Posts Tagged ‘cyber security’

Jigsaw designed software (“Outline”) for self-controlled VPNs

March 21, 2018

HOTLITTLEPOTATO

A VIRTUAL PRIVATE NETWORK (VPN), that core privacy tool that encrypts your internet traffic and bounces it through a faraway server, has always presented a paradox: Sure, it helps you hide from some forms of surveillance, like your internet service provider’s snooping and eavesdroppers on your local network. But it leaves you vulnerable to a different, equally powerful spy: Whoever controls the VPN server you’re routing all your traffic through.

To help solve that quagmire, Jigsaw, the Alphabet-owned Google sibling that serves as a human rights-focused tech incubator, will now offer VPN software that you can easily set up on your own server—or at least, one you set up yourself, and control in the cloud. And unlike older homebrew VPN code, Jigsaw says it’s focused on making the setup and hosting of that server simple enough that even small, less savvy organizations or even individual users can do it in minutes.

Jigsaw says that the free DIY proxy software, called Outline, aims to provide an alternative to, on the one hand, stronger anonymity tools like Tor that slow down web browsing by bouncing connections through multiple encrypted hops around the world and, on the other hand, commercial VPNs that can be expensive, and also put users’ private information and internet history at risk.

The core of the product is that people can run their own VPN,” says Santiago Andrigo, the Jigsaw product manager who led Outline’s development. “You get the reassurance that no one else has your data, and you can rest easier in that knowledge.”

..A Swedish NGO, Civil Rights Defenders, has been testing Outline since last fall with the group of sensitive internet users it works to protect, who include journalists, lawyers, human rights defenders and LGBT communities in 18 repressive regimes around the world. ..

https://www.wired.com/story/alphabet-outline-vpn-software/

https://www.androidauthority.com/outline-censorship-vpn-847999/

see also: https://humanrightsdefenders.blog/2017/01/10/security-without-borders-offers-free-security-help-to-human-rights-defenders/

European Parliament votes to restrict exports of surveillance equipment

January 22, 2018

Members of the European Parliament have voted to curb export of surveillance equipment to states with poor human rights records, following mounting evidence that equipment supplied by companies in Europe has been used by oppressive regimes to suppress political opponents, journalists and campaigners. MEPs in Strasbourg agreed on 17 January to extend EU export controls to include new restrictions on the export of surveillance equipment, including devices for intercepting mobile phones, hacking computers, circumventing passwords and identifying internet users. The proposals also seek to remove encryption technologies from the list of technologies covered by EU export controls, in a move which aims to make it easier for people living in oppressive regimes to gain access to secure communications which can circumvent state surveillance.

Dictators spy on their citizens using EU cyber-surveillance. This must stop. The EU cannot contribute to the suffering of courageous activists, who often risk their lives for freedom and democracy,” said MEP Klaus Buchner, European Parliament rapporteur. “We are determined to close dangerous gaps in the export of dual-use goods and call on member states to follow suit.”

The proposed changes to the EU dual use export control regime are likely to face opposition from the defence industry and governments, as the European Parliament, and the European Commission prepare to negotiate their implantation with Europe’s 28 member states.

European technology companies, including UK firms, have supplied equipment that  has been used for arresting, torturing, and killing people in Iran, Egypt, Ethiopia, and Morocco, according to the European Parliament. An investigation by Computer Weekly revealed that the UK government had approved export licences to Gamma International (UK) to supply mobile phone interception equipment, known as IMSI catchers, to Macedonia, when the regime was engaged in a massive illegal surveillance operation against the public and political opponents.

And the UK’s largest arms manufacturer, BAE Systems, has exported equipment capable of mass internet surveillance to countries that campaigners say regularly commit human rights abuses, including Saudi Arabia, Qatar, Oman, Morocco and Algeria. An overwhelming majority of MEPs supported reforms to the EU’s export control regime, which will require member states to deny export licences if the export of surveillance technology is likely to lead to a serious impact on human rights in the destination country. The proposed changes, backed by 571 votes to 29 against, with 29 abstentions, will impose tough requirements for EU governments.

Member states will be required to assess the likely impact of surveillance technology on citizens’ right to privacy, freedom of speech, and freedom of association, in the destination country before they grant  export licences – a significant step up from current levels of scrutiny.

The proposed rules contain safeguards, however, that will allow legitimate cyber-security research to continue. Companies exporting products that are not specifically listed will be expected to follow the OECD’s “due diligence” guidelines, if there is a risk they could support human-rights violations.

