UK Government Guilty of Mass Surveillance Human Rights Breach
The European Court of Human Rights in Strasbourg has found the UK government guilty of violating the right to privacy of citizens under the European convention because the safeguards within the government’s system for bulk interception of communications were not strong enough to provide guarantees against abuse.
The Case
The case which led to the verdict, was brought against the UK government by 14 human rights groups, journalism organisations, and privacy organisations such as Amnesty International, Big Brother Watch and Liberty in the wake of the 2013 revelations by Edward Snowden, specifically that GCHQ was secretly intercepting communications traffic via fibre-optic undersea cables.
In essence, although the court, which voted by a majority of five to two votes against the UK government, accepted that police and intelligence agencies need covert surveillance powers to tackle threats, those threats do not justify spying on every citizen without adequate protections.
Three Main Points
The ruling against the UK government in this case centred on three points – firstly the regime for bulk interception of communications (under section 8(4) of RIPA), secondly the system for collection communications data (under Chapter II of RIPA), and finally the intelligence sharing programme.
The UK government was found to breach the convention on the first 2 points, but the ECHR didn’t find a legal problem with GCHQ’s regime for sharing sensitive digital intelligence with foreign governments. Also, the court decided that bulk interception with tighter safeguards was permissible.
Key Points
Some of the key points highlighted by the rulings against the UK government, in this case, are that:
- Bulk interception is not unlawful in itself, but the oversight of that apparatus was not up to scratch in this case.
- The system governing the bulk interception of communications is not capable of keeping interference to what is strictly necessary for a democratic society.
- There was concern that the government could examine the who, when and where of a communication, apparently without restriction i.e. problems with safeguards around ‘related data’. The worry is that related communications data is capable of painting an intimate picture of a person e.g. through mapping social networks, location tracking and insights into who they interacted with.
- There had been a violation of Article 10 relating to the right to freedom of expression for two of the parties (journalists), because of the lack of sufficient safeguards in respect of confidential journalist material.
Privacy Groups Triumphant
Privacy groups were clearly very pleased with the outcome. For example, the Director of Big Brother Watch is reported as saying that the judgement was a step towards protecting millions of law-abiding citizens from unjustified intrusion.
What Does This Mean For Your Business?
Like the courts, we are all aware that we face threats of terrorism, online sexual abuse and other crimes, and that advancements in technology have made it easier for terrorists and criminals to evade detection, and that surveillance is likely to be a useful technique to help protect us all, our families and our businesses.
However, we should have a right to privacy, particularly if we feel strongly that there is no reason for the government to be collecting and sharing information about us that, with the addition of related data, could identify us not just to the government but to any other parties who come into contact with that data.
The reality of 2018 is that we now live in a country where in addition to CCTV surveillance, we have the right to surveillance set in law. The UK ‘Snooper’s Charter’ / Investigatory Powers Act became law in November 2016 and was designed to extend the reach of state surveillance in Britain. The Charter requires web and phone companies (by law) to store everyone’s web browsing histories for 12 months, and also to give the police, security services and official agencies unprecedented access to that data. The Charter also means that security services and police can hack into computers and phones and collect communications data in bulk, and that judges can sign off police requests to view journalists’ call and web records.
Although businesses and many citizens prefer to operate in a safe and predictable environment, and trust governments to operate surveillance just for this purpose and with the right safeguards in place, many are not prepared to blindly accept the situation. Many people and businesses (communications companies, social media, and web companies) are uneasy with the extent of the legislation and what it forces companies to do, how necessary it is, and what effect it will have on businesses publicly known to be snooping on their customers on behalf of the state.
This latest ruling against the government won’t stop bulk surveillance or the sharing of data with intelligence partners, but many see it as a blow against a law that makes them uneasy in a time when GDPR is supposed to have given us power over what happens to our data.
Tech Tip – Using OneDrive Cloud Storage on Windows 10
If you want to set up quick and easy cloud storage from your Windows PC for storing, sharing and saving files across your different devices you can use OneDrive. Here’s how to set it up:
– If you have a Microsoft account e.g. @outlook.com, @hotmail.com, @live.com email address, Xbox Live or Skype account you can use that to sign in.
– If you don’t have a Microsoft account, go to onedrive.com and click the click the ‘Sign up for free’ button – click on the Create a Microsoft account button, create a new email address and password, click ‘Next’ and follow the instructions.
– To set up OneDrive on your Windows 10 PC, open Start, Search OneDrive and click the top result.
– Using the setup experience, enter your email address, and click the Sign in button.
– Enter your Microsoft password and sign in.
– Click on ‘Next’
– Click ‘Not now’ if you’re using the free version of OneDrive.
– Click through the welcome tips, and click the Open my OneDrive folder button.
– To save your files to OneDrive, open File Explorer (Windows key + E).
– Click the OneDrive folder using the left pane.
– Drag and drop or copy and paste content into the OneDrive folder.
Criminals ‘Invest’ More Than Businesses
Research shows that one reason why organisations face constant, serious security threats is that cyber criminals, fuelled by a new cybercrime-based economy are spending much more on cyber attacks than organisations are spending on cyber security.
