whistleblowers: wikileaks, snowden i...

[Tribun_Populi]

Frans i Đermani su tu jedini koji imaju interesa/mogu odreagovati. Sad, očigledno je procena da im se još uvek isplati da idu skinutih gaća (s tom razlikom što su ih Francuzi tek nedavno skinuli, dok su Nemcima spuštene od WWII). Verovatno kad ih navuku do pola... ali sačekaćemo na to još.

[halloween]

Повереник за информације од јавног значаја и заштиту података о личности оцењује да недавно донета пресуда Европског суда правде којом је утврђено да је неважећи споразум "Safe Harbor" између ЕУ и САД (на основу ког су подаци о личности без посебних формалности и одобрења трансферисани у САД), представља један од најважнијих преседана у досадашњој међународноправној пракси заштите података о личности.

 

Наглашавајући да ова пресуда Европског суда правде, иако Србија није чланица ЕУ и за нас има велики значај, повереник Родољуб Шабић је изјавио и следеће:

 

„Иако ова одлука за многе представља изненађење, она је на неки начин била наговештена мишљењем које је претходно, на тражење суда дао Општи правозаступник Ив Бот, а којим је препоручио да Европски суд правде (ЕСП) прогласи споразум „Сигурна лука" (Safe Harbor) између САД и ЕУ - неважећим.

 

Општи правозаступник је то своје мишљење, формално необавезно, али по правилу веома утицајно засновао на констатацијама да:

 

- Управа за националну безбедност (НСА) и друге безбедносне агенције у САД су у могућности да приступају пренесеним личним подацима на „масован и неселективан начин" што угрожава право на приватност по члану 7. Повеље о основним правима Европске уније.

 

- Грађани ЕУ „немају одговарајући правни лек против обраде њихових личних података пренетих у САД у друге сврхе осим оних у које су првобитно прикупљени ", чиме се крши члан 47. Повеље, који предвиђа право на делотворан правни лек и правично суђење.

 

- Апстрактно формулисана одступања потенцијално омогућавају да сви принципи „Сигурне луке" буду изиграни, тиме што се обрада не ограничава само на оне податке који су стриктно потребни и тако компромитује „основно право на заштиту личних података" из члана 8. Повеље.

 

Суд је прихватио становиште Ива Бота и донео одлуку којом је " Safe Harbor" прогласио неважећим. Иако донета поводом једног конкретног случаја, она ће извесно имати глобалне последице, које ћемо тек сагледавати, за цео свет па и за Србију.

 

Као неко ко представља орган надлежан за заштиту личних података грађана Србије, и овим поводом подсећам да држава Србија има обавезу да својим грађанима и резидентима обезбеди права на заштиту података о личности зајамчена Уставом, законом и Конвенцијом 108.Савета Европе, чији смо, као и све земље ЕУ, потписник.

 

Важно је, било би добро да нас овај драматичан обрт поводом обраде односно заштите података о личности, на релацији ЕУ - САД, подсети на недореченост и недостатке наших правних решења у вези са изношењем података о личности у иностранство. На те недостатке Повереник је више пута указивао, а надлежни нису реаговали. С тим у вези подсећам да је и у Моделу новог Закона о заштити података о личности, који је Повереник припремио и ставио Влади на располагање још пре годину дана, предвиђено решење које се у вези с изношењем података из земље максимално ослања на ставове и праксу ЕУ."

 

(извор текста вести: вебсајт Повереника за информације од јавног значаја и заштиту података о личности, www.poverenik.rs, од 7. октобра 2015. године)

[Prospero]

After the ECJ Ruling: What Now?

by Matthias Bauer, Martina F. Ferracane, Hosuk Lee-Makiyama, Erik van der Marel

 

 

In a nutshell

 

 

On Tuesday, the European Court of Justice (ECJ) issued the long-awaited ruling on the case of Max Schrems, which investigated whether his right of privacy on his personal Facebook data was breached.

