jm + data-retention   19

Communications data errors: UK police incriminating the wrong people due to data retention system screwups
It seems there have been 34 with serious consequences since 2008. Causes include:
- Omission of an underscore when transcribing an e-mail address led to the wrong subscriber information being provided and a search warrant being executed at the premises of an individual unconnected with the investigation.

- A CSP's data warehouse system change affected how GMT and British Summer Time were treated. This was not communicated to staff using the data retention disclosure system. This led to a one hour error in subscriber information disclosed in relation to IP address usage. Of 98 potential disclosure errors identified, 94 were in fact incorrect and four returned the same results when re-run. Of the 94 incorrect disclosures, in three cases a search warrant was executed at premises relating to individuals unconnected with the investigation (and one individual was arrested).

- Due to a technical fault causing a time zone conversion to be out by seven hours, a CSP voluntarily disclosed an incorrect IP address to a public authority.  That led to a search warrant being executed at premises relating to individuals unconnected with the investigation.


In other words, timezones largely screw up everything, yet again.
timezones  uk  law  data-retention  errors  bst 
10 weeks ago by jm
Law to allow snooping on social media defies European court ruling
Karlin on fire:
But there’s lots in this legislation that should scare the public far more. For example, the proposal that the legislation should allow the retention of “superfluous data” gathered in the course of an investigation, which is a direct contravention of the ECJ’s demand that surveillance must be targeted and data held must be specifically relevant, not a trawl to be stored for later perusal “just in case”.
Or the claim that interception and retention of data, and access to it, will only be in cases of the most serious crime or terrorism threats. Oh, please. This was, and remains, the supposed basis for our existing, ECJ-invalidated legislation. Yet, as last year’s Gsoc investigation into Garda leaks revealed, it turns out a number of interconnected pieces of national legislation allow at least 10 different agencies access to retained data, including Gsoc, the Competition Authority, local authorities and the Irish Medicines Board.
surveillance  ireland  whatsapp  viber  snowden  snooping  karlin-lillington  facebook  internet  data-retention 
july 2016 by jm
Cops Use Stingray To Almost Track Down Suspected Fast Food Thief
Law enforcement spokespeople will often point to the handful of homicide or kidnapping investigations successfully closed with the assistance of cell site simulators, but they'll gloss over the hundreds of mundane deployments performed by officers who will use anything that makes their job easier -- even if it's a tool that's Constitutionally dubious.

Don't forget, when a cell site simulator is deployed, it gathers cell phone info from everyone in the surrounding area, including those whose chicken wings have been lawfully purchased. And all of this data goes... somewhere and is held onto for as long as the agency feels like it, because most agencies don't seem to have Stingray data retention policies in place until after they've been FOIA'ed/questioned by curious legislators.

Regular policework -- which seemed to function just fine without cell tracking devices -- now apparently can't be done without thousands of dollars of military equipment. And it's not just about the chicken wing thieves law enforcement can't locate. It's about the murder suspects who are caught but who walk away when the surveillance device wipes its feet on the Fourth Amendment as it serves up questionable, post-facto search warrants and pen register orders.
stingrays  mobile  surveillance  imsi-catchers  data-retention  privacy  chicken-wings  fast-food 
june 2016 by jm
Journalists, this GSOC story isn’t all about you, you know
Karlin Lillington in the Irish Times, going through journos for a shortcut:
All the hand-wringing from journalists, unions and media companies – even politicians and ministers – over the GSOC’s accessing of journalist’s call records? Oh, please. What wilful ignorance, mixed with blatant hypocrisy. Where have you all been for the past decade and a half, as successive Irish governments and ministers for justice supported and then rammed through legislation for mandatory call data retention for one of the longest periods in the world, with some of the weakest legal constraints and oversight?
karlin-lillington  privacy  data-protection  dri  law  journalists  gsoc  surveillance  data-retention 
january 2016 by jm
Irish parliament pressing ahead with increased access to retained telecoms data
While much of the new bill is concerned with the dissolution of the Competition Authority and the National Consumer Agency and the formation of a new merged Competition and Consumer Protection Commission (CCPC) the new bill also proposed to extend the powers of the new CCPC to help it investigate serious anticompetitive behaviour.

