Tag: privacy rights

06 Jan 2017

A Welcome Reset for Citizen Privacy

Canada’s Public Consultation on National Security 

The notion that we are being watched digitally has, seemingly overnight, become something many people now accept as a fact of life in the modern, post-Snowden world. Much of the news around citizen privacy, as always, has been focused on the US, but are we on the sidelines? Canada is an active participant in the five-eyes program, has rolled out the now politically toxic Bill C-51, and as members of NATO, NORAD, and enough acronyms to fill an alphabet soup, we are very much an active player. Not to mention how connected we are on a personal level to the greater world. I may be Canadian, but I hold no illusions about my data – I exist online, along with my purchasing and travel behavior, web searches, e-mail and social media conversations, what TV shows I watch, and very often my location, on countless servers around the world – and the same goes for you. The more interesting question, now that extra-legal surveillance has become the de facto standard, is how have governments reacted and where, policy wise, do we go from here?

Both the US and UK have decided to go one way, attempting to drag extra-legal surveillance into the realm of legitimacy. In the US, choosing to have Edward Snowden continue to be a persona non grata, the FBI attempting to use the All Writs Act to compel Apple to write software that would break security features, the accepted use of Stingray devices on a local level, and the list goes on. The UK as well has been mulling over legislation of the draft Investigatory Powers bill that would compel internet service providers, telecom companies, and other services you rely on to turn in information about your habits without a warrant. Canada, in its own right, has made some concerning moves to the dark side. C-51, for instance, was a worrying enough debacle that the Liberals needed to reaffirm that yes, they do, in fact, still believe in The Charter. More recently this summer, the Canadian Association of Chiefs of Police began vocally calling for the power to get people’s phone passwords through the course of an investigation.

But it appears as if we’ve been afforded the opportunity for a reset. The Canadian government has opened up several public comment periods this year surrounding national security, and specifically how it will adapt to investigations in the digital age. This is an encouraging step to allow citizens’ concerns to be heard and offers the opportunity to make improvements to Canada’s national security laws and regulations, namely C-51. And while it takes two to tango, and some citizens are hesitant about the effectiveness of such consultations and the government’s reply, it is the responsibility of our democracy to respond and adjust, in an accommodating way to the public, as that is their hallmark.

Thankfully, the voice of resistance and, in this case, reason, continues to get louder and more forceful around the globe when it comes to issues of privacy versus security. Apple was willing to stare down the government rather than publicly compromise the security of their users. Alex Stamos, former CISO of Yahoo, resigned when he learned of a secret program whereby the government could search the e-mail of all Yahoo email users, in real time, without a warrant required. With the public consultation, we too have the opportunity to voice our objection to these larger trends towards the invasion of citizens’ lives and lowering the barriers to violating privacy.

So I, along with hundreds of others in the Canadian security industry, took part in the public comment period the government had devoted to national security. Hopefully you did the same. This was an opportunity to defend our fundamental rights and reset our legislation on citizen privacy.

Now, we sit back and wait to see how, in the face of an incredible amount of technological power, this government decides to treat its citizens – as an information mine to be exploited, or as the country’s most precious resource to be protected. We will be watching.

By Jacob Ginsberg, Senior Director, Echoworx

27 May 2016

First the IP Bill, Then What?

In the face of democratic debate, against all the clamoring voices of human rights organizations, global tech firms such as Facebook and Google, lawyers, journalists, and a host of academics; it seems that with regrettable flippancy, the Investigatory Powers Bill will be passed later this year.

The UK government’s plan for mass surveillance opens the door to indiscriminate and intrusive ‘snooping’. Furthermore, the provisions set out by Teresa May could undermine almost all cybersecurity and encryption measures currently in place. These two powerful and cogent arguments have been meekly put forward in parliament, and have now seemingly been rejected by the UK government.

The human rights impact of the Bill on British people will be huge, but very little has been made of the global and economic ramifications. The Bill, while costing the country billions in lost business, could also legitimize similarly heavy-handed practices in other states.

The UK government has shown that even in one of the most technologically developed countries, that privacy can be eroded by circling democratic process. The message from the UK is clear – it’s acceptable to pass ambiguous ‘snooping’ laws with very little backing. This sets a dangerous precedent and creates a genuine risk that other countries will adopt a similar approach of using a general lack of understanding and capitalizing on fear to push through laws which destroy user privacy.

Other major states are already considering similar moves. France’s parliamentarians recently reformed a penal bill that would punish companies if they refused to provide decrypted versions of messages their products have encrypted. For now, the French government has rejected encryption backdoors as ‘the wrong solution’, but the debate is at tipping point.

After WhatsApp announced it would push encryption further into everyday life, it immediately fell into hot water in Brazil for not storing messages demanded by the country’s courts. After various delays, Google has also moved to default encryption in the most recent release of Android, while Amazon has backtracked, promising that encryption will make a return on its newest Fire operating system. Most infamously, the FBI vs. Apple debate has rolled and rolled, and finally seems to have come to an inconclusive stop.

What is clear is that across the globe there is fast becoming a divide – governments vs. technology companies. The UK has set the precedent: simply pass draconian surveillance laws, and the problem is solved.

The global implications are huge, but the Bill will also cost taxpayers in two tangible ways. The government estimates that implementing the Bill will cost £174m, while experts suggest the figure will be well over £1 billion. These figures are based on a similar scheme that was rejected on cost grounds in Denmark, and have been scaled up proportionally for the UK.

Far larger, however, is the economic cost when companies flee Britain’s shores when the Bill passes. Companies are concerned that the proposed Bill will introduce state security into the heart of day-to-day operations, and will therefore move headquarters further afield. The UK’s data storage/hosting market would be crippled and the country could lose over £10 billion worth of business almost overnight.

