Posts Tagged ‘mass snooping’

US police seem to think so and are trying to demand that Amazon hands over the recordings

Amazon Echo, Black Police in the US believe an Amazon Echo overheard the murder of a man found dead in a hot tub. They want a copy of any audio recorded by the Echo personal assistant, conveniently stored in Amazon’s cloud.The cops think the Alexa-powered Echo, which was found in the kitchen, may have recorded what went on that night, even though you supposedly need to say a wake up word to activate Alexa.

Presumably worried about sales, Amazon is refusing to hand over said recordings, and has gone to court to fight their corner.

Amazon refused to fully comply with the search warrant, and has now filed a motion to the Circuit Court of Benton County, Arkansas, to quash the order. The tech giant says any conversation a customer has with their Echo is covered by the First Amendment. Amazon argued:

Given the important First Amendment and privacy implications at stake, the warrant should be quashed unless the Court finds that the State has met its heightened burden for compelled production of such materials.

Leaving aside the legal arguments, Amazon is keen to ensure that the police can’t use its devices as perpetual bugs in the homes of their owners. If legal precedent is established for that, sales will go off the side of a cliff.

Read more eu.htm at MelonFarmers.co.uk

The European Court of Justice has passed judgement on several linked cases in Europe requiring that ISP retain extensive records of all phone and internet communications. This includes a challenge by Labour’s Tom Watson. The court wrote in a press release:

european court of justice logoThe Members States may not impose a general obligation to retain data on providers of electronic communications services

EU law precludes a general and indiscriminate retention of traffic data and location data, but it is open to Members States to make provision, as a preventive measure, for targeted retention of that data solely for the purpose of fighting serious crime, provided that such retention is, with respect to the categories of data to be retained, the means of communication affected, the persons concerned and the chosen duration of retention, limited to what is strictly necessary. Access of the national authorities to the retained data must be subject to conditions, including prior review by an independent authority and the data being retained within the EU.

In today’s judgment, the Court’s answer is that EU law precludes national legislation that prescribes general and indiscriminate retention of data.

The Court confirms first that the national measures at issue fall within the scope of the directive. The protection of the confidentiality of electronic communications and related traffic data guaranteed by the directive, applies to the measures taken by all persons other than users, whether by private persons or bodies, or by State bodies.

Next, the Court finds that while that directive enables Member States to restrict the scope of the obligation to ensure the confidentiality of communications and related traffic data, it cannot justify the exception to that obligation, and in particular to the prohibition on storage of data laid down by that directive, becoming the rule.

Further, the Court states that, in accordance with its settled case-law, the protection of the fundamental right to respect for private life requires that derogations from the protection of personal data should apply only in so far as is strictly necessary. The Court applies that case-law to the rules governing the retention of data and those governing access to the retained data.

The Court states that, with respect to retention, the retained data, taken as a whole, is liable to allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained.

The interference by national legislation that provides for the retention of traffic data and location data with that right must therefore be considered to be particularly serious. The fact that the data is retained without the users of electronic communications services being informed of the fact is likely to cause the persons concerned to feel that their private lives are the subject of constant surveillance. Consequently, only the objective of fighting serious crime is capable of justifying such interference.

The Court states that legislation prescribing a general and indiscriminate retention of data does not require there to be any relationship between the data which must be retained and a threat to public security and is not restricted to, inter alia, providing for retention of data pertaining to a particular time period and/or geographical area and/or a group of persons likely to be involved in a serious crime. Such national legislation therefore exceeds the limits of what is strictly necessary and cannot be considered to be justified within a democratic society, as required by the directive, read in the light of the Charter.

The Court makes clear however that the directive does not preclude national legislation from imposing a targeted retention of data for the purpose of fighting serious crime, provided that such retention of data is, with respect to the categories of data to be retained, the means of communication affected, the persons concerned and the retention period adopted, limited to what is strictly necessary. The Court states that any national legislation to that effect must be clear and precise and must provide for sufficient guarantees of the protection of data against risks of misuse. The legislation must indicate in what circumstances and under which conditions a data retention measure may, as a preventive measure, be adopted, thereby ensuring that the scope of that measure is, in practice, actually limited to what is strictly necessary. In particular, such legislation must be based on objective evidence which makes it possible to identify the persons whose data is likely to reveal a link with serious criminal offences, to contribute to fighting serious crime or to preventing a serious risk to public security.

As regards the access of the competent national authorities to the retained data, the Court confirms that the national legislation concerned cannot be limited to requiring that access should be for one of the objectives referred to in the directive, even if that objective is to fight serious crime, but must also lay down the substantive and procedural conditions governing the access of the competent national authorities to the retained data. That legislation must be based on objective criteria in order to define the circumstances and conditions under which the competent national authorities are to be granted access to the data. Access can, as a general rule, be granted, in relation to the objective of fighting crime, only to the data of individuals suspected of planning, committing or having committed a serious crime or of being implicated in one way or another in such a crime. However, in particular situations, where for example vital national security, defence or public security interests are threatened by terrorist activities, access to the data of other persons might also be granted where there is objective evidence from which it can be inferred that that data might, in a specific case, make an effective contribution to combating such activities.

Further, the Court considers that it is essential that access to retained data should, except in cases of urgency, be subject to prior review carried out by either a court or an independent body. In addition, the competent national authorities to whom access to retained data has been granted must notify the persons concerned of that fact.

Given the quantity of retained data, the sensitivity of that data and the risk of unlawful access to it, the national legislation must make provision for that data to be retained within the EU and for the irreversible destruction of the data at the end of the retention period.

The view of the authorities

david andersonDavid Anderson, the Independent Reviewer of Terrorism Legislation gives a lucid response outlining the government’s case for mass surveillance. However the official justification is easily summarised as it clearly assists in the detection of serious crime. He simply does not mention that the government having justified grabbing the data on grounds of serious crime detection, will share it willy nilly with all sorts of government departments for their own convenience, way beyond the reasons set out in the official justification.

And when the authorities talk about their fight against ‘serious’ crime, recent governments have been updating legislation to redefine practically all crimes as ‘serious’ crimes. Eg possessing a single spliff may in practice be a trivial crime, but the law on possession has a high maximum sentence that qualifies it as a ‘serious’ crime. It does not become trivial until it goes to court and the a trivia punishment has been handed down. So using mass snooping data would be easily justified to track down trivial drug users.

See  article from terrorismlegislationreviewer.independent.gov.uk

The Open Rights Group comments

See  article from openrightsgroup.org

open rights group 2016 logoThe judgment relates to a case brought by Deputy Leader of the Labour Party, Tom Watson MP, over intrusive data retention powers. The ruling says that:

  • – Blanket data retention is not permissible
  • – Access to data must be authorised by an independent body
  • – Only data belonging to people who are suspected of serious crimes can be accessed
  • – Individuals need to be notified if their data is accessed.

At present, none of these conditions are met by UK law.

Open Rights Group intervened in the case together with Privacy International, arguing that the Data Retention and Investigatory Powers Act (DRIPA), rushed through parliament in 2014, was incompatible with EU law. While the Judgment will no longer affect DRIPA, which expires at the end of 2016, it has major implications for the Investigatory Powers Act.

Executive Director Jim Killock said:

The CJEU has sent a clear message to the UK Government: blanket surveillance of our communications is intrusive and unacceptable in a democracy.

The Government knew this judgment was coming but Theresa May was determined to push through her snoopers’ charter regardless. The Government must act quickly to re-write the IPA or be prepared to go to court again.

