2016 has brought us a number of upsets when it comes to online security. Polish law, for example, loosened spying restrictions for police, the UK passed its controversial Investigatory Powers Bill, and the recent Rule 41 in the US gave the FBI wide hacking powers, while, Belarus has ‘finally' started blocking TOR network.
Restricting internet privacy introduced new and easy tools to access people's data not only to the governments, but also potentially to whoever is able to hack, intercept or otherwise manipulate the new surveillance systems.
Below is NordVPN's review of the year in online privacy.
In Germany, the new data retention act requires ISPs and telecommunication service providers to retain call detail records (CDRs), which can include phone numbers, the date and time of phone calls and texts, the content of text messages, and locations of call participants. In addition, ISPs are required to store internet user metadata.
Poland's law expands government access to digital data. Restrictions on police spying are loosened, and collected metadata will be kept for up to two years. If the specific person was being monitored, they would not be informed about it, which would likely compromise the protection of journalists' sources and deterring potential whistleblowers.
On 7 July, the president of Russia signed into law several bills designed to help the government persecute dissent online and implement unprecedented data retention. For instance, the legislation warrants tougher sentencing for online commentary, carrying a minimum prison sentence of two years. The new law requires service providers to monitor and store all calls, texts, chats and web browsing activity. The data will be accessed by government agencies without a warrant.
The UK's Investigatory Powers Act opened up the gate for a disturbingly intrusive surveillance system. The so-called Snoopers' Charter gives the state the power to hack, intercept, record, and monitor the communications and Internet use of all of the UK population. The entire browsing history of every resident of the UK will be stored for one year. Almost 50 agencies, ranging from the Metropolitan Police Service and GCHQ to the Food Standards Agency, will be able to access the data. (This was declared illegal by the European Court of Justice just before Christmas).
In the US, a new amendment to the Rule 41 of the US Federal Rules of Criminal Procedure went into effect on 1 December. It gives the FBI the power to secretly use malware to hack into thousands of computers, without identifying specific computers to be searched, regardless if their owners are suspected of some criminal activity or not.
New surveillance laws have also been passed in Belarus, China, Turkey, Ethiopia and elsewhere. For more information, visit the recent NordVPN ‘2016 Privacy Review' blog post.
Why is it dangerous to pass extreme surveillance laws?
Citizen surveillance has not proved to be an effective way to control criminal activity. It could actually be counter productive. For example, when a backdoor to citizen's data is opened, it could potentially be used by anyone else. Once the information is in the hands of criminals, it can be used to steal people's identities. Data can also get misplaced, government computers can crash and everyone's information can get endangered.
What is the solution?
Internet users should be aware of all possible ways to protect their online privacy - anti-spyware software, Firewalls, not installing unapproved programs, and being generally vigilant when sharing online. One way to overcome restrictive surveillance laws is use of a virtual private network (VPN) service. A VPN sends user's data through a securely encrypted tunnel before accessing the Internet – this protects any sensitive information about their location by hiding their IP address.
It's important to use a VPN service that does not store activity records to ensure the user's data is not logged and forwarded to anyone.
Contributed by Marty P. Kamden, CMO, NordVPN