privacy

Photo: labanex on Flickr.

Apparently the suggested surveillance and “corporate police” laws weren’t enough for Sony.

From TheLocal.se:

“Sony Pictures in Sweden has employed methods worthy of James Bond in an attempt to protect against the pirating of Quantum of Solace.

The film company is using special night vision goggles to keep an eye on moviegoers attending showings of the latest Bond film at 149 cinemas around Sweden, reports entertainment news agency TT-Spektra.”

Oh - my - god. That’s the words that best describes my immediate reaction.

If I were to be informed that someone would be lokoing at me with night vision goggles while I was enjoying a movie I had paid good money to see, I would probably sue them. Possibly just file a complaint with the police as that easily qualifies as harrasment (or is it OK to look at Sony employees in the dark with night vision goggles?).

Sick.

More here, here, here and here.

Photo: peasap on Flickr.

Apparently the swedish interpretion of IPRED1 has got the “Go ahead” from Lagrådet (those that check that everything is compatible with other legislation etc.).

Next step is that the Government gives the law to the parliament for voting. And if they vote yes, well, then we have the harshest IPRED1 implementation cemented in law here in Sweden.

So? One might ask. Well, the biggest problem is that we are giving private, commercially motivated organizations more power than our regular police. Second, we’ll be stepping into a world of hurt as all previous implementations have made those countries hellish.

In Denmark, for example, the citizens has been harassed and there has been one suicide because of the extortion attempts by these organizations. Seems harsh but I got the facts to back it up (sorry, just Swedish and Danish, try the translator.).

Anyways, I hope that our politicians see the absurd legislative situation as it is and do not grant anyone except our police the rights needed to fight real, commercially motived, piracy.

But as usual, we’ll see what happens…

The second day of Internetdagarna (22/10-08) was spent in the Security track as well, except for the last seminar where I switched to the society track.

The first seminar was “Pålitlig e-post / Anti-spam” which translates to “Reliable e-mail / Anti-spam”. The moderator for this seminar was Jörgen Eriksson from .SE.

First speaker out was Amar Andersson from TeliaSonera and he spoke about “Spam-protection that undermine their own goals”. I can honestly say that I did not follow this good enough as I was very tired this first seminar and I kind of regret it now. However, the main problem presented by him was the lack of coordination and standards in anti-spam prevention methods. He mentioned blacklisting in general and the DUL-blacklist in particular, hostname “naming” (reverse lookups which results in a name conatining either “static” or “dynamic”) and how to make sure your e-mails got delivered in this day and age where the requirements for delivery can vary quite much from server to server (correct HELO/EHLO messages, correct reverse lookups, SPF and other DNS related issues).

Next speaker up was Bengt Carlsson from Blekinge Tekniska Högskola that just announced a new project between .SE and BTH. The project name was “säker e-post hantering bland illsinnad programvara” which translates to “Secure e-mail management amongst bad software”.

After this Rickard Bondesson from Linköpings Universitet took the stage to present his research on DKIM, DKIM-milter and DNSSEC implementations. This was a quite long and very informative presentation which stepped through his research in a comprehensive way under the following bullets; Forged e-mail, Prevention of forged e-mail, DKIM, Reliability within DNS, Implementation, Tests, Statistics, Experiences.

After this there was a small moderated panel debate on the topic of Reliable e-mail.

The next seminar was “Parasitekonomin på Internet” which (roughly) translates to “The parasitic economy on the internet”. Stefan Görling from KTH moderated and had one presentation, and the other speakers were two representatives from Lavasoft (you know, the guys behind Ad-Aware) and Martin Boldt (IT-security researcher from BTH).

Görling started out by picking at affiliate systems and the easy of exploiting these services for profit and he worked out from a site that supposedly uses this format in a legit way. He did not go into the malware point-of-view very much but he touched the subject when talking about “mis-spelled domain names default pages” which contain only affiliate links.

The guys (they were two) from Lavasoft then held their presentation which more or less detailed the different types of spyware they had included during the year, and also gave a strange remark saying the TeliaSonera was gaining money from the malware circulating on the internet (as they’re an ISP, they supposedly make profit when having their bandwidth used… hrrm…). This little remark came back to bite them in the ass when a (quite upset) TeliaSonera security employee demanded that they would take that statement back during the Q & A at the end of the session.

