CyberLaw Blog

Archive for the ‘surveillance’ Category

BBC News – EU to assess piracy detection software

A human rights watchdog has asked the European Commission to assess the legality of software being used to analyse file-sharing in the UK.

The software in question is called CView and will be used by ISP Virgin Media to identify legal versus illegal traffic on its network.

The EC has said it will monitor the use of the software, following a complaint from Privacy International.

Virgin Media countered that the software posed no risk to privacy.

Privacy International has concerns about the software, designed by monitoring firm Detica.

It utilises so-called deep packet inspection, which means that it can identify actual file-names, making it possible to accurately find out what content is legal and what is not.

According to Alexander Hanff, head of ethical networks at Privacy International, use of such software is in breach of current UK law.

‘Under the Regulation of Investigatory Powers Act (Ripa) intercepting communications is a criminal offence regardless of what you do with the data,’ he said.

Mr Hanff said he would file a criminal complaint if Virgin Media deployed CView.

He said the software is similar to that used by ad firm Phorm, which developed technology to monitor individual’s web use in order to better target adverts.

Trials of the technology in the UK have been put on hold while the EC investigates how it was tested.

Legal service

The UK government is in the process of creating legislation that could see illegal file-sharers identified and, potentially, thrown off the network.

But this software will not do that job, said a spokesman for Virgin Media.

‘It was never designed to capture identities. This isn’t an answer for that,’ said Asam Ahmad.

Instead the software will be used to identify how much traffic on its network is illegal.

‘We want to understand what we can do to reduce illegal file-sharing. This will tell us things such as the name of the top ten tracks being shared as well as the percentage of legal versus illegal,’ said Mr Ahmad.

Virgin Media is about to launch its own music service.

‘Double-edged’

Mr Ahmad said no date had yet been set for the trial but told BBC News it will monitor traffic on three peer-to-peer networks notorious for trading illegal as well as legal software; Gnutella, eDonkey and BitTorrent.

He admitted that potentially 40% of Virgin Media’s customers could have their data scrutinised and confirmed that it has no plans to inform them beforehand.

He also conceded that it would not be technically difficult to link up deep packet inspection technology with the IP addresses which would identify individuals but stressed that was not the plan currently.

‘These mandates have not yet been set and when it comes down to identifying individuals or prosecuting them, that is a role for content providers, not us,’ he said.

Virgin Media is involved in an ongoing education campaign, which includes sending letters to those identified as downloading illegal content on its network.

Andrew Ferguson, editor of broadband news site ThinkBroadband, said the trial could be ‘double-edged’.

‘If Virgin can form a baseline for its ‘illegal’ P2P traffic, it can see how much effect any legislation has, and perhaps plan better for the letter forwarding side of things,’ he said.

But he pointed out that Virgin Media is not alone in using deep packet inspection – BT has been doing it for years, he said.

‘It is possible they may be doing exactly what Virgin are doing,’ he said.

Telephone tapping in Turkey; a measure to intimidate the judiciary?: “

The issue is tapping of telephones and other electronic communications between the citizens of Turkey. The problem reached scandal proportions with revelations that judges, prosecutors and even Turkey’s Supreme Court was being bugged.

It all began in July 2005 when the Justice and Development Party (AKP) of Prime Minister Tayyip Erdogan passed amendments to the laws governing the functioning of the police, intelligence services and the gendarmerie allowing them to tap telephone conversations without a court order. The same amendment also set up a unit called Telecommunications Directorate (TIB) that was given the task of overseeing the wire tapping both in telephone and internet connections.

“

(Via SantralHaber Haberleri.)

Home Office accused of sexing-up mobile phone rescue: “

Comms data ‘essential’? Not really

The Home Office is once again under attack for the standard of the evidence it uses to support its policies, this time over plans to harvest much more communications data.…

“

(Via The Register – Public Sector.)

More delays for UK.gov’s net snooping programme: “

Queen to keep schtum on IMP

Protests from ISPs and phone providers have further delayed government plans to massively increase monitoring of phone calls, web browsing and emails, it’s revealed today.…

“

(Via The Register – Public Sector.)

New letter reveals top army brass involvement in plot

Zaman, 05 November 2009, Thursday
BETÜL AKKAYA DEMIRBAŞ İSTANBUL

New letter reveals top army brass involvement in plot – A second letter written by an unnamed military officer has come as strong evidence of the knowledge of top army officers about a notorious plan launched by the Turkish Armed Forces (TSK) against political parties, individuals and civilian groups in society.
A second letter written by an unnamed military officer has come as strong evidence of the knowledge of top army officers about a notorious plan launched by the Turkish Armed Forces (TSK) against political parties, individuals and civilian groups in society.

The letter mentioned TSK activities aimed at monitoring a large number of Turkish and foreign language Web sites and in this way categorizing visitors to those sites on the basis of their political and religious views. The letter was e-mailed to prosecutors conducting an ongoing probe into a criminal organization known as Ergenekon and a group of newspapers and journalists on Tuesday. It came approximately two weeks after a first letter, which pointed to the authenticity of a notorious action plan aimed at undermining the ruling Justice and Development Party (AK Party) and the faith-based Gülen movement.

