[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] surveillance discussion in Finland



> "The purpose would be to collect vital information to protect national
> security against serious international threats. These could be military
> or civilian in nature."
>
> "Military and civilian authorities in charge of national security should
> be granted powers to conduct cross-border intelligence to respond to
> changes in the security environment."

> Ministry of Transport and Communications published their counter report
> that very strongly points out that MITM attack to cross-border Internet
> connections is technically problematic, unethical, ineffective and would
> not necessarily yield the desired information.

Pesky ethics eh?

What non-technical grounds besides "it's not ethical" result in "we
should not have mass surveillance at all"?

I'd like to see "the people don't consent", but sadly sheeple almost
always tacitly consent, given a gradual enough deployment time frame
and approach.

Where does the will of "we the people" ever prevail? Only where enough
people stand/ oppose/ speak up in ways which are effective, which
rarely occurs.


> With Electronic Frontier Finland we published our similar view:
>
> My opinion and Electronic Frontier Finland opinion is that the MITM part
> is problematic. The other parts of the report do not create that kind of
> privacy or human right issues,

What about the "it's not ethical" part? Or is "it's not ethical" just
code for "the people would probably object if they had a genuine say/
vote, but they don't so we can ignore the will of the people"?

> are technically doable, not waste tax
> money and do not break the Finnish Constitution.

A technical foundation for why it's not OK is a good start I guess.
But can be overcome with legislation - surely the Finnish Constitution
permits of "national security" against "terrorists"?


> There are a lot of good points in the intelligence report, for instance,
> they clearly state that they do not want any encryption keys from the
> companies nor want backdoors to any commercial systems. Furthermore,

Ahem. What they want or what is legislated for now, is just the thin
edge of the wedge, surely?


> there would be a strict guidelines and demand for the court warrant and
> independent oversee.

Slippery slope, the sliding wedge. Why would the medium-term outcome
for Finland be any different to USA/NSA?


> MITM attach can be called a mass surveillance even if it tries to target
> some traffic. The obvious problems are:
>
> 1) This is very ineffective surveillance. Real bad guys can secure and
> hide their communication. Even HTTPS encrypted Facebook chat hides their
> communication in this case!

These two points don't properly go together - "Facebook" is a corp.,
data retention can be required to be national-local, by legislation,
and legislated MITM. Facebook might respond by officially closing the
door on Finland?


> 2) Of course, the most problematic part is that this kind of
> surveillance is unethical and illegal in any EU country.

Why illegal?


> Moreover, it
> would require a change to the Finnish Constitution where "The secrecy of
> correspondence, telephony and other confidential communications is
> inviolable.". Fortunately, it is hard to change the constitution.

Well that does sound very good. But that's Finland constitution, not
EU constitution right?

Either way, a good foundation for Finland.


> 3) A report promised to address how to solve a national level security
> issues like large DDOS and spyware produced by another state. However,
> mass surveillance is not an effective way to solve these problems.

Effective will usually be trumped by "constitutionally lawful
legislation", although as we see with USA, power-hungry entities
legislate regardless of constitutionality over the longer term.


> 5) Is it even technically possible to build this system? The report says
> that it is still illegal to read any messages that are not related to
> national level threads.

["threads" = "threats" I assume.]

Ahh, so Finnish constitution does permit of violating inviolability of
personal communication in the name of "national security"!

In that case, the proposed legislation should be easy for Finnish
parliament to pass.


> How the hell they are going to just read the
> communication of the bad guys? Not to mention again that basic HTTPS is
> enough to secure communication.

You are indeed optimistic.


> I am optimistic.

I don't share your optimism. Problems can easily be legislated away,
and "the people" will nearly always lap it up. E.g. "suitable
administrative processes must be in place to ensure that
non-applicable communications are deleted and forgotten when viewed as
part of an investigation".


> Don't worry, we will stop this nonsense. When another
> ministry, mainstream media and the Constitution are against something it
> is likely to fail.

Are these three coming together in Finland, in this case?

Good luck Finland!
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk