~stef/blog/

After years of training journalists and NGOs communication and operational security, after years of conducting research into the tools and protocols used, it took some more years developing a reasonable answer to most of the issues encountered during all this time.

In todays world of commercially available government malware you don't want to store your encryption keys on your easily infected computer. You want them stored on something that you could even take into a sauna or a hot-tub - maintaining continuous physical contact.

So people who care about such things use external smartcard-based crypto devices like Ubikey Neos or Nitrokeys (formerly Cryptosticks). The problems with these devices is that you have to enter PIN codes on your computer that you shouldn't trust, that they are either designed for centralized use in organizations, or they are based mostly on PGP.

Acquiring, verifying, trusting and using the correct PGP keys from your peers is also a delicate operational security dance where lots of steps can be easy to mess up. A proper device would be able to directly exchange keys with other similar devices, so that it becomes easier with much less opportunities to err. Another shortcoming of PGP is it's use of aging cryptographic primitives. An adequate device would deploy post-quantum algorithms with protocols that allow forward secrecy, peer anonymity, and other modern concepts missing from PGP.

A well-designed device must also come with a proper threat model. A threat model explains the defensive capabilities and the limits of any security device by making assumptions about the attacker. So that the user can understand how and against what a device protects, what is based on assumptions and what on proofs.

One of Snowdens revelations provided evidence for interdiction attacks, rerouting packages for backdooring hardware while it is shipping to the customer. An ideal device could be bought and assembled locally without leaving a window of opportunity for interdiction attacks. For the most paranoid (or their trusted friends) it should be possible to buy all parts in a local store and assemble such a hardware device at a local workshop. Having all designs and software available for free makes it easy to customize and extend such a device.

You also want a device that doesn't draw attention, you want something like a phone, a smartwatch or a USB stick.

You want a PITCHFORK.

I'm happy to introduce Project: PITCHFORK and to announce the publicly availability of all related sources.

Project:PITCHFORK is an attempt to produce tools to improve and research operational security of individuals and groups.

The PITCHFORK is a small USB device which is a cryptographic swiss army-knife. This is the original concept from 2013 framed as an NSA leak (which confused quite a few friends of mine back then):

PITCHFORK.pdf

Here's the official site:

https://pitchfork.ist, the wiki and most importantly all the related git repos.

If you're into embedded or crypto development the PITCHFORK is a serious device that contains a lot of fun. Cool people from the TU/Nijmegen regularly dump out nice crypto code that is optimized for the Cortex-M series. The PITCHFORK serves three goals, to protect our keys, and to provide a platform for building and breaking crypto on embedded platforms.

A bit of history

Development started in 2013, with the experimental PGP replacement PBP, by trying to run curve25519 operations on a r0ket, and the now quite popular libsodium wrapper pysodium. In late 2013 I got my development board, an Open207 from waveshare and had the first USB storage controller firmware and initial PITCHFORK firmware ready.

In May 2014 I started pyrsp, a tool to make development easier by allowing python scripting directly to control the cpu over Serial Wire Debug (SWD) protocol, which is similar to JTAG but uses less wires. A talk about pyrsp became a hit even on hackaday. A bit later I figured out how easy it is to look for PGP encrypted messages, a variant of that even made it into the file(1) magic signatures. In parallel to pyrsp I started to design the board, inspirations were the original r0ket and the bitcoin trezor project.

The first boards arrived early 2015, but until early summer work was suspended, the first bugs were identified and more during our camp++ where I also gave a talk on the progress (or lack thereof).

Work was suspended until beginning 2016, when a 2nd batch of boards was ordered with all bugs fixed - and a few new ones. Lots of work was done on the HW and the firmware in the first half of 2016, also a Nokia 3310 version was designed and ordered. At the camp++ in 2016 I gave another talk. And we also started to work on the Reflowmaster2000plus Deluxe Pro - a reflow-oven - so that you can indeed bake your own PITCHFORKS at home in your toaster. A first closed beta was run with 15 PITCHFORKS given to contributors.

