How is COVID-19 affecting tech and privacy issues? A roundup

Surveillance:

India

Will the coronavirus crisis inevitably result in an expansion of the surveillance state in India?

Drone data to play a part in a lockdown exit strategy


Balkans

COVID-19 pandemic adversely affects digital rights in the Balkans


United States

EARN IT bill is the government's not so secret plan to scan every message online

Tested positive coronavirus health workers may share your address to police

ACLU white paper shows the limits of location tracking in an epidemic


Lebanon

What the Lebanese government can do to respect users' privacy while fighting COVID-19



 Access:

United States

Can we all agree now that internet access is a necessity?


India

Kashmir's internet shutdown is preventing people from getting coronavirus information



Political Oppression:

Egypt

Now the Sisi regime has arrested Alaa's family for protesting coronavirus conditions in his prison #FreeAlaa

You are online. You need SumRando VPN, Messenger, and STASH.

Whether you are an activist, journalist, member of a marginalized group, or just a regular citizen, you need online protection. In this age of data selling, theft, and surveillance, privacy is under siege. Our encryption products can help you stay safe and anonymous. Get our apps here.

"I Heard a Siren from the Silicon Docks"

Happy St. Paddy's Day to all the Irish out there and to those non-Irish who just want a reason to drink Guinness.

The Irish may be the largest diaspora in the world. Some 80 million people worldwide claim Irish heritage; this, from a country whose peak population reached 8 million. Even those not so well-versed in history know that oppression sent millions to emigrate or to their deaths. Poverty was a major struggle up until the Celtic Tiger in the 1990s, after decades of European Union structural funds propelled the economy to the top tier. It was an opportune time, as a fledgling tech industry would soon grow into a major global force. Many of the biggest tech companies in the world now have headquarters in Dublin; they have rebuilt the docklands - a once dirty old town of warehouses and factories - into a glittering, glass and steel mini city known as the Silicon Docks. If you've ever been to Dublin, you'd marvel at the changes over the last twenty years. It's a whole new world.

One reason the tech companies flocked to Dublin was its weak privacy laws. Data drinking companies like Google and Facebook were able to build massive data empires in part because these laws made privacy virtually an afterthought. Ireland's Data Protection Commissioner has been repeatedly challenged in courts by the European Union, and a new EU privacy law may open the floodgates for more litigation.

The EU's General Data Protection Regulation (GDPR) will restrict how tech companies collect, store, and use personal data beginning 25 May 2018. Businesses and organizations that fail to comply with GDPR will be fined 20 million euro or 4% of their global annual revenue, whichever is higher. 

The Irish government is trying to make the state exempt from provisions of the GDPR. A massive 132 page bill is still under debate with some rather bizarre points, such as reducing the age of consent from 16 to 13! Irish data protection experts are universally opposed to the bill, which they say, "has the potential to kill data protection enforcement in Ireland and will take years of litigation to fix.”

So why is Ireland opposed to data protection? For one, most businesses in Ireland are not prepared for the GDPR changes. Then there is the government itself that feels it is not prepared and worries that any fines on its public bodies may drain the budget and prevent them from fixing the problems that led to the fines in the first place.

These issues will be discussed in April at the Dublin Data Sec 2018 conference. Let's hope Ireland can get the bill sorted out before the GDPR deadline. In the meantime, here's to all the Irish out there. 

Sláinte!

SumLinks - Cyberattacks, censorship, espionage, and more

Bahraini human rights activist Nabeel Rajab was sentenced to an additional five years in prison for tweets.

An Inside Look At The Accounts Twitter Has Censored In Countries Around The World

Cyberattacks increasing against civil society in Azerbaijan ahead of election

Worst Innovation Mercantilism Policies of 2017

Internet Governance Forum 2017 was one of the first times that "various organizations and professionals came together to address the links and gaps between the internet governance and media development communities. Synopsis from the Global Forum for Media Development.

The size of your app matters. Just ask Ethiopians.

Pakistanis are speaking out against internet shutdowns.

Zimbabwe: Omnibus Cyber Bill muddies Fundamental rights

Read more at: http://www.africafex.org/access-to-information/zimbabwe-omnibus-cyber-bill-muddies-fundamental-rights

Zimbabwe: Omnibus Cyber Bill muddies Fundamental rights

Read more at: http://www.africafex.org/access-to-information/zimbabwe-omnibus-cyber-bill-muddies-fundamental-rights

 Cyber bill threatens fundamental rights in Zimbabwe

Laughing in the face of internet shutdowns in Bangladesh

Zimbabwe: Omnibus Cyber Bill muddies Fundamental rights

Read more at: http://www.africafex.org/access-to-information/zimbabwe-omnibus-cyber-bill-muddies-fundamental-rights

New bill threatens internet freedom in Honduras.

