These days, it is common to read articles in the media about US intelligence agencies overstepping the mark when it comes to spying on their citizens. Sadly, despite the misinformed belief that things are better on the other side of the pond, the reality is that surveillance is also way out of hand in Europe.
In the UK, the home secretary is attempting to rush through disturbing legislation that will mean every UK citizen’s digital footprint may be examined. To make these web histories available to the authorities, ISPs will need to retain those records for a year.
In Germany and France surveillance problems are also coming to a head, in what appears to be some sort of Western governmental mass-hysteria for spying on its own citizens. Fueled (or perhaps made acceptable to the public) by a fear that there may be terrorists among the waves of migrants that have arrived on Europe’s shores (due to the war in Syria).
In France, Parliament has voted to fine – and even imprison – any employees of companies that are directly responsible for not decrypting valuable information needed for government investigations. This, of course, comes amid the US’ problem with the San Bernardino killer’s iPhone – which Apple is refusing to give the government access to for various reasons.
After yesterday’s vote in the National Assembly, where French lawmakers voted 474 to 32 in favour of the legislation, the reforms will now move to the upper house of the Senate where they will also need to be approved before finally being signed in by President Francois Hollande.
If passed, the bill will impose fines of $385,350 on technology firm employees that do not cooperate with the authorities. Also imposing possible jail terms of five years for senior executives, and two years for telecommunications company employees that do not assist intelligence agencies with important ongoing investigations.
In Germany, a government approved computer Trojan meant for spying on criminals during ongoing cases is coming into question because of its seemingly broad implications. It is worried that the government virus may be able to intercept private data that has never even been shared on the Internet. Patrick Breyer, who is an active member of the Pirate Party in Germany (a privacy advocacy group that believes the government has no place in people’s home computers), has made the following statement,
‘But we don’t know whether this program can intercept saved data, photographs we never share and make for ourselves, personal diaries, things that should be as secure as if they were stored at home.’
Breyer believes that the government ought to be helping to keep people secure online rather than making themselves a part of the problem. Unfortunately, ever since a 2008 judgement in a top German court decided that hacking should be allowed in cases where someone’s life may be under threat (or during crimes against the state including terrorism), things have been going steadily downhill.
In a 2011 version of the government sanctioned virus that has already been found in circulation, the Trojan was found to be able to spy on all manner of communications including keystrokes, phone calls and email as well as SMS communications. It also had the ability to record audio and video from the device that it was delivered to. With the German interior ministry now deciding to grant formal approval for the use of the malware in all of Germany’s federal states, it is worried that German privacy (like that of the citizens of the US, UK, France and elsewhere) is now becoming a thing of the past.
Another problem, according to Breyer, is the fact that the government virus can be updated after it has been delivered to someone’s computer or smartphone. This means that third-party surveillance programs can be added to the Trojan unbeknownst to anyone but the German intelligence agencies who control it. Breyer rightly is worried that this has implications for abuse at the hands of both government agencies and cyber criminals,
‘In the case of the so-called Bavarian Trojan, Chaos Computer Club examined it and found that it is capable of doing much more than is legally allowed. For example, it had the ability to download another code and program in completely different functions.’
Chaos Computer Club (CCC), a white hat hacker association, based in Germany, found that the government Trojan was indeed vulnerable to third party infiltration. According to CCC, those vulnerabilities could allow cyber criminals to also use the virus to spy on German people, including by issuing third party updates for the malware that only they would know about (and be in control of).
Infuriatingly, this now seems to be the norm amongst Western nations, who spend their entire time finding more ways to strip away citizens rights to digital privacy. As well as (insanely) increasing the danger of attack and surveillance at the hands of both cyber criminals and foreign intelligence agencies. Despite the loud protestations of human rights activists and privacy groups in the US, UK and throughout Europe, however; little can be done, it would appear, to quell the unstoppable surveillance privileges that governments keep extending to themselves, in spite of the people that they represent.