 

According to the EU’s data protection framework currently in force, exports of personal data to third countries is only allowed if the receiving country can provide a level of protection that is considered equivalent to the EU’s legislation. Alternatively, these transfers are also allowed if privacy rules in the receiving country are deemed adequate, which eventually came to mean “equivalent” to the European model for privacy law on paper – it matters less whether the privacy rules are effectively enforced or not.

 

The United States, with a vast majority of non-European jurisdictions, is not recognised as adequate/equivalent. Thus, the Safe Harbor agreement between the EU and the US enables American businesses to self-certify that they would abide by EU standards, allowing them to transfer data freely across the Atlantic.

 

The daily operations of approximately 4,400 firms which are today a part of the Safe Harbor agreement, and which are mostly non-tech SMEs in retail and various services, are now effectively shut. The ECJ’s ruling is based on the fundamental right to respect private life, and how the US law enforcement agencies (and in extension, the European Commission) have failed to live up to them.

 

The ruling does not question the free flow of data as such, but merely establishes that Member States’ data privacy authorities have the power to investigate complaints from their citizens regardless of Brussels decisions, and only the ECJ has the right to declare Brussels decisions as invalid.

To say the least, the ruling raise more questions and concerns than it provides legal certainty.

 

 

What the ECJ did not answer

 

To begin, the ruling examines the specific case of Facebook and US intelligence services. However, the EU citizens are still under surveillance of their home governments’ and other EU members states’ intelligence agencies. For instance, in late July, France’s highest authority on constitutional matters has approved a controversial bill (labelled the French “Big Brother” by critics) to give the French state extensive powers to spy on its citizens. Similar initiatives are already implemented or discussed in other European countries. No pun intended, but intelligence is not a union competence. By the logics of the ruling, the ECJ may be forced to strike down on free flow of information within Europe if intelligence practices in some Member States were challenged as a privacy violation.

 

 

Second, the ruling leads to a situation where Europe applies de facto (but not necessarily de jure) data localisation towards US business as a general rule. Any exceptions to that principle can be revoked. Data localisation, however, increases the risk of security breaches by intelligence agencies and hackers alike. Such measures do not only make data more vulnerable, but increase also the scale of the damage that hackers can cause.

 

The third issue concerns the economics of the ruling. Building a digital wall between the world’s most intensive economic relationship, i.e. the transatlantic one, would not only cause a disproportionate burden for businesses, it would also pose a serious threat to Europe’s long-term competitiveness. Blocking transfer of data impedes technological progress, competition and the capability of countries to adopt innovative technologies and new business models. These factors are the main drivers of long-run economic growth. This is especially true if we consider that it is practically impossible to disentangle personal data from other business-related data. The ECJ ruling related only to personal data, but will automatically affect our entire economy.

 

Given the economic importance of data, it leads to the final question: Was the ECJ ruling proportionate? While ECJ questions the proportionality of the PRISM program, the same question of can be raised against the ECJ ruling. To what extent was the data under the Safe Harbor really compromised by foreign law enforcement agencies, and to what extent was it proportionate to declare the entire agreement as invalid?

 

 

What now?

 

The ECJ has not offered a grace period for companies to conform to the ruling. Although some fall back options to the Safe Harbor exists, these mechanisms seem to be costly or infeasible in practice. The first alternative would be to collect consent requirement, which requires the approval of every individual for transfer of data that was previously allowed under Safe Harbor. Revising services contracts on individual basis, would be costly and impossible to maintain in practice.

 

Another alternative is the use of binding corporate rules and model contract clauses, where the signatories agree to assume the liability of its third parties, or to restrict their access to data. However, such instruments are not fit for complex supply chains and subcontractors based in multiple jurisdictions. It would be particularly burdensome for SMEs, which often use cost-effective business services provided by global players, as well as multinationals which frequently send their data between multiple affiliates around the globe.

 

The common feature of these alternatives is that they are poorly fit for the globalised structures of today’s trade, especially for the overwhelming number of more than 4,000 companies in the Safe Harbor program that are SMEs in non-tech sectors. These options are simply not commercially viable.