EFF and Lookout Uncover New Malware Espionage Campaign in Chat Apps Infecting Thousands Around the World

Research

Dependent Yet Disenfranchised: The Policy Void That Threatens the Rights of Mobile Users in Arab States
Amazon Go’s ambient processing of special category data (eg ethnicity) to create “checkout free shopping” might cause problems if moved to Europe under the GDPR given the inability to freely consent.

Mapping Digital Freedom in Palestine

The Importance of Privacy by Design and Data Protection Impact Assessments in Strengthening Protection of Children's Personal Data Under the GDPR

The State of Privacy in Lebanon

MMXVIII - Our New Year's Resolutions

He who gave us our calendar.

From the frigid tundra of Siberia to the scorching heat of Alice Springs, the start of a new year is a symbolic reboot point and a time to reflect upon the events in our lives that we can and cannot control. Many of us vow to eat healthier, exercise more, drink less, worship better, call home more often, or a myriad of other corrections to the flaws that make us human.  We have probably been doing that since the adoption of the first calendar.

Archaeologists have reconstructed methods of timekeeping that go back to the Stone Age, and the first calendars date to the Bronze Age when we discovered metal and writing. They were lunisolar in nature and needed intercalary months - leap months, basically - in order to keep summer as summer and winter as winter. Julius Caesar had enough of that nonsense and introduced a solar calendar to eliminate leap months, following an algorithm that added a leap day every four years. The Persian mathematician Omar Khayyam (yes, he of poetry fame) measured the length of a year to astounding accuracy in the eleventh century, showing that the Julian calendar had too many leap years. Pope Gregory XIII introduced calendar reforms based on the knowledge of the actual length of a year to set the date for Easter in 1582. There are at least thirty-three other calendars in use across the world today, most based on religious beliefs, but generally everyone uses the Gregorian calendar in civil life.

We have reached the year 2018 in the common era, a time of unprecedented technological progress. But with progress come problems, as complicated and complex as the technology itself. Human beings, for whatever reason, make life extremely (and needlessly) complicated, and we may spend as much time trying to solve the problems of our own making as we do sleeping. Consider the internet, arguably the most transformative invention in history. Here we literally have the world at our fingertips. You may be reading this blog post from Johannesburg, Tehran, Delhi, or Paris. You may be using a SumRando server in Sweden, USA, Turkey, Amman, Singapore, Hong Kong, Brazil, or Spain or another server from any corner of the world. You may buy SumRando VPN with Rand, Rial, Rupees, or Euros with just a number on a plastic card and a click of a button. It's pretty mind-blowing to think about.

Yet we have these people who want to limit our use of such an invention, who censor it or spy on us or steal from us or slow it down so they can make money off us. It's all stealing, really. So for this new year, let us make some resolutions to save the internet from these people who would destroy it, these corporations, governments, hackers, and lobbyists who just can't stand human freedom and dignity, who seek profit and power at the expense of humanity, who would still use a lunar calendar if there were money or power to come from it. Here are our resolutions:

1. Stand up for net neutrality. The regime in the United States has decided to give the corporations who fund it complete control over what Americans can see on the internet. What will stop other regimes across the world from slowing access to certain websites if the country that invented the internet is unwilling to protect it from those motivated only by power and profit? Even if we won't admit it, developing countries look to the United States for leadership or fear condemnation and consequences for bad behavior. Discarding net neutrality rules indicates to rogue regimes that it is ok to manipulate internet traffic. Unless the United States takes measures to reestablish net neutrality for itself, net neutrality in the world may be in jeopardy. As we've seen in Portugal, loopholes in EU net neutrality laws make it difficult for any EU country to be a global enforcer. There are just too many questions right now. We all need to push our governments to actively pursue net neutrality regulations so that we may enjoy a free and fair internet like we are wont to do.

2. Stand up for internet freedom and freedom of expression. Net freedom is a human right. It is that simple. Article 19 of the Universal Declaration of Human Rights protects freedom of expression, and as an extension, the United Nations passed a resolution stating that "the same rights people have offline must also be protected online." So not only is internet freedom in our hearts and minds, it is international law. Of course, the usual suspects opposed the resolution, given their addiction to censorship, fear, and surveillance. So we fight on.

3. Stand up for privacy. At a time when CCTV can recognize our faces and leviathan social media companies are tracking our every move online (and sometimes offline, too), privacy is threatened more than ever. Privacy starts with encryption. Encryption is kind of our thing. It's what we do. Get our free encryption tools here and take back control of your life.

4. Stand up for encryption. Yes, encryption itself is under threat, as prying governments want to know what you do, where you do it, and whom you do it with. Some lawmakers see boogeymen everywhere. Others just don't understand what encryption is. We are not psychiatrists, so we cannot help the former deal with their paranoia. We are, however, encryption experts. We literally make it. We will continue to help people understand what encryption is, how it is a vital part of our lives, and why you should not be online without it.

