EDRI - Security

ENDitorial: How antivirus vendors handle state-sponsored malware

bogdan — Wed, 20 Nov 2013 18:34:17 +0000

Last month, an international coalition of civil rights organizations and academic experts asked antivirus software vendors how they handled state-sponsored malware. Some of them already responded and the responses are interesting.

The letter, drafted by Bits of Freedom and signed by organisations such as EDRi, several EDRi-members and security experts such as Bruce Schneier, was sent to various antivirus companies (see below for a complete list). The coalition writes in the letter that these companies have a vital position in providing security and maintaining the trust of internet users engaging in sensitive activities such as electronic banking.

Has Switzerland become a center of spy technology exports?

bogdan — Wed, 09 Oct 2013 16:35:21 +0000

On 26 September 2013, Privacy International sent a letter to Ueli Maurer, Head of the Swiss Federal Department of Defence showing concern regarding the many companies asking for licenses to export surveillance technology from Switzerland.

Some media reports revealed in August 2013 that companies such as Gamma International (well known for the notorious malware soft FinFisher), are seeking licenses to export their technologies from Switzerland.

This has led to a quick reaction from Privacy International which wrote to more than 70 Swiss lawmakers, drawing attention to the issue.

The letter “detailed the human rights and foreign policies that Switzerland has championed internationally, including ensuring that businesses operating in Switzerland should exercise a duty of ca

FBI was controlling servers located in France

bogdan — Wed, 25 Sep 2013 18:20:40 +0000

The FBI admitted on 12 September 2013 that, in late July, it had secretly taken control of some servers located in France in order to plant a malware within a police action.

The agency has introduced the spyware on web pages hosted by Freedom Hosting, meant for Tor anonymization network.

Belgium ISP under cyberattack by British intelligence

bogdan — Wed, 25 Sep 2013 18:11:24 +0000

Edward Snowden’s opened Pandora box keeps revealing extended eavesdropping of intelligence services.

Dutch police wants to hack their citizens' devices

bogdan — Wed, 08 May 2013 16:59:52 +0000

This article is also available in:
Deutsch: Niederlande: Polizei will die Geräte ihrer Bürger hacken

The police should be allowed to hack into mobile phones and computers, even when these are located abroad. This is proposed in a draft law by the Dutch government on 2 May 2013.

While this appears to be a powerful asset for law enforcement, in reality it creates unnecessary vulnerabilities for citizens. Also, the proposal ignores several alternative solutions. The police already has the necessary means to fight cybercrime, but fails to apply them, due to limited resources and knowledge.

ENDitorial: Germany sees a "septimana horribilis" in Net politics

bogdan — Wed, 27 Mar 2013 19:07:57 +0000

This article is also available in:
Deutsch: ENDitorial: Eine Woche des Schreckens für die deutsche Netzpolitik

In Germany, political developments in the last week have been perceived as a frustrating defeat by the "Internet community", as three legislative measures that had been heavily criticised (and ridiculed) have progressed in the Parliament.

On 20 March 2013, "De-Mail", Germany's standard for "court-proof" electronic communications and document exchange between citizens, authorities and businesses, was discussed in a hearing in the Committee on Internal Affairs of the Bundestag (the "lower house" in Germa

Human rights orgs ask OECD to investigate surveillance companies

bogdan — Wed, 13 Feb 2013 21:03:44 +0000

This article is also available in:
Deutsch: Überwachungsfirmen: Menschenrechtsorganisationen fordern OECD-Untersu...

In the beginning of February 2013 several human rights organisations, including Privacy International, the European Center for Constitutional and Human Rights, the Bahrain Center for Human Rights, Bahrain Watch and Reporters without Borders, filed formal complaints against surveillance software firms Gamma International and Trovicor.

The OECD (Organisation for Economic Cooperation and Development) National Contact Point (NCP) in the UK was asked to investigate Gamma International regarding

ENDitorial: Questions on the draft Directive on Cybersecurity Strategy

bogdan — Wed, 16 Jan 2013 19:15:46 +0000

This article is also available in:
Deutsch: ENDitorial: Fragen zum Entwurf für eine Strategie und eine Richtlinie...

A draft of the already announced EU Directive on Cybersecurity Strategy that is circulation in Brussels seems to be totally misguided, in EDRi's opinion.

The Commission seeks to put ENISA at the heart of a network to act as an early warning system for bad stuff on the Internet, which is good. What is wrong is that instead of pulling together police forces, CERTs and service providers, ENISA seeks to set up a classified network of military and intelligence

Major data leak at the Belgium railway company

bogdan — Wed, 16 Jan 2013 19:10:28 +0000

This article is also available in:
Deutsch: Schwere Datenpanne bei der belgischen Bahn

At the end of December 2012, the personal data of more than one million customers of the Belgian train company SNCB Europe were available on-line, at a simple query in a search engine. The data contained in the SNCB database included names, email addresses and even, in some cases, phone numbers and home addresses.

Commission's own internal review condemned CleanIT's incoherence and cost

kirsten — Wed, 09 Jan 2013 11:21:09 +0000

The CleanIT project has received a huge amount of criticism from outside of the EU institutions. But imagine if the Commission had been alerted to the incoherence of the planned project. Imagine if, before investing 325.796 Euro in CleanIT, the European Commission had been warned that the project lacked methodology and did not represent value for money. Imagine if the Commission's independent checks of the initial proposal gave the project a “value for money” rating that was substantially less than half the minimum average score necessary.

Remarkably, this is exactly what happened.