Shhh… Google: No to Global ‘Right to Be Forgotten’ Order

Check out this Politico article below and my previous related columns on the same subject:


Google contests global ‘right to be forgotten’ order

Don’t make us apply European laws around the world, Google pleads.
By David Meyer
30/7/15, 5:59 PM CET
Updated 31/7/15, 5:38 PM CET

Google is appealing an order from the French data protection authority to apply the “right to be forgotten” on a global basis, the company said Thursday.

The Commission nationale de l’informatique et des libertés (CNIL) said in June that, when Google receives requests for the delisting of personal information from its search results, it should remove links to that information from all its sites around the world, including google.com.

The search giant currently only removes such results from its European domains, as the “right to be forgotten” stems from a ruling by Europe’s highest court.

Google has now formally asked CNIL to withdraw its order for global delisting.

“We’ve worked hard to implement the right to be forgotten ruling thoughtfully and comprehensively in Europe, and we’ll continue to do so,” said Peter Fleischer, Google’s global privacy chief, in a statement. “But as a matter of principle, we respectfully disagree with the idea that a national data protection authority can assert global authority to control the content that people can access around the world.”

The Court of Justice of the European Union ruled in May 2014 that EU-wide privacy legislation applies to foreign search engines operating in the region. It said search engines must take down links to information that is “inaccurate, inadequate, irrelevant or excessive” upon request, as long as there are no good reasons to keep them in its results.

Google went on to comply with the ruling, though a dispute remained between the firm and privacy regulators over the scope of the delinking.

Internet regulation is inherently complicated by the fact that the Internet does not naturally respect national borders. This leads to a tension between those who want to see national laws respected in the countries where they apply, and those who see international enforcement as the only way to make that happen.

While it is relatively easy to apply rules to country-specific versions of a website, such as those with addresses ending in Germany’s “.de” or France’s “.fr,” there is nothing to stop people visiting other versions of the site to find missing information.

The Article 29 Working Party, the umbrella group for EU data protection regulators, wrote in November that “limiting delisting to EU domains on the grounds that users tend to access search engines via their national domains cannot be considered a sufficient mean to satisfactorily guarantee the [privacy] rights of data subjects.”

This stance was the basis for CNIL’s order in June, which came with the threat of a fine of up to €150,000 for non-compliance.

However, a Google-convened panel of privacy experts said in February that the rights of EU citizens had to be balanced with those of people in other countries, who may have the right to see the offending information under their own national laws.

Americans accessing google.com, for example, live in a country whose legal system broadly prioritizes freedom of speech over the right to privacy.

Google built on this theme on Thursday, arguing that global delisting would risk a “chilling effect” on the web as many countries around the world have their own national speech restrictions.

The firm cited several national examples: Turkey criminalizes some criticisms of Kemal Ataturk; Thailand does the same for its royalty; and Russians are banned from disseminating “gay propaganda” online.

“If the CNIL’s proposed approach were to be embraced as the standard for Internet regulation, we would find ourselves in a race to the bottom,” Fleischer wrote in a blog post. “In the end, the Internet would only be as free as the world’s least free place.”

CNIL said it had received Google’s appeal and would “look at the arguments,” though it claimed those arguments were “in part political” whereas its own reasoning was “strictly legal.”

The regulator added that it would respond within two months.

Nicholas Hirst contributed to this story.

Shhh… Former CIA Officer Sentenced for Leaks to NYT Reporter

(Above) photo credit: RT (Image from twitter.com @Manuel_Rapalo)

No matter what the judge thinks, one can’t help feeling sorry for Jeffrey Sterling (see the New York Times story below) considering how David Petraeus got away so lightly.

Ex-C.I.A. Officer Sentenced in Leak Case Tied to Times Reporter

By MATT APUZZOMAY 11, 2015

LEXANDRIA, Va. — A former Central Intelligence Agency officer on Monday was sentenced to three and a half years in prison on espionage charges for telling a journalist for The New York Times about a secret operation to disrupt Iran’s nuclear program. The sentence was far less than the Justice Department had wanted.

The former officer, Jeffrey A. Sterling, argued that the Espionage Act, which was passed during World War I, was intended to prosecute spies, not officials who talked to journalists. He asked for the kind of leniency that prosecutors showed to David H. Petraeus, the retired general who last month received probation for providing his highly classified journals to his biographer.

The case revolves around an operation in which a former Russian scientist provided Iran with intentionally flawed nuclear component schematics. Mr. Sterling was convicted in January of disclosing the operation to James Risen, a reporter for The Times, who had revealed it in his 2006 book, “State of War.” Mr. Risen described it as a botched mission that may have inadvertently advanced Iran’s nuclear program.