Following this Martin Boldt from BTH that discussed reputation systems and automatic EULA analysis. He had researched these areas and they were at this moment involved in creating web browser plugins and applications to enable users to share their thoughts and score on specific applications (binary files). See their project website at www.softwareputation.com for more information. He also noted that this project is still in Alpha stage. The ideas they’re having kind of looks like Panda Security’s Collective Intelligence, except it is user generated not automatic.

When it came to EULA analyzing they’ve taken a harder route than SpywareGuide’s EULA analyzer and they used many different bayesian and similar algorithms in order to define if an EULA is “good” or “bad” with a high level of success. Ideas for the future was to make this automatically integrated into system so that any EULA boxes could be automatically read and scored.

After this there was a Q&A session and Lavasoft’s statements was quite heavily scrutinized both by the TeliaSonera employee and Netnod’s CEO Kurt-Erik Lindqvist (I think it was him but I only heard the voice, so don’t quote me on this). It seems like Lavasoft’s statement was just illustrating and that they based their assumptions on an US ISP that had misbehaved and in some ways had profited on bad software.

Here I switched room and joined the “Infrastructure and society”-line of seminars. The one I was interested in was “Integritet och övervakning” which translates to “Integrity and surveillance”.

This seminar was moderated by Johan Hallsenius (editor for Computer Sweden) and the debate panel was only populated by pro-Integrity people as none of the invited politicians and FRA-people had turned up even though they were invited. The panel members was Oscar Swartz (debater, writer and blogger), Patrik Fältström (Cisco), Fredrik von Essen (Swedish IT and Telecom Industries) and Daniel Westman (Juridicum, Stockholms University)

The focus of the debate was of course the FRA-law but also dangerous EU-directives and other laws that affect impede personal integrity. It was an interesting debate, but as “the other side” was missing no hard questions could be discussed. I talked briefly to Oscar Swartz before the seminar and he described it as a “non-debate”, as there was only one point of view from all participants (with small diversions). He wrote a post on “Internetdagarna” on his blog in which he breifly mentions this debate.

It was also to hear what Fredrik von Essen from the Swedish IT and Telecom Industries had to say on this issue.

Unfortunately I had to leave before the Q&A session that followed, so I’m looking forward to the sound recording that are to be released here.

Some pictures from this day:

Integrity debate:


Martin Boldt (from BTH):

Photo: whurley on Flickr.

Power without oversight equals abuse!

From The NY Times - “Panel to Study Military Eavesdropping” (4-page article):

WASHINGTON — The chairman of the Senate Intelligence Committee, Senator John D. Rockefeller IV, said Thursday that the committee would investigate claims by two military eavesdroppers that they routinely listened in on private calls home from American military officers, aid workers and journalists stationed in Iraq.

Former intelligence officers were interviewed by ABC News and by James Bamford, above, who has written a book about the National Security Agency due to be published next week.

Mr. Rockefeller, Democrat of West Virginia, called the accusations “extremely disturbing.”

“Any time there is an allegation regarding abuse of the privacy and civil liberties of Americans it is a very serious matter,” he said.

More references:
ABC News - Exclusive: Inside Account of U.S. Eavesdropping on Americans
UPI.com - Spy agency accused of improper listening
Reuters.com - U.S. probes claims officials eavesdropped on calls

Apparently the US’s multi-billion surveillance system is used to wiretap personal calls, and joking around about them. Will our system be used in the same way? For sure, power without oversight equals abuse. This is worth repeating.

Found this news first on Bruce Schneier’s blog.

What do you do if you’re a corrupted EU politician and wants the Telecoms Package to pass without the additional integrity protecting amendments?

Well, just don’t add them.

A-R-G-H-H-H.

Swartz used this as an illustration. It’s right on.

The situation is now like this;

The parliament has voted on the Telecoms package. As familiar, amendment 166 was voted into the package and thus providing european citizens with protection against arbitrary disconnection from the internet and privacy.

So far all good and here’s the voting results from EU-parliament so you can read for yourselves.

Now the matter moved on to the “WORKING PARTY ON TELECOMMUNICATIONS AND INFORMATION SOCIETY” whose job is to prepare the package for either a second hearing, or if everyone are still agreeing, for the ministers for OK’ing.

