Category Archives: LAWS

Twitter abandons ‘Do Not Track’ privacy protection

Is this the end for ‘Do Not Track’, the web-tracking privacy service?

The most shocking internet privacy laws.

Twitter was one of the first companies to support Do Not Track (DNT), the website privacy policy. Now, Twitter is abandoning DNT and its mission to protect people from being tracked as they wander over the web

DNT seemed like a good idea. By setting DNT on in your web browser, websites that supported DNT could neither place nor read advertising cookies on your device. Well, that was the idea anyway.

Any web browser or application that supported DNT added a small snippet of code to its request for a web page: DNT=1. This meant websites and services that observed DNT shouldn’t track you on the internet.

This would protect your online privacy. You might think that meant “Don’t collect and store any information about me without my explicit permission.”

Wrong.

From day one in 2012, that isn’t how it worked. According to Sarah Downey, an attorney and privacy advocate, the Interactive Advertising Bureau and the Digital Advertising Alliance (DAA), which represent most online advertisers, have their own interpretation of Do Not Track: “They have said they will stop serving targeted ads but will still collect and store and monetize data.”

However, Twitter played fair by the spirit of DNT rather than the law. Unfortunately, they were one of the few companies that did. DAA, for example, publicly abandoned DNT in 2013. With the advertisers and privacy advocates unable to agree on basic principles, DNT increasingly offered users no privacy protection worth the name.

Twitter finally had enough of fighting an already lost battle. In a note to its revised privacy policy, the company stated: “Twitter has discontinued support of the Do Not Track browser preference. While we had hoped that our support for Do Not Track would spur industry adoption, an industry-standard approach to Do Not Track did not materialize. We now offer more granular privacy controls.”

Under its new privacy rules, Twitter is extending how long its tracking cookies are active, from 10 days to 30 days as of June 18. You can also switch off Twitter ad personalization. From the same page, you can also disable geolocation and data sharing with third parties.

It’s a pity DNT has come to this. As Jason Kint, CEO of Digital Content Next, pointed out in an email interview: “Do Not Track still remains an elegant and simple consumer signal to not be tracked across the broader web.”

Kint remains hopeful about DNT: “Twitter dropping its support is disappointing as they were a leader here, but the standard is written regardless of what Twitter says and will continue to move forward. In the desire to regain consumer trust and reduce ad blocking, the ad tech world would be wise to embrace Do Not Track rather than ignoring it. Ultimately consumers win. No business has ever succeeded long-term without meeting consumer demands.”

I’m not at all optimistic. DNT has been spinning its wheels for years now with little progress. Online privacy remains an issue that upsets people, but at day’s end, neither companies nor the Trump administration have any real interest in protecting privacy.

Henry Sapiecha

Lawyers and insurers set for data breach payday

Soon, in Australia, Europe, and the UK, organisations that suffer a data breach must be able to show that they’d taken reasonable steps to prevent it. Time is running out.

Australia’s mandatory data breach notification laws come into force in February 2018. Europe’s General Data Protection Regulation (GDPR), which also requires breach notification, becomes law in May 2018. Brexit or not, the UK will also have to comply.

“[GSPR] will continue to apply to all businesses exporting goods or services into the European Single Market, regardless of any future legal and regulatory settlement reached by the UK with the EU,” wrote Peter Wright, managing director of DigitalLawUK, and chair of the UK Law Society’s Technology and Law Reference Group.

So where are we all up to here?

My reading is that we only have hints as to what’s required, and that we won’t really know until the lawyers get to work.

Wright has some security advice for UK law firms that really should be standard practice everywhere.

“Make sure that whatever medium you are using to either store or transmit personal data — in particular, data relating to your clients — is secure and encrypted,” he wrote.

Wright warns against “free cloud-based systems like Dropbox or Google Drive to communicate with clients or receive confidential data” because they’re not encrypted, but that’s no longer the case. Both Dropbox and Google Drive now encrypt customer data at rest, as does Apple’s iCloud.

But Wright’s general point about using unencrypted file sharing services stands. “You are effectively in legal and regulatory breach by using them for client-related activity as their servers are based in the cloud and most likely in the United States,” he wrote. And of course encrypted file storage is irrelevant if a user’s credentials are compromised through a phish.

Wright’s final observation is, to my mind, the most frightening.

“If firms have already not begun work on achieving compliance with the GPDR, they will find it impossible to achieve full compliance by May 2018. At this point, it’s a matter of working out how uncompliant you wish to be. You will have to cherry pick what you can and cannot afford to comply with, and put the rest in place as quickly as possible,” he wrote.

UK and European organisations still have an entire year to get compliant with their new laws. Australian organisations, somewhat less, although it could be argued that compliance with Australia’s laws would be easier. But is that really the case?

Australia’s Privacy Act says that the steps taken to protect personal information must be “reasonable in the circumstances”, but there haven’t been enough real-world cases to understand what that might mean.

Well how about the standard set by the Australian Signals Directorate (ASD) with its Essential Eight Strategies to Mitigate Cyber Security Incidents, released in February?

“The eight mitigation strategies with an ‘essential’ effectiveness rating are so effective at mitigating targeted cyber intrusions and ransomware, that ASD considers them to be the cyber security baseline for all organisations,” the ASD wrote.

The Essential Eight includes measures that we know many organisations don’t implement: application whitelisting; getting rid of Adobe Flash; installing ad blockers; disabling untrusted Microsoft Office macros; multi-factor authentication; or even securely-stored daily backups.

If experts like the ASD consider all these to be “baseline”, wouldn’t a lawyer argue that failing to implement the Essential Eight is failing to take “reasonable steps”? I guess it depends on “the circumstances”, right?

I’ve previously written that once we seen the first data breaches being disclosed, the lawyers will follow. What I didn’t consider was the insurance industry.

Cyber insurance is already the fastest-growing sector of the insurance market, according to Nick Abrahams, a partner with law firm Norton Rose Fulbright, and their APAC technology practice leader. Counter-intuitively, better insurance cover means that the lawyers are far more likely to swoop in for the kill.

“We know that the class-action law firms are looking at cyber as their next big opportunity,” Abrahams told the the InnovationAus.com conference Cyber Security — the Leadership Imperative 2017 in Sydney last week.

“If there’s 100,000 people impacted [by a data breach], or a million people, and they can all be awarded $1000 or $2000, that’s a class action,” he said.”

“The US has a massive amount of class actions in relation to privacy breaches, and the reason those class actions occur is because people know that there is insurance there to back it up,” Abrahams said. He expects a “steep rise” in litigation.

While it’s fast-growing, the cyber insurance industry is “quite immature”, especially in Australia, and “all the policies are completely different”, according to Andrew Bycroft, chief executive officer of The Security Artist.

“It’s not even like comparing apples and oranges, it’s like comparing apples and dogs,” Bycroft told the same conference.

“A lot of the insurers are actually taking on a lot of unnecessary risk. For example, they wouldn’t provide home and contents insurance for people who have houses with no doors, but what I’ve seen them doing is actually offering policies to organisations which are pretty poor in terms of their resilience capabilities.”

Bycroft says that insurers might want to work with potential customers to improve their security posture before selling them insurance.

Craig Davies, chief executive officer of the new Australian Cyber Security Growth Network (ACSGN), wasn’t exactly thrilled with that suggestion.

“A marketplace driven by insurers can only be fantastic,” Davies told the conference, to nervous audience laughter. “If I had no ethics I’d certainly invest in buying insurance and selling insurance for cyber right now. You could make a fortune.”

Yes, there’s plenty of money to be made, by insurers, by lawyers, and by the cybersecurity industry that cleans up the mess. Or, ideally, fixes things before there’s a mess to clean up.

Somewhere in there, we might even manage to better protect people’s personal information.

Henry Sapiecha

Police illegally accessed journalist’s phone files under new metadata retention regime

The Australian Federal Police illegally obtained a journalist’s phone records under the Turnbull government’s new metadata retention regime, the agency announced on Friday.

The breach took place as part of an investigation into a leak of confidential police material – and the incident will now be investigated by the Commonwealth Ombudsman.

AFP commissioner Andrew Colvin said the police officers investigating the leak did not realise they were required to obtain a warrant to access the journalist’s metadata.

“This was human error. It should not have occurred. The AFP takes it very seriously and we take full responsibility for breaching the Act,” Mr Colvin said.

“There was no ill will or malice or bad intent by the officers involved who breached the Act. But simply it was a mistake.”

The journalist in question had not been informed their data had been accessed, Mr Colvin said, due to sensitivities around the ongoing investigation into the leak.

The breach occurred “earlier this year” and was reported to the Ombudsman on Wednesday.

Under the revised data retention regime, police are required to obtain a warrant from a judge to seek metadata from a journalist.

“The vulnerability is the investigator needs to understand that that’s their requirement,” Mr Colvin said on Friday. “On this occasion, the investigator didn’t.”

The phone records in question were relevant to the investigation, Mr Colvin said, but “what was improper was that the right steps weren’t taken to gain access to it”.

The breach is the first such incident that has come to light under the government’s new metadata retention regime, which requires service providers to store their customers’ data for two years.

Acknowledging the policy was “controversial”, Mr Colvin said Australians should nonetheless have “full confidence” in both the police and the policy.

He conceded the AFP’s internal procedures had not anticipated and prevented the error and therefore those practices would be subject to “significant changes”.

Access to metadata would now be restricted to more senior officers, he said, and the number of officers who can approve access to metadata will be reduced. Training will also be bolstered.

Asked if the unlawfully-obtained phone records would still be relied on to inform the actions of investigators, he acknowledged that once seen it could not be unseen.

“Clearly they can’t unsee it. They’ll need to consider … what weight they put on what they saw,” Mr Colvin said. “But that material was accessed illegally, so it can have no bearing on the conduct of the investigation.”

He stressed the content of the journalist’s phone calls were not accessed, just the call records. But Paul Murphy, chief executive of the Media, Entertainment and Arts Alliance, said that was not a mitigating factor.

“It’s another demonstration that the AFP do not understand the sensitivities here, the vital importance of protecting journalists’ confidential sources,” he said. “It’s an absolute disgrace.”

South Australian senator Nick Xenophon, who lobbied for extra safeguards for journalists when the laws were formulated, said he was “furious” about the revelation and would seek further amendments to the law.

“This is outrageous. There’s been a flagrant breach of the law here,” he said. “The safeguards have been completely trashed. This should chill the spine of every journalist in this country.”

www.policesearch.net

www.ispysite.com

www.scamsfakes.com

Henry Sapiecha

This Algorithm & Robots Decides Crime Cases Almost As Well As A Judge

A Robotic computer program could help relieve the massive backlogs facing the world’s highest courts

justice-scales-gif image www.crimefiles.net

A computer algorithm took on the work of real human judges and did a pretty good job, predicting the decisions of one of Europe’s highest courts with 79 percent accuracy. The finding suggests artificial intelligence could help the world’s busiest courts work through their massive backlog of cases, even if an algorithm isn’t about to take up a digital gown and gavel and start actually deciding cases.

The AI analyzed cases tried before the European Court of Human Rights, which hears cases from people and groups who claim their civil or political rights have been violated in their home countries. An international team of computer scientists worked with a legal scholar to determine just how well AI could predict the court’s ultimate judgement based on how the written decision described the factual background of the case and the arguments of the parties involved. They found it agreed with the judges’ decision four of five times — and that the underlying facts of the case were by far the best predictor of the outcome of a case, rather than any of the more abstract legal arguments.

“The fact that we can get this accuracy, it means that there are some consistent patterns of violations that lead to overturning the [previous court’s] decision,” University of Pennsylvania computer scientist Daniel Preoţiuc-Pietro told Vocativ.

That suggests the court is typically less concerned with parsing philosophical questions of whether a specific instance is a human rights violation than it is determining how that situation fits into their already defined categories of violations. Preoţiuc-Pietro pointed to the example of people who allege mistreatment in prison as a situation that typically led to decisions in those people’s favor. “That’s definitely more likely for the court to actually accept that the state made a mistake and the people involved were actually justified,” he said.

More U.S. Military Wants Robots That Can Explain Themselves

The AI used what’s known as natural language processing to analyze the cases. This particular method involved looking at the text of a decision as a big bag of words, not worrying about any particular word order or grammar. Instead, the AI looked at what individual words and combinations of two, three, or four words appeared most frequently in the text, regardless of order. The AI then looked at all these combinations, known as N-grams, and clustered them into different overall topics.

The court’s decisions include lengthy sections recapping not only the factual background of the cases but also the original arguments made by the parties in the case. This gave the AI a broad sense of what each text was talking about and gave it the context necessary to predict the outcome of the case, which it did correctly in nearly four out of every five cases.

But that doesn’t mean the researchers are hoping to see AI judges anytime soon.