The Bill hardly instills any confidence, especially while the implementation and ramifications barely seem to have been considered. A war over encryption is likely to rage, and its impact on the digital economy and day-to-day lives cannot be overstated.

By Jacob Ginsberg, Senior Director, Echoworx

This article originally appeared in Info Security Magazine

18 May 2016

Privacy is DEAD!

Privacy is dead!?

I’ve recently been hearing this more frequently. In fact, just last week, it was from someone sitting next to me at a seminar… on the importance of Privacy!  Normally I wouldn’t pay much attention to an under-the-breath quip but given the venue it made me stop and think – something has really gone off the rails here.

I mean, privacy is a fundamental right.  So why have so many of us just “given up” on it, even after the whole NSA/Snowden thing?

I was curious. So I decided to chat with the gentleman after the session. He said that with social media and all the surveillance that goes on these days, no one should expect much privacy. Life is easier if we just accept this as the new normal.

“OK” I thought, recalling a quote I had read from the legal scholar Peter Burns: so “the pace of technological change has threatened privacy to the point of surrender”

My new friend continued, “What does privacy matter if I’ve got nothing to hide? I’m an open book, completely transparent. Privacy just isn’t that important to me. Besides, if there’s no expectation of privacy it will at least keep some of the bad guys in line knowing that they’re being watched – and the ones that don’t stay in line will just be easier to catch. Win-Win!”

Are we really Safer?

I can’t argue with the point that we want everyone to be safer – but if we give up our privacy, how do we know the other side made good on their end of the deal? In a lot of cases we may not even be giving up our privacy rights in exchange for better security at all – we just want that shiny new smart phone and because we’ve swallowed the “Privacy is Dead” argument – we blindly hand over our rights for any corporation to stomp all over.

The huge problem with this exchange is that you can’t unring that bell.  It’s a one-time thing and once you give up your privacy rights you can never get them back. Yet so many of us are willing to trade it in for some shiny baubles. <Sigh>

What struck me in the moment was the “privacy isn’t important to me” part. So I decided to have a little fun.

“OK then” I said, handing him my business card. “How about you write down your email address and password so I can go through you inbox box later tonight?” He looked at me, astonished. “Yeah right!”

Long story short: He changed his “open book” stance that very moment.

The reality is, we ALL have secrets, and we all have a right to keep them. Even the most saintly among us, the most transparent. If you still think your privacy isn’t important then ask yourself:

  • Have you ever been mortified after you realized you accidentally “replied to all” on an email when you meant to just say something to one one person?
  • Have you ever said something to someone that you would be embarrassed was broadcast to a group?
  • Would you be embarrassed if you discovered someone was watching you dance or sing in front of a mirror when you thought you were alone?

If you answered yes to any of these, then I’m sorry to break it to you, but your privacy *is* important to you, despite what you might tell yourself.

Bring it Home…

That last question is an interesting one.  Let’s say you *did* know you were being watched? Would you still dance naked? Would you attempt to belt out the lyrics to “Free Fallin”?

For most people, the answer would be “Hell no”. And why? Because you were doing something wrong? Because you hate Tom Petty?  No. Not at all. It’s because you don’t want to be judged. You don’t want your otherwise innocent actions taken out of context to tell a different story about you. You want to retain some control over how others perceive you.

So the mere knowledge of surveillance changes your actions, even though you never intend to do anything “wrong”. In other words, it impinges on your freedom to be who you want to be.

Worse, if someone doesn’t like your perspective, is biased against you and is bent on destroying you and your credibility, it’s easy to cherry-pick particular facts about you to build a false story when it’s “all out there”.  We’ve seen real-life examples of wrongful convictions that were pushed through by over-zealous prosecutors and biased detectives. Imagine what would happen if privacy truly was dead?

Taken to a larger societal context, mass surveillance and legislation that progressively erodes our privacy in the name of security causes society at large to change their actions as well. It encourages reporters to not report the truth, to not secretly investigate, to not speak out against unjust practices and laws, to not resist when resistance is most needed.

The ability to remain balanced, to keep power in check and from running amok lies in our ability to maintain our personal and territorial privacy. It’s why it’s built into our constitution. (Smart, our fathers of confederation were!)

To say that we’re safer when we give up certain rights to our privacy is patently false. We are actually less secure and more open to abuse from those in power when we do this.

That is why privacy is NOT dead!

With the mounting number of threats coming from technology, corporations, and even our own government, it has never been more important to protect our privacy than right now.

Your Call to Action:

So what can you do about such a big problem?  For one, you can speak out when you hear anyone spewing the “Privacy is dead” rhetoric.  Do what I did and ask for their email password and you’ll likely get the same reaction.

Second, don’t give away your personal information to corporations that don’t have a written policy on what they intend to do with it  If they do have one, actually read it.  If you don’t agree, don’t do business with them.  If you discover one day they breached their policy.  SPEAK OUT!  Blog, Tweet, Linkedin and Facebook the crap out of that.  Also – You don’t need to answer “what’s your postal code” at a checkout when you’re buying gum.  If they insist – leave!

Lastly, employ technology that is readily available to protect your sensitive info.  Don’t send details through email without encrypting it -email was never designed to be a secure messaging platform and there are many easy-to-use free and commercial products available.  Also enable 2-factor authentication on your online accounts (all the big ones support it – I’ll publish something on this soon).

Now, more than ever, we must all push back against corporations and government legislation that threatens our privacy rights. Now, will you heed the call and tell everyone about how privacy is alive and well in the 21st century? I hope you do.

Our collective freedom and ultimately, our democracy depend on it.

“Privacy is DEAD!” is a guest post by Chris Pollock and originally appeared on LinkedIn.