Data retention powers in the Investigatory Powers Act will come into effect on 30 Dec 2016. These mean that ISPs and mobile phone providers can be obliged to keep data about our communications, including a record of the websites we visit and the apps we use. This data can be accessed by the police but also a wide range of organisations like the Food Standards Agency, the Health and Safety Executive and the Department of Health.

Read more UK Government Watch at MelonFarmers.co.uk

mi5 security service logo Andrew Parker, the Head of MI5, has called for more up-to-date surveillance laws in an interview with the BBC, where he also stated that communications companies have an ethical responsibility to alert the authorities to potential threats . Parker said:

MI5 and others need to be able to navigate the internet to find terrorist communication, we need to be able to use data sets to be able to join the dots to be able to find and stop the terrorists who mean us harm before they are able to bring plots to fruition.

We have been pretty successful at that in recent years but it is becoming more difficult to do it as technology changes faster and faster [and] encryption comes in.

The government is currently planning renewed attempts to pass the Communications Data Bill, also known as the Snoopers’ Charter . They are expected to bring forward a new version of the Bill in October.

Commentator and encryption expert Bruce Schneier commented:

For most of human history, surveillance has been expensive. Over the last couple of decades, it has become incredibly cheap and almost ubiquitous. That a few bits and pieces are becoming expensive again isn’t a cause for alarm.

The government has also been briefing the communication industry about the extended snooping plan.

Theresa May has already met with companies including BT, TalkTalk, EE, Vodaphone, and Virgin Media to discuss plans to bring forward a new draft of the Communications Data Bill in October. Non-ISP networks and civil liberties groups have reportedly been summoned to separate meetings.

Read more UK Parliament Watch at MelonFarmers.co.uk

tor logo UK MPs have been advised that internet encryption services can be used in the public interest, as well as for criminal purposes. Furthermore a repressive ban on online anonymity networks such as Tor would be technologically infeasible and unwise.The advice for MPs contradicted the Prime Minister David Cameron, who has said law enforcement should be handed the keys to encrypted communications.

One expert said the document showed Cameron’s plans to be noble , but ultimately unworkable.

The Parliamentary Office of Science and Technology (Post), which issues advice to MPs, said that there was:

Widespread agreement that banning online anonymity systems altogether is not seen as an acceptable policy option in the UK. Even if it were, there would be technical challenges.

The report, published on Monday 9 March, cited the example of the Chinese government, which attempted to block access to Tor in order to enforce bans on unauthorised websites. In reaction, it said, the body that maintains the network, simply added bridges that were very difficult to block , allowing people to continue accessing Tor.

Read more UK Government Watch at MelonFarmers.co.uk

David Cameron In the aftermath of the terrorist attacks in Paris, EU ministers have issued a joint statement calling for ISPs to help to report and remove extremist material online.

The statement was signed by interior ministers from 11 European countries, including the UK’s Theresa May, on 11 January, with French ministers and security representatives from the US, Canada and EU in attendance. It called for tighter internet surveillance and border controls.

But of course David Cameron wants to go further. According to the Independant, Cameron could block WhatsApp and Snapchat if he wins the next election, as part of his plans for extreme surveillance powers announced in the wake of the shootings in Paris. He said that he would stop the use of methods of communication that cannot be read by the security services even if they have a warrant.

But that could include popular chat and social apps that encrypt their data, such as WhatsApp. Apple’s iMessage and FaceTime also encrypt their data, and could fall under the ban along with other encrypted chat apps like Telegram.

The comments came as part of David Cameron’s pledge to revive the snoopers’ charter to help security services spy on internet communications. He said: In our country, do we want to allow a means of communication between people which […] we cannot read? But companies such as WhatsApp have remained committed to keeping their services encrypted and unable to be read by authorities.

Politics does make for strange bedfellows. Cameron’s announcement comes just days after the Iranian government decided it was taking a similar step and banned WhatsApp, along with comms software Tango and LINE.

See also Why MI5 does not need more surveillance powers after the Paris attacks  from  theguardian.com by Henry Porter.