I'm currently looking to find a good manufacturer - which also does design and produces rugged/waterproof/shielded cases. When I find one finally there'll be a crowdfunding campaign where you can acquire working pitchforks as perks and where you can sponsor future research and development of Project:PITCHFORK.

I must say it was truly an exciting project so far, crypto, low-level HW stuff, assembly, on a platform that reminds me of computing capacities of my early years. Lots of fun and learning. And lots of help from good friends - especially from the Hungarian Autonomous Center for Knowledge, the NLnet and the Renewable Freedom foundations, without their contributions this project would be stuck, and probably forgotten at the bottom of a todo list.

History

First and foremost I have to pay respect to PGP, it was an important weapon in the first cryptowar. It has helped many whistleblowers and dissidents. It is software with quite interesting history, if all the cryptograms could tell... PGP is also deeply misunderstood, it is a highly successful political tool. It was essential in getting crypto out to the people. In my view PGP is not dead, it's just old and misunderstood and needs to be retired in honor.

However the world has changed from the internet happy times of the '90s, from a passive adversary to many active ones - with cheap commercially available malware as turn-key-solutions, intrusive apps, malware, NSLs, gag orders, etc.

Archive & Compromise

Today it is cheap for a random spy agency to archive all encrypted messages for later decryption - if necessary. A few years ago in the spy files of Wikileaks there was Finfly ISP (PDF) - a proxy that infected binaries during download at the ISP. Since then the hacking team leak got us an in-depth look at who is buying this kind of mass spy gear. While Data Retention is repealed in the EU by the court in Strasbourg, many countries still practice this, in addition to taps by domestic intelligence agencies which can easily filter out PGP messages. Deploying some malware on persons of interests to recover their secret keys and the password is a cheap operation that can be executed even after minimal training.

Models

What discussion about PGP's obsoleteness lacks, is something that is very much required in cryptographic discourse: the adversary model, a set of actions the adversary can perform. Those cryptographic adversary models however, might be a bit too deep mathematics for many end-users, for them I came up with the quite populist 4c model, there's only four generic adversaries classes:

• Citizens
• Criminals
• Corporations
• Country-level actors

Is PGP a reasonable tool to protect against other citizens? Probably yes, unless your kid or wife's PI installs a remote access trojan (aka is an active adversary). Is it good against criminals? Probably, but only because it's not economical for criminals to extract value from your cryptograms. Does it protect against corporations? Probably as long as they stay within the law and don't siphon down everything they find anyway (i.e. smartphone apps). Does it protect against country level actors? Most probably not.

Unsuitable models

Consider your average investigative journalist or whistleblower, with windows or a mac, that they haven't updated because then their kids favorite game doesn't run anymore or they simply don't want windows 10. An encrypted message archiving adversary is able to read your mails using a simple active malware attack, copying your secret key and logging your password for it. After this is captured, the malware can and should remove itself.

In "first" world countries like France where there's now a "state of emergency" or the UK with their snoopers charter or the dutch who just passed another dystopian dragnet surveillance bill, this directly affects climate activists as much as labor unions or journalists. The case is probably even worse in Turkey or any of the Eastern Bloc states. This makes forward secrecy a mandatory requirement, as this implies that the malware has to be constantly active and thus also enhances chances of detection and mitigation, and also requires much better trained personal to operate.

Suitable models

Here's a good example of using PGP: a doctor and his patients could use PGP to secure their communication, it seems most pharmaceutical companies are still shying away from getting patient data by hacking into doctors offices (although I expect that to be quite easy, and I ignore here software developed by pharma for doctors offices). The law seems like a reasonable and natural defense-in-depth in this case. However metadata that you sent a mail to a doctor might still be interesting to your insurance company regardless of contents of the mail.

Another good example is signatures, they have not aged as badly as encryption. It's mostly ok to use PGP to sign software packages, git commits, SSL certs and even contracts, but even in those cases it is worth taking extra care with your keys if you sign something that can be used as an attack vector like some software source code or a TLS certificate.