Strikingly the new bill proposes to give members of the CCPC the power to access data retained under the Communications (Retention of Data) Act 2011. As readers will recall this act implements Directive 2006/24/EC which obliges telecommunications companies to archive traffic and location data for a period of up to two years to facilitate the investigation of serious crime.

Ireland chose to implement the maximum two year retention period and provided access to An Garda Siochana, The Defence Forces and the Revenue Commissioners. The current reform of Irish competition law now proposes to extend data access powers to the members of the CCPC for the purposes of investigating cartel offences.
data-retention  privacy  surveillance  competition  ccpc  ireland  law  dri 
july 2014 by jm
DRI wins their case at the ECJ!
Great stuff!
The Court has found that data retention “entails a wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data” and that it “entails an interference with the fundamental rights of practically the entire European population”. TJ McIntyre, Chairman of Digital Rights Ireland, said that “This is the first assessment of mass surveillance by a supreme court since the Snowden revelations. The ECJ’s judgement finds that untargeted monitoring of the entire population is unacceptable in a democratic society.”

[...] Though the Directive has now been struck down, the issue will remain live in all the countries who have passed domestic law to implement the data retention mass surveillance regime. Digital Rights Ireland’s challenge to the Irish data retention system will return to the High Court in Dublin for the next phase of litigation.
dri  digital-rights  ireland  eu  ecj  surveillance  snooping  law  data-retention 
april 2014 by jm
How to invoke section 4 of the Data Protection Acts in Ireland
One wierd trick to get your personal data (in any format) from any random organisation, for only EUR6.35 and up to 40 days wait! Good to know.
Hospitals and doctors’ offices in Ireland will give a person their medical records if they ask for them. Mostly. Eventually. When they get to it. And, sometimes, if you pay them over €100 (for a large file).

But, like so much else in the legal world, there is a set of magic words you can incant to place a 40 day deadline on the delivery of your papers and limit the cost to €6.35 -- you invoke the Data Protection Acts data access request procedure.
data-protection  privacy  data-retention  dpa-section-4  data  ireland  medical  law  dpa 
february 2014 by jm
Karlin Lillington on DRI's looming victory in the European Court of Justice
If the full European Court of Justice (ECJ) accepts the opinion of its advocate general in a final ruling due early next year – and it almost always does – it will prove a huge vindication of Ireland’s small privacy advocacy group, Digital Rights Ireland (DRI).
Its case against Irish retention laws, which began in 2006, forms the basis of this broader David v Goliath challenge and initial opinion.
The advocate general’s advice largely upholds the key concerns put forward by DRI against Ireland’s laws. Withholding so much data about every citizen, including children, in case someone commits a future crime, is too intrusive into private life, and could allow authorities to create a “faithful and exhaustive map of a large portion of a person’s [private] conduct”.
Retained data is so comprehensive that they could easily reveal private identities, which are supposed to remain anonymous. And the data, entrusted to third parties, is at too much risk of fraudulent or malicious use.
Cruz Villalón argues that there must be far greater oversight to the retention process, and controls on access to data, and that citizens should have the right to be notified after the fact if their data has been scrutinised. The Irish Government had repeatedly waved off such concerns from Digital Rights Ireland in the past.
dri  rights  ireland  internet  surveillance  data-retention  privacy  eu  ecj  law 
december 2013 by jm
NZ police affidavits show use of PRISM for surveillance of Kim "Megaupload" Dotcom

The discovery was made by blogger Keith Ng who wrote on his On Point blog (http://publicaddress.net/onpoint/ich-bin-ein-cyberpunk/) that the Organised and Financial Crime Agency New Zealand (OFCANZ) requested assistance from the Government Communications Security Bureau (GCSB), the country's signals intelligence unit, which is charge of surveilling the Pacific region under the Five-Eyes agreement.

A list of so-called selectors or search terms were provided to GCSB by the police [PDF, redacted] for the surveillance of emails and other data traffic generated by Dotcom and his Megaupload associates.