A second letter e-mailed to Ergenekon prosecutors by a military officer who wished to remain anonymous claimed that the armed forces established 42 separate Web sites to back its ‘black propaganda’ against civilian groups it termed ‘reactionary,’ ‘separatist’ and ‘pro-AK Party,’ but only four of those Web sites now remain .

According to the letter, the armed forces established 42 separate Web sites to back its psychological warfare against civilian groups it termed “reactionary,” “separatist,” “pro-AK Party” and “anti-TSK.” The TSK also monitored the activities of more than 400 Turkish and foreign language Web sites. In a document the officer attached to his letter, the plan against the Web sites was made at a Third Information Support Unit by colonels C. Gökçeoğlu, S. Özüer, İ. Göktaş, D. Çiçek, H. Gülbahar, O. Güçlü, Brig. Gen. M. Bakırcı and Lt. Gen. M. Eröz. The plan was coordinated by Lt. Gen. İ. H. Pekin, Vice Adm. M. Otuzbiroğlu, Brig. Gen. H. Çubuklu and Deputy Chief of General Staff Gen. Hasan Iğsız. The document bore the initials of all those army officers and bore a note next to the initials of Gen. Iğsız that read: “Submitted to Esteemed Commander.”

Partial list of TSK psychological warfare Web sites

Among the Web sites established by the TSK to conduct psychological warfare against civilian groups and individuals were:

www.irtica.org, www.naksilik.com, www.geocities.com/fethullahgercegi, www.nursi.info, www.irtica.net, www.ozgurgenc.net, www.genclik.info, www.gencizbiz.net, www.aslar.org, www.askeriz.info, www.stratejik.info, www.tskasker.com, ww.turkatak.gen.tr, www.turkuz.info and www.turkler.info, www.turkses.com, www.turkeyturks.com, www.turksturkey.com, www.turkses.net, ww.turkses.org, www.pkkgercegi.net, www.pkkapo.com, www.apopkk.com, www.pkkgercegi.com, www.pkkgercegi.org, www.armenianreality.com, www.turkishgenocide.net, www.turkishmassacre.com, www.terorveguvenlik.net, www.terorizm.info, www.terorgercegi.com, www.terorveguvenlik.com, www.terorveguvenlik.org, www.greekmurderers.net, www.members.tripod.com/camerian_volunteer, www.cameria.org, www.yunanli.com, www.pontuslu.com, www.gurbetciler.info, www.turkuzbiz.org, www.hepimizturkuz.org, www.bizturkler.org.

The armed forces also monitored the activities of such Turkish Web sites as www.2temmuz.com, www.abdullah-ocalan.com, www.akpgercegi.com, www.aktifhaber.com, www.bianet.org, www.bedelliaskerlik.org, www.bizturkmeniz.com, www.cafesiyaset.com, www.fethullahgulen.belgeleri.com, www.genel-kurmay.com, www.haber7.com, www.haberim.com, www.habervakti.com, www.kerkuk.net, www.kesireocalan.com, www.savaskarsitlari.com, www.saidnırsi.de.tr, www.sehadetvakti.com and www.vatansever.biz.

The visitors of those Web sites were categorized as pro-AK Party, reactionary, separatist and anti-TSK.
The TSK also monitored the activities of dozens of prominent foreign language Web sites, including:

www.lefigaro.fr, www.lemonde.fr, www.letemps.ch, www.liberation.fr, www.guardian.co.uk, www.globalsecurity.com, www.israelForum.com, www.armenianpress.am, www.msnbc.com/p/nw, www.latimes.com, www.telegraph.co.uk, www.time.com, www.times.co.uk and www.washingtonpost.com.

(more…)

EU – Telecoms: Commission steps up UK legal action over privacy and personal data protection:  (RAPID)
The Commission has moved to the second phase of an infringement proceeding over the UK to provide its citizens with the full protection of EU rules on privacy and personal data protection when using electronic communications. European laws state that EU countries must ensure the confidentiality of people’s electronic communications like email or internet browsing by prohibiting their unlawful interception and surveillance without the user’s consent. As these rules have not been fully put in place in the national law of the UK, the Commission will send the UK a reasoned opinion. Specifically, the Commission has identified three gaps in the existing UK rules governing the confidentiality of electronic communications: 1) There is no independent national authority to supervise interception of communications 2) The current UK law ? the Regulation of Investigatory Powers Act 2000 (RIPA) ? authorises interception of communications not only where the persons concerned have consented to interception but also when the person intercepting the communications has ‘reasonable grounds for believing’ that consent to do so has been given. These UK law provisions do not comply with EU rules defining consent as freely given, specific and informed indication of a person’s wishes 3) The RIPA provisions are limited to ‘intentional’ interception only, whereas the EU law requires Members States to prohibit and to ensure sanctions against any unlawful interception regardless of whether committed intentionally or not.

(Via QuickLinks Update.)