The Justice Department said that Mr. Sterling’s disclosures compromised an important C.I.A. operation and jeopardized the life of a spy. Under federal sentencing guidelines, he faced more than 20 years in prison, a calculation with which the Justice Department agreed. Prosecutors sought a “severe” sentence in that range.

Prosecutors maintain that the program was successful, and said Mr. Sterling’s disclosure “was borne not of patriotism but of pure spite.” The Justice Department argued that Mr. Sterling, who is black, had a vendetta against the C.I.A., which he had sued for racial discrimination.

Judge Leonie M. Brinkema gave no indication that she was swayed by the government’s argument that the book had disrupted a crucial operation, or harmed national security. She said she was most bothered that the information revealed in “State of War” had jeopardized the safety of the Russian scientist, who was a C.I.A. informant. Of all the types of secrets kept by American intelligence officers, she said, “This is the most critical secret.”

She said Mr. Sterling had to be punished to send a message to other officials. “If you knowingly reveal these secrets, there’s going to be a price to be paid,” she said.

Mr. Sterling, 47, spoke only briefly to thank the judge and court staff for treating him kindly as the case dragged on for years. Barry J. Pollack, a lawyer for Mr. Sterling, said jurors got the verdict wrong when they voted to convict. “That said, the judge today got it right,” he said.

Under federal rules, Mr. Sterling will be eligible for release from prison in just under three years.

The sentence caps a leak investigation that began under President George W. Bush and became a defining case in the Obama administration’s crackdown on government leaks. Under Attorney General Eric H. Holder Jr., the Justice Department prosecuted more people for having unauthorized discussions with reporters than all prior administrations combined.

For years, Mr. Sterling’s case was known most for the Justice Department’s efforts to force Mr. Risen to reveal his source. At the last minute, under pressure from journalist groups and liberal advocates, Mr. Holder relented and did not force Mr. Risen to choose between revealing his source or going to jail. Prosecutors won the case without Mr. Risen’s testimony.

Since the conviction, the case has been notable because of the stark differences in sentences handed down to leakers. Midlevel people like Mr. Sterling have been charged most aggressively. John C. Kiriakou, a former C.I.A. officer, served about two years in prison. Two former government contractors, Donald J. Sachtleben and Stephen J. Kim, are serving prison time. Thomas A. Drake, a former National Security Agency official, faced the prospect of years in prison but received a plea deal on a minor charge and avoided serving time after his lawyers won critical rulings before the trial.

By comparison, the F.B.I. investigated a decorated military leader, retired Gen. James E. Cartwright, after public reports described a highly classified wave of American cyberattacks against Iran. But that investigation has stalled because investigators considered the operation too sensitive to discuss at a public trial.

Mr. Petraeus, meanwhile, retains his status as an adviser to the Obama administration despite giving Paula Broadwell, his biographer, who was also his lover, notebooks containing handwritten classified notes about official meetings, war strategy, intelligence capabilities and the names of covert officers. Ms. Broadwell had a security clearance but was not authorized to receive the information.

Mr. Petraeus also admitted lying to the F.B.I., and the leniency of his plea deal infuriated many prosecutors and agents.

In court documents filed in Mr. Sterling’s case, the Justice Department argued that Mr. Petraeus’s crimes were not comparable. “None of this classified information was included in his biography, made public in any other way, or disclosed by his biographer to any third parties.”

Shhh… Hotel Cyber Blues

Business travels carry a huge price tag in security risks. Hence a common (but unspoken) practice amongst sleuths is particularly noteworthy: Avoid the biggest hotels in the biggest cities.

This is relevant because a Kaspersky Lab report (below) released earlier this week found a sophisticated industrial espionage campaign aimed at business executives using in-house wireless connections in luxury hotels across Asia, with thousands of victims since 2009 who otherwise believed they were using private and secure networks.

However, the risk with using hotel internet (both LAN and wireless) connections is nothing new.

The FBI has warned 2 years ago about malware being spread across hotel wi-fi systems.

And in the scandal involving former CIA director David Petraeus and his mistress Paula Broadwell (picture below) back in 2012, the way the FBI managed to trace emails sent by Broadwell from her hotel rooms also underscored the problems associated with using supposedly secure hotel internet connections – despite her attempt to shield her identity by using anonymous email accounts, the FBI were able to find out where the emails were sent from (ie. which cities, which wi-fi locations and which hotels) which eventually led to her name.

DavidPetraeus&PaulaBroadwell-2

Previously on Shhh-cretly, several columns also highlighted the perilous voyage business travelers faced, especially in Asia and the risks go well beyond hotel internet connections. Some fellow sleuths are well aware of how some government would send their agents to break into hotel rooms when the house guests were out for the day. For example, a Shhh-cretly post 2 years ago revealed how the FBI had video footage, covertly taken in a hotel room somewhere in China, showing how Chinese agents broke in and swept through the belongings and laptop of an American businessman.