5. Stand up for internet access. In order to do the above, you have to have internet. As of June 2017, only half of the world had access to the internet, with only 41% of the developing world having access, most of that being mobile. Yet access is difficult for many in the developed world as well. Even though a federal court in the United States defined the internet as a basic utility, 35% of rural Americans have no access to broadband. U.S. telecoms corporations have fought pushes to expand access at every turn. We are familiar with that kind of corruption in the developing world and will continue to push for access and expose those who stand as obstacles to it. Rural America has started to take matters into its own hands; we should look to this story as an example for the world.

Janus

So that's our list, and we hope you make it yours, too. January 1 was established as the date for the new year by Julius Caesar to honor the god Janus, the god of gateways and beginnings. Janus, who had two faces, presided over the beginning and end of conflict, of war and peace. The internet took one heck of a beating in 2017. Here's to a much better, freer 2018, and the end of the conflict over internet freedom. Cheers.

SumTips: 5 Current Limitations on African Internet Freedom

Internet censorship has been going strong in Africa since the continent’s first official act of online censorship took place in 1996 (Zambia decided to remove a banned newspaper from the internet).

More recently, Uganda’s Forum on Internet Freedom in Africa provided an opportunity to explore the findings of the Collaboration on International ICT Policy in East and Southern Africa’s (CIPESA’s) State of Internet Freedom in Africa 2016 report. Its results highlight 5 important trends:

1.    African governments are increasingly turning to internet shutdowns as a method of limiting freedom of expression and access to information.

• Uganda blocked access to social media in 2016 during its presidential elections and presidential swearing-in ceremony. 
• In 2015, Burundi responded to public protests against President Pierre Nkurunziza by shutting down social media networks.

2.    Courts of law are used to limit freedom of expression online and to prosecute journalists and activists for their words.

• In Tanzania, 10 social media users have been charged with violations such as “insulting the president” since a cybercrime law went into effect in September 2015.
• Zambia searches for and prosecutes citizen journalists who are critical of the government.

3.    Online surveillance, including monitoring communications, is routinely used by African governments.

• In January and February 2016, 10 social media users in Kenya were arrested or questioned because of their online communications.
• Rwanda actively monitors citizen communications.

4.    Ongoing blockages of websites and SMS services further limit access to information and modes of communication.

• Ethiopia blocks hundreds of websites and shutdown the entire internet twice in 2016.
• The Democratic Republic of the Congo recently began to block websites that are critical of the government.

5.    Although less common, removal of online content is also utilized by governments.

• In 2013 and 2014, Zimbabwean authorities routinely pressured social media users to remove content from various platforms.

CIPESA asks that African governments respect the human rights to freedom of expression, access to information and privacy; that civil society and media advocate for internet freedom as a human right; and that telecom companies and ISPs actively work to protect the privacy of their subscribers. We couldn’t agree more.

Read more, know your rights, surf secure and stay Rando!

---

Image credit of BOLDG/Shutterstock.com.

Want more SumTips? Read on!

• SumTips: 10 Facts on Encryption and Human Rights from Amnesty International
• SumTips: 8 Must-Have Tips From EFF's Surveillance Self-Defense Guide
• SumTips: How Donald Trump Proves that Freedom of Speech Works

Want SumTips sent to your inbox? Sign up for our weekly newsletter ("Security Tips and News" at bottom of page). 

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

SumTips: 4 Reasons to Beware of the Facebook Algorithm

[Source: Aftenposten]

Facebook has gotten its share of the spotlight this September—and the news has been far from in the social media platform’s favor. More than once the famed Facebook algorithm has produced results in need of human correction:

1.    The Terror of War: Norwegian newspaper Aftenposten posted Nick Ut’s Pulitzer Prize-winning photograph of children fleeing a Vietnam War napalm attack, only to find the widely-received photograph removed on grounds of child nudity. The act elicited the criticism of Erna Solberg, Norway’s Prime Minister; the image has since been reposted and Facebook Chief Operating Officer Sheryl Sandberg has apologized.

2.    “September 11: The footage that ‘proves bombs were planted in Twin Towers’”: A hoax article from The Daily Star topped Facebook’s trending stories as the 9/11 anniversary approached. Facebook’s algorithm had defaulted to a story that blamed bombs—not airplanes—for the falling of New York’s Twin Towers in the second such mishap since the platform did away with human curation of news in late August.

3.    Black Lives Matters activist Shaun King: When activist and New York Daily News writer Shaun King posted a racist message that had been directed at him, King was the one to be temporarily banned from Facebook. King’s response:

“I love Facebook. I was an early user and have been on here for over a decade, but I regularly have friends complain that when they post about the racism and bigotry they face, THEY end up getting suspended instead of the person who harassed them.  

It’s almost like a cruel joke. 

Well, it just happened to me. Earlier this morning I received a horrible email. I posted the email WITHOUT the email address of the person who sent it, then a few hours later was told that I was banned from posting for at least 24 hours because of it. 

This is completely ridiculous. Facebook needs to be much more sensible and intelligent about how it does these things. I have complained to my friends who work there and will see what happens.” 

King’s account was reinstated within hours, which he contributes in part to the connections he has with the company.

4.    Northern Ireland revenge porn: For every image Facebook removes erroneously, there is one that it leaves up unjustly. A 14-year-old victim of revenge porn endured a naked photo of herself posted to a “shame page” from November 2014 until January 2016. Facebook and the man suspected of posting the photo are now being sued.

The next time you login to Facebook, remember that what you see may haunt you, be untrue or never be seen again. Surf secure and stay Rando!

---

Want more SumTips? Read on!

• SumTips: 8 Countries Where Journalism Threatens Personal Safety
• SumTips: 6 Ways Free Speech Shaped the 2016 Brazil Olympics
• SumTips: 3 Cybersecurity Bills You Should Protest Now (and How)

Want SumTips sent to your inbox? Sign up for our weekly newsletter ("Security Tips and News" at bottom of page). 

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Report Lists 91 Countries Requesting Facebook Account Data and Content Restrictions

Have you seen your Facebook page lately? The photos from your best friend’s wedding, where you were last night and even your phone number?

Facebook routinely grants government requests to access private pages and restricts content based on local laws. The social networking site recently released a breakdown of all activity worldwide from July to December 2015. Highlights include:

[Source: Keri J]

TOP 10 COUNTRIES FOR REQUESTS FOR USER DATA

United States (19,235)

India (5,561)

United Kingdom (4,190)

Germany (3,140)

France (2,711)

Brazil (1,655)

Italy (1,525)

Argentina (892)

Australia (802)

Poland (611)

TOP 10 COUNTRIES FOR USER ACCOUNTS REFERENCED

United States (30,041)

India (7,018)

United Kingdom (5,478)

Germany (3,628)

France (2,894)

Brazil (2,673)

Italy (2,598)

Argentina (1,047)

Spain (947)

Australia (846)

TOP 10 COUNTRIES FOR PERCENTAGE OF REQUESTS WHERE SOME DATA WAS PRODUCED

Nigeria (100%)
Croatia (90.91%)
Sweden (87.31%)
Turkey (84.20%)
United Kingdom (82.15%)
Serbia (81.48%)
United States (81.41%)
Albania (80.00%)
United Arab Emirates (80.00%)
Canada (79.63%)

TOP 10 COUNTRIES FOR CONTENT RESTRICTIONS

France (37,695)
India (14,971)
Turkey (2,078)
Germany (366)
Israel (236)
Austria (231)
United Kingdom (97)
Russia (56)
Brazil (34)
Kazakhstan (25)
 

The complete listing of all 91 countries with user data requests and content restrictions in the second half of 2015 can be found at https://govtrequests.facebook.com/, along with all reports dating back to 2013.

According to Facebook, government requests typically are prompted by criminal investigations and ask for basic subscriber information including name, registration date and length of service; account content; and/or IP address logs. Content restrictions occur when governments ask Facebook to remove content that would not be allowed under local law.

So, the next time you’re on Facebook (or even the Facebook-owned, metadata collecting WhatsApp), make sure that everything there is information you would be willing to share with your government. After all, sometimes even the most innocent of “criminals” can find themselves under government surveillance.

---

Want the latest freedom of speech and cybersecurity news from around the world? Read on!

• World Press Freedom Day 2016 Highlights What Journalism Needs
• It's a Vulnerable World: Panama Papers Edition
• This Tiradentes Day, Take a Stance Against Censorship in Brazil 

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

World Press Freedom Day 2016 Highlights What Journalism Needs

[Source: Mstyslav Chernov]

We need good journalists.

Those four words, shared by Finland Prime Minister Juha Sipila, summarize two days of keynote addresses and plenary sessions at this year’s World Press Freedom Day celebration in Helsinki.

Each year the event serves as an opportunity to promote a free and open press; to acknowledge the ways in which it is not; and to recognize those journalists whose lives have been lost. This year, a host of speakers and panelists from around the world offered insight regarding the current state of press freedom that does not always make it into mainstream media:

Policies and laws that prohibit encryption and weaken digital security tools will only threaten the safety of journalists. Good journalism relies on the ability to keep sources, research and whistleblowers confidential. Encryption is a necessity, not an option.

Western technologies and laws currently have the power to negatively impact the safety and security of journalists elsewhere. According to European Parliament member Marietje Schaake, surveillance technologies developed in Europe under the assumption of certain rules and regulations are frequently exported to countries where a lack of rule of law only enables the targeting and surveillance of journalists.  

There is a need to pass and better implement protective legislation. Only 108 countries today have right to information laws. The last 25 years have seen an increase in legislation in countries beyond the Western world, yet implementation of such legislation remains problematic everywhere. Edetaen Ojo, executive director of Nigeria’s Media Rights Agenda, noted that laws in Africa are frequently adopted as a condition of receiving aid and therefore often exist in theory rather than in practice.

Journalism everywhere would benefit from more in-country trainings. The success and livelihood of journalists depend upon understanding one’s rights. Given that laws and policies can vary widely from country to country, state to state and region to region and also that many governments take it upon themselves to block the very information that would be most useful, in-person trainings provide a much-needed space for journalists to receive and share information and methods, argued Neela Banerjee, a journalist with Inside Climate News. Speakers at Wednesday’s “Promoting Freedom of Expression in the Arab Region” seminar expressed a further need for training in countries such as Syria, Libya, Yemen, Lebanon and South Sudan, where a lack of education combined with access to social media has contributed to the use of hate speech and the incitement of violence.

Public perception of the persecution of journalists must change. Christiane Amanpour, UNESCO Goodwill Ambassador for Freedom of Expression and Journalist Safety, pointed out that in the majority of countries where journalists are imprisoned, the average citizen believes such punishment is just and deserved. A change in repressive government treatment of journalists will only come when non-journalist citizens believe that participating in a free and open media is not a crime.

For individuals accustomed to dictatorship, learning to freely express oneself takes time. Change is possible, but it cannot be expected to happen immediately, noted Albana Shala, chair of UNESCO’s International Programme for the Development of Communication. In sharing her own experience of transitioning from living under dictatorship in Albania to democracy in the Netherlands, she said: “I’ve learned to use my right for freedom of expression and to seek information. For people who have been living in a dictatorship, it takes time for them to learn to how to breathe freely, how to speak freely, how to think freely. That is also reflected sometimes in the way we do things in life. For example, instead of seeking information through the front door, going through the back door, or instead of talking directly, talking indirectly because of the fear of being persecuted. These are things that stay with us, and these are rights that we are born with, but we are not aware of. And that is the state of the world.”

The world needs good journalists. As World Press Freedom Day 2016 concludes, let’s remember that freedom of expression and journalism trainings—not censorship—will produce the journalists that the world so desperately needs.

---

Want the latest freedom of speech and cybersecurity news from around the world? Read on!

• It's a Vulnerable World: Panama Papers Edition
• This Tiradentes Day, Take a Stance Against Censorship in Brazil 
• Ghana Looks to Pass a Spy Bill by Another Name

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

All Quiet on the Apple Front—But Not for Long

March 22nd was expected to be a day of reckoning in the ongoing Apple-FBI battle but instead turned into the calm before an impending storm.

Tuesday’s scheduled hearing was canceled because the FBI may have found a way to unlock the iPhone of San Bernardino shooter Syed Farook without the help of Apple, a situation that would render the iPhone supplier’s help as well as the hearing unnecessary.

At this point, little more than the fact that the FBI has until April 5 to provide a status update is known. In the meantime, theories attempting to explain such a last minute change of course abound—and range from believing the FBI has indeed found a way in to suggesting the government is merely attempting to buy time because it knows it doesn’t.

What’s clear is that this fight is far from over.

Prior to the hearing’s cancelation, Monday’s Apple spring product release provided yet another opportunity for CEO Tim Cook to reinforce the company’s stance: “I’ve been humbled and deeply grateful for the outpouring of support we’ve received from Americans across the country from all walks of life. We didn’t expect to be in this position at odds with our own government, but we believe strongly that we have a responsibility to help you protect your data and to protect your privacy. We owe it to our customers and we owe it to our country. This is an issue that impacts all of us and we will not shrink from this responsibility.”

The support for Apple has been widespread, and includes that of Google CEO Sundar Pichai, Whatsapp CEO Jan Koum, United Nations Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression David Kaye, Silent Circle co-founder Phil Zimmermann, husband of San Bernardino shooting victim Salihin Kondoker and, as Cook mentioned, numerous protesters across the country.

The question that remains is whether such support will be enough. If the government is unable to unlock the iPhone, the hearing will simply continue as intended, but if it is successful in unlocking the phone, the United States government will have yet another tool to surveil its citizens and noncitizens alike—and a tool that Apple itself might not fully understand.

Even President Obama has recently come under attack for warning against an “absolutist” position regarding encryption: “If your argument is 'strong encryption no matter what, and we can and should in fact create black boxes,' that I think does not strike the kind of balance we have lived with for 200, 300 years,” despite also acknowledging that the personal information found on smartphones has a right to be protected. Given the current trajectory of the United States presidential campaign, there’s little hope Obama’s successor will offer much more support: Ted Cruz wanted to see Apple comply with the government’s request, Donald Trump went so far as to suggest a consumer boycott of the company in the interim, Bernie Sanders called for “middle ground” and Hillary Clinton reduced the standoff to the “worst dilemma ever.”

The prospect of a long-term change in government philosophy also looks bleak. A vaguely-worded anti-encryption bill, proposed by Senators Richard Burr and Dianne Feinstein, is currently circulating the United States Senate. Although in no immediate danger of being signed into law, the bill would codify the notion that federal court judges have a right to force companies into circumventing encryption on the government’s behalf.

