Posts Tagged ‘encryption’

European Parliament votes to restrict exports of surveillance equipment

January 22, 2018

Members of the European Parliament have voted to curb export of surveillance equipment to states with poor human rights records, following mounting evidence that equipment supplied by companies in Europe has been used by oppressive regimes to suppress political opponents, journalists and campaigners. MEPs in Strasbourg agreed on 17 January to extend EU export controls to include new restrictions on the export of surveillance equipment, including devices for intercepting mobile phones, hacking computers, circumventing passwords and identifying internet users. The proposals also seek to remove encryption technologies from the list of technologies covered by EU export controls, in a move which aims to make it easier for people living in oppressive regimes to gain access to secure communications which can circumvent state surveillance.

Dictators spy on their citizens using EU cyber-surveillance. This must stop. The EU cannot contribute to the suffering of courageous activists, who often risk their lives for freedom and democracy,” said MEP Klaus Buchner, European Parliament rapporteur. “We are determined to close dangerous gaps in the export of dual-use goods and call on member states to follow suit.”

The proposed changes to the EU dual use export control regime are likely to face opposition from the defence industry and governments, as the European Parliament, and the European Commission prepare to negotiate their implantation with Europe’s 28 member states.

European technology companies, including UK firms, have supplied equipment that  has been used for arresting, torturing, and killing people in Iran, Egypt, Ethiopia, and Morocco, according to the European Parliament. An investigation by Computer Weekly revealed that the UK government had approved export licences to Gamma International (UK) to supply mobile phone interception equipment, known as IMSI catchers, to Macedonia, when the regime was engaged in a massive illegal surveillance operation against the public and political opponents.

And the UK’s largest arms manufacturer, BAE Systems, has exported equipment capable of mass internet surveillance to countries that campaigners say regularly commit human rights abuses, including Saudi Arabia, Qatar, Oman, Morocco and Algeria. An overwhelming majority of MEPs supported reforms to the EU’s export control regime, which will require member states to deny export licences if the export of surveillance technology is likely to lead to a serious impact on human rights in the destination country. The proposed changes, backed by 571 votes to 29 against, with 29 abstentions, will impose tough requirements for EU governments.

Member states will be required to assess the likely impact of surveillance technology on citizens’ right to privacy, freedom of speech, and freedom of association, in the destination country before they grant  export licences – a significant step up from current levels of scrutiny.

The proposed rules contain safeguards, however, that will allow legitimate cyber-security research to continue. Companies exporting products that are not specifically listed will be expected to follow the OECD’s “due diligence” guidelines, if there is a risk they could support human-rights violations.

Improved transparency measures will require member states to record and make data on approved and declined export licences publicly available, opening up the secretive global trade in surveillance technologies to greater public scrutiny.

http://www.computerweekly.com/news/252433519/European-Parliament-votes-to-restrict-exports-of-surveillance-equipment

HURIDOCS not too worried about the theft of its computers – read why

December 11, 2015

huridocs-logo-transparent-240x58Last weekend, HURIDOCS office in Geneva and the office of an ally organization were burglarized; two of its desktop computers were stolen. Computers were the only stolen items at both offices, but it’s not possible to say whether the theft was specifically for information stored on the hard drives or just for the computers themselves. Either way, it states confidently in a message that they have not experienced a data breach, because both computers were encrypted and locked with strong passwords. They also didn’t lose any data, because it’s safely stored in Casebox. Here’s how to protect your information and yourself, critical for human rights defenders, in case of physical computer theft:

  1. Lock your computer with a strong and unique password. All passwords should be strong and unique, but perhaps even most importantly for your computer itself. Simple passwords are more easily hacked by ‘brute force’ (guessing until success), seen by someone glancing as you type, or determined from camera footage (that’s why Snowden typed his passwords under a blanket in Citzenfour). There are some good tips for better passwords.
  2. Safeguard all passwords. Do not keep your passwords written on paper near your computer. A multitude of secure passwords will be impossible to keep in mind, so we recommend using a password manager like KeePassX instead; KeePassX also rates the strength of your passwords.
  3. Consistently lock your screen when you step away. Theft can happen very quickly and obviously, unexpectedly. Encrypt your hard drive. If it’s encrypted, no one else can read it. Check your settings in Filevault on Mac and Bitlocker or Veracrypt on Windows.
  4. Regularly back up your encrypted hard drive to another location. If your computer is stolen, you’ll still have all of your information. If you use a password manager like KeePassX, your backup will include a locked file containing all of your passwords. To further protect yourself against privacy breaches and malicious threats, we also recommend to: Scan your hard drive for viruses at least once a week with updated antivirus software like Sophos or Avast.
  5. Update your computer’s operating system and all critical software as soon as updates become available. These updates are often to better protect you from breaches. Set up two-factor authentication and two-step verification on all critical accounts like email, social networks, Apple ID, and shared workspaces. Change your passwords often.

HURIDOCS conclusion: If you’ve taken the above steps and your computer is stolen, you won’t need to worry about your data being stolen along with it. We strongly recommend all human rights defenders take these precautions.

 

https://www.huridocs.org/2015/12/steps-to-protect-your-data-computer-theft/

Bahaa Nasr teaches cyber security to Syrian opposition against their digital enemies

February 10, 2015

Forbes of 2 February 2015 carries an interesting piece by Thomas Fox-Brewster about Bahaa Nasr, a man who “Is Teaching Syrians To Defend Themselves Against Their Many Digital Enemies“.

After a description of recent attacks on opposition forces of the Syrian regime, the article – which does not distinguish a lot between human rights defenders and armed opposition – states that those under attack are in need of better cyber awareness. “That’s where Bahaa Nasr comes in. He runs Cyber Arabs, which provides digital security training not only for Syrians but for activists, human rights defenders and journalists across the Arab world.

Bahaa Nasr of Cyber Arabs - AP Photo/Bilal Hussein

Syria, of course, has been a strong focus of our work in the past years due to the multitude of risks CSO [civil society organization) activists are facing there. While originally the main threat came from the regime and from groups like the SEA, now there is more and more concern about extremist groups like ISIS also resorting to cyber attacks,” he tells me over encrypted email.

He notes one of the most common techniques is social engineering, as the opposition has come to realise. But there are also targeted malware attacks, such as those allegedly launched by ISIS.

Then there are cruder methods at play in Syria’s information war. “Checkpoints are also a problem in many places where they often confiscate computers and mobile phones and thus gain access to data and accounts and new entry points for social engineering attacks,” Nasr adds.

He claims Cyber Arabs has helped around 500 activists, journalists, human rights defenders and citizen journalists from 17 Arab countries. At least 200 were from Syria. Training takes place in person and online, covering general digital hygiene: recognising and avoiding phishing attacks or social engineering attempts, good password practices, learning about different kinds of malware and how to improve the security of social media accounts. Cyber Arabs also teaches use of tools tailored for people’s needs, including secure email and instant messaging, and encryption. There’s an Android app to help stay up to date on the latest threats in the region too.

Nasr has been working closely with a range of influential groups, including Citizen Lab, a research collective based in Toronto, which focuses on digital attacks on activists. John Scott Railton, a member of Citizen Lab, described Cyber Arabs’ work as simply “amazing”. With such help available to Syrians, it’s hoped they won’t suffer from smart online offensives on their systems as they try to bring an end to a horrific, protracted war.”

This Man Is Teaching Syrians To Defend Themselves Against Their Many Digital Enemies.