Categories
News Wikileaks

WikiLeaks ISP To Circumvent Data Retention Laws

Wikileaks ISP Bahnhof will anonymise all traffic by default to render Swedish data retention laws “toothless”

Swedish ISP Bahnhof will pass all customers’ traffic through an anonymising service by default in response to a law that would require telecommunication providers to retain customer data, the company’s CEO said on Swedish radio.

Sweden is in the process of passing a law that implements the European Union’s Data Retention Directive, which requires fixed and mobile telephone companies and Internet service providers to retain customer data to facilitate the “investigation, detection, and prosecution of serious crimes”.

Encrypted VPN Renders Users Invisible

Bahnhof, Wikileaks ISP and host, said it will make the law “toothless” by implementing a technical solution that will encrypt all customer traffic.

“We plan to let our traffic go through a VPN service,” Bahnhof’s Jon Karlung said in an interview with Sveriges Radio (transcript translated through Google Translate) on January 26. With the encryption in place, it will be impossible for Bahnhof to see or log what customers are doing.

The European Union’s Data Retention Directive, currently under review in several member states, requires telecommunication providers to retain traffic, location and subscriber information for all customers for a minimum of six months. Germany is one of the 20 member states that put the directive in place after it was established in 2006. But a recent court decision has declared the law unconstitutional. The European Commission filed a complaint against Sweden and a number of other countries for not yet complying with the directive.

Sweden appealed but lost its case before the European Court of Justice last year. As a result, the government has proposed legislation that will require Swedish telephone and Internet providers to retain data for six months. The law picked the shortest possible retention period allowed by the EU in order to “create adequate protection for personal integrity”, Justice Minister Beatrice Ask said at the time.

Bahnhof chose a technical solution that will allow its customers to continue surfing anonymously, Karlung said. With the encryption in place, Bahnhof will have no idea what their customers do online, what sites they are looking at or who they are talking to, Karlung said. The company will store all customer data up to the point where the traffic is anonymised, and that information will be available to the police, but it will be “irrelevant,” Karlung said. “What happens after that is not our responsibility and is outside Bahnhof,” he said.

As for accusations that Bahnhof will become a safe haven for drug dealers, stalkers, and other criminal elements, Karlung said Bahnhof supports law enforcement cracking down on Internet crime. Those efforts must be based on individual cases “where there is suspicion” and not just looking at a “general storage of all the people’s communication,” he said.

Ask admitted to SR that the proposed law has loopholes because technology changes rapidly. “It is impossible to cover every possible alternative route,” Ask said. “I always think it’s bad when you slip away important legal rules,” she said in reference to Bahnhof.

This is not the first time Bahnhof circumvented Swedish law. Sweden introduced the Intellectual Property Rights Enforcement Directive in 2009, which gave rights holders the authority to request personal details of alleged copyright infringers. Bahnhof promptly ceased logging customer activity altogether, claiming there was no data available to hand over.

There are on average 148,000 requests per year for the customer data in countries that have implemented the directive, according to the European Commission.

United States business interests appear to have pressured Swedish officials to draft the law, according to a US State Department cable from March 2009 that was released by WikiLeaks, reported Rick Falkvinge on his Info Policy blog. Motion Picture Association of America is an organisation that relies on ISP data to crack down on piracy. The Federal Bureau of Investigation has relied on such logs as part of its probe of “Operation Payback” attacks perpetuated by the “Anonymous” group of activist hackers protesting efforts to shut down WikiLeaks.

Anyone really concerned about staying anonymous can use Internet cafes, anonymisation services, public telephones, or unregistered mobile telephone cards.

According to SR, several other Swedish ISPs are also researching technical solutions to circumvent the upcoming law. Bahnhof is the only one who has publicised its intentions at this time.

However, Karlung says he is all for giving customers a choice. Customers can opt-in to have Bahnhof save their traffic data for an additional SEK 50 (£4.87) a month, he said.

Categories
News Security Wikileaks

WikiLeaks Sues Visa, Mastercard Over Payment Ban

WikiLeaks and DataCell are seeking revenge on Visa and Mastercard for blocking donations to the site

WikiLeaks has announced it is planning to sue payments companies Visa and Mastercard for suspending donations processing after the whistleblowing site started publishing leaked diplomatic cables in November 2010.

