EDRI - Security

House of the German Pirate Party spokesman raided by Police

Wed, 24 Sep 2008 18:17:11 +0100

The Bavarian Police searched the house of the German Pirate Party spokesman on the 11 September 2008, searching for information on some leaked plans regarding a Skype wire tap project, that were published by the Party.

The Pirate Party published some documents received from an anonymous whistleblower that show the Bavarian government plans to develop a Trojan horse able to eavesdrop on Skype conversations. Police wanted to find out the source of that information and they searched the house of the spokesman and took away a server, but this was fully encrypted, so there are little chances to discover the source.

The search seems to be related to the two documents leaked on January 2008 that were present on the Internet and then posted on Wikileaks website. The first document is a communication by the Bavarian Ministry of Justice to the

Dutch University sued to stop publishing research on chip technology

Wed, 16 Jul 2008 19:50:21 +0100

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

Dutch chipmaker NXP Semiconductors has sued the Dutch Computer Security Group of Radboud University in Nijmege in order to stop the publication of research results showing security flaws in NXP's Mifare Classic wireless smart cards used in transit and building entry systems around the world.

The technology is used for the transit system in The Netherlands, in the subway systems in London, Hong Kong and Boston, as well as in cards for accessing buildings and facilities, covering 80 percent of the market.

The security researchers of the Dutch university have checked the Mifare system used with Oyster cards for transport in London and recently succeeded in cracking the encryption on a card and clone it. They added credit to it

Social networking sites might be regulated in EU

Wed, 04 Jun 2008 15:55:02 +0100

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

On 27 May 2008, the European Network and Information Security Agency (ENISA) called for new legislation that would regulate social networking sites. ENISA, which was created in 2004 to oversee online security measures in the 27 EU countries, issued a preliminary report of its General Report in which it pointed out that social networking sites such as Facebook and MySpace need more regulation to protect their users against security risks. "Social networking sites are very useful social tools but we must make recommendations for how to better protect people from the risks these sites create," said Andreas Pirotti, executive director of ENISA and author of the report. He suggested the EU legislation should be expanded in

UK government loses personal data on 25 million citizens

Wed, 21 Nov 2007 19:09:44 +0000

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

British Prime Minister Gordon Brown had had to apologise to Parliament after two computer discs containing the personal data of 25 million citizens were lost in the post.

The disks contained the database on child benefit - a welfare payment made to the families of all children in Britain. The data include children's and parents' names, addresses and dates of birth, together with parents' national insurance numbers and bank account details. The disks were not encrypted but merely "password protected". Britain's most senior tax official, the head of HM Revenue and Customs, has resigned.

The story has spread to a number of other systems that the government is building to make ever more information on citizens available to ever more

Human Rights in the Information Society - rediscover the proportionality

Wed, 26 Sep 2007 20:07:01 +0100

On 13-14 September 2007 the French Commission for UNESCO, UNESCO and the Council of Europe organised the conference "Ethics and Human Rights in the Information Society" in Strasbourg, to which EDRi was invited to contribute.

This conference was the third in a cycle of regional conferences on the ethical dimensions of the information society, which aims to contribute to the WSIS process and the Internet Governance Forum (IGF). The first two regional conferences took place in Latin-America and Africa. While the Latin-American conference contributed to the exchange of views in the region, the African conference was suffering from a lack of participation of local stakeholders. There, mainly African expatriots from the USA and Europe and representatives of South Africa were present.

UK Government asks for the encryption keys

Wed, 24 May 2006 19:02:16 +0100

The UK Home Office is planning to implement Part 3 of the Regulation of Investigatory Powers Act (RIPA). That would allow the police forces to ask for the disclosure of encryption keys, or force suspects to decrypt encrypted data.

RIPA was promoted in 2000, but until now the officials have not implement Part 3. There were still voices that considered that parts I and III of the Act should be reviewed to consider whether the Act was effective in meeting its aims. However, until now, the Act has remained in its initial form .

The Home Office have indicated that a consultation will be launched on the 5th June. It is expected that this will say that the Part 3 is needed to fight against an increased usage of encryption by criminals, paedophiles, and terrorists.

The Home Office minister of state, Liam Byrne, told Parliament last week

Commission progress report on electronic signatures

Wed, 29 Mar 2006 17:40:06 +0100

A new progress report by the European Commission on the evolution of the electronic signatures in the European Union was made public on 17 March 2006. The report highlights the low usage of the qualified electronic signatures by European businesses and citizens.

The report focuses on the "Directive on a Community framework for electronic signatures" adopted in 1999. The directive has introduced legal certainty with respect to the general admissibility of electronic signatures, all the general principles being now included in the legislation of all 25 Member States.

The commission sees a much larger use of the qualified electronic signatures - based on Public Key Infrastructure (PKI) technology - in the future with the introduction of the electronic ID cards and in some e-government services, such as on-line income tax returns.

Civil Society Tunis declaration

Mon, 21 Nov 2005 20:13:25 +0000

APC, the association for progressive communication, reports on the civil society press conference on 18 November. Civil society representatives from all continents lined up on a panel to deliver a stark closing statement. The civil society statement was not finalised, but four points are addressed: internet governance, human rights, financing and development, and follow-up. The press conference essentially driven by questions of the audience, revolved around issues of development through ICTs.