HOWEVER (always seem to be a however in my posts), what they are now doing is more or less editing away the amendments that were added and making it as they (the french, primarily) want it. Yep, that’s right, they are actually editing the democratic decision by the parliament to fit the lobbying organizations needs. A leaked document shows us this progress and the evidently left out “Article 32a” which would be the one containing amendment 166’s content.

We now need to make some noise! But not just the (crazy?) swedes, everyone! If you are from another European country please send e-mails to your MEP’s and/or call them and ask them to follow-up on and verify that their democratically voted decisions stands firm! Remind them that if this can be changed, so can their own main issues and that this should not go unnoticed through a democratic system!

I’m getting seriously tired of writing about politicians and others tricking and removing citizens rights.

Can’t any of them please break the trend so I can write something nice?

Others writing (mostly in Swedish, use the translator): Oscar Swartz, Opassande, Josef, scaber_nestor, farmorgun, Frihet-Fildelning&Feminism, satmaran, Jens. O, HAX.

XKCD

Others posting this image to raise awareness of DRM-dangers (in Swedish) are Opassande, Dennis, Daniel. Probably a lot of others as well but these were the ones conveniently linked from Emma (Opassande) and I’m lazy today

And another comment in english on the suggested swedish IPRED1 implementation from paf (also posted the XKCD image).

Cheers,

Photo: rich115 on Flickr. Whole story behind image here.

Even though it doesn’t need to be… Here we go again… Not really sure I’ve got the energy for this lunacy…

First off, what’s the IPRED1 directive?

Intellectual Property Rights Enforcement Directive 1 (IPRED1) is a directive created by lobbyists and pushed through the EU by a woman married to a record company executive. The gist of the directive is to enable rightsholders to force counterfeiting middle-men to tell where they got the goods from. So in the beginning this was but this was about physical counterfeiting. Along the way it got a bit manhandled by the IP-lobbyists and record companies and finally was voted through in the form of a law that would allow private companies to demand ISPs to hand over their client data for a specific client, so that the rightsholder could sue.

However,

The EU IPRED1 directive is not forced upon any member state in the European Union as ruled by the European Court of Justice (source EFF). From the article:

In a much-anticipated decision, the European Court of Justice ruled yesterday that European Community law does not require EU Member States to impose an obligation on ISPs to divulge customer data in response to a request from a copyright holder who alleges that copyright infringement has taken place. The decision in Promusicae v. Telefonica involved a request made by a Spanish music rightsholder association (Promusicae) to Spain’s leading ISP (Telefonica) for personal data about Telefonica subscribers using particular dynamic IP addresses, which Promusicae alleged were engaged in filesharing.

The European Court of Justice was asked to interpret a mesh of overlapping EU Community laws and answer the question: does European community law require EU Member States that are implementing this suite of EU directives to impose an obligation on ISPs to divulge their customers’ personal data to rightsholders in a civil copyright lawsuit? The court ruled no, but with some qualifications. Thus, the Spanish law is valid and Telefonica will not be forced to divulge its customers’ data.

And what does the Swedish government, with the help of record company lobbyists do now?

They go ahead and suggest a Swedish implementation and law which would grant MORE power to the IP-holders, effectively creating a corporate police which can, without any real evidence, get the identity of the person owning a specific IP-adress.

The law that is now proposed actually grants these commercial interests more power than the Swedish police.

Actually, it is so over-implemented so it actually breaches the directive’s own regulations which states:

3. Paragraphs 1 and 2 shall apply without prejudice to other statutory provisions which:
(a) grant the rightholder rights to receive fuller information;
(b) govern the use in civil or criminal proceedings of the information communicated pursuant to
this Article;
(c) govern responsibility for misuse of the right of information; or
(d) afford an opportunity for refusing to provide information which would force the person
referred to in paragraph 1 to admit to his own participation or that of his close relatives in an
infringement of an intellectual property right; or
(e) govern the protection of confidentiality of information sources or the processing of personal
data.

I mean come on.. If I, an uneducated IT-nerd with a taste for bodybuilding can find, read, and understand this, then why can’t the people preparing our laws do the same?

So, the question remains;

WTF?

Yep. That’s really the question. What the f*ck?

This, if voted through in parliament, will create a situation like the one in the US where companies threaten with lawsuits that no one can afford to challenge, effectively forcing you to pay up even though you haven’t done anything wrong.

Next question is the use of IP-addresses as evidence. What value does an IP-address have in Sweden today where most ISPs ship unsecured wireless APs as the default router? Not much.

