CAT | Surveillance
Ars technica in conjunction with NPR conducted an excellent experiment showing how much and what kind of information can be obtained through capture off the wire. This is the type of information that a national intelligence service would see by tapping into ISPs.
They simulated this by using a penetration testing device installed at NPR reporter Steve Henn’s house (with his cooperation).
The amount of information is amazing. Even seemingly inactive devices are constantly making requests and connecting to services.
While many connections to key services like email and banking are encrypted, most others are not, revealing a great deal about Steve’s research activities.
It is absolutely worth a read.
Vodafone recently released a “Law Enforcement Disclosure Report”. Because Vodafone provides services in so many countries, this provides a unique insight into the range of surveillance capabilities and requirements across a spectrum of nations. In six countries they are required to provide direct connections to their network for the local government. This allows those governments to capture content and meta-data without making individual requests to Vodafone. They are not saying which 6 countries those are out of fear of penalties or retaliation.
In Albania, Egypt, Hungary, India, Malta, Qatar, Romania, South Africa and Turkey it is illegal to reveal information about various kinds of intercepts, so the report does not provide information on those countries.
The report also provides good information on the frequency of requests for information from various countries.
One lesson from this is, despite the impression one might have gotten from the Snowden leaks, the US is far from the only country doing this kind of surveillance.
Attorney General’s new war on encrypted web services – Security – Technology – News – iTnews.com.au
Australia’s Attorney-General’s department is proposing that all providers of Internet services ensure that they can decrypt user communications when so ordered. Any services where the provider has the keys will obviously be able to do this.
Australians may want to start to start taking steps to protect themselves now.
End to end encryption is your friend. At least that way, you need to be informed and compelled if they want access to your data.
Another important step is to get your “in the clear” communications into another jurisdiction using a VPN service like Anonymizer Universal.
Finally, let your voice be heard on this issue by reaching out to your members of parliament.
In episode 16 of the Privacy Blog Podcast for January, Twenty Fourteen I talk about:
Biological Advanced Persistent Threats
The Apps on your mobile devices that may be enabling surveillance
Why you may soon know more about how much information your service providers are revealing to the government
The total compromise of the TorMail anonymous email service
How the British government is using pornography as a trojan horse for Internet Censorship.
And finally why continued use of a deprecated cryptographic signature algorithm could undermine the security of the Web
Turkey already requests more takedowns from Google than any other country in the world, almost 1700 in the first half of 2013. They have a history of blocking popular websites like Youtube, and Vimeo, and Prime Minister Erdogan lashes out against Twitter at every opportunity.
Now the government is about to enact sweeping new powers to force providers to keep complete records of all user activity for 2 years, and give the government total access to that information.
This appears to be a reaction to citizen use of social media to coordinate protests and spread information about Turkish government corruption.
Unless they implement a ban on privacy technologies, VPN services like Anonymizer Universal will provide a way of getting around this kind of logging. I would strongly suggest that people in Turkey make a habit of always using VPNs, and moving to search engines, email, and social media platforms located outside of the country.