 

Hence, we are in uncharted territory. The ruling, in all its orthodoxy, is about competences and fundamental rights rather than just a specific treaty. One plausible interpretation is that any contractual agreement and arrangement between the EU and the US would be declared invalid, if it was challenged by a Member State. Therefore, the only legally certain options available would be to localise data within European borders, or to collect explicit consent from the European users – or to shut all European users off from the services.

 

In one way or another, the demanding regulatory and technical structure of all options on the table shows that firms will be faced with higher costs of business. As our recent study concluded, this would have an impact on our economy’s performance which will ultimately be paid by consumers. In a scenario where no personal data can flow in or out of Europe, the European economy would lose a 1.1 percent in GDP. Revocation of Safe Harbor did not bring about full extent of that loss, but is a step towards that direction.

 

The EU is currently in a controversial process to update its own data privacy regulation (GDPR), which is seen as highly protectionist on international transfers; the European Commission and Department of Commerce are also negotiating a revamped Safe Harbour – the question is what are the merits of such agreement, if it can be challenged by each member state, and revoked by an activist court – as a result, the ruling has made the possibility for a mutually beneficial solution between the EU and the US less likely.

 

[pacey defender]

Zanimljivo kako se u svetlu Safe Harbor odluke uopšte kao alternativa ne navodi da, zamislite, USA podigne nivo poštovanja privatnosti, tako da bude ekvivalentan evropskom. Mogu samo da pretpostavim kojim sredstvima će američke firme i američka vlada ovde u Evropi da lobiraju za snižavanje evropskih standarda, a sve u ime tehnološkog progresa i sl.

[Prospero]

ANDY GREENBERG10.15.15

 

 

A SECOND SNOWDEN HAS LEAKED A MOTHER LODE OF DRONE DOCS

 

 

 

IT’S BEEN JUST over two years since Edward Snowden leaked a massive trove of NSA documents, and more than five since Chelsea Manning gave WikiLeaks a megacache of military and diplomatic secrets. Now there appears to be a new source on that scale of classified leaks—this time with a focus on drones.

On Thursday the Intercept published a groundbreaking new collection of documents related to America’s use of unmanned aerial vehicles to kill foreign targets in countries ranging from Afghanistan to Yemen. The revelations about the CIA and Joint Special Operations Command actions include primary source evidence that as many as 90 percent of US drone killings in one five month period weren’t the intended target

 

, that a former British citizen was killed in a drone strike despite repeated opportunities to capture him instead, and details of the grisly process by which the American government chooses who will die, down to the “baseball cards” of profile information created for individual targets, and the chain of authorization that goes up directly to the president.

All of this new information, according to the Intercept, appears to have come from a single anonymous whistleblower. A spokesperson for the investigative news site declined to comment on that source. But unlike the leaks of Snowden or Manning, the spilled classified materials are accompanied by statements about the whistleblower’s motivation in his or her own words.

“This outrageous explosion of watchlisting—of monitoring people and racking and stacking them on lists, assigning them numbers, assigning them ‘baseball cards,’ assigning them death sentences without notice, on a worldwide battlefield—it was, from the very first instance, wrong,” the source tells the Intercept. “We’re allowing this to happen. And by ‘we,’ I mean every American citizen who has access to this information now, but continues to do nothing about it.”

Reports first surfaced in the fall of last year that the Intercept, a news site created in part to analyze and publish the remaining cache of Snowden NSA documents, had found a second source of highly classified information. The final scene of the film “Citizenfour,” directed by Intercept co-founder Laura Poitras, shows fellow Intercept co-founder Glenn Greenwald meeting with Snowden in Moscow to tell him about a new source with information about the U.S. drone program, whom he says has been communicating with the Intercept‘s Jeremy Scahill. At one point, Greenwald draws Snowden a diagram of the authorization chain for drone strikes that ends with the president, one that looks very similar to the one included in Thursday’s publication.

“It’s really risky,” Snowden tells Greenwald in the scene. “That person is incredibly bold.”