Renate Bloem of the Civil Society Bureau kicked off the conference by saluting some language used in the official Tunis Commitment such as multistakeholderism. She held up that civil society has become a force to be reckoned with. "We have moved to become a partner in negotiations," she

New Dutch database to create lifetime record for every baby

Wed, 21 Sep 2005 19:40:28 +0100

The Dutch ministry of Health, Welfare and Sport plans to introduce a new electronic file on every new-born, starting in January 2007. The file will contain information about the child, the family situation and its surroundings, later adding educational data, information from social workers and possible police records. The file will be principally maintained by youth doctors and medics working for the child public health care service. The file will be connected to the citizen service number, a new electronic ID for every Dutch resident and citizen replacing the old social-fiscal number. Secretary of State Clémence Ross explained: "Medics can easily trace the development and situation of a child and thus get a clear picture of its need for care. They can also see which other institutions work or have worked with a child. The electronic childfile

New EDRI initiative on e-voting

Wed, 27 Jul 2005 19:58:04 +0100

European Digital Rights has opened a new open mailinglist on e-voting. Anybody interested in contributing knowledge on this matter is kindly invited to subscribe and share information with experts from all over Europe. The discussion is focussed on developments in Europe, and can be both political as well as technical.

Subscribe to the EDRI-voting mailinglist
http://mailman.edri.org/cgi-bin/mailman/listinfo/edri-voting

Another Italian community server violated?

Thu, 14 Jul 2005 15:31:45 +0100

After the recent discovery that the Italian Autistici/Inventati server had been seized by the Italian police and a backdoor had been probably installed to allow for easier monitoring of all communication going through it, looks like another Italian community server could have endured the same fate.

On Monday 27 June 2005, two members of FLUG (Firenze Linux User Group) visited the data centre of Dada S.p.a., in Milan, where the community server of the group is physically housed, in order to move it to another provider.

When the server was put out of the rack, however, it was discovered that the upper lid of the server case was half-opened. At a closer inspection, it was also discovered that the case lid was scratched, as if it had been put out and reinserted into the rack. Worse, the CD-ROM cable was missing, as were the screws that kept the hard disks in place.

Police backdoor discovered in Italian alternative server

Wed, 29 Jun 2005 20:57:14 +0100

On 21 June 2005 the Italian collective Austistici/Inventati discovered a major police backdoor in their server. The server hosts a large number of websites, mailboxes, mailing lists and Internet services for NGOs, grassroots activists and public interest associations. The backdoor was installed over a year ago, on 15 June 2004 by the Italian "Polizia Postale" (Postal Police), after a seizure ordered by the Procura di Bologna (Office of the Public Prosecutor in Bologna) in the context of an investigation into the anarchist collective Crocenera.

The legal owners of the server ('Investici', a legally recognised association) were not informed, nor by the police nor by the public prosecutor. The provider claimed that the downtime - caused by the Police putting the server off-line - was due to a power outage.

NL Municipality wants to ban famous hacker gathering

Tue, 24 May 2005 10:10:15 +0100

URGENT PRESS RELEASE WHAT THE HACK (23.05.2005)

The organisers of 'What the Hack', the 2005 edition of a series of famous Dutch outdoor hacker conferences, were told that their conference will not receive the municipal permit needed for the event to happen. 'What the Hack" is planned to take place on a large event-campground in Liempde (The Netherlands), between the 28th and 31st of July 2005. About 3.000 participants from all over the world are expected. 'What The Hack' is appealing the decision.

What The Hack is scheduled to take place near Boxtel, a village near Den Bosch in the south of The Netherlands. The mayor of Boxtel, J.A.M. van Homelen, cites "fear of disturbances of law and order and danger to public safety". This is noteworthy because the previous editions of the event saw no incidents of any kind – neither at the event itself nor on the Internet.

Council adopts decision on attacks against information systems

Thu, 10 Mar 2005 13:44:00 +0000

On 24 February 2005 the JHA Council finally adopted the framework decision on attacks against information systems. The decision harmonises legislation in the EU for any offence committed against a computer infrastructure with the intention of destroying, modifying or altering the information stored on computers or networks of computers. The two key definitions in the decision are illegal access to information systems and illegal interference with the system. In both cases, intent has to be proven, to rule out gross negligence or recklessness. The decision covers not only offences affecting the Member States but also offences committed in their territory against systems located in the territory of third countries.

The decision was debated for the first time in 1999, initiated by the European Commission in 2001 and sent to the European Parliament for advice in the spring of 2002. In October 2002 the EP gave its recommendations and on 28 February 2003 the ministers of Justice had reached an agreement. It is unclear why it took the Council 2 years to actually adopt the proposal. At the time, parliamentary scrutiny reservations were made by the Irish, French, Swedish, Danish and Netherlands delegations. Civil society raised many objections to the proposal, most notably the broad scope of illegal access and the fact there is no exemption for security experts to test the security of systems.

EDRI - Security

House of the German Pirate Party spokesman raided by Police

Dutch University sued to stop publishing research on chip technology

Social networking sites might be regulated in EU

UK government loses personal data on 25 million citizens

Human Rights in the Information Society - rediscover the proportionality

UK Government asks for the encryption keys

Commission progress report on electronic signatures

Recommended reading: Security Policies in Europe

Civil Society Tunis declaration

New Dutch database to create lifetime record for every baby

New EDRI initiative on e-voting

Another Italian community server violated?

Police backdoor discovered in Italian alternative server

NL Municipality wants to ban famous hacker gathering

Council adopts decision on attacks against information systems