“We’re not advocating for automating any decisions,” said Preoţiuc-Pietro. “Decisions should still be made by the judges.” Where the AI can make a difference is in helping determining which cases make it to the judges in the first place.

More Artificial Intelligence Writes Extremely Bad Harry Potter Fan Fic

In 2015, the researchers found that nearly 85,000 petitions were submitted to the court, of which just 891 were actually decided upon. All the rest were thrown out as inadmissible, meaning the court couldn’t take them on and the previous decision by a lower court would have to stand. The European Court of Human Rights relies both on individual judges and committees to work through all these cases and figure out which are worth bringing to the actual court’s attention. Last year, that meant the entire court apparatus had to process more than 230 cases every single day, making it a huge challenge just to give each petition the human attention it deserves.

Artificial intelligence, by contrast, could zip through 85,000 petitions and decide which were most likely to be worth the court’s time, based on how similar each petition is to the court’s previous cases. Preoţiuc-Pietro suggested the algorithm could separate the cases into three groups based on the court’s prior history: those the court would likely rule on, those it likely would rule inadmissible, and those in a gray area. Committees could then devote more time to examining the cases already identified as being of uncertain status, rather than having them take valuable time doing all their own categorization.

“These committees are time-limited and beyond that very costly, so they can actually look at just the flagged cases which are more likely to be disputed and analyze them more thoroughly,” said Preoţiuc-Pietro, “while the others they can be sent for just individuals and they don’t need to be scrutinized by more people.”

The goal then wouldn’t be to take the human element out of the law, but instead the complete opposite: The European Court of Human Rights and other bodies like it would have more time to focus more time on its most difficult cases, while the AI would separate out the cases that would likely just get thrown out anyway.

www.crimefiles.net

Russian_Girl_1_728_90

hs-sig-red-on-white

Henry Sapiecha

 

Fault Lines – Cyber-war video report

Cyberwar. A conflict without footsoldiers, guns, or missiles.

Instead the attacks are launched by computer hackers. Digital spy rings. Information thieves. Cyberarmies of kids, criminals, terrorists – some backed by nation states.

In the US there Is a growing fear that they pose a massive threat to national security, and a conviction that the world’s military superpower must prepare for the fight ahead.

At stake: Crucial national infrastructure, high value commercial secrets, tens of billions of dollars in defence contracts, as well as values like privacy and freedom of expression.

In this episode of Fault Lines, Josh Rushing enters the domain of “cyber” and speaks to a former US national security official turned cybersecurity consultant, a Silicon Valley CEO, a hacker, and those who warn of a growing arms race in cyberspace.

He asks: Is the US contributing to the militarisation of cyberspace? Are the reports of cyber threats being distorted by a burgeoning security industry? And are the battles being waged in cyberspace interfering with the Internet as we know it?

People featured in this film include: Josh Rushing, John Fraize, Darrel Covell, Rsignia, Keith Alexander, Redbeard, John Verdi, Jay Rockefeller, Olympia Snowe, Jim Lewis, Enrique Salam, Michael Chertoff.

DDG

Henry Sapiecha

US appeals court: Anti-hacking law applies to password sharing case

The 9th Circuit Court of Appeals ruling expands the scope of the already-broad Computer Fraud and Abuse Act.

cybersecurity_image www.intelagencies.com

A US appeals court on Tuesday ruled that the Computer Fraud and Abuse Act, a broad anti-hacking law passed in 2005, applies to a case in which a former executive gained access to his former employer’s confidential client data through a password that was voluntarily shared with him.

In a two-to-one ruling, a three-judge panel on the 9th Circuit Court of Appeals upheld the conviction of David Nosal, who used the information from his former employer — Korn/Ferry International — to start a new firm. He gained access to the data after his former secretary shared her password with him.

The ruling expands the already-sweeping scope of the CFAA, which imposes criminal penalties on anyone who “knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and bymeans of such conduct furthers the intended fraud and obtains anything of value.”

The Nosal case focused specifically on the question of whether he acted “without authorization”. The panel concluded that “‘without authorization’ is an unambiguous, non-technical term that, given its plain and ordinary meaning, means accessing a protected computer without permission”.

The court panel also upheld Nosal’s conviction for trade secret theft under the Economic Espionage Act.