“The boldness of it is shocking,” Greenwald responds, “But it was obviously motivated by what you did.”

In the scene, Greenwald also tells Snowden the security tools the Intercept is using to communicate with the source, writing the names of the software on a piece of paper in what may have been an attempt to avoid eavesdroppers. Those security tools, along with the Intercept‘s reputation for combative, unapologetic investigation of the U.S. government, may help explain how the site seems to have found another Snowden-like source of national security secrets. The Intercept and its parent company First Look Media employ world-class security staff like former Googler Morgan Marquis-Boire, Tor developer Erinn Clark, and former EFF technologist Micah Lee. Far more than most news sites, its reporters use tools like the encryption software PGP and the anonymous upload system SecureDrop to protect the identities of its sources.

Whether those measures can actually protect this particular source—or whether the source Greenwald told Snowden about is even the same one who leaked theIntercept‘s Drone Papers—remains to be seen. Yahoo News reported last year that the FBI had identified a “second leaker” to the Intercept and searched his or her home as part of a criminal investigation.

If that reported search of the leaker’s home did happen, however, it doesn’t seem to have slowed down theInterceptor its whistleblower. A year later, no arrests or charges have been made public, and the site has now published what appear to be the biggest revelations yet from its new source.

In the Citizenfour scene, Snowden tells Greenwald he hopes that the new leaks could help change the perception of whistleblowers in general. “This could raise the political situation with whistleblowing to a whole new level, he says.

“Exactly,” Greenwald responds. “People are going to see what’s being hidden by a totally different part of the government.”

Read the Intercept‘s full Drone Papers release here.

[1]Correction 10/15/2015 12:45pm: An earlier version of this story stated that a former US citizen, Bilal el-Berjawi, was killed by a drone. In fact, el-Berjawi was a former British citizen.

[2]Updated 10/15/2015 2:15pm to include Erinn Clark in the list of First Look Media security engineers.

 

[Prospero]

Microsoft to offer European home for foreign customer data

 

Murad Ahmed in Berlin and Richard Waters in San Francisco

 

 

 

Microsoft will allow foreign customers to hold data in new European facilities designed to shield customers from US government surveillance, in one of the most drastic corporate responses yet to the American internet spying scandal.

 

On Wednesday, the US software company said it was setting up new data centres in Germany that will be under the control of Deutsche Telekom, the German telecommunications group. The legal and technical arrangement is intended to put the data of European government and business customers, along with millions of citizens, out of reach from US authorities.

 

“These new data centre regions will enable customers to use the full power of Microsoft’s cloud in Germany… and ensure that a German company retains control of the data” said Satya Nadella, chief executive of Microsoft, at a press conference in Berlin.

Technology analysts say it is a “watershed moment”, describing the manoeuvre as the first time a major US tech group had accepted its inability to protect customer data from US governmental overreach.

 

Microsoft’s initiative could have a ripple effect across the industry, creating a tough new privacy standard that customers may soon also demand from other “cloud computing” providers such as Google, Amazonand Oracle.

 

Silicon Valley groups are struggling to regain the trustof European customers in the wake of disclosures by NSA whistleblower Edward Snowden about widespread internet surveillance by US intelligence agencies.

 

In response, US tech groups have moved to build data centres in European countries. But many of the region’s customers remain unsatisfied that these efforts alone can protect against snooping.

 

“I think Microsoft have come to the conclusion that they can’t get away from being a US company,” says Carsten Casper, analyst at Gartner, the research group. “I find that more honourable than others who try to move their data centres to Europe to appease customers, but how good is it to have data centres in those countries if you can access it from abroad with no particular problem?”

 

Analysts say Microsoft’s concession could complicate negotiations between US and EU politicians on a new transatlantic data sharing pact known as “Safe Harbour”. Talks have been faltering for months over the thorny political issue of surveillance.

 

Under Microsoft’s German arrangement, T-Systems, a Deutsche Telekom subsidiary, will operate two new data centre facilities in the country that will open for business in late 2016. They will be used solely to house information on Microsoft European customers, who will also be asked to pay more to store data in this way.