Cyber Criminals Spending and Reinvesting $Trillions!
Back in 2017, Gartner predicted that organisations would collectively be spending around $96 billion on their cyber-security. Although this is a big number, it is dwarfed by the figures relating to the proceeds of crime.
For example, last year, Cyber Security Ventures predicted that cyber-crime will cost the world $6 trillion annually by 2021, and Bromium’s independent study from April this year showed that the booming cyber-crime economy has generated $1.5 trillion in illicit profits. This figure is the equivalent to the GDP of Russia, meaning that if cyber-crime was a country, it would have the 13th highest GDP in the world!
Although some of these profits have been simply acquired, laundered, and spent, much has been ‘reinvested’ by cyber criminals. This means that there is potentially a great deal more being spent by cyber-criminals on cyber-attacks than is being spent by organisations on cyber security.
Revenues Exceed Those of Companies
In fact, cyber-crime revenues have been found to often exceed those of (mainly SME-sized) legitimate companies, although they can reach the levels of large, multi-national organisations of over $1 billion.
Greater Spending Forecast
Some commentators have forecast hope in the form of much greater security spending by organisations in the not-too-distant future. For example, research company Gartner has noted that, with the average cost of a data breach at $3.86 million (Ponemon Institute figures), and with the recent string of highly publicised data breaches, privacy concerns are becoming the catalyst for increased security spending for organisations. Skills shortages and GDPR are also driving demand for security services.
Gartner predicts that privacy concerns will drive at least 10% of the market demand for security services through 2019 as security and risk management are recognised as being critical part of any digital business initiative. Gartner also predicts that at least 30% of organisations will be spending on GDPR-related consulting and implementation services through 2019.
What Does This Mean For Your Business?
The huge sums being made and re-invested in their activities by cyber-criminals are evidence of a big change in the environment that poses a major threat to data security for businesses. Security commentators have noted that in a world where data has become a valuable commodity, a professional cybercrime-based economy has grown and become self-sustaining system and a platform of criminality that mirrors the platform capitalism model used by big companies. The economic relationships and agents in this criminal system can generate and maintain huge revenue streams that can be used to fund more cyber-crime and other crime such as human trafficking, drugs and terrorism.
The wealth of states is also being used to fund cyber-crime as hacking gangs carry out more state-sponsored attacks (e.g. Russia, China and North Korea) thereby threatening many parts of the UK economy. Clearly, this is a challenging time for UK businesses in terms of planning and spending on security.
90% Of Businesses Blindly Renew Software
A report by Clear Licensing (CCL) has highlighted the fact that most organisations simply renew software maintenance contracts without assessing whether those contracts deliver value.
1 In 10 Companies Check
The CCL report (which is based upon research conducted in and May this year), took into account the responses of 100 global participants, and was designed to understand current trends and identify best practices for the software maintenance market.
The key statistic that the research uncovered was that only 1 in 10 organisations involve the IT asset management function in the decision to renew software maintenance agreements. The inference from this is that software maintenance renewals appear to be blindly renewed without sufficient information to make an informed decision, and without any real assessment of the value they deliver.
In fact, the CCL report found that most software contracts are renewed by system owners or those in finance, and that typical survey respondents had no idea of support volumes, support quality or the strategic value of software maintenance renewals.
Big Spend
Organisations typically spend a large proportion of their annual IT budget on paying for existing software support and maintenance contracts in a market that is estimated to be worth $250 Billion. For example, IT buyers often pay around 20% of the licence fee per year in support and maintenance, thereby meaning that organisations will have paid for their software twice after a five-year term.
Lack of Clarity
Although a software support and maintenance contract typically involves things like bug fixes, security updates, technical assistance and access to upgrades, the CCL report notes that organisations are often confused about what they are actually entitled to and what they are actually getting for their money. For example, maintenance contracts are often perceived as insurance contracts when they are not, and organisations are often afraid and confused about whether they are legally allowed to access to security patches if they don’t have a support contract, and whether they can terminate a software maintenance contract and continue support at a later date.
What Does This Mean For Your Business?
Businesses are worried about a number of things when it comes to deciding about software maintenance and support contract renewals, such as security, stakeholder perception, and the fear of penalties and back-maintenance problems. The CCL report has also highlighted the fact that a lack of clarity about the contracts, not enough scrutiny, the wrong departments making the renewal decisions, and a lack of alternatives at renewal time are just some of the reasons why the path of least resistance is being taken and contracts that may lack value are being blindly renewed.
According to the CCL report, some ways that businesses can avoid this happening include:
- IT Asset Managers starting with a default position of “no” when it comes to software support renewals.
- Using ITAM tools / SAM technology providers to help validate the business value of a support contract.
- Performing perform a cost / benefit analysis of a contract to help decide about renewal.
- Applying the 80 / 20 rule. IT Asset Managers can make a big impact on freeing up annual budgets by scrutinising spend on a few well chosen contracts.
- Getting IT Asset Managers to create decision trees to empower smart decision -making.
- Collaboration with legal professionals to clarify legal rights around contracts.
Apple Apps Taken Down For Spying
| The Mac App Store has taken down a number of well known security apps for the Apple Mac after it was discovered that they are being used to spy on the browsing habits of their users.
