IDNYC is New York City's ID card program, and it has served as a critical means for undocumented migrants to get identity papers that they can use to establish utilities accounts, bank accounts, and so on. The city has announced a change to the program's data-retention policy, vowing to purge information that might be useful in the mass deportations promised by Donald Trump during his presidential campaign. Read the rest
In an interview with the WSJ's CIO blog, Lawrence Lessig proposes that the existence of cryptographic tools that allow for "zero-knowledge" data-querying, combined with the potential liability from leaks, will drive companies to retain less data on their customers. Read the rest
The Snoopers Charter is the UK Tory government's proposal to force ISPs to retain records of all their customers' online activities, and the government has used the excuse of the Paris attacks to call for its immediate passage despite the fact that the £175m/year the government has budgeted to defray ISPs' costs is not even close to enough to pay for the massive surveillance effort, meaning that Britons' ISP bills are set to soar if it passes. Read the rest
Under the UK's new Snoopers Charter (AKA the Investigatory Powers Bill), the Secretary of State will be able to order companies to introduce security vulnerabilities into their software ("backdoors") and then bind those companies over to perpetual secrecy on the matter, with punishments of up to a year in prison for speaking out, even in court. Read the rest
A new plan from Tory Home Secretary/Sith Lord Theresa May will require ISPs to retain one year's worth of Britons' online activity, and hand it over to the police and security services on demand, without a warrant. Read the rest
When electronics retailer Radio Shack filed for bankruptcy, the chain proposed selling customers' personal data to raise cash and repay creditors. That's not gonna happen, and the news is seen as a win for the right to privacy. Read the rest
Karen from the Electronic Frontier Foundation writes, "EFF is teaming up with groups in Latin America to take our 'Who Has Your Back' report international!" Read the rest
Chloe McClendon worked for a State Department contractor, and conspired with two others to steal the identities of passport applicants by photographing their applications while processing them. Read the rest
Ed from the Open Rights Group writes, "The Conservatives have won an absolute majority in the General Election. The Home Secretary Theresa May has already said that she will use this majority to pass a new Snoopers' Charter." Read the rest
Torrentfreak has published its annual survey of privacy-oriented VPN services, digging into each one's technical, legal and business practices to see how seriously they take the business of protecting your privacy. Read the rest
Michael writes, "Watching Australia's Attorney-General try to explain why tracking Australians' web histories is not such a big deal resembles listening to a dirty joke told by a ten-year-old, i.e. it leaves one with the distinct impression the speaker is trying to seem like they understand something they've only heard about secondhand." Read the rest
The party line from MPs who are being told by their parties to vote in mass-scale, warrantless surveillance powers is that the law doesn't change anything -- it's a lie. Read the rest
The leadership of the major UK political parties are set to ram through a sweeping surveillance bill without debate or study. It's a perfect storm of cowardice and arrogance, and it comes at a price. Cory Doctorow wants you to do something about it.
The European Court of Justice, the highest court in the EU, has invalidated the European Parliament's Data Retention Directive, which required phone companies and ISPs to store your clicks, email subjects and to/from info, your location data, and other sensitive "metadata" for up to two years. The ECJ cited the UN Human Rights Committee's condemnation of this sort of data-retention and its call for the USA to halt its surveillance. We have Digital Rights Ireland and AK Vorrat Austria to thank for the ruling. Read the rest
Earlier this week, EFF published a scorecard for rating Obama's NSA reforms. Now that the reforms have been announced, it's time to measure them up. They don't fare well, I'm afraid. Here's a roundup of commentary from privacy leaders around the world, expressing disappointment (if not surprise) at Obama's half-hearted reining in of the surveillance state. Read the rest
Tim Hardy: "UK border police have the power to seize all your personal data without reasonable suspicion and keep it effectively forever even if you are not charged with or suspected of a crime." Read the rest
Britain's Communications Data Bill -- AKA the Snooper's Charter -- would effectively eliminate private communications in the UK, giving government and the police the power to spy on virtually everything you do online (which is rapidly merging with everything you do, full stop). The major ISPs in the UK have apparently been turned to the government's cause, and have been quietly supporting the bill, which strips their customers of any semblance of privacy.
The government defends this proposal by saying that they're not intercepting "messages," only "envelopes." That is, they'll get the subject lines, social graph data, who is talking, where, how often, and who replies, how long the messages are, and so on. I like to imagine Alan Turing taking this approach to informational significance: "Mr Churchill, I'm sorry, there's no point in what you're asking us to do: all we can decode from the Nazis is who is sending messages, who receives them, what they're about, where they're sent from, how often they're sent, and how long they are. Nothing compromising." (Then I imagine the ghost of Turing haunting Home Secretary Teresa May, who claims that none of that kind of data compromises Britons' privacy).
In an open letter to the major ISPs, the Open Rights Group, Big Brother Watch, and Privacy International accuse the ISPs of entering into a conspiracy of silence on the surveillance system:
Read the rest
It has become clear that a critical component of the Communications Data Bill is that UK communication service providers will be required by law to create data they currently do not have any business purpose for, and store it for a period of 12 months.