Lawyers representing WikiLeaks and DataCell – a service provider assisting WikiLeaks – have accused Visa and Mastercard of engaging in an unlawful US-influenced financial blockade, and warned that if the two companies do not remove the block on payments then a request for prosecution will be filed with the EU Commission.

The lawyers, based in Denmark and Iceland, said that the coordinated action by Visa and Mastercard to block all credit card transactions to WikiLeaks and DataCell constituted a violation of Articles 101(1) and 102 of the European Union’s Competition Rules, and also violated Danish merchant laws.

Bowing to political pressure

Visa and Mastercard suspended WikiLeaks processing in December 2010, following similar action by online payment service PayPal. Mastercard said at the time that it would take action against any organisation it believed to be involved in illegal activities “until the situation is resolved”.

The decision prompted a furious reaction from DataCell CEO Andreas Fink, who published two impassioned blogs warning that both card issuers would have to be ready to take damage claims of “billions of Euros” and could lose “a big chunk of their business”.

“We strongly believe a world class company such as Visa should not get involved [in] politics and just simply do [the] business [that] they are good at. Transferring money,” wrote Fink.

Following news of the blockades, both the websites of Visa and Mastercard were hit by a series of focused distributed denial of service (DDoS) attacks, carried out by the notorious group of hackers known as Anonymous, as part of its Operation:Payback campaign.

Mastercard then suffered a repeat attack in June, thought to have been carried out by hacker group LulzSec – an offshoot of Anonymous. “MasterCard.com DOWN!!!, thats what you get when you mess with @wikileaks @Anon_Central and the enter community of lulz loving individuals :D ,” read a tweet by @ibomhacktivist on 28 June.

Abuse of market dominance

A spokesperson for Visa confirmed to eWEEK Europe that Visa Europe had received a letter from DataCell’s legal representatives. “We will be responding in due course to them,” the spokesperson added. Mastercard did not respond to a request for information in time for the publication of this article.

Visa holds about 70 percent of the payments market in Europe, while MasterCard has around 26 percent of the market. Collectively, these franchises therefore hold approximately 96 percent of the market for acquiring services in Europe.

DataCell claims that the card companies’ decision to boycott Datacell constitutes an abuse of market dominance in the meaning of Article 102 of the Treaty on the Functioning of the European Union, which prohibits all agreements and concerted practices that prevent, restrict or distort competition within the internal market.

The penalty for infringing the competition rules of the EU can amount to 10 percent of the turnover of the companies involved, the company said.

Categories
News Security

Yemen, Egypt Government Sites Taken Down By ‘Anonymous’

The activist group ‘Anonymous’ has attacked websites belonging to the Yemeni and Egyptian governments in support of protests

Hacktivists in the loosely affiliated group “Anonymous” painted a bull’s eye this week on websites belonging to the governments of Yemen and Egypt.

Members of the group launched DDoS (distributed denial of service) attacks against a number of sites, including the Egyptian Ministry of Communications and Information Technology and the country’s Ministry of Interior.

Support for protests

“Welcome back to the Internet, #Egypt. Well, except http://www.moiegypt.gov.eg – you stay down. #Jan25 #OpEgypt #Feb4,” the group tweeted on 2 February.

The attacks are believed to have been carried out in support of protests against the Egyptian government. According to The New York Times, Gregg Housh, a member of Anonymous, said the group organised about 500 supporters in online forums to bring down the sites for Egypt’s Ministry of Information and Egyptian President Hosni Mubarak’s National Democratic Party. Housh personally disavowed any illegal activity.

“We want freedom,” Housh reportedly said. “It’s as simple as that. We’re sick of oppressive governments encroaching on people.”

Following the cyber-attacks on Egypt, the website of Yemeni President Ali Abdullah Saleh, presidentsaleh.gov.ye, was knocked offline on 3 February following calls by Anonymous members for attacks on the site.

Arrests

The attacks marked another in a long list of websites taken down by the group. In December, Anonymous was credited with DDoS attacks against several businesses and organisations in retaliation for the crackdown on WikiLeaks. Last month, police in the UK arrested a mix of teenagers and adults for taking part in the attacks.

On 27 January – the same day as the UK arrests – the FBI executed 40 search warrants tied to the investigation of the December attacks.

Housh was quoted as saying that the arrests will have little effect.