For example Liechtenstein recommended that Kenya review its laws and policies in order to ensure that surveillance of digital communications is consistent with its international human rights obligations and is conducted on the basis of a legal framework which is publicly accessible clear precise and non discriminatory And the Netherlands recommended that Sweden implement reforms to comply with its obligations under EU law as set out in the International Principles on the Application of Human Rights to Communications Surveillance While reviewing states parties implementation of the International Covenant on Civil and Political Rights in 2015 the Human Rights Committee focussed significantly on the laws and practices of surveillance The Committee expressed serious concerns about surveillance powers in Canada France the Former Yugoslav Republic of Macedonia the Republic of Korea and the United Kingdom In doing so the Committee reaffirmed some very important principles for example that the right to privacy needs to be respected regardless of the nationality or location of individuals whose communications are under surveillance that states should establish robust oversight systems over surveillance interception and intelligence sharing of personal communications activities and that states must ensure there is judicial involvement in the authorisation of such measures in all cases including in relation to communications data On France the Committee expressed concerns

    Original URL path: https://privacyinternational.org/node/693 (2016-04-27)
    Open archived version from archive

  • New EU data protection laws: ok, but a tremendous missed opportunity with possible threats looming | Privacy International
    the age of big data and Internet of Things and unprecedented intrusion and profiling into people s lives has not been achieved Thankfully the new rules do not go below existing provisions but several of our key initial concerns have not been met and more weaknesses have been introduced to achieve compromise in the negotiations Compromise has also meant that some of the articles in the Regulation are so contorted and convoluted that corporate lawyers will be able to feed on them for years to come Some of the good The rights of the people data subjects have been reasserted and improved for example you will be now able to demand erasure of all your information if you have left a service or take away in an easily readable format the data you ve given a business provider The definition of personal data has been extended and clarified it now clearly includes IP addresses and location data for example The enforcement of the law and deterrents such as fines are more effective The redress and complaint possibilities are better privacy and consumer groups will now be able to act on behalf of one or more individuals There is a new right to object to profiling for direct marketing purposes Some of the bad and the ugly The user consent provision is confusingly mixed defined as unambiguous but has to be explicit for sensitive data such as health or political beliefs The very broad and undefined legitimate interest provision including for third parties can still circumvent consent altogether Collective redress is only possible in countries where provisions for collective redress exist in national legislation meaning that some people may end more equal than others and opening possibilities for forum shopping for companies There is a serious risk of dis harmonisation since

    Original URL path: https://privacyinternational.org/node/689 (2016-04-27)
    Open archived version from archive

  • EU Data Protection Package – Lacking ambition but saving the basics | Privacy International
    of which are major failures of the current legislation Joe McNamee Executive Director of European Digital Rights said Faced with possibly the world s biggest ever lobbying onslaught this agreement appears to have saved the essential elements of data protection in Europe Sadly there is little left of the initial ambition of the proposals At several moments in the past four years it appeared that the proposals were crumbling so today s vote represents an impressive achievement by politicians from all major political families and by civil society The objective of modernisation has been achieved only partially resisted by industry groups who want to stay in the last century One of the key elements of modernisation profiling has not been dealt with thoroughly The differentiation of explicit consent for sensitive data and consent for other processing of personal data will not help when enforcing the Regulation The failure to properly reform the foggy notion of processing of data on the basis of the legitimate interest of the controller is a missed opportunity even though we are happy that some safeguards were added More importantly harmonisation has become a parody of its original intentions The existing Directive consisted of 34 articles The final text has more permissible exceptions than the previous legislation had articles In addition Article 21 on exceptions for public policy reasons has broadened the list of articles that can be subject to a national opt out Overall the data protection package has achieved the bare minimum standards which were possible in the current political scenario The final texts are somewhat better than what was proposed by the EU Council and some European Parliament Committees but fall well short of the ambition of the initial proposals EDRi Bits of Freedom Digitale Gesellschaft e V Open Rights Group Digital Rights

    Original URL path: https://privacyinternational.org/node/691 (2016-04-27)
    Open archived version from archive

  • Zakharov v Russia: A refresher on how far Europe has come | Privacy International
    released a worldwide law enforcement disclosure report that revealed that in some jurisdictions providers were required to provide direct access to their communications networks The report explained that direct access gave authorities access to information and bypassed any form of operational control over the interception on the part of the provider Direct access is a deeply concerning method of surveillance that Privacy International has strongly spoken out against in the past The operation of direct access in the System of Operative Investigative Measures SORM Framework the surveillance infrastructure used by Russia and many Central Asian states has been exposed by Privacy International in the past What news for the IP Bill in the UK The implications of this judgment go beyond Russia Other European countries have introduced laws or are considering legislation that do not pass the tests of legality necessity and proportionality set out by the European Court In the UK the review of the Investigatory Powers Bill would benefit from considering the Zakharov judgement Particular attention should be paid to the Court s decision on authorisation procedures the practical realities of oversight and the operation of technology that allows for direct access to telecommunications networks The Court s judgement does not break new ground and the decision is littered with familiar cases to those who have followed surveillance and privacy in Europe over the last 10 years Weber and Saravia Klass and Others Kennedy Liberty and Others all of which are landmark judgements that have had telling influence on the decision of the Court The Court distilled the body of its case law to summarise the requirements of an interception authorisation which must clearly identify a specific person to be placed under surveillance or a set of premises as the premises in respect of which the authorisation is order For example Part 6 of the Investigatory Powers Bill contains the powers for Bulk interception warrants The warrants require little more than showing that the communications to be intercepted are overseas related communications meaning communications sent or received by individuals outside the British Islands That s it No specific individuals or specific groups no specific telephone numbers no specific premises Similarly very broad powers are included for other Bulk powers including bulk Government hacking Part 6 of the IP Bill would struggle against the clear standard communicated by the Court for interception authorisations This goes to the broader point too the Zakharov judgement has reinforced this current standard demonstrating that surveillance powers must remain necessary and proportionate As Marko Milanovic had said in his blog earlier the week it is noteworthy that the Court looked at both the provisions of Russian law and the practice of the oversight of surveillance in Russia This led to the Court calling out the lame Russian practice of District Courts who never request the interception agency to submit supporting materials and that a mere reference to the existence of information about a criminal offence or activities endangering national military economic or ecological security