This also presents more questions, like “If downloading torrents in an internet café, is the café liable?” and “What are your rights if a neighbour uses your WLAN, willingly or without knowing it, and downloads pirated material? Are you liable?”.

And again, why does this law grant commercial interests powers that now even our police have? Where’s the logic? It’s so glaringly see-through, ordered and paid for, lobbyist crap that has been suggested as a law.

As I wrote in some of the first FRA-posts… Where will this end?

Other writing about this in Swedish (plz use Google translate): Rick Falkvinge (PP), Opassande, HAX, El Rubio.

And here’s the whole crapfest that our swedish, newly suggested, law claims to be born out of.

Warning: Extremely angry rant below.

Photo: Remixed by me, originals by MathewBlack, Maol and Shaz Pur on Flickr.

What I wrote about in the last post turned out to be true. Folkpartiet (the liberal party (yeah right), click here for english info) has chosen to wrap some silk lining around the FRA-law and OK it.

Then why the charade pretending that you really want to change the law? Why did you, the six MPs that initially opposed the law, say “Tear it, Do it again, and this time do it right”?

Populistic crap. My confidence in politicians has hit rock bottom.

Weak, uneducated, fascistic, control obsessive, technology frightened people.

You call yourselves “liberal”? Try “fascist” instead.

So you say this new version of the law would require the “go ahead” from a court? But why should an open society give a “go ahead” to any unwarranted wiretapping whatsoever? Wiretap criminals, not citizens!

The internet was born free and should stay that way, anything else is anti-democratic and limiting to freedom of speech.

Also, the presence of a surveillance system of this type raises the question of “What if I’m being monitored?” which prohibits habits which are extremely valuable to keep a society open. Motivating these kinds of laws with fear of terrorism and the good old fear of Russia is FUD tactics and is a low-level marketing or political tactic. From Wikipedia:

Fear, uncertainty and doubt (FUD) is a “tactic” of rhetoric used in sales, marketing, public relations[1][2] and politics. FUD is generally a strategic attempt to influence public perception by disseminating negative (and vague) information. An individual firm, for example, might use FUD to invite unfavorable opinions and speculation about a competitor’s product; to increase the general estimation of switching costs among current customers; or to maintain leverage over a current business partner who could potentially become a rival.

The term originated to describe disinformation tactics in the computer hardware industry and has since been used more broadly.[3] FUD is a manifestation of the appeal to fear.

Ugly. Plain ugly. And we elected these politicians.

In their motivations they also draw references to the German wiretap laws that works in the same way. This law has been heavily critized by several organizations and the last reports showed that many citizens hesitate, or simply do not, call helplines or make other sensitive calls in fear of being monitored.

Neils C. Scorrel writes in “German Tap Lessons” (1 | 2):

“When it comes to keeping tabs on its own residents in the ongoing war on terror, there’s a lot the United States could learn from Germany. Interestingly, the lessons would not be from Nazi Germany, where average citizens were encouraged to report on their neighbors, or from East Germany, where hundreds of thousands of people provided damning evidence about their friends and families. Neither regime lived up to its popular reputation as an all-knowing spy state.”
[...]
“September 11 and revelations of a Hamburg cell’s involvement gave authorities added incentive to increase the surveillance. During the past decade, Germany has increased its use of wiretaps by 500 percent. In 2004 alone, more than 29,000 wiretaps were approved, seven times the number authorized by U.S. courts that same year. The bulk of these taps are focused on common criminals—money launderers, extortionists, and the like. But a small percentage is aimed at people who fit the profile of potential terrorists.

Yet German authorities cannot point to a single successful prosecution of a terror suspect identified from these blind wiretaps. The colossal volume of information produced from tens of thousands of these taps often obscures real threats, while dead ends are pursued. Authorities quite simply do not have the time to listen to and process it all.”
[...]
“So, why haven’t wiretaps yielded much information about terror operations? Part of the reason is that terrorists have become savvier. They’ve learned not to discuss sensitive matters by telephone. They use couriers and shared e-mail accounts to send messages instead. But, more important, there is simply far too much information for authorities to wade through. Key points are hidden by the reams of data that modern society generates. Increasing the number of wiretaps often just increases the size of the haystack, making the needle that much harder to find.”

Why are our politicians so god damned uneducated? Why are they creating laws that aim at closing down our open and democratic society? Why do I even have to make this connection? Shouldn’t it already have been considered?

