You are being watched!

Interesting TEDx talk from 2012 on surveillance (thanks Dave Eddey down under ;-)). What Christopher Soghoian basically says is that you are being watched. Internet companies hang on to our personal information for as long as is practicable. When they receive a request from government requesting information on users, they have no choice but to comply. There is a couple of the Internet companies that have tried to inform users of these orders, one of these was Twitter. Want more info? Then grab a coffee and take 5 😀

More on Snowden

There has been another Guardian exclusive – online access to Snowden Q&A that is worth a look if you’re just a little intrigued by all the excitement. Make yourself a cup of coffee first though 😉

What seems to be clear is that when Snowden says NSA has direct access to the 9 main Internet services, he means direct access. When questioned about denials made by Google, Facebook, Apple, etc., his response was that they had no choice. It seems they have some sort of ‘gagging’ order and break the law by admitting to these top-secret operations.

UK Citizens! Does the Protection of Freedom Act 2012 really protect you?

Sorry I’ve been so verbose today, but there is just so much going on right now!

Here I am again, popping online to check, when this pops up on the Panopticon blog. This blog is cool because it is seriously legal. You know real legal experts writing about threats to our personal privacy. I wish my legal expertise was more seriously legal 😉

Well now they are talking about new legislation going through in the UK, CCTV, surveillance stuff, with all this Snowden excitement.

It is about the the Protection of Freedoms Act 2012 expressed the incoming Coalition Government’s commitment to keeping in check the state’s surveillance of ordinary citizens. By that Act (sections 29-36), the Home Secretary was to present to Parliament a Code of Practice governing the use of surveillance camera systems including CCTV and Automatic Number Plate Recognition (ANPR). Now go and visit this site. They summarize this Act. I haven’t looked in detail yet, but what I have read it looks more that it is protecting the rights of the citizen rather than vise-versa.

The Code sets out 12 guiding principles which systems operators should follow:

(1) Use of a surveillance camera system must always be for a specified purpose which is in pursuit of a legitimate aim and necessary to meet an identified pressing need.
(2) The use of a surveillance camera system must take into account its effect on individuals and their privacy, with regular reviews to ensure its use remains justified.
(3) There must be as much transparency in the use of a surveillance camera system as possible, including a published contact point for access to information and complaints.
(4) There must be clear responsibility and accountability for all surveillance camera system activities including images and information collected, held and used.
(5) Clear rules, policies and procedures must be in place before a surveillance camera system is used, and these must be communicated to all who need to comply with them.
(6) No more images and information should be stored than that which is strictly required for the stated purpose of a surveillance camera system, and such images and information should be deleted once their purposes have been discharged.
(7) Access to retained images and information should be restricted and there must be clearly defined rules on who can gain access and for what purpose such access is granted; the disclosure of images and information should only take place when it is necessary for such a purpose or for law enforcement purposes.
(8) Surveillance camera system operators should consider any approved operational, technical and competency standards relevant to a system and its purpose and work to meet and maintain those standards.
(9) Surveillance camera system images and information should be subject to appropriate security measures to safeguard against unauthorised access and use.
(10) There should be effective review and audit mechanisms to ensure legal requirements, policies and standards are complied with in practice, and regular reports should be published.
(11) When the use of a surveillance camera system is in pursuit of a legitimate aim, and there is a pressing need for its use, it should then be used in the most effective way to support public safety and law enforcement with the aim of processing images and information of evidential value.
(12) Any information used to support a surveillance camera system which compares against a reference database for matching purposes should be accurate and kept up to date.

Make a difference!

Another way the citizen can make a difference. Similar to the New Web post I made earlier today, but in the form of world causes. It’s called Go Petition on Facebook. So go and sign-up against your favourite cause. Make a difference!

The Next Web?

How about this for transparency, it is called Uchaguzi? In Kenya the government have implemented an infrastructure that surfaces everything that is going on in the country. It is the Kenyan citizens that report into this using their social media, e.g. SMS, twitter, email, etc.

The interface is simple to understand. It has in red colour the negative disturbances and in green the peaceful events for example.

I love it!
I wonder what Uchaguzi means? It is Swahili apparently.

MSIPR, SIPRM, PIRMS, IPMSR? No it’s PRISM!

Yes so in whatever form PRISM does exist. I talked about it… well more rolled over this in previous posts. Now everything that you may want to know about PRISM to date, that is by 12 June can be found here.

Now there are two parts here, or maybe three.

1) collection of communications that happens to be passing over the wires
2) collection of social, other online activities of US citizens
3) collection of a) communications, b) social, other online activities; of non-US citizens.

Now PRISM is about (2) and (3b). PRISM is a system the NSA uses to gain access to the private communications of users of nine popular Internet services including Google, Facebook and Apple. It seems to be that an official request for information of a particular individual can be made to any of these services, and they will comply if the request is legally valid. These Internet service deny strongly that NSA has direct access to their servers.

So apparently NSA does not have direct access to the 9 most popular Internet Services, but what is the breath of their power to collect data on US-citizens?

Well the FISA Amendments Act (Section 702) does not require the government to show probable cause to believe that the target of surveillance has committed a crime. This is only for non-US citizens. Instead of showing probable cause to a judge, Section 702 of FISA allows senior Obama administration officials to “authorize” the “targeting of persons reasonably believed to be located outside the United States.” The surveillance may not “intentionally target” an American, but the NSA can obtain the private communications of Americans as part of a request that officially “targets” a foreigner. There is some use of the Patriots Act for this. I am not sure how the FISA Section 702 and the Patriots Act overlap though.

Ha! So if you as a US-citizen are communicating with an individual that is outside of the US and deemed as a threat to national security, your data is being collected. You could be a supporter of Greenpeace for example, they were targeted for surveillance in the past.

So what is my take on PRISM. It seems perfectly reasonable that in the name of national security requests for data on individuals can be collected by government intelligence. Same as officials upholding the law would request for a search warrant. However, PRISM should not be secret. That this is happening should be transparent to all US citizens and non-citizens. Why keep a secret? The supermarkets are pretty transparent about collecting our personal buying habits, maybe the package the justification in fancy packaging, but the reason is clear, to make money. So why does the government have to go around pretending still that it does not do these things? Has it not yet realized that the Cold War is over, and has been for quite some years now?