At a time like this, it is imperative that the United States look beyond itself for answers. Beyond Apple and beyond the FBI is an international community reminding us that encryption remains a basic human right. On Monday, Amnesty International released Encryption: A Matter of Human Rights in a timely reminder of why such technology must be protected for all.

Accompanying the report, Amnesty International Deputy Director for Global Issues Sherif Elsayed-Ali acknowledged, “The Apple case shows what is at stake in the encryption debate. It is not just about one phone, but whether governments should be able to dictate the security of software that protects the privacy of millions of people. Opening a ‘backdoor’ in security for governments risks opening the door to both cyber criminals who want to hack your phone and governments around the world who want to spy on and repress critics. If the US authorities force one of the world’s biggest tech companies to make its products less secure, the danger is that governments around the world will follow suit and demand similarly intrusive powers from the hundreds of smaller companies developing privacy technology.”

If it's frightening to imagine the United States government forcing Apple to cooperate, just imagine how much worse off we would all be if the government doesn’t even need Apple’s help.

---

Want the latest freedom of speech and cybersecurity news from around the world? Read on!

• For Many, Nowruz Brings a 'New Day' But Not Peace
• St. Patrick's Day: Mythical Holiday vs. Modern Reality
• Internet Security Depends on Human Behavior, Says RSA's Amit Yoran

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

San Bernardino iPhone Unlocking Would Leave Us All Less Secure

All eyes will be on Apple this Friday, the day the company is due to respond to a court-ordered unlocking of an iPhone 5c.

Of course, it’s not just any iPhone; it’s the iPhone of Syed Farook, gunman in the December 2015 shooting in San Bernardino, California that led to the death of 14. And it’s not just any court order. It’s a court order with serious potential ramifications for the future of security worldwide.

The current round of the privacy/security battle between Apple and the United States Federal Bureau of Investigation (FBI) has enlisted the All Writs Act of 1789, obscure legislation that exists for extraordinary circumstances otherwise uncovered by law. In this case, the government is asking Apple to develop software that would allow a brute force bypass of Farook’s phone’s security passcode. Thus far, Apple has refused.

An impassioned Lawfare post by FBI Director James Comey argued that the demand is a special exception not to be repeated: “The relief we seek is limited and its value increasingly obsolete because the technology continues to evolve. We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land. I hope thoughtful people will take the time to understand that.”

Recent polls have concluded that the thoughtful people of America remain unsure. In a Pew Research Center poll, 51% of respondents favored Apple helping the FBI, 38% were opposed and 11% were indifferent. A conflicting poll released by Reuters/Ipsos listed 46% of respondents as supporting Apple’s refusal to comply, 35% in support of the FBI and 20% indifferent.

In all this, one thing is for sure: it was Apple CEO Tim Cook—and not James Comey—who had the support of a protest rally behind him on Tuesday.

A San Francisco protest in support of Apple's commitment to privacy. [Source: Eric Risberg/AP]

Cook clarified Apple’s stance in a February 16 post:

“Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

“The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

“The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”

Nate Cardozo of the Electronic Frontier Foundation went one step further and made explicit that this is more than just an American issue: “If China [today] demanded that Apple put in a backdoor, Apple would say no. That equation changes once Apple accedes to an FBI order. If the FBI can compel Apple to do it, and it’s publicly known that Apple has given the FBI this key, then China has a very different calculus…The PR around a Chinese demand gets a lot better for China, and a whole hell of a lot worse for Apple.”

Come Friday, Apple is expected to resist the court order on grounds that it is a violation of free speech and an inappropriate use of the All Writs Act, and also to ask that Congress, not the courts, be in charge of such matters. Given that Apple has been asked to extract data from 12 phones since September 2015, it’s hard to believe that the case of Farook’s iPhone is an isolated event and not a precedent waiting to be set. For the sake of all of our security, let’s hope this is one phone that remains unbroken.

---

Want to know more about data privacy and Internet access around the world? Read on!

• Mobile World Congress 2016 Highlights Global Internet Inequities
• Cybersecurity in Ghana: A Promising Work in Progress
• Karisma Advises Colombia to Dismantle Data Retention Regime

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Cybersecurity in Ghana: A Promising Work in Progress

In a world of cybersecurity problems, Ghana is one country actively seeking solutions.

In 2015, the West African nation embraced a National Cyber Security Policy and Strategy, in which it first laid out a long list of concerns:

• Cyber cafes, a primary source of Internet access for many Ghanaians, have become “fertile” for cyberattacks.

• The growth of smart phone usage as well as M-commerce has led to increased mobile phone cybercrime.

• Multiple government websites have also fallen victim to cyberattacks.

• “Sakawa,” Internet fraud that takes advantage of traditional and religious rituals to gain money, continues to be popular and to be under-prosecuted due to an under-resourced and untrained police cybercrime unit and a lack of laws against such acts.

• A coordinated structure for reporting cyber incidences does not exist.

