Re: [silk] we don't need no steenkin PRISM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/20/2013 04:23 PM, Eugen Leitl wrote: http://timesofindia.indiatimes.com/tech/enterprise-it/security/India-sets-up-nationwide-snooping-programme-to-tap-your-emails-phones/articleshow/20678562.cms There are good cases for lawful interception of communications on a court-warranted per-case basis, but it's hard to square that model with the cost savings to be had by bulk-logging everything and then just issuing queries for the stuff you want. Whether logs are kept by your ISP/telco and queried by the government when they turn up with a warrant, or stored by the government but only looked at when they have a warrant, is an interesting distinction with subtle implications. As I toy with designs for societies and governments in my head sometimes, I'm wondering about a system where anybody whose communications are intercepted - be they found guilty or innocent - must be informed of it within a year or two; long enough to build a case, but short enough to make the agencies feel pressured to only do so if they think it will answer important questions as to your activities (one way or the other) in order to justify the cost of letting you know you're of interest to them. Explicit exemptions might be made for copying your information into storage without studying its contents, or even scanning it to see if it matches a search query, but finding it doesn't as not counting as interception, in order to allow for bulk collection into a central place for querying, and not requiring notification unless you actually match the results of a query. That might be a reasonable tradeoff. However, these security agencies have a strong history of bending around the letter of laws to violate the spirit of them... ...I do wish that strong cryptography with forward secrecy was more widespread! It should be built into everything, by default! ABS - -- Alaric Snell-Pym http://www.snell-pym.org.uk/alaric/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJRyYwRAAoJENVnbn/DjbpJnGUQAMev39Rjh8qFTFc0uEFyiZ2S 23VYZAlnGwGNPvptmECqKWF5kSw0+jhNiAAXmYdA6Fa2f5tgEgSOx68ANrgFkVry G6sCmrjXXky7Pt2gPtdYNugvqEI73cGPfnMYN3lFNc2+5VYxHuhjKVeW8ANeGW39 Fyn+gGZUk3H82zMZUmbanVhyMCnzyyJ4Ctli3oKObKRyqXEINOOPnlzFikkwc4Ae r6BUD5yJ2lR4A1xeloYmzkE9oTzb9ypCa2bFBbgrJyA+LQ4psx/0E0VdT5RZ/pRd jyXyPUid/fE8ypBBGH1+z5g5LIlaqpCZSiX3LqWCPcMCB8qrp8LEbRATNqdfXOso lMJQzfzDRrM/usXpWX4apHR5fLpY+WH8iUvzafl8Xvds1H73wiIylOuO2Oibq/pi Vvar/tiv/GBcah8gzCoHGzUP0rcMcBzvA1Ao6RTHjWu9+oXGWu913pWQ2pnHKwri UBt2kStBg2EIHCHLtCv2kswJZ2rsrChBvuiq0qcyS2Y4qCX3av0t8lXPMmfuuj8g j/qBnjefSykYBq7izue+ybdOIzYMMUve3aiImvWOtV7daTJVixCx/ONViLlyJt7B 7J9xR4uafEekQJdwTqTGt+8smNJhmdOOoWCkXcOmf83O5mqJTOSCmaQ6ZraitNYE KM+ry6JkkCWbqHD8z9cG =sna/ -END PGP SIGNATURE-
Re: [silk] we don't need no steenkin PRISM
On Tue, Jun 25, 2013 at 5:54 PM, Alaric Snell-Pym ala...@snell-pym.org.uk wrote: On 06/20/2013 04:23 PM, Eugen Leitl wrote: http://timesofindia.indiatimes.com/tech/enterprise-it/security/India-sets-up-nationwide-snooping-programme-to-tap-your-emails-phones/articleshow/20678562.cms http://chaosradio.ccc.de/media/ds/ds089.pdf Starts on Page 4 We lost the war. Welcome to the world of tomorrow. by Frank
[silk] we don't need no steenkin PRISM
http://timesofindia.indiatimes.com/tech/enterprise-it/security/India-sets-up-nationwide-snooping-programme-to-tap-your-emails-phones/articleshow/20678562.cms India sets up nationwide snooping programme to tap your emails, phones Reuters | Jun 20, 2013, 12.32 PM IST India has launched a wide-ranging surveillance program that will give its security agencies and even income tax officials the ability to tap directly into e-mails and phone calls. Hackers try to break into NIC serversStudy reveals data breach costs for Indian companiesMalicious or criminal attacks cause 37% of data breaches NEW DELHI: India has launched a wide-ranging surveillance program that will give its security agencies and even income tax officials the ability to tap directly into e-mails and phone calls without oversight by courts or parliament, several sources said. The expanded surveillance in the world's most populous democracy, which the government says will help safeguard national security, has alarmed privacy advocates at a time when allegations of massive US digital snooping beyond American shores has set off a global furor. If India doesn't want to look like an authoritarian regime, it needs to be transparent about who will be authorized to collect data, what data will be collected, how it will be used, and how the right to privacy will be protected, said Cynthia Wong, an Internet researcher at New York-based Human Rights Watch. The Central Monitoring System (CMS) was announced in 2011 but there has been no public debate and the government has said little about how it will work or how it will ensure that the system is not abused. The government started to quietly roll the system out state by state in April this year, according to government officials. Eventually it will be able to target any of India's 900 million landline and mobile phone subscribers and 120 million Internet users. Interior ministry spokesman KS Dhatwalia said he did not have details of CMS and therefore could not comment on the privacy concerns. A spokeswoman for the telecommunications ministry, which will oversee CMS, did not respond to queries. Indian officials said making details of the project public would limit its effectiveness as a clandestine intelligence-gathering tool. Security of the country is very important. All countries have these surveillance programs, said a senior telecommunications ministry official, defending the need for a large-scale eavesdropping system like CMS. You can see terrorists getting caught, you see crimes being stopped. You need surveillance. This is to protect you and your country, said the official, who is directly involved in setting up the project. He did not want to be identified because of the sensitivity of the subject. No independent oversight The new system will allow the government to listen to and tape phone conversations, read e-mails and text messages, monitor posts on Facebook, Twitter or LinkedIn and track searches on Google of selected targets, according to interviews with two other officials involved in setting up the new surveillance program, human rights activists and cyber experts. In 2012, India sent in 4,750 requests to Google for user data, the highest in the world after the United States. Security agencies will no longer need to seek a court