The Data Retention and Investigation Powers Bill, supported almost unanimously in pre-publication by the big three political parties, has just been passed into law, marking the saddest day for civil liberties in recent history.
Frustratingly, despite it being widely-touted as an ‘emergency law’ that is going to protect us all from the terrorists and demons, there is actually no emergency. Or haste.
The Bill is designed to legalise UK Government spying — mass spying, on mostly innocent members of the public — that was effectively outlawed by the European Court of Justice when it ruled in April that it was neither proportionate nor warranted for the Government to spy on its citizens in such a manor.
In fact, the Court even goes so far as to say “…the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data.”
Given that the Court’s decision was made public two months ago, I’m struggling to see why our Government had to wait this long before declaring an emergency, unless, perhaps, they didn’t want it to be debated properly.
Does the Bill legalise the powers that were stripped by the ECJ? Yes. Does it extend them? Yes. Have we all been lied to? Yes.
The Bill doesn’t just ensure that current powers are legalised, it actually extends them.
Of the five clauses in the Bill, two directly refer to RIPA (Regulation of Investigatory Powers Act 2000). The second and third clauses extend the powers granted by RIPA to cover non-UK companies, and to expand what the Bill calls ‘telecommunication services’, to include ‘internet based services’ and ‘any remote storage.’
The head of media practice at Preiskel and Co, David Allen Green, told The Independent that assurances given to Parliament that the Bill is only legalising currently-held powers are nonsense.
"They’re trying to make out this is clarificatory – but if you read through the Bill these are substantial amendments," "…They are creating things legally that weren’t there before."
And with the only protection of your online freedoms coming in the form of a transparency report and oversight board, much like the one that knew nothing about GCHQ mass spying, we have everything to fear.
What this means for you.
Clearly, non-UK companies that provide internet-based services cover just about everything that we do online. Gmail, Outlook, Microsoft 365, Sales Force, Facebook, iCloud, Dropbox. You get the idea.
It’s important that you realise the spying is ‘not just metadata’. It’s content. Your photos. Your emails. Your intellectual property. And it’s all fair play.
And the best part of it all, Edward Snowden said that “the NSA could have written this draft”. He’s right.
What is it?
On 7 April 2014 a major security vulnerability, known as “Heartbleed”, was publicly disclosed. It affects the technology that powers encryption for a majority of internet services (about two-thirds).
Although Nimbox employs this technology, the newer versions we use are unaffected. We have no evidence of any breach and, like most service providers, took immediate action to mitigate any future breach, including re-issuing the encryption keys across our network.
What does this mean for you?
The little padlock icon (HTTPS) you trust to keep passwords, emails, bank details and internet browsing safe from interception, could actually be making some of that private information accessible to those who know about, and can exploit the vulnerability.
What should you do?
First of all, your Nimbox files are safe.
We do recommend, however, that you take the time to change your passwords, everywhere, including Nimbox if you use the same password elsewhere — starting with your high-security services such as online banking and email.
You’ll be hearing more about this vulnerability in the news over the next few days but, as always, it’s better to take action now.
Again, your Nimbox files have always been secure, and we’ll continue to work hard to protect your data.
The ‘bring your own device’ (BYOD) is trend is sweeping offices around the world, showing no signs of slowing down. As BYOD is employee driven, companies must adapt quickly to this technology.
Since the BYOD phenomenon began, employees have been taking advantage of the Cloud and the benefits of being able to share and access data more efficiently on both their personal and work devices. To date it is estimated that 89% of IT departments enable BYOD in some form.
Cloud sprawl, is a term used to describe how organisational data is distributed across different cloud service applications.
Vanson Bourne recently completed a survey of 200 IT directors managing organisations with over 1,000 employees. The study found that 67% of those questioned were concerned about cloud sprawl, mainly because of the speed and ease of cloud deployment and the fact that employees can purchase these services without the involvement of the IT department. The survey also deduced that 54% of organisations have no idea how many cloud services their employees currently use.
Consequently with cloud sprawl, the business risks both the privacy of, and control over its intellectual property, as it is scattered across multiple platforms throughout the world.
Each piece of data, wherever it is physically stored, would then be bound by not only the terms and conditions of the supplier, but also by the laws of the country in which the data is held. For example, if the data uploaded to the cloud from UK territory was stored in America – or was affiliated with an American supplier – then it would be subject to U.S. laws and regulations, increasing the risk of interception or disclosure.
It is almost impossible for businesses to stop employees from uploading documents to the cloud, and even if this is achieved, think of what it would do to company morale and productivity when documents are harder to access and collaborate on.
It is clear that the cloud and its benefits are here to stay, and in order to prevent data leakage, organisations need to develop an internal strategy to manage cloud sprawl. Utilising a personalised cloud solution is one way of utilising the benefits of the cloud, whilst also ensuring that data is efficiently organised and easily located.
Talk to us today for more advice on how to embrace BYOD in your workplace!
As an organisation that believes in privacy as a right, we’re excited to be taking part in the global day of action against mass surveillance, The Day We Fight Back (https://thedaywefightback.org).
We urge you, as part of the global online community, to protect the internet and its foundations on a platform of freedom.
Stand with us. Stand united.
- If you don’t keep it, they can’t get it — destroy unnecessary records,
- If you do keep it, protect it with file encryption and strong passwords — if you don’t know how, use a service like Cloud Drive,
- Encrypt your Internet communications to prevent interception,
- Use anonymising tools like Tor when you’re online,
- Always delete your providers’ copies of emails and voicemails as soon as you can access them,
- Only pass data to people and organisations which you trust,
- Never download or accept files from unknown sources.
Note: ‘They’ refers to bad guys, whom ever they may be.
Some of the largest Internet companies in the world have joined forces, in order to persuade the U.S. government to reform its surveillance and intelligence oversight policies.
AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo authored an open letter to Washington, stating that:
"The balance in many countries has tipped too far in favor of the state and away from the rights of the individual — rights that are enshrined in our Constitution. This undermines the freedoms we all cherish. It’s time for a change."
Although this is a big step forward from the private sector, there is still a long wait ahead until the U.S. Government ensures that data stored within the U.S. is as secure as it is here in the United Kingdom. Not only does the government need to reform the U.S. PATRIOT Act (and probably the FISC) there are also a number of policies that need to be questioned, including giving the Senate Select Committee on Intelligence the ability, and indeed willingness, to change their oversight of surveillance activities - at home and abroad.
The group suggests five key principles for the government to act upon:
- Limiting Governments’ authority to collect users’ information,
- Oversight and accountability,
- Transparency about government demands,
- Respecting the free flow of information,
- Avoiding conflicts among governments.
In order to securely protect data, we currently recommend that any solution includes the following: UK Hosting from ISO 27001:2013 compliant data centres, Data Encryption (both at rest and in transit), Audit tools and Private encryption keys. Nimbox is proud to offer all of this, and more!
Please feel free to contact a member of the sales team if you would like to know more about the Nimbox solution by calling +44 (0)8454 75 75 74 or by emailing email@example.com.
Every day technology is becoming an increasingly important part of our lives and like the majority of employees; my business tasks now revolve almost entirely around computers.
As technology evolves to make our lives simpler, we are also opening ourselves up to worryingly sophisticated attacks by cyber criminals.
CryptoLockerCryptoLocker is the latest cyber threat holding businesses to ransom, not by deleting files, but by encrypting data. Malware criminals are using CryptoLocker to infect computers and servers by releasing it over the internet and allowing it to slither into your IT systems. Commonly, businesses are infected through phishing emails, appearing to come from Companies House and other well-known establishments. Ransomware such as CryptoLocker enables criminals to earn money by offering to decrypt the files accepting anonymous payment via BitCoin.
Once a computer is infected, CryptoLocker attempts a connection to a remote server, which acts as a remote engine to encrypt data. The encryption specifically targets common business files, including .doc, .eps and .ppt.
CryptoLock encrypts any documents that it can find, which means that if your user account has administrator privileges, the ransomware will continue to search directories on your PC – and any mapped servers – encrypting files until it is disconnected from the internet.
After the encryption process is complete, the private key used to encrypt data is removed from the PC, rendering the affected files useless. After this, the unknowing victim receives a message from the cyber criminals demanding a payment of $300 to unencrypt data, giving you 72 hours to make a decision. When your time has run out, all of your files are unusable and inaccessible – your business is at a standstill.
During the 72 hour ‘grace period’, they continue to state that any attempt to damage the software, or brute force the key, will cause them to destroy it from their servers permanently.
Currently, as the encryption seems to be using the AES 256 algorithm, the only way you can retrieve your information is by either recovering information back from a previous date or paying the ransom. It goes without saying that we DO NOT recommend you pay the fee, as there is no guarantee that the information would be restored and indeed, in doing so you may be targeted by repeat infections.
So, what happens if you don’t have a backup, and the criminals don’t restore your data? Simply, your business is dead. It is therefore vital that your company has appropriate Anti-Virus and Malware protection, as well as effective remote site backup, such as the CloudDrive service offered by Nimbox.
We recently spoke to a business that was targeted by CryptoLocker:
“We had no idea what was going on, at first we thought it was a joke or a small virus that we could easily remove, but that wasn’t the case. We hadn’t backed up our machine in a long time, so the infected server was our only copy, holding 15 years of data. We think it made its way into our system through a spam email and our whole business was in the balance” said Shayne Niemen of Niemen Architects, Leeds.
Malware attacks are growing at a rapid rate, in the first quarter of 2013 McAfee reported 250,000 unique ransomware samples. CryptoLocker infects around 1000 PCs each day in the UK – experts believe this small number is a ‘dry-run’ before the main attack. Seemingly, akin to IT professionals, the criminals are testing their infrastructure prior to releasing the code. As it is proving to be an incredibly profitable avenue for cyber criminals, this growth is showing no signs of slowing down. The only way to guarantee that you protect your business is by installing up-to-date antivirus software and regularly backing up your data.
Cloud Drive from Nimbox offers unique backup protection that includes features such as block-level incremental backup, bandwidth management, seeding, de-duplication and remote recovery.