Archive for the ‘Internet Snooping’ Category

Read more gcnews.htm at MelonFarmers.co.uk

Old BaileyHigh Court judges have given the UK government six months to revise parts of its Investigatory Powers Act. The government has been given a deadline of 1 November this year to make the changes to its Snooper’s Charter.Rules governing the British surveillance system must be changed quickly because they are incompatible with European laws, said the judges.

The court decision came out of legal action by human rights group Liberty. It started its legal challenge to the Act saying clauses that allow personal data to be gathered and scrutinised violated citizens’ basic rights to privacy.

The court did not agree that the Investigatory Powers Act called for a general and indiscriminate retention of data on individuals, as Liberty claimed. However in late 2017, government ministers accepted that its Act did not align with European law which only allows data to be gathered and accessed for the purposes of tackling serious crime. By contrast, the UK law would see the data gathered and held for more mundane purposes and without significant oversight.

One proposed change to tackle the problems was to create an Office for Communications Data Authorisations that would oversee requests to data from police and other organisations.

The government said it planned to revise the law by April 2019 but Friday’s ruling means it now has only six months to complete the task.

Martha Spurrier, director of Liberty, said the powers to grab data in the Act put sensitive information at huge risk.

Javier Ruiz, policy director at the Open Rights Group which campaigns on digital issues, said:

We are disappointed the court decided to narrowly focus on access to records but did not challenge the general and indiscriminate retention of communications data.

Advertisements
Read more aw_privacy.htm at MelonFarmers.co.uk

Facebook logoFor years, privacy advocates have been shouting about Facebook, and for years the population as a whole didn’t care. Whatever the reason, the ongoing Cambridge Analytica saga seems to have temporarily burst this sense of complacency, and people are suddenly giving the company a lot more scrutiny.When you delete Facebook, the company provides you with a compressed file with everything it has on you. As well as every photo you’ve ever uploaded and details of any advert you’ve ever interacted with, some users are panicking that Facebook seems to have been tracking all of their calls and texts. Details of who you’ve called, when and for how long appear in an easily accessible list — even if you don’t use Facebook-owned WhatsApp or Messenger for texts or calls.

Although it has been put around that Facebook have been logging calls without your permission, but this is not quite the case. In fact Facebook do actually follow Facebook settings and permissions, and do not track your calls if you don’t give permission.  So the issue is people not realising quite how wide permissions are granted when you have ticked permission boxes.

Facebook seemed to confirm this in a statement in response:

You may have seen some recent reports that Facebook has been logging people’s call and SMS (text) history without their permission. This is not the case. Call and text history logging is part of an opt-in feature for people using Messenger or Facebook Lite on Android. People have to expressly agree to use this feature. If, at any time, they no longer wish to use this feature they can turn it off.

So there you have it, if you use Messenger of Facebook Lite on Android you have indeed given the company permission to snoop on ALL your calls, not just those made through Facebook apps,

Read more gcnews.htm at MelonFarmers.co.uk

Home Offie logoSenior police officers are to lose the power to self-authorise access to personal phone and web browsing records under a series of late changes to the snooper’s charter law proposed by ministers in an attempt to comply with a European court ruling on Britain’s mass surveillance powers.A Home Office consultation paper published on Thursday also makes clear that the 250,000 requests each year for access to personal communications data by the police and other public bodies will in future excluded for investigations into minor crimes that carry a prison sentence of less than six months.

But the government says the 2016 European court of justice (ECJ) ruling in a case brought by Labour’s deputy leader, Tom Watson , initially with David Davis, now the Brexit secretary, does not apply to the retention or acquisition of personal phone, email, web history or other communications data by national security organisations such as GCHQ, MI6 or MI5, claiming that national security is outside the scope of EU law.

The Open Rights Group has been campaigning hard on issues of liberty and privacy and writes:

See  article from openrightsgroup.org

open rights group 2016 logo This is major victory for ORG, although one with dangers. The government has conceded that independent authorisation is necessary for communications data requests, but refused to budge on retained data and is pushing ahead with the Request Filter, to enable rapid interrogation and analysis of the stored communications data.

Adding independent authorisation for communications data requests will make the police more effective, as corruption and abuse will be harder. It will improve operational effectiveness, even if less data is used during investigations and trust in the police should improve.

Nevertheless the government has disregarded many key elements of the judgment

  • It isn’t going to reduce the amount of data retained

  • It won’t notify people whose data is used during investigations

  • It won’t keep data within the EU, instead it will continue to transfer it, presumably specifically to the USA

  • The Home Office has opted for a six month sentence definition of serious crime rather than the Lords’ definition of crimes capable of sentences of at least one year.

These are clear evasions and abrogations of the judgment. The mission of the Home Office is to uphold the rule of law. By failing to do what the courts tell them, the Home Office is undermining the very essence of the rule of law.

If the Home Office won’t do what the highest courts tell it to do, why should anybody else? By picking and choosing the laws they are willing to care about, they are playing with fire.

There was one final surprise. The Code of Practice covers the operation of the Request Filter . Yet again we are told that this police search engine is a privacy safeguard. We will now run through the code in fine detail to see if any such safeguards are there. On a first glance, there are not.

If the Home Office genuinely believe the Request Filter is a benign tool, they must rewrite this section to make abundantly clear that it is not a mini version of X-Keyscore (the NSA / GCHQ’S tool to trawl their databases of people linked to their email and web visits) and does not operate as a facility to link and search the vast quantities of retained and collected communications data.

Read more awwb.htm at MelonFarmers.co.uk

princeton logoA study by Princeton researchers came to light earlier this month, revealing that over 400 of the world’s most popular websites use the equivalent of hacking tools to spy on you without your knowledge or consent.

Using session replay scripts from third-party companies, websites are recording your every act, from mouse moves to clicks, to keylogging what you type, and extracting your personal info off the page. If you accidentally paste something into a text field from your clipboard, like an address or password you didn’t want to type out, the scripts can record, transmit, and store that, too.

What these sites are doing with this information, and how much they anonymize or secure it, is a crapshoot.

Among top retail offenders recording your every move and mistake are Costco, Gap.com, Crate and Barrel, Old Navy, Toys R Us, Fandango, Adidas, Boots, Neiman Marcus, Nintendo, Nest, the Disney Store, and Petco.

Tech and security websites spying on users include HP.com, Norton, Lenovo, Intel Autodesk, Windows, Kaspersky, Redhat.com, ESET.com, WP Engine, Logitech, Crunchbase, HPE.com (Hewlett Packard Enterprise), Akamai, Symantec, Comodo.com, and MongoDB.

Other sites you might recognize that are also using active session recording are RT.com, Xfinity, T-Mobile, Comcast, Sputnik News, iStockphoto, IHG (InterContinental Hotels), British Airways, NatWest, Western Union, FlyFrontier.com, Spreadshirt, Deseret News, Bose, and Chevrolet.com

Read more awwb.htm at MelonFarmers.co.uk

gchq logoA challenge to GCHQ’s use of non-specific warrants to authorise the bulk hacking of smartphones, computers and networks in the UK is starting at the court of appeal.The case, brought by the campaign group Privacy International (PI), is the latest twist in a protracted battle about both the legality of mass snooping and the primacy of civil courts over an intelligence tribunal that operates partly in secret.

The original claim dates back to 2014 and was brought at the investigatory powers tribunal (IPT) following revelations by the American whistleblower Edward Snowden. The IPT hears complaints about government surveillance and the intelligence services. Some of its hearings are held behind closed doors.

PI, along with seven internet service providers, argued that computer network exploitation (CNE) carried out by GCHQ , the government monitoring station in Cheltenham, breaches human rights.

Read more inap.htm at MelonFarmers.co.uk

jing wangResidents of Xinjiang, an ethnic minority region of western China, are being forced to install spyware on their mobile phones.On July 10, mobile phone users in the Tianshan District of Urumqi City received a mobile phone notification from the district government instructing them to install a surveillance application called Jingwang (or Web Cleansing). The message said the app was intended to prevent [them] from accessing terrorist information.

But authorities may be using the app for more than just counter-terrorism. According to an exclusive report from Radio Free Asia, 10 Kazakh women from Ili Kazakh Autonomous Prefecture were arrested for messages sent to a private WeChat group chat soon after they installed the app.