 

But T-Systems will act as a “trustee” of the facilities, with Microsoft insisting its employees will have no access to the data held at the facilities without the German company’s permission.

The companies believe this arrangement means Microsoft will not have to respond to governmental demands for information held in these data centres, forcing official requests to go through German authorities instead.

 

Germany’s data-protection laws, enforced by powerful privacy watchdogs, are considered to be among the continent’s strictest.

The trustee solution is also a response to Microsoft’s legal battle against an order from a New York court, which is trying to force the software group to hand US authorities emails from a US citizen stored on a Microsoft server in Ireland.

 

Brad Smith, Microsoft’s general counsel, has made the case a centrepiece of the company’s pushback against intrusive government demands for personal information, pledging to take the case to the US Supreme Court if necessary.

 

But executives at rival technology companies are concerned about the implications of the high-profile case because of the precedent it will set in the running of their businesses. Microsoft’s German plan would address this issue, should it lose the case.

 

But Paul Miller from Forrester Research says the trustee model is also likely to come under legal attack in the US.

“As with all new legal approaches, we don’t know it is watertight until it is challenged in court,” he says. “Microsoft and T-Systems’ lawyers are very good and say its watertight. But we can be sure opposition lawyers will look for all the holes.”

 

Last month, Europe gave a stinging rebuke to the transatlantic digital alliance, scrapping a 15-year pact that allowed US tech companies to ship personal information about European citizens wholesale to the US.

 

The European Court of Justice decision to invalidate the “Safe Harbour” agreement has left thousands of businesses scrambling to change their legal footing to avoid breaking the law. Europe’s data protection authorities have given companies until January to find alternative data transfer agreements.

 

The US and EU are working to secure a new Safe Harbour treaty but analysts say Microsoft’s decision may strengthen the resolve of EU diplomats who are holding out for stronger assurances over whether citizens data will be subsumed into the US surveillance regime.

“I think it will put pressure on negotiators trying to reach a new transatlantic privacy agreement,” says Mr Casper. “There’s a new piece in the puzzle now.”

 

Edited November 11, 2015 by Prospero

[Prospero]

Ospomeničavanje glavnih aktera je već počelo:

 

Edited November 20, 2015 by Prospero

[iDemo]

Ne znam je l' majstor™ dobio spomenik - ako nije mogli su i njega... 

[papapavle]

Bump: UN panel 'rules in Julian Assange's favour'

 

http://www.bbc.com/news/uk-35490910

 

A UN panel has ruled Wikileaks founder Julian Assange has been "arbitrarily detained", the BBC understands.

Mr Assange took refuge in London's Ecuadorian embassy in 2012 to avoid extradition to Sweden over sex assault claims, which he denies.

He earlier tweeted he would accept arrest if the panel ruled against him, but called for the arrest warrant to be dropped if the decision went his way.

Edited February 4, 2016 by papapavle

[Prospero]

Ne razumem baš terminologiju, kako je "arbitrarily held/detained" kad uopšte nije uhapšen nego je u ambasadi treće zemlje? 

 

Doduše, treba sačekati da vidimo tačno šta piše.

[malkin]

ne daju mu da ode u Ekvador kao azilant, mislim da je to u pitanju.

[Prospero]

A, ok.

[iDemo]

Može da ode al' mora diplomatskom poštom...

[Budja]

Danas konferencija za stampu u ekvadorskoj ambasadi u Londonu.

[Budja]

The Guardian, ocekivano, pljuvka po UN odluci.

 

Potpuno lobisticki list koji je izgubio  kompas i koji je potpuno predvidljiv u svom stavu ako je sukob izmedju zene i muskarca.

 

Otuda je najjaci argument za podrsku Ivet Kuper bio da je zena, otuda sada ne mogu da podnesu UN odluku, a predvidljivo ce podrzati/podrzavaju Klintonovu protiv Bernija jer je, zaboga, zena.