Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] 'bullet proof' hosting

Eric King eric at privacy.org
Tue Aug 23 16:44:24 PDT 2011


Beware of some of the lawful access regimes in Europe - particularly Sweden. The powers granted under their FRA law were only curtailed at the last moment, and it still isn't brilliant. 

There were a number of government bills in 2006 that extended the use of secret surveillance, including inter alia a bill to allow telephone tapping for preventive reasons as well as bugging of conversations with the help of hidden microphones. On 31 May 2006 the Parliament decided to postpone discussion on the bill for at least a year and "insisted that safeguards against abuse of power be introduced into the bill, including an obligation for police to inform those subject to secret surveillance whenever this is considered safe for investigative reasons."[66] In 2007, a proposed bill would allow the National Defence Radio Establishment (Försvarets Radioanstalt, FRA) permission to use data mining software to search for sensitive keywords in all phone and email communications passing through cables or wires across the country's borders without a court order.[67]Until then the FRA could only listen to radio transmissions and did not have the authority to monitor and analyse Internet data traffic.[68] The FRA would need approval from a parliamentary committee on military intelligence affairs and would only be permitted to "tap into communications through pattern analysis and key word searches, and would not be entitled to target specific individuals."[69] Before this bill was approved on 18 June 2008, such traffic could only be monitored with court approval if police suspected a crime, although the agency was free to spy on airborne signals, such as radio and satellite traffic. The new legislation became widely controversial and has posed a threat to cross-border communications.[70]It allows for the interception of e-mail, telephone and faxes, and is therefore a threat to anyone dealing with a Swedish organisation.[71] Even where domestic Internet communication is intended for two persons residing in Sweden, the same information may cross national borders through Germany, Denmark, and the USA.[72] The implication is that people residing outside of Sweden, as well as Swedes, may be subject to the surveillance of FRA.[73]

The FRA wiretapping law adopted on 18 June 2008 consists of four statutes: a newly adopted statute on signals intelligence and changes in three other statutes.[74] "FRA has a mandate to search for 'external threats’, which involves everything from military threats, terrorism, IT security, supply problems, ecological imbalances, ethnic and religious conflicts, and migration to economic challenges in the form of currency and interest speculation."[75] Causing further controversy is the lack of any requirement that the FRA should have a reason to suspect crime or need a court order before being allowed to conduct surveillance of Swedish residents.[76] After criticism by privacy groups and a massive public debate about such sweeping powers, the Act was amended.[77] In addition, "a legal complaint has been made to the EU in July about this Act's possible breach of the EU's privacy and discrimination law with regard to cross-border legal consultations."[78]The European Commission, who would have to bring formal infringement procedures against Sweden, has not yet made any such action.[79]

The law was supposed to enter into force by January 2009 but after the massive debacle surrounding the issue in Sweden, the government proposed a modified bill that included a number of privacy improvements to the original legislation. Among other aspects, the details of FRA monitoring are now subject to political scrutiny and the FRA must seek permissions for every search made. The amendment was approved by the Parliament on 14 October 2009 and the new, restricted competences of the FRA came into force on 1 December of the same year.[80] As of September 2010, the FRA has still to initiate its surveillance scheme. Technical problems regarding access points as well as resistance from some Internet service providers have allegedly delayed the actual surveillance from starting.

https://www.privacyinternational.org/article/sweden-privacy-profile

Eric

On 24 Aug 2011, at 00:27, Moritz Bartl wrote:

> On 23.08.2011 21:11, Miles Fidelman wrote:
>>> With this in mind, can anyone suggest any methods for 'bullet proof'
>>> hosting that functions under a jurisdiction that upholds freedom of
>>> expression in ways that don't lead to such 'take down' notices?
>> The obvious strategy is to mirror on multiple hosts in different
>> jurisdictions, and make sure that domain registration and nameservice is
>> in a country that values freedom of expression (or is spammer friendly).
> 
> I agree.
> 
> It is best to approach potential hosters up front with a description of
> the project and worst case scenarios/attacks (complaints, takedown
> notices, etc). Sweden and the Netherlands were mentioned to have pretty
> good privacy laws, and for most cases it is not necessary to go with
> advertised "bullet proof" ISPs such as PRQ, which in general are very
> pricey. Iceland is even more expensive. Another well known decent
> privacy ISP for example is shinjiru in Malaysia (
> http://www.shinjiru.com/ ). If you need more detailed recommendations, I
> can compile a larger list of potential ISPs to contact, but again, it
> should not be hard to find 2-3 good ISPs in different jurisdictions
> willing to stand some heat.
> 
> -- 
> Moritz Bartl
> https://www.torservers.net/
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
> 
> You will need the user name and password you receive from the list moderator in monthly reminders.
> 
> Should you need immediate assistance, please contact the list moderator.
> 
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20110824/9515eb25/attachment.html>


More information about the liberationtech mailing list