Posts: 9,353
Threads: 1,466
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: Sep 2008
Quote:Edward Snowden: US government spied on human rights workers
Whistleblower tells Council of Europe NSA deliberately snooped on groups such as Human Rights Watch and Amnesty International
Edward Snowden speaks via video link with members of the Council of Europe, in Strasbourg. Photograph: Vincent Kessler/Reuters
The US has spied on the staff of prominent human rights organisations,Edward Snowden has told the Council of Europe in Strasbourg, Europe's top human rights body.
Giving evidence via a videolink from Moscow, Snowden said the National Security Agency for which he worked as a contractor had deliberately snooped on bodies like Amnesty International and Human Rights Watch.
He told council members: "The NSA has specifically targeted either leaders or staff members in a number of civil and non-governmental organisations … including domestically within the borders of the United States." Snowden did not reveal which groups the NSA had bugged.
The assembly asked Snowden if the US spied on the "highly sensitive and confidential communications" of major rights bodies such as Amnesty and Human Rights Watch, as well as on similar smaller regional and national groups. He replied: "The answer is, without question, yes. Absolutely."
Snowden, meanwhile, dismissed NSA claims that he had swiped as many as 1.7m documents from the agency's servers in an interview with Vanity Fair. He described the number released by investigators as "simply a scare number based on an intentionally crude metric: everything that I ever digitally interacted with in my career."
He added: "Look at the language officials use in sworn testimony about these records: 'could have,' 'may have,' 'potentially.' They're prevaricating. Every single one of those officials knows I don't have 1.7m files, but what are they going to say? What senior official is going to go in front of Congress and say, 'We have no idea what he has, because the NSA's auditing of systems holding hundreds of millions of Americans' data is so negligent that any high-school dropout can walk out the door with it'?"
In live testimony to the Council of Europe, Snowden also gave a forensic account of how the NSA's powerful surveillance programs violate the EU's privacy laws. He said programs such as XKeyscore, revealed by the Guardian last July, use sophisticated data mining techniques to screen "trillions" of private communications.
"This technology represents the most significant new threat to civil liberties in modern times," he declared.
XKeyscore allows analysts to search with no prior authorisation through vast databases containing emails, online chats, and the browsing histories of millions of individuals.
Snowden said on Tuesday that he and other analysts were able to use the tool to select an individual's metadata and content "without judicial approval or prior review".
In practical terms, this meant the agency tracked citizens not involved in any nefarious activities, he stressed. The NSA operated a "de facto policy of guilt by association", he added.
Snowden said the agency, for example, monitored the travel patterns of innocent EU and other citizens not involved in terrorism or any wrongdoing.
The 30-year-old whistleblower who began his intelligence career working for the CIA in Geneva said the NSA also routinely monitored the communications of Swiss nationals "across specific routes".
Others who fell under its purview included people who accidentally followed a wrong link, downloaded the wrong file, or "simply visited an internet sex forum". French citizens who logged on to a suspected network were also targeted, he said.
The XKeyscore program amounted to an egregious form of mass surveillance, Snowden suggested, because it hoovered up data from "entire populations". Anyone using non-encrypted communications might be targeted on the basis of their "religious beliefs, sexual or political affiliations, transactions with certain businesses" and even "gun ownership", he claimed.
Snowden said he did not believe the NSA was engaged in "nightmare scenarios", such as the active compilation of a list of homosexuals "to round them up and send them into camps". But he said that the infrastructure allowing this to happen had been built. The NSA, its allies, authoritarian governments and even private organisations could all abuse this technology, he said, adding that mass surveillance was a "global problem". It led to "less liberal and safe societies", he told the council.
At times assembly members struggled to follow Snowden's rapid, sometimes technical delivery. At one point the session's chairperson begged him to slow down, so the translators could catch up.
Snowden also criticised the British spy agency GCHQ. He cited the agency's Optic Nerve program revealed by the Guardian in February. It was, he said, one of many "abusive" examples of state snooping. Under the program GCHQ bulk collects images from Yahoo webcam chats. Many of these images were "intensely private" Snowden said, depicting some form of nudity, and often taken from the "bedrooms and private homes" of people not suspected of individualised wrongdoing. "[Optic Nerve] continued even after GCHQ became aware that the vast majority had no intelligence value at all," Snowden said.
Snowden made clear he did believe in legitimate intelligence operations. "I would like to clarify I have no intention to harm the US government or strain [its] bilateral ties," he asserted, adding that he wanted to improve government, not bring it down.
The exiled American spy, however, said the NSA should abandon its electronic surveillance of entire civilian populations. Instead, he said, it should go back to the traditional model of eavesdropping against specific targets, such as "North Korea, terrorists, cyber-actors, or anyone else."
Snowden also urged members of the Council of Europe to encrypt their personal communications. He said that encryption, used properly, could still withstand "brute force attacks" from powerful spy agencies and others. "Properly implemented algorithms backed up by truly random keys of significant length … all require more energy to decrypt than exists in the universe," he said.
The international organisation defended its decision to invite Snowden to testify. In a statement on Monday, it said: "Edward Snowden has triggered a massive public debate on privacy in the internet age. We hope to ask him what his revelations mean for ordinary users and how they should protect their privacy and what kind of restrictions Europe should impose on state surveillance."
The council invited the White House to give evidence but it declined.
In the Vanity Fair interview the whistleblower said he paid the bill in the Mira Hotel using his own credit card because he wanted to demonstrate he was not working for a foreign intelligence agency. "My hope was that avoiding ambiguity would prevent spy accusations and create more room for reasonable debate," he told the magazine. "Unfortunately, a few of the less responsible members of Congress embraced the spy charges for political reasons, as they still do to this day."
The NSA says Snowden should have brought his complaints to its own internal oversight and compliance bodies. Snowden, however, insisted he did raise concerns formally, including through emails sent to the NSA's lawyers. "I directly challenge the NSA to deny that I contacted NSA oversight and compliance bodies directly via email," he stated.
.
The shadow is a moral problem that challenges the whole ego-personality, for no one can become conscious of the shadow without considerable moral effort. To become conscious of it involves recognizing the dark aspects of the personality as present and real. This act is the essential condition for any kind of self-knowledge. Carl Jung - Aion (1951). CW 9, Part II: P.14
Posts: 16,111
Threads: 1,773
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: Sep 2008
The cumulative leaks are really devastating, if not surprising [to those of us following such things]...what I can't understand is there not being a huge outcry from the People, who now must consist only of frightened Sheeple....
"Let me issue and control a nation's money and I care not who writes the laws. - Mayer Rothschild
"Civil disobedience is not our problem. Our problem is civil obedience! People are obedient in the face of poverty, starvation, stupidity, war, and cruelty. Our problem is that grand thieves are running the country. That's our problem!" - Howard Zinn
"If there is no struggle there is no progress. Power concedes nothing without a demand. It never did and never will" - Frederick Douglass
Posts: 5,374
Threads: 149
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: Sep 2010
Those people have been neutralized and don't exist. To place the definition of noble democracy on the American people is like putting a silk jacket on a pig. America is a delusion and truth is there's no excess or betrayal the US government could commit that would draw the displeasure of the American public to any significant degree. They are the idiotic mob you see on TV.
The bigger picture of the freedom fighter Snowden having to appear on a screen because of the threat of the military fascist American government should clue people to the score.
Posts: 9,353
Threads: 1,466
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: Sep 2008
In light of all the revelations, I would've thought it almost impossible to argue in favour of continuing intelligence collection as is. And so it turned out.
But a debate like this suggests that the subject has been moved into the background eh?
Quote:Everyone is under surveillance now, says whistleblower Edward Snowden
People's privacy is violated without any suspicion of wrongdoing, former National Security Agency contractor claims
Edward Snowden joined a debate on surveillance, by video link from Russia. Photograph: Sunshinepress/Getty Images
The US intelligence whistleblower Edward Snowden has warned that entire populations, rather than just individuals, now live under constant surveillance.
"It's no longer based on the traditional practice of targeted taps based on some individual suspicion of wrongdoing," he said. "It covers phone calls, emails, texts, search history, what you buy, who your friends are, where you go, who you love."
Snowden made his comments in a short video that was played before a debate on the proposition that surveillance today is a euphemism for mass surveillance, in Toronto, Canada. The former US National Security Agency contractor is living in Russia, having been granted temporary asylum there in June 2013.
The video was shown as two of the debaters the former US National Security Administration director, General Michael Hayden, and the well-known civil liberties lawyer and Harvard law professor, Alan Dershowitz argued in favour of the debate statement: "Be it resolved state surveillance is a legitimate defence of our freedoms."
Opposing the motion were Glenn Greenwald, the journalist whose work based on Snowden's leaks won a Pulitzer Prize for the Guardian last month, and Alexis Ohanian, co-founder of the social media website Reddit.
The Snowden documents, first leaked to the Guardian last June, revealed that the US government has programs in place to spy on hundreds of millions of people's emails, social networking posts, online chat histories, browsing histories, telephone records, telephone calls and texts "nearly everything a typical user does on the internet", in the words of one leaked document.
Greenwald opened the debate by condemning the NSA's own slogan, which he said appears repeatedly throughout its own documents: "Collect it all."
"What is state surveillance?" Greenwald asked. "If it were about targeting in a discriminate way against those causing harm, there would be no debate.