'Selectors' is the term used for the National Security Agency (NSA) XKEYSCORE categorisation system that Australia and New Zealand contribute to and which was leaked by Edward Snowden as part of his series of PRISM revelations.

Some "selectors of interest" have been redacted out, but others such as Kim Dotcom's email addresses, the mail proxy server used for some of the accounts and websites, remain in the documents.


So to recap; police investigating an entirely non-terrorism-related criminal case in NZ was given access to live surveillance traffic for surveillance of an NZ citizen. Scary stuff
surveillance  prism  nsa  new-zealand  xkeyscore  gcsb  kim-dotcom  piracy  privacy  data-retention  megaupload  filesharing 
august 2013 by jm
How A 'Deviant' Philosopher Built Palantir, A CIA-Funded Data-Mining Juggernaut - Forbes
Palantir -- the free-market state-surveillance data-retention nightmare. At the end of this slightly overenthusiastic puff piece we get to:
Katz-Lacabe wasn’t impressed. Palantir’s software, he points out, has no default time limits -- all information remains searchable for as long as it’s stored on the customer’s servers. And its auditing function? “I don’t think it means a damn thing,” he says. “Logs aren’t useful unless someone is looking at them.” [...]

What if Palantir’s audit logs -- its central safeguard against abuse -- are simply ignored? Karp responds that the logs are intended to be read by a third party. In the case of government agencies, he suggests an oversight body that reviews all surveillance -- an institution that is purely theoretical at the moment. “Something like this will exist,” Karp insists. “Societies will build it, precisely because the alternative is letting terrorism happen or losing all our liberties.”

Palantir’s critics, unsurprisingly, aren’t reassured by Karp’s hypothetical court. Electronic Privacy Information Center activist Amie Stepanovich calls Palantir “naive” to expect the government to start policing its own use of technology. The Electronic Frontier Foundation’s Lee Tien derides Karp’s argument that privacy safeguards can be added to surveillance systems after the fact. “You should think about what to do with the toxic waste while you’re building the nuclear power plant,” he argues, “not some day in the future.”
palantir  data-retention  privacy  surveillance  state  cia  forbes  andy-greenberg  eff  epic  snooping 
august 2013 by jm
London orders rubbish bins to stop collecting smartphone data
Good call.
AUTHORITIES IN LONDON’S financial district have ordered a company using high-tech rubbish bins to collect smartphone data from passers-by to cease its activities, and referred the firm to the privacy watchdog. The City of London Corporation, which manages the so-called “Square Mile” around St Paul’s Cathedral, said such data collection “needs to stop” until there could be a public debate about it.


(via Daragh O'Brien)
via:dobrien  privacy  phones  wifi  mac-address  data-protection  data-retention  renew  london  bins  snooping  sniffing 
august 2013 by jm
The NSA Is Commandeering the Internet - Bruce Schneier
You, an executive in one of those companies, can fight. You'll probably lose, but you need to take the stand. And you might win. It's time we called the government's actions what it really is: commandeering. Commandeering is a practice we're used to in wartime, where commercial ships are taken for military use, or production lines are converted to military production. But now it's happening in peacetime. Vast swaths of the Internet are being commandeered to support this surveillance state.

If this is happening to your company, do what you can to isolate the actions. Do you have employees with security clearances who can't tell you what they're doing? Cut off all automatic lines of communication with them, and make sure that only specific, required, authorized acts are being taken on behalf of government. Only then can you look your customers and the public in the face and say that you don't know what is going on -- that your company has been commandeered.
nsa  america  politics  privacy  data-protection  data-retention  law  google  microsoft  security  bruce-schneier 
august 2013 by jm
small town council in Oz has been snooping on mobile phone records to catch litterbugs and owners of unregistered pets
Privacy advocates have slammed Wyndham council for spying on residents’ mobile phone data and email records almost 50 times in the past three years, “not to hunt down terrorists but to catch litterbugs and owners of unregistered pets”. Figures from the attorney-general’s department reveal Wyndham is the only Victorian council that has been snooping on personal data, seizing residents’ information 31 times during 2010-11 and 2011-12.

