Policy Observatory

After the Snowden revelations, the IETF said it was going to do something about mass surveillance. In May 2014, the IETF published a “best practice” document stating baldly that “pervasive monitoring is an attack.” Snowden’s revelations prompted a fundamental rethink within the IETF about what kind of security the internet should be aiming for overall. Specifically, the IETF is in the process of formalizing a concept called “opportunistic security” whereby — even if full end-to-end security isn’t practical for whatever reason — some security is now officially recognized as being better than nothing.

Today, the Wikimedia Foundation is filing suit against the National Security Agency (NSA) and the Department of Justice (DOJ) of the United States. The lawsuit challenges the NSA’s mass surveillance program, and specifically its large-scale search and seizure of internet communications — frequently referred to as “upstream” surveillance. Wikimedia aim in filing this suit is to end this mass surveillance program in order to protect the rights of our users around the world. Wikimedia are joined by eight other organizations and represented by the American Civil Liberties Union (ACLU).

The UN General Assembly formally approved a major resolution on the right to privacy yesterday, by consensus. The resolution spotlights the privacy violations that are enabled by advances in technology, overbearing government surveillance, and corporate complicity. As communications have gone global, so too must privacy protections. Privacy rights limited by national borders are increasingly meaningless. This resolution contains strong language that definitively places mass surveillance under international human rights law.

The Foreign Intelligence Surveillance Court has reauthorized the NSA program for another 90 days at a request from the government. The order expires on 27 February 2015. However, President Barack Obama announced reforms to the program earlier this year, including a plan to stop NSA from collecting and holding the data from operators in bulk.

Obama instructed that other than in an emergency, phone metadata could only be queried after a judicial finding that there was a reasonable, articulable suspicion that the selection term was linked to an approved international terrorist organization. The two changes to the program have been made since February this year, according to officials.

Last month, the USA Freedom Act ran into difficulties in the Senate, and could not be moved towards a final vote. The setback could delay any NSA reform until next year.

Today, 8 January 2015, the Ministry for Information Society called an inter-institutional working group to urgently analyze CJUE data retention decision’s impact on national law. Using the terrorist attacks in France as pretext, Romanian authorities are pushing for the urgent adoption of a package of mass surveillance measures which violate fundamental rights.

This comes in the context of the Parliament's unanimous vote on the Law on cybersecurity which states that 'owners of a cyber infrastructure' (basically every legal person with a computer) needs to allow access to data at the simple demand of 9 different Romanian security and intelligence agencies. The cybersecurity law was sent to the Constitutional Court on the 23rd of December 2014.

So far, the Romanian Constitutional Court declared the data retention law unconstitutional two times. The last decision was on the 8th of July 2015 (see some remarks in English here and in Romanian here). At the same time, the Court also declared unconstitutional the law for registering pre-pay SIM cards and Wi-Fi users by Decision no. 461 of 16 September 2014 (available here in Romanian). This was the 4th attempt to introduce this kind of law in the last 3 years.

Civil society and private parties are left out of any discussion.