"The actual system of state surveillance has almost nothing to do with that. What state surveillance actually is, is defended by the NSA's actual words, that phrase they use over and over again: 'Collect it all.' "
Dershowitz and Hayden spent the rest of the 90 minutes of the debate denying that the pervasive surveillance systems described by Snowden and Greenwald even exist and that surveillance programs are necessary to prevent terrorism.
"Collect it all doesn't mean collect it all!" Hayden said, drawing laughter.
Greenwald sparred with Dershowitz and Hayden about whether or not the present method of metadata collection would have prevented the terrorist attacks on 11 September, 2011.
While Hayden argued that intelligence analysts would have noticed the number of telephone calls from San Diego to the Middle East and caught the terrorists who were living illegally in the US, Greenwald argued that one of the primary reasons the US authorities failed to prevent the attacks was because they were taking in too much information to accurately sort through it all.
Before the debates began, 33% of the audience voted in favour of the debate statement and 46% voted against. It closed with 59% of the audience siding with Greenwald and Ohanian.
The shadow is a moral problem that challenges the whole ego-personality, for no one can become conscious of the shadow without considerable moral effort. To become conscious of it involves recognizing the dark aspects of the personality as present and real. This act is the essential condition for any kind of self-knowledge. Carl Jung - Aion (1951). CW 9, Part II: P.14
Posts: 16,111
Threads: 1,773
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: Sep 2008
Report: https://www.privacyinternational.org/rep...y-findings
Chapter:
I. Summary of key findings
(Please note that "worst ranking" and "lowest ranking" denotes countries that exhibit poor privacy performance and high levels of surveillance.
- The 2007 rankings indicate an overall worsening of privacy protection across the world, reflecting an increase in surveillance and a declining performance o privacy safeguards.
- Concern over immigration and border control dominated the world agenda in 2007. Countries have moved swiftly to implement database, identity and fingerprinting systems, often without regard to the privacy implications for their own citizens
- The 2007 rankings show an increasing trend amongst governments to archive data on the geographic, communications and financial records of all their citizens and residents. This trend leads to the conclusion that all citizens, regardless of legal status, are under suspicion.
- The privacy trends have been fuelled by the emergence of a profitable surveillance industry dominated by global IT companies and the creation of numerous international treaties that frequently operate outside judicial or democratic processes.
- Despite political shifts in the US Congress, surveillance initiatives in the US continue to expand, affecting visitors and citizens alike.
- Surveillance initiatives initiated by Brussels have caused a substantial decline in privacy across Europe, eroding protections even in those countries that have shown a traditionally high regard for privacy.
- The privacy performance of older democracies in Europe is generally failing, while the performance of newer democracies is becoming generally stronger.
- The lowest ranking countries in the survey continue to be Malaysia, Russia and China. The highest-ranking countries in 2007 are Greece, Romania and Canada.
- The 2006 leader, Germany, slipped significantly in the 2007 rankings, dropping from 1st to 7th place behind Portugal and Slovenia.
- In terms of statutory protections and privacy enforcement, the US is the worst ranking country in the democratic world. In terms of overall privacy protection the United States has performed very poorly, being out-ranked by both India and the Philippines and falling into the "black" category, denoting endemic surveillance.
- The worst ranking EU country is the United Kingdom, which again fell into the "black" category along with Russia and Singapore. However for the first time Scotland has been given its own ranking score and performed significantly better than England & Wales.
- Argentina scored higher than 18 of the 27 EU countries.
- Australia ranks higher than Slovakia but lower than South Africa and New Zealand.
"Let me issue and control a nation's money and I care not who writes the laws. - Mayer Rothschild
"Civil disobedience is not our problem. Our problem is civil obedience! People are obedient in the face of poverty, starvation, stupidity, war, and cruelty. Our problem is that grand thieves are running the country. That's our problem!" - Howard Zinn
"If there is no struggle there is no progress. Power concedes nothing without a demand. It never did and never will" - Frederick Douglass
Posts: 16,111
Threads: 1,773
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: Sep 2008
Chapter:
IV. Summary of country results
Austria- No explicit right to privacy in constitution but there are special laws for civil rights, including one for data protection; recent Supreme Court decisions are highly problematic
- Data Privacy law does not apply equally to paper files; law is considered cumbersome by experts; also sectoral laws
- Data Privacy Commission can bring civil and criminal provisions against institutions; but criticised for lack of independence
- Prohibits use of genetic data by insurance companies
- Medical data is treated as sensitive data by law
- Legal requirement permitting Austrian military to request subscriber data from telecommunications providers
- Centralisation of data on students that is stored for 60 years
- Social security card with unique numbers but little other information is stored; number of abandoned initiatives including health data cards, or 'citizen card' have been abandoned; e-identity management system is heavily criticised
- Judicial warrants for interception for serious crimes (10 years punishment or more)
- CCTV and audio surveillance is now permitted where data is stored for 48 hours; but this has not been enforced adequately
- Communications data is made available to copyright industry under Supreme Court decision
- Postponed data retention
- Matched DNA database with Germany in December 2006
Belgium- Belgian constitution was amended in 1994 to recognise the right to privacy; Supreme Court has ruled in accordance with Article 8 of the ECHR
- Comprehensive privacy law
- Commission has investigatory powers, issues a number of recommendations; took a strong stance against the transfer of data from SWIFT to the U.S. government
- Through negotiations a common agreement has been established to regulate workplace surveillance
- Law in place to protect health privacy rights
- Judicial warrants for interception of communications with limited duration; though Parliament has given authority to the 'juge d'instruction' to demand decryption
- Retention period of 12 months, though there is a push for three-years
- Anonymous communications was banned in 2001
- Leading country for smart ID cards, issued from age 6, that may contain such data as medical files, for use in public and private sectors, despite much criticism
- First European country to use RFID passports
- Content industry has agreements with ISP's to monitor for copyright infringement; court case in 2007 upholds use of filtering technology on networks to prevent file-sharing
Bulgaria- Constitutional protections in articles 32, 33, 34
- Comprehensive privacy law, though many changes have occurred without adequate debate; law is poorly implemented
- Sectoral laws protect medical privacy
- Data privacy authority is relatively large
- Identity cards are required to access cybercafŽs, and internet service providers have to register the ID numbers of users
- Court order generally required for interception, though ministry of interior has discretionary power, resulting in regular complaints of abuse and illegal bugging
Cyprus- Constitution in articles 15 and 17 protects privacy
- Comprehensive privacy law, though it is not fully compliant with EU standards
- Plans for e-ID smart cards
- Commissioner has broader jurisdiction to cover telecommunications since 2004; issues guidelines and information campaigns
- Increasing use of CCTV along border
- Attorney general authorises interception
- CCCTV being installed for traffic management, speed cameras, and failing to wear seatbelts or talking on mobile phones
Czech Republic- Charter providers for privacy in articles 7, 10, and 13
- Comprehensive privacy law
- Data Privacy Authority has issued a number of fees for breaches of the law, and rejects requests for transfer of data abroad, and has been participating in an intense set of activities for public education
- Judicial warrants for interception, for up to six months; though exemptions apply for secret services and significant concern about who has access to recordings
- Money laundering law limits lawyer-client privilege
- Illegal for employers to read employee's email, though subject lines are permissible
- Legal basis of medical registries is very contentious issue, led to Presidential veto on privacy grounds, but was over-ridden by Chamber of Deputies vote
- Increasing use of CCTV, and few are registered with the Data Privacy Authority
- Data Privacy Authority fined state body for scanning biometric data and fingerprints
- Plans for data sharing across different government agencies
Denmark- Constitutional right to privacy depends on section 71 on personal liberty and section 72 on search and seizure
- Comprehensive privacy law, and exempts security and defence services
- Data privacy authority is appointed by the minister of justice, and the ministry is also responsible for the budget
- Data privacy authority may enter any premise without a court order to investigate under the privacy law
- Extensive interception of communications; and use of bugs on computers to monitor activity and keystrokes; and plans are in place to minimise notification
- Police require list of all active mobile phones near the scene of a crime
- DNA samples may be required from applicants for residency based on family ties
- Implemented retention of communications data well before EU mandate, for one year
- Police took the DNA of 300 youth protestors in 2007
- Implementing air travel surveillance program
- Parliament is over-keen to implement surveillance programs
- Ratified Cybercrime convention
Estonia- 1992 Constitution recognises right to privacy in Article 42, 43, and 44
- Comprehensive privacy law
- Inspectorate was made an independent organisation in 2007
- Extensive research into Genetics and disease
- Mandatory identity card for all over 15
- Interception is authorised by the head of a surveillance agency, while exceptional surveillance requires judicial authorisation and only in cases of serious crime
- Citizens may obtain access to information about them held by police and security agencies
- Ratified Cybercrime convention
European Union- Treaty of the European Union requires compliance with the ECHR, and so protection falls under Article 8
- Data protection in the first pillar is under the EU Directive 1995
- Data protection under the third pillar, i.e. Justice and home affairs, is inadequate
- European Data Protection Supervisor oversees the first pillar activities, and has pursued legal action when appropriate
- Data sharing is set to expand significantly under the Treaty of Prum
- Border plans include copying U.S.-style biometric and passenger data checks
- Communications data retention directive and biometric passport directives are world-leading in their expansive surveillance goals
Finland- Constitutional protection under section 10
- Much information in the public domain, including name, birth year, taxable income, property taxes, and total taxes paid
- Comprehensive privacy law
- Criminal and civil sanctions (including imprisonment) for unlawful processing
- Data privacy authority must go through public prosecutor before taking action on a violation
- Postponed retention of internet data until 2009
- Judicial warrant for interception for specific crimes as listed in law, while transactional data can be obtained if suspect faces at least four months of jail; electronic surveillance only in cases if punishment is greater than four years imprisonment