German rail firm pays €1.1m fine over employee snooping: “Germany’s national rail company has agreed to pay a €1.1 million for spying on its employees for more than a decade.”

(Via OUT-LAW News.)

Can invasive services survive Britain’s privacy backlash? | News | PC Pro

Barry Collins, PC Pro, Posted on 19 Oct 2009 at 11:26

Former Sun boss Scott McNealy may once have advised that we have ‘zero privacy – get over it’, but it seems the British public isn’t ready to surrender its personal information that easily.

In recent months, a series of companies that were attempting to profit from people’s personal data have become victims of Britain’s growing privacy backlash.

Behavioural advertising firm Phorm – which planned to monitor people’s internet connections in order to display tailored adverts – was effectively sidelined by two of its three British ISP partners, following an intense privacy row.

The controversial mobile phone directory, 118800.com, was also dragged offline because of ‘technical difficulties’, although not before a furore over the way the company acquired its ‘millions of mobile numbers’ had led to a hostile public reaction and a stern warning from the Information Commissioner’s Office.

And when PC Pro revealed how directory website 192.com was selling highly detailed personal profiles of people – including full names, ages, phone numbers, workplaces and even the telephone numbers of their next-door neighbours – several readers were horrified.

‘192.com is no longer a directory, it is a private detective service,’ said Jane Cooper-Smith. ‘It is completely invasive.’

So why has the public suddenly decided to stand up and fight for its privacy? Yaman Akdeniz, founder of Cyber-Rights & Cyber-Liberties UK, has been campaigning on privacy issues for more than a decade, and he believes there ‘are more privacy-conscientious people now in the UK than ever’.

He says the recent examples cited above, as well as ‘social network-related privacy concerns, issues surrounding DNA databases, the constant desire to expand powers for surveillance, and last year’s stories about lost discs with sensitive data, helped to raise awareness about privacy.’

Akdeniz’s claims are backed by data from the Information Commissioner’s Office, which saw calls to its helpline increase by more than 10% last year, to hit a record 112,767 in 2008/9.

The increased focus on privacy no doubt contributed to BT’s decision to put its relationship with Phorm on ice, while rival ISP TalkTalk decided to walk away completely. Despite high-profile critics such as Sir Tim Berners-Lee describing its deep-packet inspection technology as like a ‘video camera in your room’, Phorm claimed ‘privacy was not a factor in BT’s decision making’.

Yet, just a month earlier, Phorm CEO Kent Ertugrul told journalists at a press conference that ‘it would be wrong to say the ISPs aren’t concerned about the bad publicity’ his company attracted over its privacy record.

And let’s not forget this is the same company behind the deplorably punned www.stopphoulplay.com: “the website that hits back at the privacy pirates’ smear campaign against Phorm”.

Alexander Hanff, now of Privacy International and the man described as “the angry activist” on StopPhoulPlay, says there’s been a “shift in the public attitude” to personal privacy. “It’s always been a struggle to fight for privacy in the UK because, as a nation, we had the attitude that if you’ve done nothing wrong, you’ve got nothing to hide,” he told PC Pro. “People [now] find it a little bit more concerning.”

He says companies such as Phorm and 118800.com that suddenly appear out of the blue with potentially invasive services face a much rougher ride than well-established brands such as Google and Microsoft. “If you get an unknown company coming into the fray, it’s going to find it more difficult [to succeed],” he said.

What about ICO?

So what of the Information Commissioner? Is Britain’s personal information watchdog ready to reflect the public mood and take a more aggressive stance on infringements of privacy? Outgoing Information Commissioner Richard Thomas called for his office to be given far greater powers before leaving office this year.

The ICO was also unusually outspoken about 118800’s harvesting of mobile numbers, telling The Guardian that: “we made it absolutely clear to Connectivity [118800’s owners] that it should not use numbers where there is any doubt about whether the consumer is happy for their information to be used.”

And what of 192.com? Is the ICO worried about a site selling the kind of personal details that the Government-backed Get Safe Online advises people not to put on the web? “We encourage consumers only to put personal data in the public domain that they’re happy with,” an ICO spokesman told PC Pro, pointing out that people can opt out of having their information published on the electoral roll and in phone directories.

As ever, it seems that if we want to retain our privacy, we’re going to have to lead the fight ourselves.

UK – Tories pledge to end the database state (ZDNet)
The Conservative Party has promised to reduce government databases and introduce stronger measures to protect people’s privacy, if it wins the next general election. The shadow justice secretary, Dominic Grieve, introduced a policy paper, Reversing the Rise of the Surveillance State, that outlines 11 measures to achieve these goals. Overall, the Conservatives are calling for fewer massive central government databases, stronger data-protection rules and fewer access rights – for both central and local government – to the information that is already been stored. The party also pledged to introduce a greater focus on privacy, in both the public and private sectors.

(Via QuickLinks Update.)

38% of large US companies have full-time email monitoring staff, claims research: “Nearly four in ten companies have staff whose main job is to monitor the outgoing email of colleagues, according to US data security research. More than a third of the companies surveyed hired staff to perform only that monitoring function.”

(Via OUT-LAW News.)