Below are the six MPs that with their populistic campaigns made us believe in them and not pursue other avenues of possible countermeasures against our government. For contact details, follow the links.

Camilla Lindberg, Birgitta Ohlsson, Agneta Berliner. Maria Lundqvist-Brömster, Cecilia Wikström and Solveig Hellquist.

Some might think that I’m attacking the wrong politicians and that these are the ones that has actually made an effort to change something. You might think that the guilty ones are those that say nothing and just vote as they’re told.

Other bloggers are referring information given to them by these people and saying that “There will be no automated information transfer to FRA, this is a Win!”. Woopedidoo. Internet got semi-filtered and we consider it a win? Give me a break.

I do not agree with any such comments. Neither do I trust anything that come out of these politicians mouths. These are the ones that has acted to divert the citizens criticism until it was too late.

These are the ones that stood in front of thousands of people that took the streets on the 16th of September and said that they would tear up the law, redo it, and do it right.

These are the ones that appeared on national television ensuring us that the law would be killed and that no one that was not suspected of a crime would not be susceptible to wiretaps.

Yet another silky pink bow… That’s all they’ve done. Weak.

If they really are going ahead with this (and it looks pretty much so) it’s a huge lose. No win. Just lose.

Another person that feels like that is Mark Klamberg, a leading Folkpartiet politician and FRA-opposition leader. When these plans were unveiled he immediately left the party and ended all of his responsibilities. Credit to him for putting his money where his mouth is.

The people’s last chance to reverse will soon be to wait for the next election, replace the government, and vote as many mandates as possible to the Pirate Party or (I do not like this) the left wing party.

For some strange reason, those are the only ones that really oppose mass surveillance in our society.

Why is that?

Others writing (swedish though, run them through translate.google.com) about this: HAX, Copyriot, Mark Klamberg, Christian Engström (PP), Rick Falkvinge (PP), Opassande, Rosetta Sten (Anna troberg), Deep.edition, Svensson, BrokeP (TPB).

Photo original: grisei on Flickr. CC Attribution. Edited by me.

From TheLocal.se:

Sweden welcomes EU telecoms vote:

Sweden’s EU parliamentary delegation is rejoicing following a decision by the body to toss out a proposal that would have banned file sharers from the internet and forced internet service providers to filter content in the hunt for pirated material.

This is what I wrote about in yesterday’s post and it’s really great news for the european internet users.

Goverment getting closer to surveillance law compromise:

A proposal to introduce a special court to decide when Sweden can monitor cross-border communications traffic is expected to help unify the governing parties around a new version of the country’s controversial surveillance law.

This is not a good thing. We need to tear up the law, research what needs exist and then build a law that conforms to our actual needs and that has individuals integrity and human rights as a high priority. This is not something that has been done incedibly enough.

Instituting a special court is just like, as some sensibly put it, putting a pink silk bow around a piece of shit.

It’s still stinks but it looks nicer :/

On my way home from Sävsjö now, this time in 2nd class :/ But i got some networking and that’s always something

Got an e-mail from the Swedish socialdemocrats in the EU-parliament with good news on the Telecoms package, but it was kind of fuzzy. Turned to HAX’s blog (Swedish) and during the vote on the Telecoms Package today some good things happened:

* The frech parlamentarian Toubon withdrew his amendment (132) which was going to make things even worse!

* Amendment 138 was accepted, making it impossible to disconnect european citizens from the internet without a fair trial!

* Amendment 166 was accepted (!!!!!!) which means no internet filtering in the european union!

The last one passed with 346 votes against 312. Frightening how many MEPs are for filtering of the internet. Really chilling.

But as HAX notes, no champagne yet. The package needs further analysis until we can be sure that no other strange/bad things are included.

The package also contained some good and market-liberal (good) things such as

* Shorter subscription times on cellular, broadband and other communication services.

* Shorter times for switching between providers (more competitive market) for these services.

* The right to be notified when a breach exposing personal or economical details has been detected.

All-in-all it seems like a good day in the European Union, but I’ll get back with more info if there’s an ugly frog somewhere.

Tomorrow it’s time for the handling of Marianne Mikko’s “Media-report”. This has been fixed up a bit now, so if it’s OK’d it will not mean that all bloggers and internet publicists need to be registered. Anonymous blogging is still OK in other words.

Cheers,