The Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world.
A recent executive decree from Peru’s government compels all telecommunications companies and Internet service providers to store traffic data for three years. Assuming that the decree holds, telcos will be forced to provide police with individual user data from these logs upon their request. Issued one day before Peru’s independence day, the decree explicitly states that the police should have access to geolocation data without a warrant or court order, and that this data is not protected under the Peruvian Constitution. Peruvian lawyer Miguel Morachimo told the Electronic Frontier Foundation:
Any policy like that is controversial in itself, but the fact that it was directly approved by the Executive Branch without prior debate and in the middle of national holiday season is especially undemocratic.
The decree has significant potential for abuse of its new powers. It ignores the fact that most cellphones today constantly transmit detailed location data about every individual to their carriers, and that all this location data is housed in one place—with the telecommunications service provider. This will leave Peruvian police with access to more precise, more comprehensive, and more pervasive data than would ever have been possible under previous policies.
Pakistan is also planning to expand its surveillance capabilities, which could include monitoring broadband Internet traffic, phone records, and cellular data transmissions, according to a report by Privacy International. The Verge notes that because Pakistan already has stringent registration requirements, such as a national biometric ID program and SIM card registration by fingerprint, these bulk surveillance plans may be particularly invasive.
Lebanon used Angry Birds to infect devices with Hacking Team malware
Emails leaked after Hacking Team’s systems were hacked in early July—and now searchable on WikiLeaks—indicate that Lebanon’s Interior Security Forces, General Security office, and Cybercrime Bureau all pursued contracts with the Milan-based surveillance-software maker. Emails suggest that Security Forces personnel were able to successfully infect target devices with the help of Hacking Team staff, and that they created a technical “backdoor” in the devices (a virtual channel through which authorities can monitor a user’s activities) by exploiting a security flaw in Angry Birds.
These revelations confirm what various bloggers and political activists had suspected after they were summoned for questioning by the Cybercrime Bureau. Beirut-based technology journalist Habib Battah described the bureau’s approach in June:
In some cases, bloggers have claimed that police agents tricked them into giving up information by sending malware to their computers, a practice [Major Suzan Hajj Hobeiche, head of the Cybercrime Bureau] seemed to endorse by claiming “ethical hacking” used by law enforcement is sometimes needed to protect the greater good. Yet, increasingly that greater good seems to be defined by the interests of the wealthy and well-connected. …many activists and lawyers worry that the bureau is unregulated and poses a threat to free speech.
UK High Court strikes down discrete data retention practices
In slightly better news from the world of digital surveillance, a UK High Court ruled against data retention laws that allowed the government to order telecommunications companies to retain their users’ metadata for one year stand. The reason: The laws failed to require authorities to obtain judicial approval prior. The court also took issue with the lack of “clear and precise rules” for the collection of data in the Data Retention and Investigatory Powers Act 2014 (sections 1 and 2). The Home Office says it will appeal the decision.
Malaysia blocks news website in face of public finance investigation
Malaysia blocked news website the Sarawak Report and suspended two local papers after they published investigative reports on the suspicious transfer of US$700 million from a government-managed investment fund into the personal bank account of Malaysian Prime Minister Najib Razak. While there is evidence that the government has censored the Internet in the past, this marks the first time it has publicly acknowledged doing so. Although the Malaysian Communications and Multimedia Commission claims that the block was carried out legally under the Communications and Multimedia Act of 1998, the law does not sanction censorship of online websites.
Is YouTube headed for Russia’s Internet blacklist?
Russian media and Internet watchdog Roscomnadzor issued an official warning on July 22 to YouTube that the site may be added to the country’s Internet blacklist for copyright violations. The warning comes after the Moscow city court ruled that copyright was violated when two Russian TV shows were uploaded to YouTube. Though YouTube took down the videos, others were subsequently uploaded. Roscomnadzor reported seeing 137 copies on the site as of July 20.
Transparency reports: When it comes to takedowns, copyright is king
The online marketplace Etsy shut down more than 168,000 accounts over the year 2014, according to its first transparency report. It shut down 3,993 shops for violations of Etsy’s intellectual property policy and disabled 176,137 listings in response to DMCA takedown requests. However, the majority of the shutdowns were for non-IP related issues, such as spam and the sale of items prohibited on the site. New Zealand marketplace Trade Me and US web performance and security company Cloudflare also issued new transparency reports this week. Meanwhile, Vodafone has published its second annual transparency report, which it calls the “Law Enforcement Disclosure Report.”
- Politics, Rumors, and Ambiguity: Tracking Censorship on WeChat’s Public Accounts Platform – Jason Q. Ng/Citizen Lab
- Exploring Zero-Rating Challenges: Views from Five Countries – Public Knowledge
- Digital Rights and Business: A Primer on Risks and Solutions for the ICT Sector – Access