European Supreme Court overruled Safe Harbour Regulations to protect our privacy

On the 6th of October 2015, the Supreme Court of Justice in Europe took a remarkable judgement (C-362/14).

Concerned people have without a doubt heard about the Patriot Act in United States. It enables the US government to snoop all data and request data from any company which has its seat in the United States, which effectively makes any large corporation you use services from, subject to transfer your data for investigation if deemed necessary by the US intelligence service.

However, Europe and Switzerland had an agreement and the Safe Harbour Privacy PrinciplesThese principles, ruled in the year 2000, are:eu-safe-harbor

 

  • Notice – Individuals must be informed that their data is being collected and about how it will be used.
  • Choice – Individuals must have the option to opt out of the collection and forward transfer of the data to third parties.
  • Onward Transfer – Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
  • Security – Reasonable efforts must be made to prevent loss of collected information.
  • Data Integrity – Data must be relevant and reliable for the purpose it w
    as collected for.
  • Access – Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
  • Enforcement – There must be effective means of enforcing these rules.

However due to a lack of any real authority monitoring and safeguarding these requests, it remains unsure to what exactly happens with your data from Facebook, Google, Microsoft, MSN and tons of other services and companies.

The Supreme Court of Justice declared this clause as invalid. According to the EU the transfer of personal data to countries outside of the EU are no longer permitted, unless that country can guarantee the safeguarding of that personal data and information.

image003It all started when Maximilian Schrems, an Austrian privacy activist, filed a complaint at the Irish privacy watchdog concerning his personal data. When European citizens chose to use Facebook, they agree with an agreement betw
een the user and Facebook Ireland. Schrems points out that his data posted on Facebook (Facebook Ireland) transfers to servers in the United States automatically. According to the Safe Harbour Principles, this is not allowed as the country (in this case Ireland) must guarantee the protection of Schrems’s personal data.
The Irish Watchdog claimed the complaint was invalid, referring to the Safe Harbour Privacy Principles and that Facebook respected and followed these principles.

Schrems however appealed to the Irish High Court, who in turn redirected the issue to the Supreme Court of Justice of Europe, questioning how these privacy watchdogs can even monitor the flow of personal data to systems they don’t have access to.

This is a good cause for our fundamental rights as European citizens, and a major blow to the constant reduction of our human right for privacy. I really hope that we won’t see any comprise to our privacy soon, as a ‘principle’.

 

 

Android vulnerability can compromise your phone, manufacturers partly to blame.

stagefright

Security company Zimperium discovered a serious issue that compromised Android’s security. The vulnerability was disclosed at the Blackhat conference in early August. This exploit has been called ‘Stagefright’. In short, an attacker sends you a video either through a website or MMS, and can compromise your phone.

The vulnerability was found in the ‘libStageFright’ library, a library that goes back all the way to Android 2.2, there are over 900 million devices that are running Android 2.2 and later, this is a lot of exposed people!

The real problem here, is that as Android evolves, it becomes more and more clear that the current model with manufacturers using/editing Android to ship with their devices is becoming a real issue. Google themselves can patch the vulnerability immediately, because they are the ones responsible for the operating systems and the devices that get immediately OTA (over the air) updates such as the Nexus series. What if you have a HTC or Samsung? Too bad, you depend on the manufacturer who doesn’t really care.

Continue reading “Android vulnerability can compromise your phone, manufacturers partly to blame.”

WikiMedia files suit against the NSA and the US Department of Justice over upstream mass surveillance.

digital-security-padlock-protection-binary-virus-hack-malware

The WikiMedia Foundation, also known from Wikipedia, have formed a coalition with eight other organizations to sue the National Security Agency and the Department of Justice for the mass upstream surveillance programs. This coalition is represented by the American Civil Liberties Union. A full complaint can be found here.

“We’re filing suit today on behalf of our readers and editors everywhere,” said Jimmy Wales, founder of Wikipedia. “Surveillance erodes the original promise of the internet: an open space for collaboration and experimentation, and a place free from fear.”

Privacy equals freedom, and if you have read my earlier article, you will also known that I believe that privacy is required in a democracy. In this particular case, this privacy coalition challenges the NSA’s use of upstream surveillance. Upstream surveillance in this case refers to internet backbones. These backbones are extremely crucial to the internet, you can compare them as vital as a brain stem. The backbones are responsible to deliver and handle all the traffic over the internet, and having these monitored means that everything can be recorded back to you if they want to. Personal messages, your emails, the websites that you visit, articles you write, content you submit, the cat videos (and others) that you watch, literally everything as all this content passes through a backbone somewhere.

You can read more about this on the WikiMedia blog.