With a vision of creating, “A secure and stable connected Ghana with Internet users working and creating wealth in a safe cyber space, with a well-researched and trained academic and professional community protecting Ghana’s cyber space equipped with global standards and responding swiftly to cyber incidents, and with up-to-date laws and systems in place to efficiently prosecute cyber criminals,” it is clear that the Ghana National Cyber Security Policy and Strategy aims to remedy the aforementioned issues.

Such change, however, won’t happen overnight.

To achieve this vision, Ghana is focused on nine policy pillars, set to be achieved in a 5-year strategic plan between now and 2020. The pillars are: effective governance, a legislative and regulatory framework, a cyber security technology framework, a culture of security and capacity building, research and development towards self-reliance, ensured compliance and enforcement, child online protection, cyber security emergency readiness and international cooperation.

Although Ghana’s nine pillars remain a work in progress, last month’s inaugural Data Protection Conference in Accra demonstrated Ghana’s commitment to work in the present towards a more secure cyber space. The conference, themed, “Creating the Right Balance between the Need for Information and Data Protection,” strived to raise awareness about data protection issues and statutory obligations for data controllers and processors.

The event reminded the hundreds in attendance to adhere to the provisions set out in 2012’s Data Protection Act (Act 843), legislation that has been widely applauded for directly addressing the need for data privacy. Of note, the act establishes data protection principles and guarantees user rights regarding personal information, including the right to access and amend your personal information, to prevent processing of your personal information and to complain to the Data Protection Commission. Unfortunately, Act 843 is not without flaws. The Data Protection Act includes a vague exemption to all provisions of personal data processing when for the good of “public order, public safety, public morality, national security or public interest.” Such loosely defined terms can be—and frequently are—used to infringe upon individuals’ rights.

In the words of Ghanaian Chief Justice Georgina Theodora Wood at the conference, “Privacy fortifies our human dignity and guarantees other key values such as freedom of association and freedom of speech in our society. Our fundamental right to privacy as enshrined under Article 18(2) of the 1992 Constitution cannot and should not be compromised, especially today.”

We agree. The National Cyber Security Policy and Strategy and the Data Protection Act collectively establish Ghana as a leader in cybersecurity and protection of free speech. As we wait to see what that brings, remember your privacy and security remain in your own hands.

---

Want to know more about data privacy around the world? Read on!

• Karisma Advises Colombia to Dismantle Data Retention Regime
• SumRando's Guide to a Secure Brazilian Carnival Experience
• Happy Data Privacy Day, Randos!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Karisma Advises Colombia to Dismantle Data Retention Regime

Lately, Colombian news has been plagued with problems in need of solutions: the threat of Zika, the persistence of female genital mutilation, an increase in violence against journalists and even a not-yet-agreed-upon peace following decades of civil war.

The issue that has not received its share of attention is data retention.

In January, the Karisma Foundation quietly released a report titled, “Is Data Retention Legitimate in Colombia?: Comparative Analysis of a Mass Surveillance Tool that Restricts Human Rights.” Karisma’s report may not have reached audiences everywhere, but its conclusion must: Out of respect for human rights, Columbia needs a new approach to data retention.

The report included a powerful reminder of why our metadata matters: “Our most personal information, a reflection of our life and our very thoughts, no longer remains exclusively in our private sphere. Now, personal information is also found in databases, built for different purposes and administered by entities both public and private. These databases are fed by constant flows of information. Together, they make up a file about each individual, a “personal dossier”. Computers register the time they are turned on, the applications they use, the webpages they visit, and the location from which they are used. Cell phones are constantly aware of their location, and they register incoming and outgoing calls, text messages, and photos. The strength of these data lies in their combination: an analysis based on cross referencing various databases can reveal enough about a person to constitute a violation of their rights.”

In the report, Karisma compared practices in Colombia with those in Brazil, Mexico and Peru and investigated the legitimacy of each country’s data retention as defined by the Organization of American States, which finds communications surveillance legitimate if it is established in a law; pursues a legitimate aim; is necessary, adequate and proportional to the objective pursued; and respects due process and judicial review.

Specifically, two Colombian laws were examined: Decree No. 1704 of 2012, regarding criminal investigations, which requires telecommunications service providers to keep subscriber information and device location data and Law No. 1621 of 2013, focused on intelligence activities, which mandates retaining “communications activity histories for telephone subscribers, technical identification data for subscribers subject to operation” and location data.

Karisma found Colombia’s data retention according to Decree No. 1704 and Law No. 1621 to be illegitimate because:

• The laws are vague and limitless, not legitimate or proportional. What exactly must be kept and for how long is ambiguous. All criminal investigations are granted access to data, as are all “authorized” intelligence activities; who provides such authorization is not defined.

• Data retention is not subject to judicial authorization or review. It’s automatic for all.

• There is a lack of transparency. Users are not notified of monitoring practices and the state does not disclose information about requests for communication interception and surveillance. Therefore, citizens cannot appeal or respond to what they don’t know.

