Tag: Privacy

Categories
Links Writing

Lawful Access is Dead, Long Live Lawful Intercept!

So, the takeaway from this post is that Industry Canada’s proposed modifications significantly expand the volume and types of communications that ISPs must be able to intercept and preserve. Further, the Department is considering expanding interception requirements across all wireless spectrum holders; it needn’t just affect the LTE spectrum. We also know that Public Safety is modifying how ISPs have to preserve information related to geolocational, communications content, or transmission data. Together, these Departments’ actions are expanding government surveillance capacities in the absence of the lawful access legislation.

Industry Canada’s and Public Safety’s changes to how communications are intercepted should be put on hold until the government can convince Canadians about the need for these powers, and pass legislation authorizing the expansion of government surveillance. Decisions that are made surrounding interception capabilities are not easily reversed because once the technology is in place it is challenging to remove; as such, the government’s proposed modifications to intercept capabilities should be democratically legitimated before they are instantiated in practice.

Categories
Links Writing

EU citizen warned not to use US cloud services over spying fears

shonelikethesun:

What the title says, basically. I had missed this.

The warning should be heard by non-EU citizen too, with the Cloud, privacy is fucking dead. And what’s sadder is that 90% of people simply don’t care.
Unless it makes more probable for your significant other to see your transsexual porn browser history…

The EU Report is well worth a full read (available here in .pdf). Things to keep in mind that aren’t all that being well discussed:

  • you know about this report – media is covering it – because of the tireless efforts of Caspar Bowden, one of the authors and a noted global privacy advocate. It was out for months before it hit the media.
  • everyone is focused on US intelligence (good) but missing the significance of the FISAAA amendments: it’s not just that you can be spied on. It’s that the spying does not have to happen for national security reasons. No, it’s sufficient to conduct surveillance for political (read: espionage) reasons.
  • a huge aspect of the report – which isn’t touched on, even in the European media that much – is its call for the European Parliament to given EUROPOL and ENISA a direct mandate.

The second point is particularly important for non-Europeans. While it’s a lesser spoken about part of the intelligence world, spooks are routinely engaged in industrial espionage on the grounds that such acts assist the nation-state’s finances. This can include the theft of foreign corporations’ information, or (in extreme cases) the deletion of the same information. It seems that FISAAA’s amendments would only permit the former, and not the latter. However, as a result of these amendments corporations should be more wary of outsourcing their document storage to US-based cloud services, content creation to US hosts and online services, or communications systems to (you guessed it!) American firms. Placing such data in the hands of the Americans is rife with potential economic harms and, no matter how much you like Dropbox, Google, or other cloud provider, they’re all likely to turn on you if the NSA comes knocking.

Source: EU citizen warned not to use US cloud services over spying fears

Categories
Quotations

2013.2.4

Privacy is not simply an individual right or civil liberty; it is a vital component of the social contract between Canadians and their government. Without privacy, without protective boundaries between government and citizens, trust begins to erode. Good governance requires mutual trust between state and citizen. Otherwise, alienation and a sense of inequality begin to spread, circumstances under which no program for public scrutiny can be tenable or effective in the long term. Where citizen trust hits a low point, in fact, such security measures may be undermined, ignored, circumvented – or in the most egregious cases – passively or actively resisted.

Office of the Privacy Commissioner of Canada, “A Matter of Trust: Integrating Privacy and Public Safety in the 21st Century
Categories
Links Writing

A Poignant Comment on Deleting Email

For the past two months I’ve been trying to figure out what to say about something Peter Fleischer, Google’s Global Privacy Counsel, wrote about his personal email retention and deletion policies. After talking about whether people should worry about “covering their tracks” from government snooping, he writes (emphasis added):

In the meantime, as users, we all have to decide if we want to keep thousands of old emails in our inboxes in the cloud.  It’s free and convenient to keep them.  Statistics published by some companies seem to confirm that the risks of governments seeking access to our data are extremely remote for “normal people”.  But the laws, like ECPA, that are meant to protect the privacy of our old emails are obsolete and full of holes.  The choice is yours:  keep or delete.  I’m a pragmatist, and I’m not paranoid, but personally, I’ve gotten in the habit of deleting almost all my daily emails, except for those that I’d want to keep for the future.  Like the rule at my tennis club:  sweep the clay after you play.