It also helps to know that the locks found on between 4 and 5 million hotel room doors worldwide can easily be opened by a simple hacking device.

And one is still not necessarily safe inside a hotel room, even if the door is locked and blocked. Spy gadgets may have been planted inside the room to snoop on the unwary house guests. And some rooms even have “spying walls“.

With these knowledge, some sleuths have gone to great lengths to protect themselves – such as planting a covert camera in the room, weighing a data-less laptop, with and without the battery, and the power plug before and after leaving the hotel room as well as hiding a SD card (which store all your data transferred from your laptop prior to a business trip, thus the data-less laptop) under the tongue, etc.

According to the Kaspersky report, “a key mystery remains how attackers appear to know the precise travel itinerary of each victim”.

Well, recall the Snowden revelations have also revealed that the British intelligence agency GCHQ had a secretive “Royal Concierge” program that broke into the global hotel booking system of some 350 luxury hotels for about 3 years, specifically to trace and wiretap the suites of traveling diplomats.

Now, has the world reached a state of paranoia?

Execs in Asian luxury hotels fall prey to cyber-espionage -study

By Eric Auchard
FRANKFURT Mon Nov 10, 2014 5:04am EST

Nov 10 (Reuters) – Security researchers have uncovered a sophisticated industrial espionage campaign that targets business executives in luxury hotels across Asia once they sign on to computers using in-room wireless connections they consider private and secure.

The attacks, which go well beyond typical cybercriminal operations, have claimed thousands of victims dating back to 2009 and continue to do so, Kaspersky Lab, the world’s largest private security firm, shows in a report published on Monday.

Executives from the auto, outsourced manufacturing, cosmetic and chemical industries have been hit, the security firm said. Others targeted include military services and contractors.

In 2012, the FBI issued a general warning to U.S. government officials, businessmen and academics, advising them to use caution when updating computer software via hotel Internet connections when travelling abroad (1.usa.gov/1xAP4YI).

Kaspersky’s report goes further in detailing the scale, methods and precise targeting of these attacks on top business travelers. (bit.ly/1xcU0Gs)

The movements of executives appear to be tracked as they travel, allowing attackers to pounce once a victim logs on to a hotel Wi-Fi network. Hackers cover their tracks by deleting these tools off hotel networks afterward.

“These attackers are going after a very specific set of individuals who should be very aware of the value of their information and be taking strong measures to protect it,” said Kurt Baumgartner, principal security researcher for Kaspersky, the world’s largest privately held cybersecurity firm.

Unsuspecting executives who submit their room number and surname while logging on to their hotel room’s wireless network are tricked into downloading an update to legitimate software such as Adobe Flash, Google Toolbar or Microsoft Messenger, Kaspersky said. Because attacks happen at sign-on, encrypted communications set up later offer no defence against attack.

The same elite spying crew has used advanced keystroke-logging software and encryption-breaking at multiple hotel chains across Asia, it said.

Kaspersky declined to name the executives involved or the luxury destinations targeted but said it had informed the hotels as well as law enforcement officials in affected locations.

Ninety percent of the victims came from five countries — Japan, Taiwan, China, Russia and South Korea. Business travelers to Asia from Germany, Hong Kong, Ireland and the United States have also been duped, Baumgartner said.

The Kaspersky report said a key mystery remains how attackers appear to know the precise travel itinerary of each victim, which points to a larger compromise of hotel business networks that researchers say they are continuing to probe. (Reporting By Eric Auchard; Editing by Clara Ferreira Marques)

DIY Counter Espionage

Spying on Spies

The FBI probe into the scandal involving former CIA director David Petraeus and his mistress may have stolen global headlines the past week.

But there is something else the FBI knows that should warrant more attention. Something closer to those of us less exalted than the boss of the world’s most famous spy agency.

The FBI is known to have video footage, covertly taken in a hotel room somewhere in China, showing how Chinese agents broke in and swept through the belongings and laptop of an American businessman.

There were recent media reports of similar incidents. The FBI is now showing the clip as a warning to corporate security experts of major US companies.

The FBI also warned some months ago about the risks of using hotel wi-fi networks and recommended all government officials, businessmen and academic personnel take extra caution when traveling abroad.

Whilst the corporate world is often most at risks, the average citizens are also highly vulnerable, especially to electronic surveillance on home and foreign soil.

So what can one do to protect the personal data and business secrets on the computers, especially when traveling abroad?

Please read full article here and there.