Privacy News Roundup 22 December 2016

European Court of Justice says UK Snoopers’ Charter is illegal

Europe’s highest court has ruled that the “General and indiscriminate retention” of emails and other electronic communications, enshrined by the UK’s recent Investigatory Powers Act, is illegal.

According to the ruling by the European Court of Justice (ECJ) in Luxembourg, only targeted interception of internet traffic and location data to fight organised crime, including terrorism, is justified.

The court case came about due to the legal challenge in the wake of Britain’s referendum outcome to leave the European Union, brought forward by Conservative Party secretary David Davis and Labour deputy leader Tom Watson. The challenge questioned the legality of bulk collection of call and message data by GCHQ and was supported by several privacy rights groups, including Liberty, the Law Society, Privacy International and the Open Rights Group. The MPs secured a high court victory, though the Government appealed and the case was referred to the ECJ. The case will now be decided by the court of appeal in accordance with UK legislation.

The MPs argued that the Data Retention and Investigatory Powers Act (DRIPA), introduced in 2014, was illegal. DRIPA has since been replaced by the Investigatory Powers Act, which will come into place at the end of 2016. The main point in contention is whether or not EU standards on data retention apply to specific member state legislation. Of course, once the UK has withdrawn from the EU, the ECJ’s jurisdiction will no longer apply.

In the most recent ruling, the court said electronic communications allow “very precise conclusions to be drawn concerning the private lives of persons whose data has been retained”. Adding, “The interference by national legislation that provides for the retention of traffic data and location data with that right must therefore be considered to be particularly serious.”

In an earlier ruling, Davis argued that the British government was “treating the entire nation as suspects” as well as ignoring safeguards on storing and accessing user data.

European_Court_of_Justice_(ECJ)_in_Luxembourg_with_flags_0017_(1674479483)
Europe’s highest court has ruled the mass retention of emails and other electronic communications, enshrined by the UK’s Snoopers’ Charter, to be illegal illegal. Source: Wikipedia.

First Aussie Pirate Bay block overturned in seconds

In the first case of its kind, the Australian ISP Telstra blocked access to The Pirate Bay. However, the blocking method used was the most basic option allowed under the Federal Court’s order, and as such has been overturned in a matter of seconds.

A case was brought by several large rights holders this month, including Disney, Foxtel, Paramount, 20th Century Fox, Roadshow Films, that now obliges over fifty ISPs across Australia to block access to specific pirate sites. The list of blocked sites include The Pirate Bay, TorrentHound, IsoHunt, SolarMovie and Torrentz.

Telstra began blocking on 20th December with the Pirate Bay being its first target. Users attempting to visit the site were met with a censoring landing page, in line with the orders of the Federal Court. From the options available, it seems that Telstra used DNS blocking, the method most easily broken. The block was broken in seconds and many users are now choosing to configure their devices to use Google’s DNS instead of Telstra’s.

In light of the easy overturning of the block, other ISPs might choose a more secure blocking method that cannot be reversed by changing DNS settings.

australia pirate bay
Australian ISP Telstra’s DNS-level block of The Pirate Bay has been quickly circumvented by web users.

700 million Android phones are pre-installed with spying firmware

Security experts at Kryptowire revealed recently that the Chinese company Adups used pre-installed apps to spy on users with Blu smartphones. It’s believed that the impact has spread to other Android device manufacturers.

Adups facilitates over-the-air updates for mobile devices with its firmware pre-installed on many devices. The firmware does more harm than it claims, however, since it has the ability to spy at will on users’ data without their knowledge.

Another online security firm, Trustlook, compiled a huge list of the devices that utilise Adups and could be exploited by the Chinese company to spy on data. Trustlook has stated that over 700 million Android smartphones have the firmware installed, which puts mobile data, including text messages, call histories and files stored on the device at risk. All of this data can be accessed without the user ever consenting.

A lot of the manufacturers who utilise Adups are smaller companies who only sell devices in Asia or smaller markets, though there are a few more well-known manufacturers on the Trustlook list, including Lenovo, ZTE and Blu. Since the Blu R1 HD, the first device known to harbour the firmware, Adups took action to stop the retention of user data, though now it’s important that the manufacturers on the list do the same. For users who are concerned about the risk, it’s advisable to update your phone as often as possible, as well as installing available security patches.

Android VPN
Security company Kryptowire has exposed Chinese company Adups to have used pre-installed apps to spy on users with Blu smartphones without their consent.

Leave a Comment