Journalist John Naughton wonders whether the reason there has been so little public fuss about the Snowden revelations (with some notable exceptions, mainly Germany) is because everybody feels compromised, to a greater or lesser extent, by their online behaviour. In principle, people think it’s creepy that Google reads our mail, that Facebook monitors our relationships and that the spooks have a log of everything we’ve ever read on the web, but the services are free and the security services are unlikely to be interested in little old us.
After the Snowden revelations, the IETF said it was going to do something about mass surveillance. In May 2014, the IETF published a “best practice” document stating baldly that “pervasive monitoring is an attack.” Snowden’s revelations prompted a fundamental rethink within the IETF about what kind of security the internet should be aiming for overall. Specifically, the IETF is in the process of formalizing a concept called “opportunistic security” whereby — even if full end-to-end security isn’t practical for whatever reason — some security is now officially recognized as being better than nothing.
On December 5, the Article 29 Working Party published a Working Document on surveillance, electronic communications and national security. The Working Document is specifically intended to address data protection issues arising out of the Snowden revelations that began in 2013 and the bulk data collection activities of various intelligence and security agencies. The Working Document examines the boundaries between the concepts of privacy and national security, and emphasizes the importance of privacy as a fundamental right in the EU. The Working Document concludes that the activities of intelligence and security agencies should not always fall within the scope of the national security exemption under EU data protection law, and that where the meaning of the term “national security” is unclear, the exemption should be construed narrowly.
On 25 November the European Parliament voted, by 383 votes to 271, in favour of a resolution to refer the EU-Canada agreement on Passenger Name Records (PNR) to the European Court of Justice (CJEU). The CJEU will now decide on the compliance of the agreement with EU law, in particular the Charter of Fundamental Rights. As explained in previous EDRi-gram articles, PNR data has become an attractive and invasive source for governments to obtain personal data.
Britain’s laws governing the intelligence agencies and mass surveillance require a total overhaul to make them more transparent, comprehensible and up to date, the intelligence and security committee of parliament (ISC) has said in a landmark report prompted by the revelations of Edward Snowden, the former US National Security Agency (NSA) contractor.
Two years after Edward Snowden’s allegations concerning mass surveillance, the Investigatory Powers Tribunal, the UK intelligence agencies complaints tribunal, has ruled that the manner in which the UK’s GCHQ shared intelligence from the US National Security Agency was unlawful.
In a brief ruling that follows a lengthy and more complex one in December, the tribunal at the same time announced its view that previous legal defects have been corrected, and that it is now satisfied that GCHQ is acting lawfully. At least, that is what you might think the IPT has decided. But in the peculiar point at which the law, intelligence and secrecy mix, things are not always what they seem.