The notification from police said the application would locate and track the sources and distribution paths of terrorists, along with illegal religious activity and harmful information, including videos, images, ebooks and documents.

Jingwang’s website describes the application as follows:

Jingwang is a protection service with an adult and child categorization system introduced by Jiangsu Telecom. The main function is to block pornographic websites, online scams, trojan horses, and phishing sites; to alert users of how much time they spend online; and to enable remote control of one’s home network. The tool is intended to help kids develop a healthy lifestyle by building a safe web filter for the minors.

Of course, any tool with these capabilities could be used in multiple ways. For example, the app’s remote control feature could enable state actors or even hackers to manipulate or steal from a person’s home network.

The move is consistent with other measures of control over digital activities in the region. While stories of digital censorship in China often focus on the experiences of users in major cities in the east and south, the reality is often more bleak for those living in remote, embattled ethnic minority regions such as Xinjiang and Tibet. Seeking to contain unrest and discontent in conflict areas, authorities often impose extreme censorship and surveillance measures and routine Internet shutdowns .

Authorities from Xinjiang are checking to make sure that people are using the official Jingwang application. A mobile notification demanded people install the app within 10 days. If they are caught at a checkpoint and their devices do not have the software, they could be detained for 10 days. This is a setback on the development of technology. They forced people to use devices designed for the elderly. It is a form of confinement by through surveillance technology. We are back to Mao’s China.

Images from mainland China also posted a product description of Jingwang which explained that the tool can negate the password requirement of a Windows operating system and access the computer hard disk with no restrictions. Once installed with Jingwang, computers and mobiles in Xinjiang, would become electronic handcuffs.

Read more uk_internet_censors.htm at MelonFarmers.co.uk

open rights group 2016 logo A Freedom of Information request to the DCMS has revealed that porn company MindGeek suggested that the BBFC should potentially block millions of porn sites if they didn’t comply with Age Verification requirements outlined in the Digital Economy Act.

MindGeek, who are also developing Age Verification technology, said that the Government’s plans to prevent children from seeing pornography would not be effective unless millions of sites could be blocked.

Notes made by the company and sent to the DCMS state:

A greylist of 4M URLs already exists from Sky, but lets assume that’s actually much smaller as these URLs will I suspect, be page- level blocks, not TLDs. The regulator should contact them all within that 12 months, explaining that if they do not demonstrate they are AV ready by the enforcement date then they will be enforced against. “On the enforcement date, all sites on the greylist turn black or white depending upon what they have demonstrated to the regulator.

Corey Price, VP of Pornhub, separately noted:

It is our corporate responsibility as part of the global tech community to promote ethical and responsible behavior. We firmly believe that parents are best placed to police their children’s online activity using the plethora of tools already available in modern operating systems. The law has the potential to send a message to parents that they no longer need to monitor their children’s online activity, so it is therefore essential that the Act is robustly enforced.

Despite the law, those seeking adult content can still circumvent age verification using simple proxy/VPN services. Consequently the intent of the legislation is to only protect children who stumble across adult content in an un-protected environment. There are over 4 million domains containing adult content, and unless sites are enforced against equally, stumbling across adult content will be no harder than at present. If the regulator pursues a proportionate approach we may only see the Top 50 sites being effected 203 this is wholly unacceptable as the law will then be completely ineffective, and simply discriminate against compliant sites. We are therefore informing, and closely monitoring the development of the regulations, to be published later this year, to see if they achieve the intended goals of the Act.

MindGeek could stand to gain commercially if competitor websites are blocked from UK visitors, or if the industry takes up their Age Verification product.

Executive Director of Open Rights Group, Jim Killock said:

There is nothing in the Act to stop the BBFC from blocking 4.6 million pornographic websites. The only constraint is cash.

This leaves the BBFC wide open to pressure for mass website blocking without any need for a change in the law.

When giving evidence to the Public Bill Committee , the chief executive of the British Board of Film Classification, David Austin implied that only tens of sites would be targeted:

We would start with the top 50 and work our way through those, but we would not stop there. We would look to get new data every quarter, for example. As you say, sites will come in and out of popularity. We will keep up to date and focus on those most popular sites for children.