A U.S. judge has ordered Google to comply with search warrants seeking customer emails stored outside the United States, diverging from a federal appeals court that reached the opposite conclusion in a similar case involving Microsoft Corp (MSFT.O).
U.S. Magistrate Judge Thomas Rueter in Philadelphia ruled on Friday that transferring emails from a foreign server so FBI agents could review them locally as part of a domestic fraud probe did not qualify as a seizure.
The judge said this was because there was „no meaningful interference“ with the account holder‘s „possessory interest“ in the data sought.
Analysis US President Donald Trump may have undermined a critical data sharing agreement between the United States and Europe that internet giants rely on to do business overseas.
In an executive order focused on illegal immigrants that was signed by the president this week, one section specifically noted that privacy protections would not be extended past US citizens or permanent residents in America.
Section 14 of the Enhancing Public Safety order reads:
Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.
By agencies, the president means the NSA, the FBI, and so on. The order‘s language appears to directly contradict a critical component of the new Privacy Shield agreement between the US and Europe that provides essential legal protections for US businesses sending and receiving data across the Atlantic. In short, that agreement is supposed to ensure non-Americans are not treated as second-class citizens by US organizations, with weaker privacy safeguards than Americans are afforded.
Internet and mobile phones changed our lives like no others. They changed the way how we communicate, do business and interact with each other. These two inventions together have also become the perfect wholesale surveillance and spying tool. Digital information can easily be tracked, altered, modified, faked, analyzed and not so easy completely wiped out. Applications we use day after day write cache, leave tracks and backdoor records of our activities.
By the moment of now, the world encounters ~4.7B+ active mobile phones. Each phone pings different networks via GSM, CDMA, LTE, Wi-Fi and other protocols every 5 minutes leaking lots of information about where the phone owner is, who is nearby, moving directions, whom the phone owner is calling to, chatting with or emailing. This is the way how telecommunication technologies work.
In 2012 Malte Spitz presented the talk how his mobile company is watching him. Since summer 2006 the EU Commission tabled Data Retention Directive. This directive says that each phone company in Europe, each Internet service company all over Europe, has to store a wide range of information about the users.
All mobile and Internet carriers in the EU write digital diaries of their users based on the activity signals of mobile phones which they serve. They must store this data for at least 6 months and up to 2 years, but basically, they can keep it forever. Analyzing this data maps society behavior patterns, e.g. it creates a blueprint of social communications. It is possible to detect communication hubs, define who is more important and switch off communication leaders. It questions the very basic terms of freedom and privacy.
Edward Snowden’s leaks pointed that the US intelligence agencies were using Google, Yahoo, Microsoft, Facebook, Apple, Twitter and lots of other popular global services. Sources at The New York Times confirm that the companies concede to surveillance program. Snowden’s materials revealed that the US intelligence agencies hack their domestic and foreign companies to wiretap their users.
How about the EU? What about MI6, MOSAD, FSB, Bundesnachrichtendienst, MSS and intelligence agencies of other countries? How about their capabilities? Do they collect any data about their citizens, how about spying on foreigners?
Governments spy on governments, governments spy on companies, companies spy on companies, intelligence spy on bad guys, bad guys spy on governments and companies and they all spy on innocent users who do not even guess of these global behind the scene surveillance parties.
In addition to governmental agencies, there are also many private companies specializing on extremely sophisticated surveillance techniques. They collect and analyze data about their target from different sources: mobile phones, social media, personal computers, communication contacts of their contacts, their mobiles, their social media contacts, web cameras, mobile cameras and so on. The scale of the shadow spying is crazy. Information leaks during the US presidential election campaign of 2016 unveiled hacking potential of parties interested in influencing of not controlling some serious political processes. Rumors persist that those were non-US agencies, but Russians.
It cannot be any good goal or holly purpose for watching all mobile users without their knowledge that they are being watched. It is not that you have nothing to hide, it is nobody‘s business what you are doing in your private communicate channels (calls, chats or emails). Governments will not have enough resources to protect privacy of their citizens from malicious spying by other governments or foreign intelligence. Governments (of all countries), probably, will be the first to watch their own citizens. If you don’t take care of your digital security and privacy protection nobody will do it for you.
Encryption is a good way to protect your data. In fact, in some countries using encryption is illegal and is considered to be a crime. When choosing encryption make sure you go with strong algorithms which are unfeasible and incredibly difficult to break. The US National Institute of Standardization and Technologies (NIST) developed recommendations for cryptographic algorithms, standards and sizes of encryption keys. The Wired publication describes how applying approved NIST standards NSA weakens encryption algorithms on purpose by leaving backdoors in math.
When it comes to email protection, many PGP encryption programs are doing well encrypting emails, but are not so good with handling cache of user activity. Extracting information from cache will tell whom you are contacting to, when and how often. Even if information of emails is hidden the cache may tell a lot about the user. Not only encryption algorithms are important, but also it also important how encryption applications work. It is important where points of encryption and decryption are. Is information processed on user’s side or on the server? Are encryption and decryption keys long enough to stand the brutal force attack? Are encryption and decryption keys protected from unauthorized use?
Strong encryption should be performed end-to-end, should be unfeasible to break, should not have any backdoors, should not have any chance for men-in-the-middle to join or wiretap conversation, should not leave any side tracks and should not write any logs or cache. If NIST recommends using 1024-bit key for RSA encryption algorithm, using longer keys (at least 2048-bit) ensures stronger level of encryption. Breaking 2048-bit RSA key is 232 times harder, than breaking 1024-bit RSA key.
Take care of security of your mobile communication, because nobody will do it for you. There are many threats and factors which may seriously effect your business or/and your private life.