- Police use mobile phones to access official tax records in order to enforce traffic fines (fines are based on income)
- Location data tracking of youth is widely provided service
- Corporate abuse of telephone records lead to high profile scandal
- Helsinki transport network monitors movements of travellers, though data privacy authority has compelled a change of policy
- Specific act on workplace privacy now permits email surveillance, video surveillance, and drug testing; though ombudsman recently ruled that employers can not use search engines to assess prospective employees without consent
- Identity number used extensively in public and private sectors
- New identity card also includes, voluntarily, medial insurance data
- Finland worked to be a pioneer in biometric passports
- Sectoral laws protect medical privacy
- Ratified Cybercrime convention
France- No explicit right to privacy in constitution, though constitutional court has ruled that it is implicit
- Comprehensive privacy law; though the law permits intellectual property rights holders to create records of rights infringers
- Data privacy authority well known for its strong stance on many issues, investigates, warns and imposes financial sanctions (the first of the latter was in 2006)
- DPA has limited powers over large government systems
- Tort of privacy in civil code, and sectoral laws also exist, as well as protections in the penal code
- DNA database is expanding to include nearly all crime investigations, and is known to be a register of 'civil disobedience' since the protests in 2005 and 2006; compels DNA collection from immigrants if parentage is questioned
- Interception authorised by investigative judge and lasts four months (renewable)
- In 2007, the highest administrative court ruled that database of illegal migrants was excessive, though not on privacy grounds
- Retention policy applies for up to one year; subscriber data and identifying data may only be disclosed upon judicial request
- This was expanded under terrorism law allowing access without any judicial order by the police
- Latest draft rules on retention requires all service providers to retain all information on users and deliver to police upon mere request, and may even require retention of passwords, and payment details; and police may then retain the data for three years
- Intellectual property rights holders may monitor online activity
- Individuals must be identifiable whilst online if they wish to publish content
- Still maintain encryption restrictions
- CCTV is spreading, and may be installed prior to any authorisation
- Collects passenger data
- Biometric ID scheme is still postponed
- Border and visa data is now accessible to all police since 2006
- No fingerprints in passports as yet
- Serious lack of data protection and many security breaches identified in computerized patient records, according to data privacy authority in 2007
Germany- Basic Law protects communications privacy under article 10; but Constitutional Court ruled in 1983 that individuals have a right of informational self-determination based on Articles 1 and 2 on rights to freedom
- One of the strictest privacy laws in the world
- Despite calls for workplace privacy law, none exists
- Federal Data Privacy Authority and Lander authorities are world leading
- Interception is permitted under the G-10 law which includes warrantless automated wiretaps
- One of the highest rates of interception across Europe
- Despite objections, data retention law approved
- Fingerprints have been included in ID cards, although not for storage on a central database
- CCTV is expanding despite protests
- Approved Treaty of Prum provision
Greece- Article 9 of the constitution recognises the right to privacy in the home, and data protection (since amendment), Article 19 for communications privacy
- Comprehensive privacy law
- Data Privacy Authority is independent, led by high ranking official, and may impose administrative or penal sanctions that include imprisonment; a history of controversial but important rulings, covering ID, CCTV, DNA, and workplace surveillance
- CCTV was permitted for the Olympics on the condition that they be de-activated after the games; but this was continued for a further six months to monitor car traffic circulation, and was then extended to 2007, but also fined the police for a breach
- Infamous wiretapping case involving Vodafone and ministers' communications, led to a 76m EUR fine for Vodafone
Hungary- Constitutional right in Article 59, and strong Supreme Court decisions upholding this right; in 2007 the court called on enhanced protection to the right of privacy because of poor oversight
- Statutory protections are comprehensive, prohibits all-purpose identification numbers or codes; and sector-specific protections also exist, as well as Criminal Code protections
- Order-making powers for Commissioner was granted in 2004
- 82% of CCTV deployments do not comply with the law, and may contain facial recognition capabilities
- Judicial authorisation of warrants but Constitutional Court decided that there was insufficient oversight
- Communications surveillance permitted in investigations where the crime may be punishable by more than five years imprisonment
- Security services require approval by specially appointed judge or Minister of Justice; though there are claims of abuse by the National Security Service
- Public protests led to a rejection of new data retention proposals
- Famous Vodafone case where company tracked employees 24-hours per day at 15-minute increments; courts sided with employees
- President of Hungary refused to sign law enabling transfer of passenger data to the U.S. unless individual consent was given
- Intends to join Prum Convention; ratified Cybercrime convention
Ireland- No explicit right to privacy in constitution, Supreme Court has seen an implicit right in Article 40.3.1
- Comprehensive privacy law, with broad exemptions for security, tax, and combating crime; misuse of data is also criminalised
- Improvements in the law went into effect in 2007
- High Court imposed safeguards on the disclosure of identity of suspected file-sharers
- One of the longest data retention regimes in Europe; currently pursuing legal action on this issue to ensure the government has the ability to uphold its retention regime
- Planning Automatic Number Plate Recognition
- Extensive data matching and use of unique identifiers
- While the Garda are prohibited from collecting personal identification numbers from nationals, they may do so in relation to non-EU nationals
- A public services card is being developed
- No plans for fingerprints in biometric passports
Italy- Constitution protects right to privacy in the home (article 14) and communications (article 15)
- Comprehensive privacy law
- Data privacy authority has extensive powers, including auditing databanks of intelligence activities
- Data privacy authority has stopped two initiatives for expanding use of fingerprinting; and has regulated use of CCTV; and has run public education campaigns on television
- Judicial authorisation for interception, and granted for 15 days at a time; if transcripts are not used they must be destroyed; and exceptions apply for religious ministers, lawyers, and doctors, though there are more lenient procedures for anti-mafia cases
- 2007 a judge ruled that planting bugging devices in a car was not an offence because the law only applies to the home
- A number of abuses in communications surveillance: Êin 2005 Italian police placed a backdoor into an ISP's server, and monitored all transactions of 30,000 subscribers; telecom italy collected thousands of file on stars and influential people
- Data retention period were for four years, though internet traffic data is now set for 12 months, through a graduated scheme where investigations involve serious crimes are allowed to get telephone data after 2 years, or internet data after 6 months
- Biometric plans for travel authorisation have been reviewed and changed by authority
- Council of ministers approve law requiring every blogger to register with the state; though law is in early stages
Latvia- Constitutional right in article 96
- Wide exemption in statutory protections but does apply to police sector
- Inspectorate has 23 employees, and has powers of inspection and administrative penalties; considering stronger penalties; but independence is questioned
- Access to data is only with judicial warrant
- Abuse in interception case where TV news presenter's phone was tapped and transcripts were sold to a newspaper
- Money laundering laws now require increased data sharing and disclosure
- Fingerprints in passports
- Workplace privacy handbook for employers and employees; inspectorate allows for interception but notification
- Now has a DNA database
- Mandatory ID cards since 2002 for those over the age of 15, but was postponed to 2007 for implementation
- Ratified Cybercrime convention
Lithuania- Constitutional right under Article 22, with mixed Supreme Court jurisprudence
- Comprehensive privacy law
- Recent amendment requires public statements by companies on their websites regarding accountability
- Data Privacy Authority is financed by government budget, and is accountable to the government; has not conducted review of visual surveillance
- Delaying application of retention law to internet, though was an early adopter of retention for telephony
- Interception warrants issued by prosecutor general or judge; and law does not include principle of proportionality; oversight is seen as weak and abuses are rife
- Increasing workplace surveillance and no legal framework applies
- Growing number of camera installations and great cost
- Passports will include a centralised biometric database despite concerns raised at the time
- Ratified Cybercrime convention
Luxembourg- Constitutional protections in article 28 only applies to communications
- Comprehensive data protection law, that also covers moral persons, and contains specific provisions on medical data, and the workplace; though draft law from 2006 would have curtailed many protections
- Commission is independent agency that has worked to reduce surveillance plans, e.g. Retention periods; and authorisation is required before installing video cameras or electronic tracking
- Postponing implementation of retention directive, though currently has a six month retention period
- Interception by judicial authorisation for serious crime (2 or more years of imprisonment), for one month periods, extendable up to a year; and individuals may be sometimes informed of the surveillance
- Administrative interceptions may be authorised for national security by a special tribunal
- Workplace monitoring only permitted if staff representative, joint committee, and the person being monitored have been informed, with a specific piece of legislation aimed at this activity
- Banking privacy laws forbids unwarranted surveillance
- No fingerprints in passport as yet, but are making plans
- Approved Treaty of Prum
Malta- Constitutional right under article 38 against arbitrary searches
- Comprehensive privacy law
- Law is enforced by ministry, not an independent agency, though the commissioner and ombudsman investigate complaints
- Sectoral laws
Netherlands- Constitutional protection in Article 10, Article 12, and 13; moves to change the constitution to be more technology neutral were postponed
- Comprehensive privacy law and sectoral protections
- Data Privacy Authority can apply administrative measures and impose fines; and posts advisories to government on new legislation; extensive work in the area of medical records in 2007
- Growth of corporate privacy officers across the country
- Court order required for interception, except for the intelligence services who are authorised by the Minister of Interior; controversies and court cases over the burden to industry
- Access to traffic data by order of the public prosecutor, but for serious offences (where punishment is imprisonment for four years or more); though subscriber data can be accessed by police in case of mere suspicion. ÊParliament rejected proposal to notify suspects after subscriber data has been accessed.
- In 2007 government moved to implement data retention directive with 18 months period, despite concerns from Authority
- Continued proposals to increase power of law enforcement agencies
- Plans to implement in 2008 a database of all children to record development from birth
- New plans for expanded use of biometrics
- DNA collected on all convicted of serious crimes
- Compulsory identification for all persons from age of 14, where 5300 individuals are fined every month for not carrying ID
- Passport includes fingerprints and facial images, and government proposed in 2005 that a centralised register be created
- Law from 2003 makes it unlawful to use hidden cameras in public places without notification; cameras can otherwise keep images for 4 weeks for the purpose of keeping public order
- Courts have ruled that subscriber data can be disclosed to copyright industry, and anonymous website owners
- Ratified Cybercrime convention
Poland- Constitutional rights in Articles 47, 49, and 51, though constitutional court has mixed record limiting government surveillance
- Comprehensive privacy law, and sectoral laws apply
- Data Privacy Authority can impose fines and declare that a criminal activity has occurred
- Large amount of interception of communications with limited oversight
- Increasing use of visual surveillance; in 2007 Auschwitz installed CCTV scheme, including monitoring of schools
- Draft retention law called for fifteen year retention period
- ID card is controversial over its use of biometrics and the use of a unique identifier
- New law requires national identifier to be used for filling prescriptions, despite protests from physicians
Portugal- Article 26 and 34 of constitution protect privacy; and in 1997 it was amended to give a right to data protection
- Comprehensive privacy law
- Commission regularly publishes guidelines; most recently in 2007 on workplace surveillance and recording of political convictions
- History of abuse of interception of communications
- Roadway video surveillance is regulated closely
- Approved identity card in 2007, and data will include parentage, tax, health and social security numbers; though the numbers can not be matched or linked; stores fingerprint on the card and biometric authentication can only be compelled by police and justice officials
- Mandatory reporting of HIV and AIDS
- Genetic privacy is protected under strict rules, employers may not request genetic tests, even with consent
Romania- Constitutional right under Articles 26, 27 and 28
- Comprehensive privacy law
- Data Privacy Authority has run public education campaigns in 2006 and 2007, and issues guidelines; and issued security breach rules for telecommunications providers
- Interception is authorised by General Prosecutor of the Office related to the Supreme Court, and individuals can appeal to the Commissions of Human Rights of the two Chambers of Parliament, with careful reporting schemes; though abuses still occur
- Draft retention law has not yet been approved, but proposes 12 month period of retention without any explanatory reports; though access is only permitted in combating organized crime and terrorism investigations, with judicial authorisation
- Ratified Cybercrime convention
Slovenia- Extensive constitutional protections
- Comprehensive privacy law, and has been updated in recent years to reflect new technologies
- It is against the law to use the same identifier in databases in the areas of public safety, state security, defense, judiciary and health; where connections are permitted only upon consent or if there is a legal basis
- Labor law prohibits employers and candidates questions about family matters, marital status, pregnancy, etc.
- Serious breach of law regarding cancer screening centre in 2006
- Extensive rules on video surveillance, though abuse still occurs including in changing rooms in shopping malls though the situation is improving
- Biometrics are regulated
- Court order required for interception of communications, for a prescribed list of criminal offences, except for intelligence purposes where the language is broad
- Law requires location data be processed only in anonymous form unless prior consent granted
- 24 month retention period
- Failure to produce ID card when required involves fine of up to 420 euro
- New electronic population register merges three separate registries
- Ratified Cybercrime convention
Slovakia- Good statement in constitution from 1992; with some jurisprudence from Constitutional Court, but European court has ruled against government recently
- Commissioner files biannual reports, has investigative powers
- ODPD conducted preventive audits of video surveillance
- Few complaints received however
- There are no biometric-specific rules on collecting, using or disclosing this data
- Law on interception applies to extraordinarily serious premeditated crimes, but over the years there have been many public revelations of illegal wiretapping of opposition politicians, reporters and dissidents
- Continuing reports of Roma homes being entered without warrants
- Plan to start fingerprinting citizens for passport in 2008
- Government supports Irish Government on data retention case
- Government abuses data protection law to protect police and Cabinet from oversight
Spain- Constitutional protection under Article 18
- Comprehensive right to privacy with extensive court decisions
- Extensive investigations and cases reviewed by Data Privacy Authority; Authority has made a number of rulings, including that IP addresses can be personal data; and on video surveillance data
- Authorities exist at local levels as well
- Several interception scandals over the years; including extensive access to communications without court order
- Laws for preventing funding of terrorism have been applied to other crimes
- Lack of debate around introduction of planned electronic ID card
- Retention period for 12 months, and plan to ban anonymous pre-paid mobile phones
Sweden- Constitutional protection under Section 2 and Section 3 of the Instrument of Government Act 1974
- Comprehensive privacy law, and sectoral privacy laws; though Êin 2006 the Parliament amended the Personal Data Act to increase exemptions, and the requirement of gross negligence before data breaches are prosecuted
- Inspection Board has powers of investigation; ruled on proposed use of biometrics in schools saying that it was neither necessary nor proportionate, but even still it is being used by schools
- Medical records are regulated by sector specific law, but there is a lack of adequate organisational policies to protect access to data
- 2002 proposals to enhance workplace privacy has not been followed through with legislation; and few firms delete data on their employees
- There are policy recommendations that DNA collection from all investigations
- No fingerprints on passport, and no central register of biometrics
- Non-mandatory ID card
- Video surveillance is tightly regulated
- Annual reporting of electronic surveillance
- Proposed law to scan all communications without a court order, although it was abandoned in 2007, temporarily at least
United Kingdom- World leading surveillance schemes
- Lack of accountability and data breach disclosure law
- Commissioner has few powers
- Interception of communications is authorised by politician, evidence not used in court, and oversight is by commissioner who reports only once a year upon reviewing a subset of applications
- Hundreds of thousands of requests from government agencies to telecommunications providers for traffic data
- Data retention scheme took a significant step forward with the quiet changes based on EU law
- Plans are emerging regarding surveillance of communications networks for the protection of copyrighted content
- Despite data breaches, 'joined-up government' initiatives continue
- Identity scheme still planned to be the most invasive in the world, highly centralised and biometrics-driven; plan to issue all foreigners with cards in 2008 are continuing
- E-borders plans include increased data collection on travellers
England & Wales- Inherited constitutional and statutory protections from UK Government and many of the policies
- National policies are not judged, e.g. Communications surveillance, border and trans-border issues
- Councils continue to spread surveillance policies, including RFID, CCTV, ID and data sharing, road user tracking
- Few democratic safeguards at local government level, even though local government may be more accountable to electorate because of smaller numbers, decisions do not appear to be informed by research, prototyping
Scotland- Inherited constitutional and statutory protections from UK Government and only some of the policies
- National policies are not judged, e.g. Communications surveillance, border and trans-border issues
- Stronger protections on civil liberties
- DNA database is not as open to abuse as policy in England and Wales
- Identity policy is showing possibility of avoiding mistakes of UK Government
- Scottish government appears more responsive and open to informed debate than local governments in England
NON-EU COUNTRIESARGENTINA- Constitutional right in Article 18 and 19, and habeas data right in Article 43; with important jurisprudence from Supreme Court
- Comprehensive privacy law, and several provincial laws; jurisprudence is emerging
- Data Privacy Authority has powers to investigate and intervene through both administrative and criminal sanctions; though is based in the Ministry of Justice
- Only one penalty has been imposed
- Data retention law previously called for 10 year retention period, but the President suspended the decree to allow for 'evaluation'
- Judicial warrant required for interception, and domestic surveillance can not be conducted by military personnel; many changes in the law since the 1990s
AUSTRALIA- No right to privacy in federal constitution, though one territory now includes the right to privacy within its bill of rights
- Comprehensive privacy laws at federal level and others within some states and territories, but there are broad exemptions that have precluded action by the privacy commissioner against small businesses and political parties; and does not meet international standards
- Power of commissioner diminished because determinations are not legally binding
- Numerous reports of data breaches, including at the taxation office, child support agency, and even amongst the police
- High level of interception activity; no notification requirement to innocent participants to communications
- Expanded surveillance powers in 2004
- Movement towards electronic medical records but no opt-in protections as yet
- De-identified medical data has been approved by the privacy commissioner for sale to pharmaceutical companies, despite protests
- Expanded financial surveillance and secret reporting
- DNA collection only for serious crimes at the moment
- Made preliminary steps to secure passports in 2006
- New government promised to abandon ID card plans; the office of access card has been closed but senior staff have moved to other department hinting at possible proposals to emerge
- Document verification service for use by public and private sector is being implemented despite lack of privacy considerations
- Abusive case of visa revocation of individual related to suspects in UK anti-terrorism case
BRAZIL- Constitutional protection ensured in 1988 constitution; recent court cases have resulted in a fragmented protection so that bank records are protected but databases aren't necessarily; and stored emails as well
- No data privacy law but there is one under consideration
- Can not force a correction of data
- Civil code protects privacy, but with exemptions for law enforcement; and no regulatory commission
- Protects right to privacy of children under 1990 law
- Test for interception is relatively simplistic
- Id law requires ID for public and private sector use, but it has not been implemented; private sector use of biometrics is growing
- Recent controversy over censoring Youtube
- Bank records are protected under the constitution, and warrants are required
- Growing concerns about workplace surveillance, led to a labour court decision saying monitoring is illegal, unless a court order is issued, but protections do not apply to corporate email accounts; video monitoring is illegal in recent court decision
- Interception for serious crime; but illegal wiretapping continues, and concerns that the content-industry is spying on Brazilian networks without warrants
- Access to traffic data is not protected under privacy regulations according to the superior court of justice; and proposed law for identification for access did fail, but requires ISPs to identify illegal conduct to the police
- Extensive travel surveillance on roads with RFID with poor privacy protections
CANADA- Privacy not mentioned in Charter of Rights and Freedoms, but courts have recognised the right to a reasonable expectation of privacy
- Statutory rules at the federal level (public and private sectors) and provincial laws apply to sectors and governments
- Federal commission is widely recognised as lacking in powers such as order-marking powers, and ability to regulate trans-border data flows
- Variety of provincial privacy commissioners have made privacy-enhancing decisions and taken cases through the courts over the past year (particularly Ontario)
- Court orders required for interception and there is no reasonable alternative method of investigation
- Video surveillance is spreading despite guidelines from privacy commissioners
- Highly controversial no-fly list, lacking legal mandate
- Continues to threaten new policy on online surveillance
- Increased calls for biometric documents to cater for U.S. pressure, while plans are still unclear for biometric passports
CHINA- Limited rights under constitution under articles 37, 38, 39
- Chinese government acknowledges that it has room for improvement in applying laws fairly and systematically
- Stricter controls are being exerted on press, internet, academics, lawyers and NGO's
- Extensive surveillance schemes implemented in anticipation of the 2008 Olympics
- Increased expectation of privacy amongst citizens has led to academics calling openly for stronger privacy laws
- Some privacy laws
- Search and interception does require warrants but they are authorised by officials and prosecutors
- Increased legal activity and suits in the area of medical privacy
- In 2006 China's central bank developed a database that links up information on consumer credit; and private sector initiatives are emerging that advertise access to 90 million incomes, marital status and sensitive information for 12 cents per request
ICELAND- Constitutional protection exists, and interferences only when urgent; Supreme Court has decided in favour of privacy such as in health privacy cases
- An opt-out registry for marketing exists under law
- Data Privacy Authority can investigate and issue rulings, issue fines and seek criminal sanctions; received 820 cases, solve 685, 8-members of staff
- In late 2006 DPA's rule on surveillance went into force prohibiting workplace, schools and public areas from surveillance unless under a legal act or court order; and surveillance must comply with Data Privacy principles
- ID numbers issued and widely used by public and private sector (including video rentals)
- Medical and genetic databases are world-leading; health database was postponed in 2002;
- Supreme court ruled in favour of the protection of health information of deceased because it could disclose information about descendants; this hints that the health database act may be unconstitutional
- Since 2001 instituted facial recognition at international airport; lodging information must be retained for two years and may be accessed by the police at any time, and could apply to private homes
- Six months of communications data retention, though with now limited data sets, ad no requirement to show ID to buy phone cards but surveillance still exists
- Ratified the Cybercrime convention
INDIA- No explicit right to privacy, though Supreme Court sees it as implicit under article 21 on the right to liberty
- General right to privacy in law, requiring warrants for searches
- No comprehensive privacy law, though sectoral laws do provide some protections; though there is great pressure to implement a privacy law, little is being done
- Fraud and identity theft in the outsourcing industry continues
- History of abuse of wiretapping, and NGOs complain of their communications being intercepted
- Law requires disclosure of encryption keys, and there are stiff penalties on anyone who fails to provide requested information to authorities
ISRAEL- Section 7 of the Basic Laws provide right to privacy, and is thus considered a 'basic right'
- Comprehensive privacy law, though broad exemptions for security and police services
- Amendment to privacy law in 2007 included requirement for 'conscious' consent to an invasion of privacy
- Credit databases automatically share credit information
- Data-sharing of criminal records amongst more than 30 government agencies
- Data Privacy Authority established in 2006, with a small budget and few employees, but has been quite active
- History of abuse in communications surveillance; now the President of the District Court must authorise interception for a period of three months (renewable); Prime Minister or Defense Minister may also authorise interception in cases of national security; though all in all this amounts to approximately 1000 per year
- Chief Military Censor may intercept international conversations to or from Israel for purposes of censorship
- DNA is taken from suspects, and is retained for 7 years if acquitted or 20 years if convicted; police have a target of 20,000 samples annually
- Voluntary biometric system at border
- In 2007 Ben Gurion airport installed devices that permit seeing through travelers' clothes, with unclear privacy protections
- Border surveillance technology is advancing to include biometrics
- A commission has proposed a number of legislative changes, in particular on trans-border data flows and data-breach legislation
- Government proposed biometric authentication of adults wishing to view pornographic, violent or gambling content online, and is under consideration
JAPAN- No explicit right to privacy in constitution though Supreme Court has interpreted a substantial right as falling under Article 13 on right to life an liberty
- No comprehensive privacy law, instead only guidelines for specific industries; and some legislation in some sectors
- Government created a privacy seal, but serious shortcomings have been identified
- Judicial warrants for interception, and warrants only last ten days initially, though application appears to be overly broad and abuses have emerged
- Surveillance cameras continue to spread despite constitutional issue, though at least one ward has enacted an ordinance to limit rapid increase of cameras
- Tagging and tracking of children continues
- Genetic test abuses across country, and only guidelines have been released to deal with the problem
- Developing DNA database though court order is required to take DNA samples
- Resident registration law; extensive legal activity at the moment with court cases outstanding
- Extensive data breach problems
- Only second country to implement vast biometric collection at borders
- Ratified convention on Cybercrime
MALAYSIA- No right to privacy in constitution
- No comprehensive privacy law
- Controversial internal security act allows for extensive police powers
- Interception authorised by attorney general
- Extensive use of identification scheme, mykad
- Plan to implement citizen data hub across government departments, developed by oracle corporation, including individuals background, education, and health records
- Biometric system monitors foreigners in the country
- Extensive use of CCTV with no privacy safeguards
NEW ZEALAND- Article 21 of the Bill of Rights refers to searches and seizures; court of appeal has interpreted this as a right to privacy
- Privacy Act and sector-specific legislation; also a law against intimate covert filming
- OPC oversees compliance but is not a central data registration or notification authority; deals with complaints and reviews public sector information matching programs; power to investigate
- Datasharing between law enforcement agencies is enabled by statute
- Employment court allowed random drug tests on workers in safety sensitive areas, pre-employment, and on suspicion, or near accidents
- Court of appeal has had some problematic decisions regarding privacy complaints
- DNA database based on order from high court judge, violent crimes, and convicted burglars; though voluntary samples can be included and increasingly this is being pushed by the police, resulting in more than 80% of samples on database being given 'voluntarily'
- Newborn blood spot samples and related information is collected, and this data may be used by the police but only as a last resort or with parental consent
- Interception requires judicial warrants but only upon 'reasonable grounds' test; though this does not apply to security services
NORWAY- No specific constitutional protection, though Supreme Court early on decided that there is a general legal protection of 'personality'
- Comprehensive privacy law, though some police databases are excluded
- Mobile phones must all be registered, and retention is in place
- Data Privacy Authority is within administration wing of government but is expected to be independent
- Data protection tribunal has made a number of questionable decisions, e.g. Audiotape of telephone conversation does not fall under the law
- Whistleblowing law in 2007 lets workers remain anonymous
- Mandatory disclosure of information to Child Welfare authorities
- Police certificate is required to apply for citizenship; though other safeguards were implemented
- Court order for interception, for period of 4 weeks, with a supervisory board that oversees process, after years of abuses
- Created a database of asylum seekers with fingerprint data, which is open to the police for criminal investigations
- Government merged a number of welfare databases without implementing adequate access restrictions
- Government intends to require DNA for all convicted
- Ratified Cybercrime convention
PHILIPPINES- Supreme Court is optimistic that there will be a privacy law (based on habeas data) will be crafted by the SC before end of 2007, but initially only in extraordinary circumstances; though some rights are covered in sections 1, 2, and 3(1)
- Protections against disclosure of journalistic sources
- Two pending laws for comprehensive privacy protection, and there is a civil law right to privacy
- A number of statutory rules relating to privacy including rape victims, juveniles, financial data, and at local government
- Financial data protections have been undermined in recent years
- Pending Cybercrime legislation and new terrorism legislation raises serious concerns
- Despite constitutional protections, ID plans are being revived leading to the Supreme Court reversal of prior jurisprudence
- Spread of biometric technologies continue, including in healthcare, social services, travel
- Judicial authorisation for interception, and limited to serious crimes; though illegal wiretapping continues
RUSSIA- Constitutional right exists under Article 23, 24, and 25
- Criminal Code imposes a penalty for violation of privacy, enforced by a court is physical or moral damages result from a violation
- 2006 law on personal data protection adopts Council of Europe convention, but government is given wide exemptions
- Despite law coming into force in 2007 most provisions are still inactive, e.g. No data protection authority yet exists
- Data Privacy Authority, when it will exist, will not be independent and will be within the Ministry of Communications
- Illegal collection of data is commonplace
- Court order is generally required for communications surveillance except in some circumstances including secret services; further exemptions apply to tax police, border guards, presidential security service, and ministry of internal affairs
- Extensive powers and technological capabilities to access communications and communications records
- ID required for all over 14, and is necessary for purchase of train and plane tickets, amongst other activities, and contains a residency stamp, and plans for a electronic ID system are emerging
- Used visa-regime to prevent election monitors from entering country in time for overseeing election
SINGAPORE- No right to privacy under constitution, though the High Court has ruled that personal information may be protected under duty of confidences
- No statutory protections, and has been under review for thirteen years
- Judicial warrants are not necessary for surveillance
- ID required for using ISP's
- Data-sharing with government is not necessarily on legal basis
- No workplace surveillance regulation as this is regulated under property law
- Some protections for genetic testing
- 'Biopass' is a passport with fingerprint and facial biometrics
SWITZERLAND- Both old and new constitutions grant right to privacy
- Comprehensive privacy law, with criminal penalties for violations, with recent changes enhancing privacy protections; while most cantons have their own privacy laws; and there are protections in the civil and penal codes, and special sectoral rules
- Federal commissioner, though plays important consultative and educational role, has limited powers of intervention
- Passports only have digital facial images, though there are plans to store biometric data on central database, though this proposal was criticised by the federal commissioner
- Swiss banking law protects privacy of banking records, though international pressure is reducing this protection
- Joined Schengen agreement in 2005, and now all Swiss citizens have to carry id
- New policy plans for police and security services' databases; and plans for increased powers of interception of communications
- Increased border surveillance for European football championships
- Six month retention law for telecommunications
- Federal court has ruled that individuals must be notified after surveillance of communications
- 2007 expanded surveillance powers of secret services, but only as a last resort, but without suspecting of criminal activity
- Expanded collection of DNA since 2005
- Biometrics in place for access to sports facilities, but commissioner has ensured that there are no central databases and alternative solutions are available for those who oppose biometrics
- Plans to store medical information on new health insurance cards, but currently delayed
- Foreigners data stored on central register, and plans in place to include biometric data
- Expanded use of CCTV, and now automatic care plate recognition, and plans for these systems to be adapted to control speeding
- Air force using unmanned aerial vehicles, strengthening co-operation with the police, and is now used to monitor celebrations and protests
- First country to use facial recognition at border controls
SOUTH AFRICA- Constitutional right under sections 14, 32; constitutional court has delivered several judgements; and applies in private litigation
- No comprehensive private law or data privacy authority
- Interception law followed minimal consultation, requires intercept capability by design
- All service providers must gather detailed personal data on individuals before signing contracts or selling sim cards, with no specified length of retention period, but communication-related information is stored for 12 months
- New banking law came into effect in 2007, requiring court orders for access to financial information, and regulate credit bureau information
- New smart ID cards began deployment in 2007, and in particular for refugees and asylum seekers
TAIWAN- Not explicitly mentioned in the constitution, but relevant rights are enshrined
- 1995 data protection law
- Calls to strengthen law since data breaches and leaks to crime syndicates
- Widespread illegal wiretapping by government; legal wiretapping is conducted for broad purposes with over 25,000 over the past year
- Fingerprints are submitted for paper-based national ID card, though placed in a national fingerprint bank; and there is an electronic ID infrastructure being developed, with over a million active cards
- Patient ID card includes a smartcard solution with illnesses encoded on the card
- Mandatory HIV tests for foreigners who have been in Taiwan for more than three months, which could lead to deportation
- Government wants to become global leader in RFID technology
THAILAND- Constitutional exception for law enforcement
- Lack of law regulating industry
- New law protecting the privacy of people under 18 passed in November 2007, though of course there are concerns about how this protects children's' rights to express themselves
- Wiretapping is prevalent, with 'reasonable grounds' test only
- Cyber crime act 2007 defines 12 internet crimes with punishments ranging from six months in jail to 20 years in jail, and requires certain internet service providers to keep logs of traffic data up to 90 days.
- New passports are embedded with a microchip that contains biometric information including fingerprints and facial data. Id cards are now smartcards, and will be mandatory from birth.
- ID is required to buy SIM cards
- Political bugging is no less common. Politicians and human rights activists accused a political party of wiretapping political opponents and journalists.
UNITED STATES OF AMERICA- No right to privacy in constitution, though search and seizure protections exist in 4th Amendment; case law on government searches has considered new technology
- No comprehensive privacy law, many sectoral laws; though tort of privacy
- FTC continues to give inadequate attention to privacy issues, though issued self-regulating privacy guidelines on advertising in 2007
- State-level data breach legislation has proven to be useful in identifying faults in security
- REAL-ID and biometric identification programs continue to spread without adequate oversight, research, and funding structures
- Extensive data-sharing programs across federal government and with private sector
- Spreading use of CCTV
- Congress approved presidential program of spying on foreign communications over U.S. networks, e.g. Gmail, Hotmail, etc.; and now considering immunity for telephone companies, while government claims secrecy, thus barring any legal action
- No data retention law as yet, but equally no data protection law
- World leading in border surveillance, mandating trans-border data flows
- Weak protections of financial and medical privacy; plans spread for 'rings of steel' around cities to monitor movements of individuals
- Democratic safeguards tend to be strong but new Congress and political dynamics show that immigration and terrorism continue to leave politicians scared and without principle
- Lack of action on data breach legislation on the federal level while REAL-ID is still compelled upon states has shown that states can make informed decisions
- Recent news regarding FBI biometric database raises particular concerns as this could lead to the largest database of biometrics around the world that is not protected by strong privacy law
"Let me issue and control a nation's money and I care not who writes the laws. - Mayer Rothschild
"Civil disobedience is not our problem. Our problem is civil obedience! People are obedient in the face of poverty, starvation, stupidity, war, and cruelty. Our problem is that grand thieves are running the country. That's our problem!" - Howard Zinn
"If there is no struggle there is no progress. Power concedes nothing without a demand. It never did and never will" - Frederick Douglass
Posts: 9,353
Threads: 1,466
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: Sep 2008
Poor old "safe pair of hands" Malcolm Rifkind, fighting a losing battle against the rest of Parliament.
But I don't see that Parliament will get its way. Whatever the Americans want GCHQ to do, will continue to be the policy irrespective of everything else.
Quote:MPs: Snowden files are 'embarrassing indictment' of British spying oversight
All-party committee demands reforms to make security and intelligence services accountable in wake of disclosures
The report says the current system of oversight of MI5, MI6 and GCHQ, pictured, is 'designed to scrutinise the work of George Smiley, not the 21st-century reality'. Photograph: Reuters
Edward Snowden's disclosures of the scale of mass surveillance are "an embarrassing indictment" of the weak nature of the oversight and legal accountability of Britain's security and intelligence agencies, MPs have concluded.
A highly critical report by the Commons home affairs select committeepublished on Friday calls for a radical reform of the current system of oversight of MI5, MI6 and GCHQ, arguing that the current system is so ineffective it is undermining the credibility of the intelligence agencies and parliament itself.
The MPs say the current system was designed in a pre-internet age when a person's word was accepted without question. "It is designed to scrutinise the work of George Smiley, not the 21st-century reality of the security and intelligence services," said committee chairman, Keith Vaz. "The agencies are at the cutting edge of sophistication and are owed an equally refined system of democratic scrutiny. It is an embarrassing indictment of our system that some in the media felt compelled to publish leaked information to ensure that matters were heard in parliament."
The cross-party report is the first British parliamentary acknowledgement that Snowden's disclosures of the mass harvesting of personal phone and internet data need to lead to serious improvements in the oversight and accountability of the security services.
The MPs call for radical reform of the system of oversight including the election of the membership of the intelligence and security committee, including its chairman, and an end to their exclusive oversight role. Its chairman should also be a member of the largest opposition party, the MPs say, in direct criticism of its current head, Sir Malcolm Rifkind, who is a former Conservative foreign secretary.
Rifkind, however, said he had read the report, and had concluded: "The recommendations regarding the ISC are old hat. For several years, Mr Vaz has been trying to expand the powers of his committee so that they can take evidence from MI5, MI6 and GCHQ. This is what this bit of his report is all about."
Rifkind attempted to head off some of the MPs' conclusions by announcing that the ISC would conduct its own inquiry into personal privacy and state surveillance. He also attacked Snowden and his supporters for their "insidious use of language such as mass surveillance and Orwellian" which, he argued, "blurs, unforgivably, the distinction between a system that uses the state to protect the people, and one that uses the state to protect itself against the people".
However, a complete overhaul of the "part-time" and under-resourced system of oversight commissioners is recommended by the MPs, as is an end to some of the secrecy surrounding the Investigatory Powers Tribunal the only body that is able to investigate individual complaints against the security agencies.
A parliamentary inquiry into the principal legal framework that legitimises state communications surveillance, the Regulation of Investigatory Powers Act 2000, should be launched, they say, to bring it up to date with modern technology and improve its oversight safeguards.
The committee also voices strong concerns that a data protection ruling by the European court of justice last month has left the legality of the bulk collection of communications data by the phone and internet companies in serious doubt. "It is essential that the legal position be resolved clearly and promptly," say the MPs, who reveal that the home secretary, Theresa May, has ordered urgent work into the ruling's full implications for the police and security services.
The MPs say they decided to look at the oversight of the intelligence agencies following the theft of a number of National Security Agency documents by Snowden in order to publicise the mass surveillance programmes run by a number of national intelligence agencies.
Their report says Alan Rusbridger, editor of the Guardian, responded to criticism of newspapers that decided to publish Snowden's disclosures, including the head of MI6's claim that it was "a gift to terrorists", by saying that the alternative would be that the next Snowden would just "dump the stuff on the internet".
The MPs say: "One of the reasons that Edward Snowden has cited for releasing the documents is that he believes the oversight of security and intelligence agencies is not effective. It is important to note that when we asked British civil servants the national security adviser and the head of MI5 to give evidence to us they refused. In contrast, Mr Rusbridger came before us and provided open and transparent evidence."
The report makes clear the intelligence chiefs should drop their boycott of wider parliamentary scrutiny. "Engagement with elected representatives is not, in itself, a danger to national security and to continue to insist so is hyperbole," it says.
But a move by Labour and Lib Dem MPs to congratulate the Guardian and other media outlets for "responsibly reporting" the disclosures saying they had opened a "wide and international public debate" was voted down by four Tory MPs.
SYvette Cooper, the shadow home secretary, said the report showed there was a cross-party consensus behind Labour's proposals, including reform of the commissioners system and an opposition chair of the ISC. "The government should now set out plans for oversight reforms," she said.
Nick Clegg has also outlined proposals for reforming the oversight system.
Cooper added that the select committee had added their voice to the growing number of MPs, who were calling for reform. She said that the police and security services needed to keep up with the challenges of the digital age but stronger safeguards and limits to protect personal privacy and sustain confidence in their vital were also needed: "The oversight and legal frameworks are now out of date," said the shadow home secretary.Emma Carr, of Big Brother Watch, the privacy campaign group, said: "When a senior committee of parliament says that the current oversight of our intelligence agencies is not fit for purpose, ineffective and undermines the credibility of parliament, the government cannot and must not continue to bury its head in the sand."
Last night, a statement by the Association of Chief Police Officers (Acpo) and the Terrorism and Allied Matters (TAM) Board consisting of assistant commissioner Cressida Dick, chief constable Sara Thornton, chief constable Sir Peter Fahy, chief constable Chris Sims, chief constable Mark Gilmore and chief constable Matt Baggott said they were "concerned" the committee had recommended that responsibility for counter-terrorism policing should be moved to the National Crime Agency.
The statement described it as "a decision that does not appear to supported by the evidence and is based on an apparent misunderstanding of the role played by the Metropolitan Police Service."Counter-terrorism policing is not directed through a single lead force but rather has responsibility vested in nine chief constables across the UK in areas where the threat is considered to be the greatest. These chief constables act collaboratively and effectively on behalf of all forces, while at the same time maintaining close and critical links into local policing."
The statement added: "The Home Secretary has previously confirmed that she will conduct a review of counter-terrorism structures. We welcome any such review and look forward to participating fully and constructively in it. "
The Home Office said: "Our security agencies and law enforcement agencies operate within a strict legal and policy framework and under the tightest of controls and oversight mechanisms. This represents one of the strongest systems of checks and balances and democratic accountability for secret intelligence anywhere in the world."
The shadow is a moral problem that challenges the whole ego-personality, for no one can become conscious of the shadow without considerable moral effort. To become conscious of it involves recognizing the dark aspects of the personality as present and real. This act is the essential condition for any kind of self-knowledge. Carl Jung - Aion (1951). CW 9, Part II: P.14
Posts: 9,353
Threads: 1,466
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: Sep 2008
A "stand down" by the CIA - meaning a temporary suspension, and nothing by the NSA who were responsible for the largest volume of spying on allies anyway.
Quote:
CIA stops spying on friendly nations in W. Europe
- AP foreign, Saturday September 20 2014
KEN DILANIAN
AP Intelligence Writer= WASHINGTON (AP) — Stung by the backlash over a German caught selling secrets to the U.S. and the revelations of surveillance by the National Security Agency, the CIA has stopped spying on friendly governments in Western Europe, according to current and former U.S. officials.
The pause in decades of espionage was designed to give CIA officers time to examine whether they were being careful enough and to evaluate whether spying on allies is worth running the risk of discovery, said a U.S. official who has been briefed on the situation.
Under the stand-down order, case officers in Europe largely have been forbidden from undertaking "unilateral operations" such as meeting with sources they have recruited within allied governments. Such clandestine meetings are the bedrock of spying.
CIA officers are still allowed to meet with their counterparts in the host country's intelligence service and conduct joint operations with host country services. Recently, unilateral operations targeting third country nationals — Russians in France, for example — were restarted. But meetings with independent sources in the host country remain on hold, as do new recruitments.
The CIA declined to comment.
James Clapper, the director of national intelligence, said during a public event Thursday that the U.S. is assuming more risk because it has stopped spying on "specific targets," though he didn't spell out details.
Spying stand-downs are common after an operation is compromised, but "never this long or this deep," said a former CIA official, who, like others interviewed for this article, spoke on condition of anonymity because it's illegal to discuss classified material or activities. The pause, which has been in effect for about two months, was ordered by senior CIA officials through secret cables.
The pullback comes at an inopportune time, with the U.S. worried about monitoring European extremists who have fought in Syria, Europe's response to Russian aggression and European hostility to American technology companies following revelations the companies turned over data to the NSA. While the U.S. cooperates closely with Europe against terrorism, spying can help American officials understand what their allies are planning and thinking, whether about counterterrorism or trade talks.
The current stand-down was part of the fallout from the July 2 arrest of a 31-year-old employee of the German intelligence service. Suspected of spying for Russia, he told authorities he passed 218 German intelligence documents to the CIA.
In a second case, authorities searched the home and office of a German defense official suspected of spying for the U.S., but he denied doing so, and no charges have been filed against him.
A few days later, Germany asked the CIA station chief in Berlin to leave the country, an unprecedented demand from a U.S. ally. The move demonstrated how seriously the Germans were taking the situation, having already been stung by revelations made by Edward Snowden, a former NSA systems administrator, that the agency had tapped German Chancellor Angela Merkel's mobile phone.
The NSA disclosure infuriated Merkel, who demanded explanations from President Barack Obama. It embarrassed both world leaders and has left many Germans skeptical about cooperating with the U.S.
CIA managers were worried that the incident could lead European security services to begin closely watching CIA personnel. Many agency officers in Europe, operating out of U.S. embassies, have declared their status as intelligence operatives to the host country.
The "EUR" division, as it is known within the CIA, covers Canada, Western Europe and Turkey. While spying on Western European allies is not a top priority, Turkey is considered a high-priority target — an Islamic country that talks to U.S. adversaries such as Iran, while sharing a border with Syria and Iraq. It was not known to what extent the stand-down affected operations in Turkey.
European countries also are used as safe venues to conduct meetings between CIA officers and their sources from the Middle East and other high-priority areas. Those meetings have been rerouted to other locales while the pause is in place.
The European Division staff has long been considered among the most risk-averse in the agency, several former case officers said, speaking on condition of anonymity because they weren't authorized to discuss secret intelligence matters by name.
A former CIA officer who worked under nonofficial cover wrote a 2008 book in which he described a number of operational "stand-downs" in Europe, including one in France in 1998 because of the World Cup soccer championship, and another in a European country in 2005, in response to unspecified security threats.
The former officer, whose real name has not be disclosed, wrote "The Human Factor: Inside the CIA's Dysfunctional Intelligence Culture," under a pseudonym, Ishmael Jones. He is a former Marine who served 15 years in the agency before resigning in 2006. The CIA acknowledged his status as a case officer when it successfully sued him for publishing the book without first submitting it for pre-publication censorship, as required under his secrecy agreement.
The CIA last faced that sort of blowback from a European ally in 1996, when several of its officers were ordered to leave France. An operation to uncover French positions on world trade talks was unraveled by French authorities because of poor CIA tactics, according to a secret CIA inspector general report, details of which were leaked to reporters.
The Paris flap left the EUR division much less willing to mount risky espionage operations, many former case officers have said.
The shadow is a moral problem that challenges the whole ego-personality, for no one can become conscious of the shadow without considerable moral effort. To become conscious of it involves recognizing the dark aspects of the personality as present and real. This act is the essential condition for any kind of self-knowledge. Carl Jung - Aion (1951). CW 9, Part II: P.14
Posts: 9,353
Threads: 1,466
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: Sep 2008
From The Intercept:
Quote:
MAP OF THE STARS
THE NSA AND GCHQ CAMPAIGN AGAINST GERMAN SATELLITE COMPANIES
BY ANDY MÃœLLER-MAGUHN, LAURA POITRAS, MARCEL ROSENBACH, MICHAEL SONTHEIMER, AND CHRISTIAN GROTHOFF
09/14/2014 11:00 AM
"Fuck!" That is the word that comes to the mind of Christian Steffen, the CEO of German satellite communications company Stellar PCS. He is looking at classified documents laying out the scope of something called Treasure Map, a top secret NSA program. Steffen's firm provides internet access to remote portions of the globe via satellite, and what he is looking at tells him that the company, and some of its customers, have been penetrated by the U.S. National Security Agency and British spy agency GCHQ.
Stellar's visibly shaken chief engineer, reviewing the same documents, shares his boss' reaction. "The intelligence services could use this data to shut down the internet in entire African countries that are provided access via our satellite connections," he says.
