The Data Retention and Investigation Powers Bill, supported almost unanimously in pre-publication by the big three political parties, has just been passed into law, marking the saddest day for civil liberties in recent history.
Frustratingly, despite it being widely-touted as an ‘emergency law’ that is going to protect us all from the terrorists and demons, there is actually no emergency. Or haste.
The Bill is designed to legalise UK Government spying — mass spying, on mostly innocent members of the public — that was effectively outlawed by the European Court of Justice when it ruled in April that it was neither proportionate nor warranted for the Government to spy on its citizens in such a manor.
In fact, the Court even goes so far as to say “…the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data.”
Given that the Court’s decision was made public two months ago, I’m struggling to see why our Government had to wait this long before declaring an emergency, unless, perhaps, they didn’t want it to be debated properly.
Does the Bill legalise the powers that were stripped by the ECJ? Yes. Does it extend them? Yes. Have we all been lied to? Yes.
The Bill doesn’t just ensure that current powers are legalised, it actually extends them.
Of the five clauses in the Bill, two directly refer to RIPA (Regulation of Investigatory Powers Act 2000). The second and third clauses extend the powers granted by RIPA to cover non-UK companies, and to expand what the Bill calls ‘telecommunication services’, to include ‘internet based services’ and ‘any remote storage.’
The head of media practice at Preiskel and Co, David Allen Green, told The Independent that assurances given to Parliament that the Bill is only legalising currently-held powers are nonsense.
"They’re trying to make out this is clarificatory – but if you read through the Bill these are substantial amendments," "…They are creating things legally that weren’t there before."
And with the only protection of your online freedoms coming in the form of a transparency report and oversight board, much like the one that knew nothing about GCHQ mass spying, we have everything to fear.
What this means for you.
Clearly, non-UK companies that provide internet-based services cover just about everything that we do online. Gmail, Outlook, Microsoft 365, Sales Force, Facebook, iCloud, Dropbox. You get the idea.
It’s important that you realise the spying is ‘not just metadata’. It’s content. Your photos. Your emails. Your intellectual property. And it’s all fair play.
And the best part of it all, Edward Snowden said that “the NSA could have written this draft”. He’s right.
What is it?
On 7 April 2014 a major security vulnerability, known as “Heartbleed”, was publicly disclosed. It affects the technology that powers encryption for a majority of internet services (about two-thirds).
Although Nimbox employs this technology, the newer versions we use are unaffected. We have no evidence of any breach and, like most service providers, took immediate action to mitigate any future breach, including re-issuing the encryption keys across our network.
What does this mean for you?
The little padlock icon (HTTPS) you trust to keep passwords, emails, bank details and internet browsing safe from interception, could actually be making some of that private information accessible to those who know about, and can exploit the vulnerability.
What should you do?
First of all, your Nimbox files are safe.
We do recommend, however, that you take the time to change your passwords, everywhere, including Nimbox if you use the same password elsewhere — starting with your high-security services such as online banking and email.
You’ll be hearing more about this vulnerability in the news over the next few days but, as always, it’s better to take action now.
Again, your Nimbox files have always been secure, and we’ll continue to work hard to protect your data.
The ‘bring your own device’ (BYOD) is trend is sweeping offices around the world, showing no signs of slowing down. As BYOD is employee driven, companies must adapt quickly to this technology.
Since the BYOD phenomenon began, employees have been taking advantage of the Cloud and the benefits of being able to share and access data more efficiently on both their personal and work devices. To date it is estimated that 89% of IT departments enable BYOD in some form.
Cloud sprawl, is a term used to describe how organisational data is distributed across different cloud service applications.
Vanson Bourne recently completed a survey of 200 IT directors managing organisations with over 1,000 employees. The study found that 67% of those questioned were concerned about cloud sprawl, mainly because of the speed and ease of cloud deployment and the fact that employees can purchase these services without the involvement of the IT department. The survey also deduced that 54% of organisations have no idea how many cloud services their employees currently use.
Consequently with cloud sprawl, the business risks both the privacy of, and control over its intellectual property, as it is scattered across multiple platforms throughout the world.
Each piece of data, wherever it is physically stored, would then be bound by not only the terms and conditions of the supplier, but also by the laws of the country in which the data is held. For example, if the data uploaded to the cloud from UK territory was stored in America – or was affiliated with an American supplier – then it would be subject to U.S. laws and regulations, increasing the risk of interception or disclosure.
It is almost impossible for businesses to stop employees from uploading documents to the cloud, and even if this is achieved, think of what it would do to company morale and productivity when documents are harder to access and collaborate on.
It is clear that the cloud and its benefits are here to stay, and in order to prevent data leakage, organisations need to develop an internal strategy to manage cloud sprawl. Utilising a personalised cloud solution is one way of utilising the benefits of the cloud, whilst also ensuring that data is efficiently organised and easily located.
Talk to us today for more advice on how to embrace BYOD in your workplace!
As an organisation that believes in privacy as a right, we’re excited to be taking part in the global day of action against mass surveillance, The Day We Fight Back (https://thedaywefightback.org).
We urge you, as part of the global online community, to protect the internet and its foundations on a platform of freedom.
Stand with us. Stand united.
- If you don’t keep it, they can’t get it — destroy unnecessary records,
- If you do keep it, protect it with file encryption and strong passwords — if you don’t know how, use a service like Cloud Drive,
- Encrypt your Internet communications to prevent interception,
- Use anonymising tools like Tor when you’re online,
- Always delete your providers’ copies of emails and voicemails as soon as you can access them,
- Only pass data to people and organisations which you trust,
- Never download or accept files from unknown sources.
Note: ‘They’ refers to bad guys, whom ever they may be.
Some of the largest Internet companies in the world have joined forces, in order to persuade the U.S. government to reform its surveillance and intelligence oversight policies.
AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo authored an open letter to Washington, stating that:
"The balance in many countries has tipped too far in favor of the state and away from the rights of the individual — rights that are enshrined in our Constitution. This undermines the freedoms we all cherish. It’s time for a change."
Although this is a big step forward from the private sector, there is still a long wait ahead until the U.S. Government ensures that data stored within the U.S. is as secure as it is here in the United Kingdom. Not only does the government need to reform the U.S. PATRIOT Act (and probably the FISC) there are also a number of policies that need to be questioned, including giving the Senate Select Committee on Intelligence the ability, and indeed willingness, to change their oversight of surveillance activities - at home and abroad.
The group suggests five key principles for the government to act upon:
- Limiting Governments’ authority to collect users’ information,
- Oversight and accountability,
- Transparency about government demands,
- Respecting the free flow of information,
- Avoiding conflicts among governments.
In order to securely protect data, we currently recommend that any solution includes the following: UK Hosting from ISO 27001:2013 compliant data centres, Data Encryption (both at rest and in transit), Audit tools and Private encryption keys. Nimbox is proud to offer all of this, and more!
Please feel free to contact a member of the sales team if you would like to know more about the Nimbox solution by calling +44 (0)8454 75 75 74 or by emailing email@example.com.