Improved transparency measures will require member states to record and make data on approved and declined export licences publicly available, opening up the secretive global trade in surveillance technologies to greater public scrutiny.

http://www.computerweekly.com/news/252433519/European-Parliament-votes-to-restrict-exports-of-surveillance-equipment

Commercial spyware out of control and becoming threat to human rights defenders

December 6, 2017

Read the rest of this entry »

BBC investigation on Arab States and import of cyber-surveillance tools

June 16, 2017

On 15 June 2017 the BBC came out with a special report on “How BAE sold cyber-surveillance tools to Arab states’A dancer tucks his Apple iPhone next to his traditional Omani dagger during a welcome ceremony in Muscat, Oman (5 November 2016).

A year-long investigation by BBC Arabic and a Danish newspaper [Dagbladet Information] has uncovered evidence that the UK defence giant BAE Systems has made large-scale sales across the Middle East of sophisticated surveillance technology, including to many repressive governments. These sales have also included decryption software which could be used against the UK and its allies. While the sales are legal, human rights campaigners and cyber-security experts have expressed serious concerns these powerful tools could be used to spy on millions of people and thwart any signs of dissent. The investigation began in the small Danish town of Norresundby, home to ETI, a company specialising in high-tech surveillance equipment. ETI developed a system called Evident, which enabled governments to conduct mass surveillance of their citizens’ communications. A former employee, speaking to the BBC anonymously, described how Evident worked. “You’d be able to intercept any internet traffic,” he said. “If you wanted to do a whole country, you could. You could pin-point people’s location based on cellular data. You could follow people around. They were quite far ahead with voice recognition. They were capable of decrypting stuff as well.”

 

Image copyright GETTY IMAGES

A video clip accompanying the article is to be found on the website of the BBC (see link below) and it features Ahmed Mansoor, the 2015 Laureate of the Martin Ennals Award.[https://humanrightsdefenders.blog/2017/03/21/ahmed-mansoor-mea-laureate-2015-arrested-in-middle-of-the-night-raid-in-emirates/]

One early customer of the new system was the Tunisian government. The BBC tracked down a former Tunisian intelligence official who operated Evident for the country’s veteran leader, President Zine al-Abidine Ben Ali. “ETI installed it and engineers came for training sessions,” he explained. “[It] works with keywords. You put in an opponent’s name and you will see all the sites, blogs, social networks related to that user.” The source says President Ben Ali used the system to crack down on opponents until his overthrow in January 2011, in the first popular uprising of the Arab Spring. As protests spread across the Arab world, social media became a key tool for organisers. Governments began shopping around for more sophisticated cyber-surveillance systems – opening up a lucrative new market for companies like BAE Systems. In 2011, BAE bought ETI and the company became part of BAE Systems Applied Intelligence. Over the next five years, BAE used its Danish subsidiary to supply Evident systems to many Middle Eastern countries with questionable human rights records (such as Saudi Arabia, the UAE, Qatar, Oman, Morocco and Algeria).

 

“I wouldn’t be exaggerating if I said more than 90% of the most active campaigners in 2011 have now vanished,” says Yahya Assiri, a former Saudi air force officer who fled the country after posting pro-democracy statements online.  “It used to be that ‘the walls have ears’, but now it’s ‘smartphones have ears,‘” says Manal al-Sharif, a Saudi women’s rights activist who also now lives abroad. “No country monitors its own people the way they do in the Gulf countries. They have the money, so they can buy advanced surveillance software.” [see also: https://humanrightsdefenders.blog/2013/12/13/five-women-human-rights-defenders-from-the-middle-east/]

Manal al-Sharif
Manal al-Sharif says Gulf states have the money to buy advanced surveillance equipment‘Responsible trading’

….The BBC has obtained a 2015 email exchange between the British and Danish export authorities in which the British side clearly expresses concern about this capability with reference to an Evident sale to the United Arab Emirates. “We would refuse a licence to export this cryptanalysis software from the UK because of Criteria 5 concerns,” says the email. [“Criteria 5” refers to the national security of the UK and its allies.]…Despite British objections, the Danish authorities approved the Evident export…..

…….Dutch MEP Marietje Schaake is one of the few European politicians prepared to discuss concerns about surveillance technology exports. She says European countries will ultimately pay a price for the compromises now being made. “Each and every case where someone is silenced or ends up in prison with the help of EU-made technologies I think is unacceptable,” she told the BBC. “I think the fact that these companies are commercial players, developing these highly sophisticated technologies that could have a deep impact on our national security, on people’s lives, requires us to look again at what kind of restrictions maybe be needed, what kind of transparency and accountability is needed in this market before it turns against our own interest and our own principles.

Source: How BAE sold cyber-surveillance tools to Arab states – BBC News

https://twitter.com/hashtag/freeahmed