Our own online behaviour is the cause for state surveillance
Sat 13 Dec 2014, 22:20

Journalist John Naughton wonders whether the reason there has been so little public fuss about the Snowden revelations (with some notable exceptions, mainly Germany) is because everybody feels compromised, to a greater or lesser extent, by their online behaviour. In principle, people think it’s creepy that Google reads our mail, that Facebook monitors our relationships and that the spooks have a log of everything we’ve ever read on the web, but the services are free and the security services are unlikely to be interested in little old us.

Snowden revelations make IETF rethink security
Wed 31 Dec 2014, 12:18

After the Snowden revelations, the IETF said it was going to do something about mass surveillance. In May 2014, the IETF published a “best practice” document stating baldly that “pervasive monitoring is an attack.” Snowden’s revelations prompted a fundamental rethink within the IETF about what kind of security the internet should be aiming for overall. Specifically, the IETF is in the process of formalizing a concept called “opportunistic security” whereby — even if full end-to-end security isn’t practical for whatever reason — some security is now officially recognized as being better than nothing.

Article 29 working document on surveillance, electronic communications and national security
Wed 10 Dec 2014, 09:00

On December 5, the Article 29 Working Party published a Working Document on surveillance, electronic communications and national security. The Working Document is specifically intended to address data protection issues arising out of the Snowden revelations that began in 2013 and the bulk data collection activities of various intelligence and security agencies. The Working Document examines the boundaries between the concepts of privacy and national security, and emphasizes the importance of privacy as a fundamental right in the EU. The Working Document concludes that the activities of intelligence and security agencies should not always fall within the scope of the national security exemption under EU data protection law, and that where the meaning of the term “national security” is unclear, the exemption should be construed narrowly.

EU-Canada agreement on PNR referred to the CJEU
Wed 3 Dec 2014, 20:00

On 25 November the European Parliament voted, by 383 votes to 271, in favour of a resolution to refer the EU-Canada agreement on Passenger Name Records (PNR) to the European Court of Justice (CJEU). The CJEU will now decide on the compliance of the agreement with EU law, in particular the Charter of Fundamental Rights. As explained in previous EDRi-gram articles, PNR data has become an attractive and invasive source for governments to obtain personal data.

UK surveillance laws need total overhaul, says landmark report
Thu 12 Mar 2015, 13:20

Britain’s laws governing the intelligence agencies and mass surveillance require a total overhaul to make them more transparent, comprehensible and up to date, the intelligence and security committee of parliament (ISC) has said in a landmark report prompted by the revelations of Edward Snowden, the former US National Security Agency (NSA) contractor.

GCHQ datasharing with the NSA deemed unlawful
Sat 7 Feb 2015, 17:20

Two years after Edward Snowden’s allegations concerning mass surveillance, the Investigatory Powers Tribunal, the UK intelligence agencies complaints tribunal, has ruled that the manner in which the UK’s GCHQ shared intelligence from the US National Security Agency was unlawful.

In a brief ruling that follows a lengthy and more complex one in December, the tribunal at the same time announced its view that previous legal defects have been corrected, and that it is now satisfied that GCHQ is acting lawfully. At least, that is what you might think the IPT has decided. But in the peculiar point at which the law, intelligence and secrecy mix, things are not always what they seem.