His comments struck me as being incredibly poignant when I first read them, and remain so today. I’ve stopped archiving email. I delete email (as best I can, given cloud data retention policies and all…) on a regular basis. Over the Christmas break I removed an aggregate of about 6 GB of mail that had just…accrued…in my various accounts over the past decade. In short, his post motivated me enough to spend the better part of 3 or 4 days sifting and sorting through my digital life. Ultimately I removed an awful lot of what was there.

At some point I hope to spend more time writing about, and thinking through, some of Peter’s points. At the moment, however, I’d just recommend you think about what it means when Google’s Global Privacy Counsel – the guy who is best able to go to the mat to protect the privacy of his own inbox – chooses to routinely delete his email from the cloud. If he takes that precaution, and he has the influence that he does, shouldn’t you at least consider following his lead?

Categories
Quotations

2013.1.24

Social utopians like Haque, Tapscott and Jarvis are, of course, wrong. The age of networked intelligence isn’t very intelligent. The tragic truth is that getting naked, being yourself in the full public gaze of today’s digital network, doesn’t always result in the breaking down of ancient taboos. There is little evidence that networks like Facebook, Skype and Twitter are making us any more forgiving or tolerant. Indeed, if anything, these viral tools of mass exposure seem to be making society not only more prurient and voyeuristic, but also fuelling a mob culture of intolerance, schadenfreude and revengefulness.

Andrew Keen, #digitalvertigo: how today’s online social revolution is dividing, diminishing, and disorienting us
Categories
Aside

BBC News Permissions

You’d think that in the post UK phone scandals, newspapers wouldn’t want access to your phone calls with their apps

Categories
Quotations

2013.1.15

Placing sensitive data in insecure locations is never a good idea, and the loss of physical security has long been considered tantamount to a breach. Yet some early elements of the IoT incorporate this very flaw into their designs. It’s often an attempt to compensate for a lack of technological maturity where always-on network connectivity is unavailable or too expensive, or the central infrastructure does not scale to accommodate the vast number of input devices.

As the IoT crawls through its early stages, we can expect to see more such compromises; developers have to accommodate technical constraints — by either limiting functionality or compromising security. In a highly competitive tech marketplace, I think we all know which of these will be the first casualty.

And it’s not just security: it’s privacy, too. As the objects within the IoT collect seemingly inconsequential fragments of data to fulfill their service, think about what happens when that information is collated, correlated, and reviewed.

Andrew Rose, “The Internet of Things Has Arrived — And So Have Massive Security Issues
Categories
Quotations

2013.1.12

I don’t believe the public would intend for the government to be rummaging through your cupboards while your wife is lying in the next room being prepared to be taken to her final resting place. That’s an extraordinary violation of privacy.

Andrew Fackrell, in Dennis Romboy’s “Police drug search intrudes on husband’s final moments with deceased wife
Categories
Quotations

2013.1.11

But an attempt by Canadian ISPs to garner an all-access pass that would let them secretly install software to monitor potentially illicit user activity was thwarted, at least in part.

According to the note accompanying the draft regulations, industry representatives “had argued for exemptions from the requirement for consent to install software to prevent unauthorized or fraudulent use of a service or system, or to update or upgrade systems on their networks.”

Under the revised rules, service providers would only be permitted to install software “where illegal activities pose a threat to [their] networks.”

Kady O’Malley, “Ottawa’s anti-spam proposals prohibit secret monitoring software
Categories
Links

Advice on Browsing the Web Safely

Global Voices has a series of good suggestions on how to browse the web safely. Many users may not need to take the more extreme precautions – such as browsing from a USB-drive mounted operating system – but other pieces of information are helpful. Well worth the (quick) read.