The report concludes: “Data retention law in Peru, Colombia, Mexico and Brazil are too permissive, too broad, and provide so few guarantees that it isn’t possible to rely on them as a legal framework for the protection and respect of their citizens’ human rights. It would be advisable for Colombia and the remaining countries to demonstrate their strong commitment to the protection of human rights and to dismantle the current data retention regime.”

Colombia has her hands full right now, but if she can mitigate Zika while potentially concluding peace talks with the FARC, we’re confident there is also room at the table for data retention revisions.

---

Want to know more about data privacy around the world? Read on!

• SumRando's Guide to a Secure Brazilian Carnival Experience
• Happy Data Privacy Day, Randos!
• Sean Penn's "Secret Visit" With El Chapo Has Become Everyone's Business

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

SumRando’s Guide to a Secure Brazilian Carnival Experience

[Source: Yasuyoshi Chiba/AFP/Getty Images]

Brazil is currently mid-Carnival celebration, which means the weather is warm, the party is endless and the clothing is practically non-existent. This annual event gives Brazilians and tourists alike an opportunity to let it all hang out before Ash Wednesday ushers in yet another season of Lenten piousness.

Year after year, Carnival has proven to be an explosion of Samba, shimmer and sensuality, but one of this year’s main attractions is an invisible virus called Zika. The virus, which was recently discovered to lead to the birth defect microcephaly in pregnant woman, has infected 1.5 million Brazilians already. Known to be contained in saliva, semen, sweat and blood and thought to be transmitted by mosquitoes (if not the bodily fluids themselves), it’s not hard to see that the very premise underlying hot, sweaty, sexual Carnival is a public health incident waiting to happen.

Regardless, if the first four days of this time-honored tradition have proven anything, it’s that the show will go on, virus or no. For those who are celebrating, SumRando suggests the following critical safety gear:

• Mosquito Repellent: Apply. Apply. Bathe. Apply. And apply some more. 

[Source: Mario Tama/Getty Images]

• Protective Costumes: Be creative! Tuck a little mosquito netting under your hat to keep your head safe, or go all out and cover your entire body.

• Condoms: Health workers at Carnival hand out condoms every year, and this year they have seen more takers than ever before. If you were looking for an excuse to practice safe sex, know that the latest research points towards sexually transmitted Zika.

• SumRando’s VPN: How many times a day do you use the Internet on your phone? Multiply that number by 6 and that’s how many times you will use it on insecure public Wi-Fi from Carnival’s Friday kickoff to Ash Wednesday. Be smart—login to SumRando’s VPN before entering any passwords or personally identifying information online.  

• SumRando Secure Messenger: Want to guarantee that only you and a selected recipient see a certain Carnival photo? Better yet—want to permanently delete that photo from both phones after it has been seen? SumRando Messenger for Android is here for you. 

Carnival’s persistence in the face of Zika is a good reminder that the lives we lead—in person or in private—are ours, are worth living and are worth protecting. Samba secure and stay Rando!

---

Want to know more about data privacy around the world? Read on!

• Happy Data Privacy Day, Randos!
• Sean Penn's "Secret Visit" With El Chapo Has Become Everyone's Business
• Free Speech in Kuwait Was Bad Before, And Now There's a Cybercrime Law

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Happy Data Privacy Day, Randos!

Today we celebrate Data Privacy Day in honor of the January 28, 1981 signing of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. 35 years later, legislation such as this has never been more important.

Convention 108, as the treaty is more commonly known, was the first legally binding international agreement dedicated to the protection of individuals’ personal data. As the National Cyber Security Alliance reminded us in its Data Privacy Day video:

“What you may not realize is that there is probably more of your personal information floating around in cyberspace than you think. Everything from what you post on social media and your browsing habits to the information organizations collect about you online leaves a digital footprint...Information about you such as the games you like to play, what you search online and where you shop and live has value, just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites.”

A year ago, we celebrated Data Privacy Day by offering our readers tips to enhance their online safety. Take a look. Although we wish we could report otherwise, these seven recommendations are as necessary today as they were in January 2015.

What we suspect has changed in the last year is the willingness of individuals to actively engage in data protection. In comparing 2014’s celebration with 2015’s, StaySafeOnline.org witnessed a nearly 125% increase in web traffic and the number of registered Champions of Data Privacy Day increased approximately 45%. Given that terms such as cybercrime law, data breach, encryption, government backdoor and VPN (and the concern for personal safety that they bring) are far more common than they were in January 2015, we expect this year’s celebration to be bigger than ever before.

January 28 is a day to envision a world that 'Respects Privacy, Safeguards Data and Enables Trust.’ Join us in striving to make this goal a reality.

---

Want to know more about data privacy around the world? Read on!

• Sean Penn's "Secret Visit" With El Chapo Has Become Everyone's Business
• Free Speech in Kuwait Was Bad Before, And Now There's a Cybercrime Law
• This MLK Day, Think Before You Tweet

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!