Hi, Here is a very short summary of the surveillance discussion in Finland. Ministry of Defence of Finland published a report that proposes internet intelligence activities. The problem is that they also propose (Swedish FRA style) MITM to cross-border communication. In short, the report says: "The existing legislation in Finland does not, however, address intelligence. The Working Group therefore proposes that the Government should initiate necessary measures to create a legal basis for intelligence activities." "The purpose would be to collect vital information to protect national security against serious international threats. These could be military or civilian in nature." "Military and civilian authorities in charge of national security should be granted powers to conduct cross-border intelligence to respond to changes in the security environment." "It is to be considered whether the Defence Forces and the Finnish Security Intelligence Service should be given powers to conduct foreign intelligence to gather information from individuals and on information systems." Ministry of Transport and Communications published their counter report that very strongly points out that MITM attack to cross-border Internet connections is technically problematic, unethical, ineffective and would not necessarily yield the desired information. With Electronic Frontier Finland we published our similar view: My opinion and Electronic Frontier Finland opinion is that the MITM part is problematic. The other parts of the report do not create that kind of privacy or human right issues, are technically doable, not waste tax money and do not break the Finnish Constitution. There are a lot of good points in the intelligence report, for instance, they clearly state that they do not want any encryption keys from the companies nor want backdoors to any commercial systems. Furthermore, there would be a strict guidelines and demand for the court warrant and independent oversee. MITM attach can be called a mass surveillance even if it tries to target some traffic. The obvious problems are: 1) This is very ineffective surveillance. Real bad guys can secure and hide their communication. Even HTTPS encrypted Facebook chat hides their communication in this case! 2) Of course, the most problematic part is that this kind of surveillance is unethical and illegal in any EU country. Moreover, it would require a change to the Finnish Constitution where "The secrecy of correspondence, telephony and other confidential communications is inviolable.". Fortunately, it is hard to change the constitution. 3) A report promised to address how to solve a national level security issues like large DDOS and spyware produced by another state. However, mass surveillance is not an effective way to solve these problems. 4) Where are the options for this awkward MITM? Is this really a good way to spend our tax money? Does it help to solve the problems? 5) Is it even technically possible to build this system? The report says that it is still illegal to read any messages that are not related to national level threads. How the hell they are going to just read the communication of the bad guys? Not to mention again that basic HTTPS is enough to secure communication. I am optimistic. Don't worry, we will stop this nonsense. When another ministry, mainstream media and the Constitution are against something it is likely to fail. References: The report, page 5 English summary: Guidelines for developing Finnish legislation on conducting intelligence - http://www.defmin.fi/files/3016/Suomalaisen_tiedustelulainsaadannon_suuntaviivoja.pdf Ministry of Transport and Communications demands more public debate on efficiency and impact of online surveillance - http://www.lvm.fi/topical/4430582/ministry-of-transport-and-communications-demands-more-public-debate-on-efficiency-and-impact-of-online-surveillance Electronic Frontier Finland pointing out the problems (Finnish) - https://effi.org/blog/2015-01-19-verkkovalvonnasta.html Greetings, Juha
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk