Archives for posts with tag: surveillance

Op 11 juli 2017 nam de Eerste Kamer de nieuwe Wet op de inlichtingen- en veiligheidsdiensten (Wiv) met een meerderheid van stemmen aan. In die wet krijgen de AIVD en de MIVD nieuwe bevoegdheden. Als de wet op 1 januari 2018 in werking treedt, krijgen deze veiligheidsdiensten de mogelijkheid om ook ‘kabelgebonden’ communicatie (lees: Internetverkeer) ongericht te onderscheppen. Ook kunnen ze, rechtstreeks, toegang krijgen tot gegevensbestanden van andere organisaties en bedrijven. En mogen ze de verkregen gegevens delen met buitenlandse inlichtingendiensten.

Niets meer aan te doen, zou je zeggen. Toch niet.

Read the rest of this entry »

The recent order of an US court for Apple to comply with the FBI’s request for technical assistance in the recovery of data on an iPhone 5C used by a terrorist has sparked a huge debate.

And rightly so. This is an important case, not so much because of the particulars of the case, but because of the broader issues that are at stake here. Unfortunately, the debate centers still on the particulars of the case and is not really broadening up to the wider perspective.

Read the rest of this entry »

The LIBE Committee and the STOA Panel of the European Parliament together with the Luxembourg Presidency organised a conference in Brussels earlier this week. The aim was to discuss possible European policies to improve privacy and strengthen IT security, among the leading international security and privacy experts. The discussions were actually lively but unfortunately also quite chaotic, so this post is really my effort to bring some structure in the debate.
Read the rest of this entry »

Pressure from government on companies and institutions to provide access to encrypted communications and stored data us increasing. Many people call it the second crypto war. An influential report often cited in the discussion is “Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications” written by a score of well known and respected scientists. The report raises many important and relevant points. However, it is very much focused on the argument that government access is a bad idea from a technical perspective. And I happen to disagree with that point of view. There are many good reasons against indiscriminate government access to public infrastructure, but the technical arguments are the least convincing in my mind. In fact I think it is dangerous and ineffective to argue against government access on technical grounds. Instead the real arguments against indiscriminate government access are of an ethical, legal, political and organisational nature. Here is why.
Read the rest of this entry »

Only the owner of a cryptographic key can decrypt any message encrypted against it. Therefore, if you want to send a message securely to another person, you have to know and use his key to encrypt the message. You have to be certain that it belongs to that person, and not to somebody else that tries to eavesdrop on your communication. This is why many secure communication apps allow you to verify keys using a short fingerprint that is uniquely tied to the key and that can be verified ‘out of band’. This means you have to ask for someone’s fingerprint (over the phone, or by looking at his business card) and compare it to the fingerprint your app shows for that person’s key. Apple’s iMessage is a notable exception, though. And frequently criticised for it.
Read the rest of this entry »

GCHQ heeft Gemalto gehackt om de authenticatiesleutels van SIM kaarten in handen te krijgen. Gemalto reageerde in eerste instantie laconiek. Nu zijn ze plotseling heel stellig over de beperkte impact van de hack. Dit was ook de strekking van de rapportage van het NOS journaal over dit onderwerp. Een iets kritischer opstelling van het journaal was echter wel op zijn plaats geweest.

Read the rest of this entry »

The second day of the Privacy Enhancing Technologies (PET) Symposium here in Amsterdam hosted a panel on PETs post Snowden: Implications of the revelations of the NSA and GCHQ Surveillance Programs for the PETs community. The panel consisted of Susan Landau,
Wendy Seltzer, Nadia Heninger, Marek Tuszynski, and George Danezis. Seda Gürses prepared and moderated the panel in an excellent way. The Privacy & Identity Lab and NWO provided financial support. Here is a brief summary of the discussion that ensued. (There is also a handout that Seda produced.)

Read the rest of this entry »