Which Apps? It has been reported that Dr Unarchiver, Dr Cleaner, Adware Medic, Adware Doctor and App Uninstall have all been removed from the Apple-curated Mac App Store on the grounds of spying on users. Rumbled A researcher in Germany, identified only by their @privacyis1st twitter identity is credited with alerting the Mac App Store to the fact that the Adware Doctor app attributed to a company called Yongming Zhang (the name of a well-known Chinese serial killer) and the Trend Micro apps were linked to the same suspect IP address in China. It has also been reported that suspicions and concerns about the apps go back some years. For example, online reports about Adware Doctor from 2016 indicate that the app was using AppleScript to perform actions in violation of Apple’s App Store Guidelines. It has also been alleged that the glowing reviews of Adware Doctor and other applications by the same developer may have been faked. How? It has been reported that the suspect apps were able to spy by first tricking the user into giving them macOS home directory access with virus scanning and clear cache options. When this permission was granted, the apps were able to abuse access privileges by gathering browser-history data from Chrome, Firefox and Safari. This data was then sent back to suspected malicious operators. What Does This Mean For Your Business? This is not the first time that there have been reports of dodgy apps lurking in legitimate stores. For example, back in January, 36 fake and malicious apps for Android that could harvest your data and track your location, masquerading as security tools were discovered in the trusted Google Play Store. All had reassuring names such as Security Defender and Security Keeper, and many performed some legitimate tasks on the surface, such as cleaning junk, saving battery, scanning, and CPU cooling, but all were found to be hiding malware, adware and tracking software. Apple generally has a good brand reputation with regards to security so it will undoubtedly be very unhappy to have its name and the store that it curates associated in any way with any malicious apps. This story is another reminder that, when it comes to apps, even though the obvious advice is to always check what you are downloading and the source of the download, the difference between fake apps and real apps can be subtle, and even Apple (in this case) didn’t immediately spot the hidden aspects of the apps. Also, we often don’t have the time to make checks on the apps that we download, and good reviews and the ‘halo effect’ of the good name of the store that they’re in are often enough of a recommendation for us to act. The fact that many of us now store most of our personal lives on our smart phones makes reports such as these all the more alarming, and can undermine our confidence in (and cause costly damage to) the brands that are associated with such incidents. To minimise the risk of falling victim to suspect apps, users should check the publisher of an app, check which permissions the app requests when you install it, delete apps from your phone that you no longer use, and contact your phone’s service provider or visit the High Street store if you think you’ve downloaded a malicious / suspect app. The bad publicity from this story may also make Apple keen to review its systems and procedures for checking the apps that are offered in the store that it curates. |
Businesses Set For Augmented Reality
A report based on research by IT Consultancy Group Capgemini has predicted a big shift towards the use of virtual reality and augmented reality by businesses over the next 3 years.
Mainstream Soon
The results of a survey of 700 business executives across multiple sectors show that 46% think that VR and AR technologies will become a major part of their organisation in the next 3 years. Nearly 40% also said that VR and AR would be mainstream in just 5 years.
Based on the findings of its survey, Capgemini thinks that half of all businesses not already using AR and VR technology will start using it as they accept the value-adding and cost-saving benefits that it brings.
Good Results, So Far
The report showed that 82% of businesses already using AR and VR tech said it’s either exceeding or meeting their expectations in terms of can enhancing productivity, efficiency and safety in the workplace.
Driven
The optimism and positive predictions for AR and VR being used by businesses is not just being driven by the positive reinforcement of those who are ready using them, but also by the impressive evolution of immersive technology in a short space time of time.
Relevance?
Some companies may be struggling to see how AR and VR could be applied to their businesses now unless it makes up part of a product, but tech commentators believe that some of the most popular areas where they will be used are in offering remote real-time support to customers and in training staff.
Limitations
Two of the key challenges to the growth of the use of AR and VR by businesses in the UK are a shortage of skilled people (the UK has a tech skills gap) and a shortage of investors.
What Does This Mean For Your Business?
The results of the Capgemini survey show promise and optimism for AR and VR being used by businesses to add value and gain a competitive edge in the marketplace, in much the same way that AI is being embraced and is producing good results.
It is unfortunate that UK businesses are still facing a challenge to their use of technology for growth because of a skills gap that was exacerbated by Brexit fears. As far as this challenge goes, the UK government, the education system and businesses need to continue to find ways to work together to develop a base of digital skills in the UK and to make sure that the whole tech eco-system finds effective ways to address the skills gap and keep the UK’s tech industries and business attractive and competitive. This can only help to boost AR and VR development in business.
It is also a shame that the UK, which wants to be a technology centre, is also at a disadvantage in terms of investors compared to places such as the US and China. Capgemini suggests that UK businesses can meet this challenge by streamlining investment to seize the long-term growth potential of AR and VR technology. Also, Capgemini’s report suggests that in order to leverage the business value of AR and VR, UK companies should adopt a centralised governance structure, as well as proofs of concept that are aligned with business strategy, and that they should work on employee change management in order to able to drive innovation in these new fields.