Battles for Democracy. Week 15

Battles for Democracy. Week 15

A weekly summary of the battles for democracy: The heartbleed bug;  US spied human rights organisations;  Nations buying as hackers sell flaws in computer code; Alaveteli: Open Source Freedom of Information Platform; Angela Merkel denied access to her NSA file… and much more.

Following week we won’t publish ‘Battles for Democracy’ all the content will be published in week 16’s so be prepared for a more dense than usual post.

Citizens Losing

Citizens abused or killed, liberties and rights cut.

The heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library. The bug was discovered late last week and most Internet users are likely to be affected either directly or indirectly. It allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

Has the NSA been exploiting Heartbleed Bug for intelligence for years?. Although the American intelligence community is forcefully denying reports that the National Security Agency has long known about the Heartbleed bug, Bloomberg News reported that Heartbleed had indeed been added to NSA’s arsenal almost immediately after the bug appeared, citing two anonymous sources “familiar with the matter”.

The US has spied on the staff of prominent human rights organisations, Edward Snowden has told the Council of Europe in Strasbourg, Europe’s top human rights body. Giving evidence via a videolink from Moscow, Snowden said the National Security Agency – for which he worked as a contractor – had deliberately snooped on bodies like Amnesty International and Human Rights Watch.

Turkey keeps YouTube block despite court rulings and reaffirmed a ban on YouTube imposed after the posting of illicit recordings of top secret security talks cited by Prime Minister Tayyip Erdogan as part of a “dirty campaign” to topple him. Authorities imposed the ban on Google’s video-sharing site on 27 March 2014 in the build-up to local elections, after weeks of leaked wiretaps, allegedly uncovering corruption in Erdogan’s inner circle. Erdogan emerged from the polls with his popularity largely intact. Turkey’s telecoms regulator said on Thursday it would not end the block on YouTube, despite court rulings.

India and South Africa tried to undermine a UN resolution on the right to protest. Are they abandoning HumanRights? On 25 March 2014 South African diplomats, supported by the Indians and some authoritarian governments, attempted to impede the passage of a UN Human Rights Council resolution on the ‘promotion and protection of human rights in the context of peaceful protests.’ They proposed that the right to peaceful protest should be qualified by the need to ensure stability of the state and friendly relations with foreign countries.

Nations Buying as Hackers Sell Flaws in Computer Code. All over the world, from South Africa to South Korea, business is booming in what is called “zero days,” the coding flaws in software like Microsoft Windows that can give a buyer unfettered access to a computer and any business, agency or individual dependent on one. Now, the market for information about computer vulnerabilities has turned into a gold rush. Disclosures by Edward J. Snowden, the former N.S.A. consultant who leaked classified documents, made it clear that the United States is among the buyers of programming flaws. But it is hardly alone.

Citizens Winning

Citizens unite, react and take action, institutions support them.
Laura Poitras & Edward Snowden Awarded 2014 Ridenhour Prize for Truth-Telling for exposing the US government’s vast warrantless surveillance operation. The revelations sparked a debate on the constitutionality of mass surveillance, and how technology has transformed the parameters of individual privacy.

Messy Consequences for National Legislation following Annulment of EU Data Retention Directive. The European Court of Justice has just ruled that most of the EU’s data retention directive is not compatible with privacy rights and has declared invalid the data retention directive (Directive 2006/24/EC), i.e. set of rules obliging ISPs and telcos to retain data and information of citizens using electronic communications networks. Member States seem to have two alternatives: either abrogating the entire national data retention legislation or modify it to meet the “proportionality concern” of the court.

Tools For Democracy

Tools to either increase awareness of the threats to democracy, protect yourself against them or to leverage democracy to new levels.

The Heartbleed test aids you in checking if the hostname of a server is vulnerable to the Heartbleed bug.

BitCongress is a decentralized, peer to peer, open source voting system built onto the Blockchain in a multitude of ways including Ethereum, MetaCoins, ColoredCoins & a mined crypto currency called Votecoin. This system will utilize the Votecoin as mined vote token that is verified by the miners in the crypto currency 2.0 layers. Anyone with a program can plug into the BitCongress system and use the mined currency to verify votes.

The 2013 Annual Report of the UK Interception of Communications Commissioner summarises surveillance activities authorised (and some not authorised) in the UK and performed by the Police or by security and intelligence agencies such as MI5 and MI6.

The fire power of the financial lobby:A survey of the size of the financial lobby at the EU level. The findings are stunning. In total the financial industry spends more than €120 million per year on lobbying in Brussels and employs more than 1700 lobbyists. The financial industry lobbied the post-crisis EU regulation via over 700 organisations and outnumbered civil-society organisations and trade unions by a factor of more than seven, with an even stronger dominance when numbers of staff and lobbying expenses are taken into account. In sum the financial lobby is massively outspending other (public) interests in terms of EU lobbying, by a factor of more than 30.
Read the full report.

Alaveteli: Open Source Freedom of Information Platform. Citizens use Alaveteli to request information, and the replies are recorded for all to see on the website. The project’s initial focus is on making Freedom of Information requests, although it can easily be altered for other purposes. It is being used, that we know of, in: Australia, Brazil, Check Republic, Hungary, European Union, New Zealand, Spain, Tunisia, and Uruguay

Qubes: The operating system that can protect you even if you get hacked. Qubes’ design is based on an important law of software: all programs contain bugs. Based on Xen, the X Window System, and Linux, it can run most Linux applications and utilize most of the Linux drivers. Qubes uses virtual machines to let you manage separate “security domains”. A virtual machine (VM) is basically a tiny operating system running inside of your real operating system. If your VM gets hacked, the attacker is able to access the files and read keystrokes in that VM, but not in other VMs or on your host computer.

Lo and Behold!

Angela Merkel denied access to her NSA file. The US government is refusing to grant Angela Merkel access to her NSA file or answer formal questions from Germany about its surveillance activities, raising the stakes before a crucial visit by the German chancellor to Washington.

Featured image: CC BY-SA gerlos