Treasure Map is a vast NSA campaign to map the global internet. The program doesn't just seek to chart data flows in large traffic channels, such as telecommunications cables. Rather, it seeks to identify and locate every single device that is connected to the internet somewhere in the worldevery smartphone, tablet, and computer"anywhere, all the time," according to NSA documents. Its internal logo depicts a skull superimposed onto a compass, the eyeholes glowing demonic red.
The breathtaking mission is described in a document from the archive of NSA whistleblower Edward Snowden provided to The Intercept and Der Spiegel. Treasure Map's goal is to create an "interactive map of the global internet" in "almost real time." Employees of the so-called "Five Eyes" intelligence allianceEngland, Canada, Australia, and New Zealandcan install and use the program on their own computers. It evokes a kind of Google Earth for global data traffic, a bird's eye view of the planet's digital arteries.(The short film above, Chokepoint, by filmmaker Katy Scoggin and Interceptco-founder Laura Poitras, documents the reactions of Stellar engineers when confronted with evidence that their companyand they themselveshad been surveilled by GCHQ.)
The New York Times reported on the existence of Treasure Map last November. Though the NSA documents indicate that it can be used to monitor "adversaries," and for "computer attack/exploit planning"offering a kind of battlefield map for cyber warfarethey also clearly show that Treasure Map monitors traffic and devices inside the United States. Unnamed intelligence officials told the Times that the program didn't have the capacity to monitor all internet-connected devices, and was focused on foreign networks, as well as the U.S. Defense Department's own computer systems.
A slide from an NSA presentation explaining Treasure Map
The Treasure Map graphics contained in the Snowden archive don't just provide detailed views of global networksthey also note which carriers and internal service provider networks Five Eyes agencies claim to have already penetrated. In graphics generated by the program, some of the "autonomous systems"basically, networks of routers all controlled by one company, referred to by the shorthand "AS"under Treasure Map's watchful eye are marked in red. An NSA legend explains what that means: "Within these AS, there are access points for technical monitoring." In other words, they are under observation.
In one GCHQ document, an AS belonging to Stellar PCS is marked in red, as are networks that belong to two other German firms, Deutsche Telekom AG and Netcologne, which operates a fiber-optic network and provides telephone and internet services to 400,000 customers.
A Treasure Map image from a GCHQ document shows Stellar PCS and other companies marked red, meaning their networks have been penetrated
Deutsche Telekom, of which the German government owns more than 30 percent, is one of the dozen or so international telecommunications companies that operate global networksso-called Tier 1 providers. In Germany alone, Deutsche Telekom claims to provide mobile phone services, internet, and land lines to 60 million customers.
It's not clear from the documents how or where the NSA gained access to the networks. Deutsche Telekom's autonomous system, marked in red, includes several thousand routers worldwide. It has operations in the U.S. and England, and is part of a consortium that operates the TAT14 transatlantic cable system, which stretches from England to the east coast of the U.S. "The accessing of our network by foreign intelligence agencies," said a Telekom spokesperson, "would be completely unacceptable."
The fact that Netcologne is a regional provider, with no international operations, would seem to indicate that the NSA or one of its partners accessed the network from within Germany. If so, that would be a violation of German law and potentially another NSA-related case for German prosecutors, who have been investigating the monitoring of Chancellor Angela Merkel's mobile phone.
Reporters for Der Spiegel, working in collaboration with The Intercept, contacted both companies several weeks ago in order to give them an opportunity to look into the alleged security breaches themselves. The security departments of both firms say they launched intensive investigations, but failed to find any suspicious equipment or data streams leaving the network. The NSA declined to comment for this story, and GCHQ offered no response beyond its boilerplate claim that all its activities are lawful.
Deutsche Telekom and Netcologne are not the first German companies to be pinpointed by Snowden documents as having been successfully hacked by intelligence agencies. In March, Der Spiegel reported on a large-scale attack by GCHQ on German satellite operators Stellar, Cetel, and IABG, all of which offer satellite internet connections to remote regions of the world. All three companies operate their own autonomous systems. And all three are marked red in Treasure Map graphics.
Der Spiegel also contacted 11 of the international providers listed in the Treasure Map document. Four answered, all saying they examined their systems and were unable to find any irregularities. "We would be extremely concerned if a foreign government were to seek unauthorized access to our global networks and infrastructure," said a spokesperson for the Australian telecommunications company Telstra.
The case of Stellar illustrates the lengths to which GCHG and NSA have gone in making their secret map of the internet, and its users.
One document, from GCHQ's Network Analysis Center, lays out what appears to be an attack on Stellar. The document lists "central employees" at the company, and states that they should be identified and "tasked." To "task" somebody, in signals intelligence jargon, is to engage in electronic surveillance. In addition to Stellar CEO Christian Steffen, nine other employees are named in the document.
The attack on Stellar has notable similarities with the GCHQ surveillance operation targeting the Belgian provider Belgacom, which Der Spiegelreported last year. There too, the GCHQ Network Analysis department penetrated deeply into the Belgacom network and that of its subsidiary BICS by hacking employee computers. They then prepared routers for cyber attacks.
Der Spiegel reporters visited Stellar at its headquarters in Hürth, near Cologne, and presented the documents to Steffen and three of his "tasked" employees. They were able to recognize, among other things, a listing for their central server as well as the company's mail server, which the GCHQ attackers appear to have hacked.
The document also lays out the intelligence gathered from the spying efforts, including an internal table that shows which Stellar customers are being served by which specific satellite transponders. "Those are business secrets and sensitive information," said Stellar's visibly shocked IT chief, Ali Fares, who is himself cited in the document as an employee to be "tasked."
The Stellar officials expressed alarm when they saw the password for the central server of an important customer. The significance of the theft is immense, Fares said. "This is really disturbing."
Steffen, after spitting out his four-letter assessment, said he considers the documents to constitute proof that his company's systems were breached illegally. "The hacked server has always stood behind our company's own firewall," he said. "The only way of accessing it is if you first successfully break into our network." The company in question is no longer a customer with Stellar.
When asked if there are any reasons that would prompt England, a European Union partner country, to take such an aggressive approach to Stellar, Steffen shrugged his shoulders, perplexed. "Our customer traffic doesn't run across conventional fiber optic lines," he said. "In the eyes of intelligence services, we are apparently seen as difficult to access." Still, he said, "that doesn't give anyone the right to break in."
"A cyber attack of this nature is a clear criminal offense under German law," he continued. "I want to know why we were a target and exactly how the attack against us was conductedif for no other reason than to be able to protect myself and my customers from this happening again." Steffen wrote a letter to the British ambassador in Berlin asking for an explanation, but says he never received an answer.
Meanwhile, Deutsche Telekom's security division has conducted a forensic review of important routers in Germany, but has yet to detect anything. Volker Tschersich, who heads the security division, says it's possible the red dots in Treasure Map can be explained as access to the TAT14 cable, in which Telekom occupies a frequency band in England and the U.S. At the end of last week, the company informed Germany's Federal Office for Information Security of the findings of Der Speigels reporting.
The classified documents also indicate that other data from Germany contributes to keeping the global treasure map up to date. Of the 13 servers the NSA operates around the world in order to track current data flows on the open Internet, one is located somewhere in Germany.
Like the other servers, this one, which feeds data into the secret NSA network, is "covered" in an inconspicuous "data center."
The shadow is a moral problem that challenges the whole ego-personality, for no one can become conscious of the shadow without considerable moral effort. To become conscious of it involves recognizing the dark aspects of the personality as present and real. This act is the essential condition for any kind of self-knowledge. Carl Jung - Aion (1951). CW 9, Part II: P.14
Posts: 17,304
Threads: 3,464
Likes Received: 0 in 0 posts
Likes Given: 2
Joined: Sep 2008
David Guyatt Wrote:From The Intercept:
Quote:
MAP OF THE STARS
THE NSA AND GCHQ CAMPAIGN AGAINST GERMAN SATELLITE COMPANIES
BY ANDY MÃœLLER-MAGUHN, LAURA POITRAS, MARCEL ROSENBACH, MICHAEL SONTHEIMER, AND CHRISTIAN GROTHOFF
09/14/2014 11:00 AM
"Fuck!" That is the word that comes to the mind of Christian Steffen, the CEO of German satellite communications company Stellar PCS. He is looking at classified documents laying out the scope of something called Treasure Map, a top secret NSA program. Steffen's firm provides internet access to remote portions of the globe via satellite, and what he is looking at tells him that the company, and some of its customers, have been penetrated by the U.S. National Security Agency and British spy agency GCHQ.
Stellar's visibly shaken chief engineer, reviewing the same documents, shares his boss' reaction. "The intelligence services could use this data to shut down the internet in entire African countries that are provided access via our satellite connections," he says.
Treasure Map is a vast NSA campaign to map the global internet. The program doesn't just seek to chart data flows in large traffic channels, such as telecommunications cables. Rather, it seeks to identify and locate every single device that is connected to the internet somewhere in the worldevery smartphone, tablet, and computer"anywhere, all the time," according to NSA documents. Its internal logo depicts a skull superimposed onto a compass, the eyeholes glowing demonic red.
Merkel and co really should reassess Germany's position on the Ukraine NATO thing. The USA is not Germany's friend. Never has never will be.
"The philosophers have only interpreted the world, in various ways. The point, however, is to change it." Karl Marx
"He would, wouldn't he?" Mandy Rice-Davies. When asked in court whether she knew that Lord Astor had denied having sex with her.
“I think it would be a good idea” Ghandi, when asked about Western Civilisation.
|