Council’s acting chief executive Kelly Grigsby told the Weekly there had been another 18 authorisations in the past 12 months to chase people for unauthorised advertising, unregistered pets and illegal littering.
victoria  australia  oz  privacy  snooping  data-retention  metadata  overreach 
july 2013 by jm
DRI needs your help
Appalled by mass surveillance scandals? So are we. We’re doing something about it – and you can too.

In 2006 we started a case challenging Irish and European laws that require your mobile phone company and ISP to monitor your location, your calls, your texts and your emails and to store that information for up to two years. That case has now made it to the European Court of Justice and will be heard on July 9th. If we are successful, it will strike down these laws for all of Europe and will declare illegal this type of mass surveillance of the entire population.

Here’s where you come in. You can take part by: making a donation to help us pay for the expenses we incur; following our updates and keeping abreast of the issues; spreading the word on social media.

With your help, we can strike a blow for the privacy of all citizens.
activism  privacy  politics  ireland  dri  digital-rights  data-protection  data-retention 
june 2013 by jm
CEO Of Internet Provider Sonic.net: We Delete User Logs After Two Weeks. Your Internet Provider Should, Too. - Forbes
"what we saw was a shift towards customers being made part of a business model that involved–I don’t know if extortion is the right word–but embarassment for gain. An individual would download a movie, using bittorrent, and infringe copyright. And that might be our customer, like Bob Smith who owns a Sonic.net account, or it might be their spouse, or it might be their child. Or it might be one of his three roommates in a loft in San Francisco, who Bob is not responsible for, and who rent out their loft on AirBnB and have couch surfers and buddies from college and so on and open Wifi.

When lawyers asked us for these users’ information, some of our customers I spoke with said “Oh yeah, crap, they caught me,” and were willing to admit they engaged in piracy and pay a settlement. But in other cases, it turned out the roommate did it, or no one would admit to doing it. But they would pay the settlement anyway. Because no one wants to be named in the public record in a case from So-And-So Productions vs. 1,600 names including Bob Smith for downloading a film called “Don’t Tell My Wife I B—F—— The Babysitter.”

AG: Is that a real title?

DJ: Yes. I’ve read about cases where a lawyer was doing this for the movie “The Expendables,” and 5% of people settled. So then he switched to representing someone with an embarassing porn title, and like 30% of people paid.

It seemed like half the time, the customer wasn’t the one right one, but they rolled over because it would be very embarassing. And I think that’s an abuse of process. I was unwilling to become part of that business model. In many cases the lawyers never pursued the case, and it was all bluster. But under that threat, you pay."
interview  isps  freedom  copyright  internet  shakedown  lawyers  sonic.net  data-retention  via:oisin 
june 2012 by jm
Cellphones Track Your Every Move, and You May Not Even Know - NYTimes.com
data retention in Germany revealed via FOI: 'in a six-month period — from Aug 31, 2009, to Feb. 28, 2010, Deutsche Telekom had recorded and saved his longitude and latitude coordinates more than 35,000 times. It traced him from a train on the way to Erlangen at the start through to that last night, when he was home in Berlin.'
data-retention  germany  phones  mobile  geolocation  tracking  mobile-phones  surveillance  from delicious
march 2011 by jm
Irish data retention law now in force
quietly passed into law on the 26th Jan.  DRI say 'the Bill requires telecommunications companies, internet service providers, and the like, to retain data about communications (though not the content of the communications); phone and mobile traffic data have to be retained for 2 years; internet communications have to be retained for one year … This will impose significant costs on those obliged to retain and secure the data, and those costs will be passed on to their already hard-pressed customers. And it is likely to drive international telecommunications and internet companies to European states which have introduced far less demanding regimes.'
data-retention  ireland  law  legal  privacy  from delicious
february 2011 by jm
Mobile Internet access data retention (not!)
so, it seems the wireless ISPs don't have sufficient IPv4 space for their customers, and are filtering access to the internet via NAT; unfortunate side effect is that this breaks data retention as defined in the UK. wonder if the same applies here?
uk  data-retention  privacy  nat  isps  wireless  mobile  phones  networking  internet  filtering  from delicious
january 2010 by jm

Copy this bookmark:



description:


tags: