SumVoces: Transparencia y protección de datos, las herramientas que Venezuela necesita

Nuestra última entrega de SumVoces contó Rim Hayat Chaif de Argelia, en inglés y árabe. Este mes os traemos abogada venezolana y activista de derechos digitales, Marianne Díaz Hernández, en inglés y español.

La omnipresencia de la tecnología está justo en el límite de convertirse en algo que ya no notamos, algo que damos por sentado y en lo cual no pensamos demasiado. A medida que esto sucede, las entidades a cargo de proveer servicios tecnológicos sólo incrementan la cantidad de información que recolectan de nuestras actividades, y tanto compañías como gobiernos utilizan esta información para su provecho, en ocasiones en contra de las leyes de privacidad, pero incluso más aún en lugares donde estas leyes no existen. En Venezuela, no existen leyes en relación con la protección a los datos personales, incluyendo su recolección y su manejo. Al mismo tiempo, el gobierno está recabando enormes cantidades de datos (desde huellas digitales hasta consumo de alimentos) y cerrando esta información tras cercos, haciéndola inaccesible a los ciudadanos y a la sociedad en general.

Mientras por un lado, los datos personales y los metadatos son recabados sin seguir ningún estándar, y las comunicaciones privadas son violadas de manera regular, por otro lado, la información gubernamental es inaccesible o está enterrada profundamente bajo capas interminables de burocracia. El principal argumento contra el alegato de que Venezuela tiene las tasas de inflación y de homicidios más altas del mundo, yace en el hecho de que no hay cifras oficiales para éstos o para un sinnúmero de otros asuntos públicos: enfermedades y epidemias, distribución de alimentos y escasez, hambre y pobreza, así como los indicadores económicos, son publicados sólo a conveniencia del gobierno y no pueden ser solicitados por los ciudadanos. Un par de años atrás, una organización no gubernamental solicitó información con respecto a cuántos sitios web estaban siendo bloqueados por el gobierno (alrededor de 1.500, de acuerdo con investigaciones independientes) y las razones y procedimientos para tales bloqueos. La respuesta del Tribunal Supremo fue declarar que toda la información de telecomunicaciones era “secreto de Estado”, y que esta ONG no tenía derecho a requerir tal información.

La falta de estándares legales en torno al acceso a la información puede ser dañina tanto para la transparencia como para la privacidad. No haber establecido qué datos son considerados públicos (y deben ser liberados) y qué datos son considerados privados (y deben ser protegidos) puede crear un entorno en el cual la información fluye de acuerdo a los intereses particulares de los actores públicos y privados que detentan el poder, en lugar del interés público. Como ciudadanos, la falta de control que tenemos sobre nuestra información privada puede ser usada como herramienta para la opresión, la censura y la presión política. En el caso de Venezuela, por ejemplo, la interconexión de la información biométrica, que es usada en los sistemas electorales así como en los sistemas de distribución alimentaria, es percibida por muchos ciudadanos como si pudiera tener un impacto directo en su capacidad para alimentarse a sí mismos y a sus familias. Como consecuencia, las personas podrían sentir propensión a restringirse de involucrarse en la vida política del país, como una medida de autopreservación.

La Asamblea Nacional venezolana se encuentra debatiendo el proyecto de una ley que, de ser aprobada, se convertiría en la primera en regular el manejo y publicación de información pública. Esta ley podría proporcionar a los ciudadanos las herramientas legales para requerir información pública del gobierno, así como mecanismos de rendición de cuentas, en el caso de que los servidores públicos no cumplan con su obligación de liberar información pública. Aunque esto podría parecer un estándar mínimo para los datos abiertos, para Venezuela significaría un cambio trascendental en la forma en la que las políticas públicas son creadas y aplicadas, y en la manera en la que los ciudadanos podrían involucrarse en la creación de políticas públicas y la rendición de cuentas. Es una gran oportunidad para crear un conjunto de estándares en torno a la información pública, así como a los límites entre lo público y lo privado, junto con mecanismos que permitirían a los ciudadanos tomar medidas para proteger su información personal que yace en manos de actores estatales. Mientras la capacidad de obtener información en torno a procesos y políticas públicas es una poderosa herramienta para la transparencia, la innovación y la lucha contra la corrupción, la capacidad de controlar la forma en que nuestros datos personales son recabados, tratados, almacenados y compartidos podría ser una de las garantías más importantes que podemos ganar para la protección de nuestras libertades en línea.

Marianne Díaz Hernández contribuyó con anterioridad a SumVoces con "Digital Security Starts With Contextual Risk Assessment" ("La Seguridad Comienza digitales con el Análisis de Riesgos contextual"). Ella está involucrada en iniciativas como Creative Commons Venezuela y Acesso Libre y contribuye a Global Voices y el blog de Amnistía Internacional. Seguirla @mariannedh.

---

¿Quieres más SumVoces? Sigue leyendo!

• SumVoices: Algeria: Online Harassment on the Rise (inglés y árabe)
• SumVoices: Digital Security Starts With Contextual Risk Assessment (inglés y español)
• SumVoices: Cybercrime in Algeria - Phenomenon on the Rise (inglés y árabe)

SumRando Cybersecurity es un proveedor de VPN, Proxy Web y Mensajero Seguro basado en Mauricio. Bajo el Radar y Totalmente Seguro.

SumVoices: Transparency and Data Protection Are Tools Venezuela Needs

Our last installment of SumVoices featured Rim Hayat Chaif from Algeria, in English and Arabic. This month we bring you Venezuelan lawyer and digital rights activist, Marianne Díaz Hernández, in English and Spanish.

The ubiquity of technology is on the verge of becoming something we don’t notice anymore, something we take for granted and don’t give too much thought to. As this happens, the entities in charge of technology services only increase the amount of information they gather from our activities, and both companies and governments use this information to their advantage, sometimes against privacy laws, but even more so in places where these laws don’t exist. In Venezuela, there are no laws regarding data protection, including its collection or handling. At the same time, the government is gathering vast amounts of data (regarding everything from fingerprints to food consumption) and locking this information behind walls, making it unavailable to citizens and civil society in general.

While on one hand, personal data and metadata are collected without following any standards and private communications are violated regularly, on the other hand, government-related information is unavailable or buried deep within neverending layers of bureaucracy. The main argument against stating that Venezuela has the highest inflation and murder rates in the world lies in the fact that there are no official figures for this or for a number of other public issues: diseases and epidemics, food distribution and scarcity, hunger and poverty, and economic indicators are only released at the government’s convenience and cannot be requested by citizens. A couple of years ago, one NGO requested information regarding how many websites were being blocked by the government (about 1,500, according to independent investigations), and the reasons and procedures for such blockages. The Supreme Court answer was to declare all telecommunications information to be a “state secret” and to declare that this NGO had no standing to request such information.

A lack of legal standards regarding access to information can be damaging to both transparency and privacy. Not having established which data is considered public (and must be released) and which data is considered private (and must be protected) can create an environment in which information flows according to the particular interests of power-holding public and private actors, rather than according to public interest. As citizens, the lack of control we have over our private information can be used as a tool for oppression, censorship, and political influence. In Venezuela’s case, for instance, the interconnectedness of biometric information, which is used in electoral systems and in food distribution systems, is perceived by citizens as if their political stance might have a direct impact on their ability to feed themselves and their families. It follows that people might feel inclined to restrain themselves from getting involved in the political life of the country as a self-preservation measure.

The Venezuelan Congress is currently debating the draft of a bill which, if approved, would become the first law to regulate the handling and sharing of public information. This law would provide citizens with legal tools to request public information from the government, and also for accountability mechanisms in the event that public servants do not fulfill their duty to release public information. Although this might seem a bare minimum standard for open data, for Venezuela it would mean a transcendental change in how public policies are created and applied, and in how citizens can become involved in policy making and accountability processes. It is a great opportunity to create a set of standards regarding not only public information but the boundaries between public and private, along with mechanisms that would allow citizens to take steps in protecting their private information in the hands of State actors. While the ability to gain information regarding public processes and policy making is a powerful tool for transparency, innovation and the fight against corruption, the ability to control how our personal data is collected, treated, stored and shared might be one of the most important guarantees that can be gained in the protection of online freedoms.

Marianne Díaz Hernández previously contributed to SumVoices with "Digital Security Starts With Contextual Risk Assessment" ("La seguridad digital comienza con el analisis de riesgos contextual"). She is involved in initiatives including Creative Commons Venezuela and Acesso Libre, contributes to Global Voices and guest blogs for Amnesty International. Follow her @mariannedh.

---

Want more SumVoices? Read on!

• SumVoices: Algeria: Online Harassment on the Rise (English and Arabic)
• SumVoices: Digital Security Starts With Contextual Risk Assessment (English and Spanish)
• SumVoices: Cybercrime in Algeria - Phenomenon on the Rise (English and Arabic) 

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Report Lists 91 Countries Requesting Facebook Account Data and Content Restrictions

Have you seen your Facebook page lately? The photos from your best friend’s wedding, where you were last night and even your phone number?

Facebook routinely grants government requests to access private pages and restricts content based on local laws. The social networking site recently released a breakdown of all activity worldwide from July to December 2015. Highlights include:

[Source: Keri J]

TOP 10 COUNTRIES FOR REQUESTS FOR USER DATA

United States (19,235)

India (5,561)

United Kingdom (4,190)

Germany (3,140)

France (2,711)

Brazil (1,655)

Italy (1,525)

Argentina (892)

Australia (802)

Poland (611)

TOP 10 COUNTRIES FOR USER ACCOUNTS REFERENCED

United States (30,041)

India (7,018)

United Kingdom (5,478)

Germany (3,628)

France (2,894)

Brazil (2,673)

Italy (2,598)

Argentina (1,047)

Spain (947)

Australia (846)

TOP 10 COUNTRIES FOR PERCENTAGE OF REQUESTS WHERE SOME DATA WAS PRODUCED

Nigeria (100%)
Croatia (90.91%)
Sweden (87.31%)
Turkey (84.20%)
United Kingdom (82.15%)
Serbia (81.48%)
United States (81.41%)
Albania (80.00%)
United Arab Emirates (80.00%)
Canada (79.63%)

TOP 10 COUNTRIES FOR CONTENT RESTRICTIONS

France (37,695)
India (14,971)
Turkey (2,078)
Germany (366)
Israel (236)
Austria (231)
United Kingdom (97)
Russia (56)
Brazil (34)
Kazakhstan (25)
 

The complete listing of all 91 countries with user data requests and content restrictions in the second half of 2015 can be found at https://govtrequests.facebook.com/, along with all reports dating back to 2013.

According to Facebook, government requests typically are prompted by criminal investigations and ask for basic subscriber information including name, registration date and length of service; account content; and/or IP address logs. Content restrictions occur when governments ask Facebook to remove content that would not be allowed under local law.

So, the next time you’re on Facebook (or even the Facebook-owned, metadata collecting WhatsApp), make sure that everything there is information you would be willing to share with your government. After all, sometimes even the most innocent of “criminals” can find themselves under government surveillance.

---

Want the latest freedom of speech and cybersecurity news from around the world? Read on!

• World Press Freedom Day 2016 Highlights What Journalism Needs
• It's a Vulnerable World: Panama Papers Edition
• This Tiradentes Day, Take a Stance Against Censorship in Brazil 

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Take Action Against Facebook’s Targeted Ads

Facebook has just taken data collection to a whole new level: targeted ads based on visits to webpages that feature the Like button. That’s right: the ads you see won’t be determined by your decision to click on the Like button, just on your decision to surf the web.

Since the Like button’s introduction in 2010, embedded cookies have followed logged in and logged out users alike around the internet, sending information from each Likable page visited back to Facebook. What has changed recently is how the social media platform views that data: in 2011, WSJ’s Digits quoted a Facebook spokesman as insisting, “No information we receive when you see a social plugin is used to target ads.” Now, exactly the opposite holds true.  

A mid-September announcement from Facebook did its best to sidestep a data privacy argument by applauding its newfound ability to provide more relevant, useful ads and reminding users that they remain (somewhat) in charge of which ads they see. Although not exactly the announcement we would have written, it did serve as a good reminder to take what controls we are given:

• Make use of Facebook’s Ads Settings page. You have the option to hide ads based on your use of websites and apps, to hide the actions you’ve taken in response to ads, and to manage your preferences in determining which ads you see. Just don’t let yourself think you are doing more than hiding: as Facebook will remind you when you adjust these settings, users are simply changing the potential relevancy of the ads they see and not the number of ads they see or the amount of information that Facebook collects about them.

• For users connecting from the United States, Canada or Europe, take additional measures to opt-out of what web viewing data collection you can. When you adjust your online interest-based ads setting, Facebook will offer to direct you to the Digital Advertising Alliance of the United States, Canada or Europe. Again, be aware of the limitations of doing so: the DAA of the U.S., for example, provides the opportunity to opt-out of just 124 participating companies’ data collection; when we tried it, we succeeded in opting out of only 79 of those companies’ cookies.

• Be willing to take regular, proactive measures. Log out of Facebook after each session and use a cookie blocker such as EFF’s Privacy Badger when browsing the internet. Your extra effort will be rewarded with a newfound sense of privacy.

It is an undeniable fact that the social media platforms we have come to rely on are funded by advertising revenue, but this alone does not justify the constant push by entities such as Facebook to find new ways to collect and exploit our data. Privacy advocates have long asked Facebook to limit Like button data collection to those who choose to click on the button; given that Facebook’s current response has been to move in the opposite direction, users must continue to actively defend what privacy they still can. 

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Putin Targets Internet Freedom, Highlights Social Media Danger to Russia

This week, Russian President Vladimir Putin took a page from other world leaders who have recently targeted the Internet as a political punching bag on the heels of new restrictions passed by the Russian parliament.  The law requires social media websites to maintain servers within Russia and save information about its users.  In his widely-publicized remarks, Putin pointed to the potential harm of Internet companies like Yandex (Russia's top search engine) and others who do not exhibit faithfulness to Russian security and business interests.  Among his most pointed claims, Putin suggested that Russia must go to great lengths to protect itself on the Internet since, as he put it, the Internet was originally a "CIA project" that is "still developing as such."

Russia's technology sector and other pro-democracy voices are rightfully speaking out in anger about the new efforts to limit internet freedom.  The restrictions, building on the fact that pro-Putin businessmen now control Russia's largest social media platform Vkontakte, suggest that Putin's recent efforts to build nationalistic support for the Kremlin's political efforts will expand more formally into the cyber sector.

The Wall Street Journal detailed just how far these laws would reach:

The three bills impose strict control over disseminating information on the Internet and online payments, and toughen punishment for terrorism and extremism. The one that sparked the most concern effectively equates popular bloggers with media outlets, subjecting them to substantially greater regulation and legal liability.

The bill would require bloggers with 3,000 or more page-views a day to reveal their identities, fact-check their content, not disseminate extremist information or information violating privacy of citizens, and abide by the rules of pre-election silence. Human-rights activists say bloggers are ill-equipped to fulfill such demands. Failure to comply would be punished by fines and possibly blocking.

Social-networking sites, blog hosts and other "organizers of disseminating of information on the Internet" may also be affected, as the bill requires them to store data on popular users' activity online for six months for potential use in police and other official investigations. 

Read more about the new laws and how this could impact the internet landscape in Russia and beyond.

London Bans Creepy Stalker Trash Bins

A government not hesitating to take proactive and concrete steps to protect our privacy seems almost bizarre given recent news cycles, but indeed, the city of London stepped up and asked marketing company, Renew, to remove their mobile-tracking trash bins from London's sidewalks.

Renew deployed 12 bins featuring "ORB" technology that allowed them to collect the unique media access control (MAC) address of Wi-Fi enabled mobile devices as they passed within range. The idea, as outlined in a press release, was to use the data gleaned from tracking pedestrians to serve the most effective ads on the LCD screen on each bin.

The consolidated data...highlights the significance of the Renew ORB technology as a powerful tool for corporate clients and retailers. It provides an unparalleled insight into the past behavior of unique devices--entry/exit points, dwell times, places of work, places of interest, and affinity to other devices--and should provide a compelling reach data base for predictive analytics (likely places to eat, drink, personal habits etc.). [Renew]

You can think of this as a less malicious version of Moscow's new mobile tracking system (although, they use different technologies). 

With only 12 bins, Renew was able to log data from more than 4 million devices over a single week. It is unsettling, at best, that this data could be used to paint reasonably detailed portraits of pedestrian behaviour without any notification or ability to opt-in to this data collection program.

Certainly, tracking systems like this should be a concern for anyone using a Wi-Fi capable mobile device. And while Renew likely does not harbour any malicious intent, similar techniques have already been shown as feasible. In previous demonstrations, researchers showed that by simply using common network names like "Apple Store" or "Boingo Hotspot," mobile devices could be tricked into auto-connecting to unsecured Wi-Fi networks that serve your data to anyone watching.

Fortunately, defense against programs like ORB is available. A simple mobile VPN will ensure that any data sent over unsecured Wi-Fi networks is safe and disabling Wi-Fi on your device when you don't need it will prevent it from talking to these networks at all.

FTC Updates Rules to Protect Kids from Data Collection

The U.S. Federal Trade Commission hasn’t been given enough credit in their efforts to protect Americans’ privacy. Earlier this year, the FTC pushed congress to legislate transparency for data brokers, and now they’ve updated the 1998 Children’s Online Privacy Protection Act to address data collection when it comes to kids.

According to the FTC, the revised rule “addresses changes in the way children use and access the Internet, including the increased use of mobile devices and social networking.” The new policy requires that websites targeting children under 13 and sites that knowingly collect information from children under 13 acquire parental permission before “collecting, using, or disclosing such personal information, and keep secure the information they collect from children.”

At the FTC, protecting children’s privacy is a top priority,” said FTC Chairwoman Edith Ramirez. “The updated COPPA rule helps put parents in charge of their children’s personal information as it keeps pace with changing technologies. [FTC]

Needless to say, the new rule has met ire from marketers, advertisers and other businesses that frequently deal in personal information. Morgan Reed, executive director of the Association for Competitive Technology expressed concern at the logistics of implementing a rule targeting a select demographic.

“How do we make the goals of COPPA function in a technological world where a parent might hand their tablet computer from the front seat of the car to the back seat of the car? How does the developer know when he has to change behaviour?”  Reed said.

Certainly, there will be substantial challenges in implementing a rule like this, but I think we can all agree this is a step in the right direction.

Anyone concerned about his or her privacy or that of a loved one should also consider using a VPN to secure the data coming in and out of their computer.

Private Parts is the official blog of SumRando VPN and is basically the coolest thing on the web. You can try SumRando for free here.