In his dissent, the court summary of the ruling notes, Judge Stephen Reinhardt “wrote that this case is about password sharing, and that in his view, the CFAA does not make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals”.

The practice of sharing passwords isn’t uncommon, according to a SailPoint survey released earlier this year. It polled 1,000 office workers across six nations and found nearly one in three are willing to share passwords with their co-workers.

The CFAA — opposed by the Electronic Frontier Foundation for its scope — was also used to convict former Reuters editor Matthew Keys of helping Anonymous to deface the LA Times in 2010. Keys, who denied the charges against him, was sentenced to two years in prison.

UPDATE: This article was corrected to note that Keys was sentenced to two years in prison; he is not serving two years in prison.

www.crimefiles.net

www.scamsfakes.com

7fr57i

Henry Sapiecha

 

HACKER GETS 5MILLION IP ADDRESSES FROM ONLINE GAMING SERVER

Shane Stephen Duffy at the Brisbane Supreme Court image www.intelagencies.com

FROM the comfort of his bedroom, computer whiz Shane Stephen Duffy made more than $32,000 from computer gamers who paid him to access other people’s gaming accounts.

The 23-year-old hacker also attacked the computers of his online opponents, using knowledge of their IP addresses to slow their internet connections, allowing him to advance in the online game.

The IP address is the computer’s address on the internet and identifies that computer for that session or permanently.

At Brisbane District Court on Thursday, Duffy was sentenced for his crimes, including fraud, computer hacking and unauthorised impairment of electronic communication that occurred while he was living at Poona – near Hervey Bay – and Kingaroy.

Duffy, who now lives in Brisbane, pleaded guilty to the offences that occurred between May 2013 and March 2014 and was sentenced to jail with immediate parole.

League of Legends is an online computer game where players create an account and join a team that bands together to destroy an opposing team’s base.

In 2011, someone hacked into the database of the game’s LA-based publisher Riot Games and got hold of more than five million usernames and passwords for League of Legends.

It was not suggested Duffy was responsible for this hacking, but the court heard a copy of this database was found on his computer in 2013 and was also available on the internet.

The court heard Duffy made $32,000 from selling the usernames and passwords of online gaming accounts to other gamers.

In July 2013, Duffy and an associate he met online hacked into Riot Games and removed data from the server.

Judge Tony Moynihan said Riot Games spent hundreds of thousands of dollars to secure their systems.

Duffy also set up a website where players could launch attacks on their opponents’ computers using their IP address information.

Duffy’s defence barrister Patrick Wilson said doctors reports showed his client had a lack of understanding of how his actions impacted others.

He also said the offending happened at a low point in Duffy’s life, where he was restricted to his bedroom for a number of years and was traumatised by the death of his father.

Duffy was now socialising more and living a healthier life, the court heard.

Judge Moynihan said Duffy had no criminal history and he had taken constructive steps towards rehabilitation and reducing his risk of re-offending.

Duffy was sentenced to two and a half years in jail and was granted immediate parole.

He must also be of good behaviour for two and a half years. – ARM NEWSDESK

home finance generic banners (36)

Henry Sapiecha

10 things you should know about the Dark Web [Internet’s underbelly] but probably don’t

A basic overview guide to the Internet’s underbelly — the Dark Web

1…Deep or Dark?

black web keyboard operator image www.intelagencies.com

There’s a difference between the “Deep Web” and “Dark Web.” While the “Clear Web” is the surface area which is indexed by search engines such as Google and Yahoo, the Deep Web is an area search engines can’t crawl for or index. Plunging in further, the Dark Web is a small area within the Deep Web which is intentionally hidden from discovery.

skull crossbones line

2…How do you access the Dark Web?

2

You can’t use standard access methods to gain entry into the Dark Web. The most common method is through the Tor network, an anonymous network created from nodes which disguise online activity. In order to use Tor, you need the Tor browser, and may also need to be issued an invitation to access certain .onion domains hidden within the Dark Web.

skull crossbones line

3…Wait, Onion domains?

3

An .onion address is the result of Onion networking — low-latency communication designed to resist traffic analysis and surveillance. The use of Onion networking is not a perfect solution to maintain anonymity, but it does help disguise who is communicating with whom.

skull crossbones line

4…It’s not just drugs

1

Many of us heard when the underground marketplace Silk Road, one of the largest hidden within the Tor network, was taken down following an investigation by US authorities. However, there are many more vendors peddling their wares within the Dark Web. While drugs are the most commonly-thought of when it comes to the secretive area, you can also purchase a plethora of other illegal goods. Weapons, porn, counterfeit money and fake identities, hacked accounts and even hitmen can be found if you have the cash. If someone annoys you, sending over a SWAT team as a “prank” is also possible.

skull crossbones line

5…It’s also something of an eBay for peculiar items.

5

A quick browse and I could buy lifetime membership passes to popular services such as Netflix, old consoles, clothing, emulators and DVDs, a car or two and bulk weight loss pills. Technology is also popular — there is a wealth of devices available — both counterfeit and apparently legitimate — if you know where to look.

skull crossbones line

6…The Dark Web is used for more than buying and selling.

6

So-called “ethical” hacking and political forums, archives of forbidden books, tips on how to care for your cat — there are potentially thousands of private .onion addresses hosted which go beyond marketplaces.

skull crossbones line

7…Trading is hardly safe or risk-free

7

Whether you take a risk with buying bargain designer clothes on the Clear Web or sink a few Bitcoins in purchasing illegal items through the Dark Web, neither is risk-free.

Vendors and sellers might be trying to avoid the eyes of legal enforcement in the darker side of the Internet, but this doesn’t stop scams from taking place. Scam vendors and quick grab-and-run schemes run rampant — especially as there is no way to follow up with failed sales down the legal route.

skull crossbones line

8…Buying and selling through the Dark Web

4

How do you trade without being linked to bank accounts? Virtual currency is the most common method, which includes “tumbling,” a laundering process which destroys the connection between a Bitcoin address which sends virtual currency and the recipient in the hopes of covering a user’s tracks. Some vendors offer escrow services which holds Bitcoin in trust until goods have been delivered and both parties are happy — although value fluctuations linked to Bitcoin use makes this move risky.

skull crossbones line

9…Avoiding spying eyes

10

Aside from using the Tor browser and VPNs, a number of buyers and sellers use “Tails,” free software which can be booted from flash storage to provide end-to-end encryption for your browsing sessions.

To further cover their tracks, vendors and sellers will often also use public Wi-Fi hotspots to conduct their business.

skull crossbones line

10…Reddit is used as a communication platform for Dark Web transactions

8

Although far from exhaustive, the best Clear Web resource to bounce around and learn a little about the darker, nastier aspects of the Internet is on Reddit. There are sub-forums in which Dark Web vendors and buyers exchange news, thoughts and seller reviews. Advice is also issued on how best to “clean house,” create safe “drop” zones to pick up packages ordered from the Dark Web and what to do if you think law enforcement is keeping an eye on you.

skull crossbones line
 BBB
Henry Sapiecha

Apple Boss Tim Cook Says He’ll Defy Britain’s Government Spy Law Data Access Plan

Italy Apple Cook_image www.intelagencies.com

Apple CEO Tim Cook, right, listens to former Italian premier and President of Bocconi University Mario Monti as they attend the inauguration of the academic year at the Bocconi, in Milan, Italy, Tuesday, Nov.10, 2015. (AP Photo/Luca Bruno)

Tech giant Apple will resist the British government’s efforts to get access to encrypted data through a new spying law, CEO Tim Cook said Wednesday.

Last week, Britain published a draft law that seeks to ensure that telecommunication companies “provide wider assistance to law enforcement and the security and intelligence agencies in the interests of national security.”

That worries firms like Apple, whose iMessage service offers “end-to-end” encryption, meaning the company doesn’t have the ability to read messages sent over the app.

Cook told students at Trinity College Dublin that Apple didn’t plan to introduce a “back door” ability to decrypt the messages.

“We will productively work with the governments to try to convince them that’s also in their best interests in the national security sense,” he said.

Cook said weakening encryption would be bad for online security, because “if you leave a back door in the software then there’s no such thing as a back door for the good guys only.”

“If there’s a back door anybody can come in,” he said.

British Home Secretary Theresa May said last week that the draft Investigatory Powers Bill “will not ban encryption or do anything to undermine the security of people’s data.”

But civil liberties and privacy groups have expressed alarm at its provisions, which include requiring communications companies to hold onto customers’ web traffic records for up to a year. The draft bill also says service providers will be legally obliged to assist the authorities in getting access to customers’ devices.

The bill has yet to be approved by Parliament.

ig

Henry Sapiecha