Thursday 2 January 2014

European Court ruling condemns mass surveillance


From Digital Rights Ireland
12th December 2013
The Advocate General of the European Court of Justice today gave an important opinion in our favour in a case brought by Digital Rights Ireland to challenge European mass surveillance law.
The challenge – which we started in 2006 – is to the Data Retention Directive. This is a law which requires ISPs and telecoms companies to record details of all your internet and telephone use – logging details of who you ring or text, where you travel and who you email – and to record that information for up to two years. We argue that this constitutes an unjustified invasion of the right to privacy and in an interim ruling the Advocate General has agreed, holding that the law is a “particularly serious” interference with individual privacy which creates a:

faithful and exhaustive map of a large portion of a person’s conduct strictly forming part of his private life, or even a complete and accurate picture of his private identity.
The Advocate General accepted our argument that storing this information on all citizens created an “increased risk” that it could be used for unlawful, fraudulent and malicious purposes against them – something we have already seen in Ireland where a Garda sergeant has abused the system to spy on a former lover and where it has been used to spy on journalists.

The Advocate General also held that this type of surveillance would have a “chilling effect” on freedom of expression, and went on to say that the Directive failed to provide even “minimum guarantees” regarding access to or use of the information collected on all citizens. According to the Advocate General the Directive therefore “is as a whole incompatible with Article 52(1) of the Charter of Fundamental Rights of the European Union”.

According to the Advocate General:
the collection and, above all, the retention, in huge databases, of the large quantities of data generated or processed in connection with most of the everyday electronic communications of citizens of the Union constitute a serious interference with the privacy of those individuals, even if they only establish the conditions allowing retrospective scrutiny of their personal and professional activities. The collection of such data establishes the conditions for surveillance which, although carried out only retrospectively when the data are used, none the less constitutes a permanent threat throughout the data retention period to the right of citizens of the Union to confidentiality in their private lives. The vague feeling of surveillance created raises very acutely the question of the data retention period…

the effects of that interference are multiplied by the importance acquired in modern societies by electronic means of communication, whether digital mobile networks or the Internet, and their massive and intensive use by a very significant proportion of European citizens in all areas of their private or professional activities. [emphasis added]
A final judgment on our case will be delivered next year. In approximately 80% of cases the European Court of Justice follows the opinion of the Advocate General. Even pending the full judgment, however, this is already a significant step forward in the very first case of this nature to be brought to the ECJ and confirms the importance of our case.

Users of public wi-fi may have had personal details stolen


The Journal
11th December 2013

PEOPLE WHO USED wi-fi in public areas such as hotels may have had their details stolen due to security flaws, an Irish firm has warned.

Cork-based IT firm Smarttech.ie said that they had discovered “serious flaws” in cyber security measures after visiting 10 hotels in October and November.

They say that finding the flaws took “minimal” effort.

Smarttech say that they “wanted to demonstrate just how dangerous using unencrypted logins and passwords across a public network can be”.

Over the course of these security tests however, Smarttech.ie soon realised that the level of security being provided was a serious problem. In addition, they say that users seemed “completely oblivious to the dangers of using public wi-fi”.

The company carried out tests on public wi-fi systems and spotted flaws within 20 minutes.

They were then able to access users’ information, including email logins, credit card details, social media passwords and banking information.

In some cases, networks were accessed from outside the hotels.

Smart-tech says that they informed all of the hotels and made recommendations on how to close the gaps.

They added that anyone who operates a network should be aware of the security on their network. Under EU law, it is the duty of the premises supplying the network to ensure that the network is secure.

According to Ronan Murphy, CEO of Smarttech.ie, “Consumers need to be aware that if you are accessing public wi-fi there are serious security challenges. The tests we carried out prove that these risks affect anyone using public Wi-Fi. However there are steps that hotels and restaurants can take to secure their Wi-Fi service and therefore protect their customers”.