    Original URL path: https://privacyinternational.org/node/688 (2016-04-27)
    Open archived version from archive

  • Submission To Science and Technology Committee Call For Evidence on the Draft Investigatory Powers Bill | Privacy International
    of Surveillance Briefings Investigations Research Reports Submissions to the UN Legal Actions About Us Staff Trustees Financial Opportunities Contact Donate You are here Home Submission To Science and Technology Committee Call For Evidence on the Draft Investigatory Powers Bill 2 December 2015 Related Privacy 101s Communications surveillance Data Protection Mass Surveillance Related Tech Explainers Internet Monitoring Analysis Equipment Intrusion Location Monitoring Monitoring Centre Phone Monitoring Video surveillance Press Release Files

    Original URL path: https://privacyinternational.org/node/684 (2016-04-27)
    Open archived version from archive

  • Court documents reveal oversight body struggling to control GCHQ domestic hacking | Privacy International
    practice in response to our legal challenge Previously secret documents and witness statements produced by GCHQ now reveal and confirm GCHQ confirmed that the Secretary of State does not individually sign off on most hacking operations abroad but only when additional sensitivity or political risk are involved Witness Statement of Ciaran Martin paras 65 72C Overseas hacking does not require authorisations to name or describe a particular piece of equipment or an individual user of the equipment Witness Statement of Ciaran Martin para 56 The Commissioner only formally reviewed the individual targets of GCHQ hacks overseas in April 2015 Witness Statement of Ciaran Martin para 71I The Intelligence and Security Committee Report in March 2015 called MI5 s and SIS s failure to keep accurate records of their overseas hacking activities unacceptable ISC report p 66 as it makes effective oversight impossible Witness Statement of Ciaran Martin 71L Today s revelations highlight how important strict authorisation and oversight regimes are The draft Investigatory Powers Bill introduced to Parliament by the Home Office on 4 November 2015 attempts to codify the lax authorisation processes that gave rise to the problems we see in the documents released today In particular the provision permitting Bulk Equipment Interference gives an almost unfettered power to the intelligence services to decide who and when to hack Caroline Wilson Palow General Counsel at Privacy International said Eighteen months after we first brought this challenge GCHQ have come to court today to defend their asserted power to hack computers in the UK without individual warrants The light touch authorisation and oversight regime that GCHQ has been enjoying should never have been permitted Perhaps it wouldn t have been if Parliament had been notified in the first place that GCHQ was hacking We hope the tribunal will stand up

    Original URL path: https://privacyinternational.org/node/681 (2016-04-27)
    Open archived version from archive

  • Will They Hack Us? Will They Betray Us? | Privacy International
    the contents of our communications and documents for a variety of reasons including to serve us advertisements Google does this Even Apple which has claimed to implement end to end encryption for iMessage and Keychain has not done so for our documents stored on iCloud And companies connected with the UK may be about to be deprived of having the choice to deploy end to end encryption The UK Government has now proposed legislation to give itself the power to compel service providers to maintain a backdoor giving the Government access customer communications As Clauses 189 and 190 of the recently introduced draft Investigatory Powers Bill demonstrate this power and it is extremely broad It is important to note how this power could be used In the first instance an operator is served with a notice to maintain the technical capability to intercept encrypted communications The operator must then take all reasonable steps to ensure this capability is achieved and maintained This is to allow the operator to later implement interception warrants under Clause 29 and 31 However Clause 31 6 makes it irrelevant whether or not the operator actually maintains the interception capability and the failure to comply is on the basis of what the operator should reasonably have done under Clause 189 Open Source to Protect Rights These changes should be detected in software and services that are freely available and open source where independent verification of the security can be performed However many open source projects fall under UK jurisdiction and the powers sought by the UK Government would apply to any person who can facilitate the interception or as shown below hacking This would include the likes of Ubuntu and Firefox which have offices in the UK We have also seen how the US National Security Agency uses its influence and financial might to infiltrate open source projects and security mechanisms for its own ends This demonstates that we not only need to be vigilant of these public resources but that Equipment Interference aka Government Hacking comes into play to circumvent measures we employ to protect ourselves Hacking Users What if a user downloads an open source application that provides end to end encryption The UK Government is touting another potential circumvention of this security measure hacking The UK Government wants the power to hack an extremely broad set of devices under Clause 83 including devices owned by people engaged in an activity And it wants the power to compel service providers such as Apple Google Facebook and Twitter to hack their users on behalf of the intelligence services and law enforcement So now Apple may be ordered to backdoor iMessage and also serve malware to any user who installs an open source secure messaging application such as Signal for example Under Clause 99 companies can be served with a warrant requiring them to assist in the equipment interference of their users aka hacking their users by for example facilitating the installation of malware Companies and

    Original URL path: https://privacyinternational.org/node/679 (2016-04-27)
    Open archived version from archive



  •