order for surveillance or depend, as they do now, on internet or telephone service providers to give them the data, the government officials said. Government intercept data servers are being built on the premises of private telecommunications firms. These will allow the government to tap into communications at will without telling the service providers, according to the officials and public documents. The top bureaucrat in the federal interior ministry and his state-level deputies will have the power to approve requests for surveillance of specific phone numbers, e-mails or social media accounts, the government officials said. While it is not unusual for governments to have equipment at telecommunication companies and service providers, they are usually required to submit warrants or be subject to other forms of independent oversight. Bypassing courts is really very dangerous and can be easily misused, said Pawan Sinha, who teaches human rights at Delhi University. In most countries in Europe and in the United States, security agencies were obliged to seek court approval or had to function with legal oversight, he said. The senior telecommunications ministry official dismissed suggestions that India's system could be open to abuse. The home secretary has to have some substantial intelligence input to approve any kind of call tapping or call monitoring. He is not going to randomly decide to tape anybody's phone calls, he said. If at all the government reads your e-mails, or taps your phone, that will be done for a good reason. It is not invading your privacy, it is protecting you and your country, he said. The government has arrested people
Re: [silk] we don't need no steenkin PRISM
If at all the government reads your e-mails, or taps your phone, that will be done for a good reason. It is not invading your privacy, it is protecting you and your country, he said. I feel reassured, thank you. On Thu, Jun 20, 2013 at 8:53 PM, Eugen Leitl eu...@leitl.org wrote: http://timesofindia.indiatimes.com/tech/enterprise-it/security/India-sets-up-nationwide-snooping-programme-to-tap-your-emails-phones/articleshow/20678562.cms India sets up nationwide snooping programme to tap your emails, phones Reuters | Jun 20, 2013, 12.32 PM IST India has launched a wide-ranging surveillance program that will give its security agencies and even income tax officials the ability to tap directly into e-mails and phone calls. Hackers try to break into NIC serversStudy reveals data breach costs for Indian companiesMalicious or criminal attacks cause 37% of data breaches NEW DELHI: India has launched a wide-ranging surveillance program that will give its security agencies and even income tax officials the ability to tap directly into e-mails and phone calls without oversight by courts or parliament, several sources said. The expanded surveillance in the world's most populous democracy, which the government says will help safeguard national security, has alarmed privacy advocates at a time when allegations of massive US digital snooping beyond American shores has set off a global furor. If India doesn't want to look like an authoritarian regime, it needs to be transparent about who will be authorized to collect data, what data will be collected, how it will be used, and how the right to privacy will be protected, said Cynthia Wong, an Internet researcher at New York-based Human Rights Watch. The Central Monitoring System (CMS) was announced in 2011 but there has been no public debate and the government has said little about how it will work or how it will ensure that the system is not abused. The government started to quietly roll the system out state by state in April this year, according to government officials. Eventually it will be able to target any of India's 900 million landline and mobile phone subscribers and 120 million Internet users. Interior ministry spokesman KS Dhatwalia said he did not have details of CMS and therefore could not comment on the privacy concerns. A spokeswoman for the telecommunications ministry, which will oversee CMS, did not respond to queries. Indian officials said making details of the project public would limit its effectiveness as a clandestine intelligence-gathering tool. Security of the country is very important. All countries have these surveillance programs, said a senior telecommunications ministry official, defending the need for a large-scale eavesdropping system like CMS. You can see terrorists getting caught, you see crimes being stopped. You need surveillance. This is to protect you and your country, said the official, who is directly involved in setting up the project. He did not want to be identified because of the sensitivity of the subject. No independent oversight The new system will allow the government to listen to and tape phone conversations, read e-mails and text messages, monitor posts on Facebook, Twitter or LinkedIn and track searches on Google of selected targets, according to interviews with two other officials involved in setting up the new surveillance program, human rights activists and cyber experts. In 2012, India sent in 4,750 requests to Google for user data, the highest in the world after the United States. Security agencies will no longer need to seek a court order for surveillance or depend, as they do now, on internet or telephone service providers to give them the data, the government officials said. Government intercept data servers are being built on the premises of private telecommunications firms. These will allow the government to tap into communications at will without telling the service providers, according to the officials and public documents. The top bureaucrat in the federal interior ministry and his state-level deputies will have the power to approve requests for surveillance of specific phone numbers, e-mails or social media accounts, the government officials said. While it is not unusual for governments to have equipment at telecommunication companies and service providers, they are usually required to submit warrants or be subject to other forms of independent oversight. Bypassing courts is really very dangerous and can be easily misused, said Pawan Sinha, who teaches human rights at Delhi University. In most countries in Europe and in the United States, security agencies were obliged to seek court approval or had to function with legal oversight, he said. The senior telecommunications ministry official dismissed suggestions that India's system could be open to abuse. The home secretary has to have some substantial