Metadata

Let's say the adversary is only passive, it still can learn a lot about you, there are actors who "kill based on metadata". The often heard defense that TLS encrypts SMTP anyway, ignores a reality where self-signed certificates are very common and mail servers are configured in a tolerant way, to let other legitimate users with badly configured (e.g. earthlink), self-signed or mitmed boxes still send and receive mails.

Archiving - data-at-rest not in-motion

The argument that forward secrecy (FS) gets in the way of reading old emails neglects the possibility to store the messages in a different way. And even without FS reading old emails can fail, some examples how PGP similarly fails without FS:

• you will lose your ability to read your mails when you loose your key.
• When using manual FS using quickly rotating keys, you still can not read your old emails.
• HW tokens can break and then again, you will have no access to the mails.

I firmly believe that the archived mails should be re-encrypted with something more appropriate than the cipher the sender choose - and riseup seems to agree. A solution would be something like tahoe-lafs, or some double scheme, with backup key being split into shares. And a possibility to decrypt a message without compromising the confidentiality of the other messages. Additionally all archived mails should also be privately indexable/searchable/retrievable. This might be an interesting research project if anyone is looking for something to chew on (add it to tom ritters wishlist if you want).

App ≠ Procotol

Another issue is that secure messaging is nowadays equated with PGP encrypted email or using Signal on a smartphone. The most important is that Signal (the app) is not equal the Signal Protocol. Just as much as I don't recommend using PGP in many cases, I also do not recommend using a centralized service that keeps your keys on a smartphone. However I warmly recommend using the Signal Protocol whenever messaging is to be done. Signal can be a direct replacement for PGP someone just has to code up the whole thing (time to flesh out signal-cli).

Other tools

Indeed there are other tools developed that are quite promising, opmsg is the most advanced and mature of the ones I looked at, and I would recommend opmsg any day over basic gpg. Conceptually another interesting approach is codecrypt which uses post-quantum algorithms for signing and encryption, pond introduces a whole bunch of new concepts for messaging, coniks addresses many aspects of the key management issues that pgp neglects, safeslinger is also an exciting protocol - if you ignore that it runs on a smartphone.

Further reading

The essential paper, if you are into securing messaging, which sums up most of the issues mentioned in this post and introduces examples of how to fix these and many more, is: "SoK: Secure Messaging. By N. Unger, S. Dechand, J. Bonneau, S. Fahl, H. Perl, I. Goldberg, M. Smith". This paper gives a granular analysis of various aspects of messaging and shows which tools or protocols go beyond what PGP is providing as a baseline. Listing all of those aspects is a bit too much, but to whet your appetite, the main four aspects and their categories:

• key-exchange: security, usability, adoption
• conversation: security, deniability, usability
• transport: privacy, usability, adoption
• group conversations

The tables in this post are taken from the paper.

Conclusion

PGP for encryption as in RFC4880 should be retired, some sunk-cost-biases to be coped with, but we all should rejoice that the last 3-4 years had so much innovation in this field, that rfc4880 is being rewritten with many of the above in mind and that hopefully there'll be more and better tools. After all, it's an arms race, not trench warfare.

About the Author

stef has done lots of research on PGP in the past: GitHub repos (1, 2, 3, 4, 5) and blog posts (1, 2, 3, 4) in the archives. stef has for many years advocated and used PGP himself, he trained journalists, NGOs, activists - on his own, and in cooperation with organizations like Tactical Technology Collective. You could say he has extensive field and theoretical knowledge. But he's also been cautioning against PGP for a few years now, he likes to believe to be one of the inspirations behind the secushare/pgp post. He even went to the GnuPG developers conf and gave a talk about OpenPGP as such needing upgrades in many aspects.

(this post has been translated by rhapsodhy to english)

Mostanában előkerül egyre több ember, aki kezdi kapiskálni milyen szerencsétlen kelepcébe került az interneten és valamit tenni akar ez ellen, de nincs szükséges kapacitásuk ehhez és így nem tudják meglépni (pl gmail/facebook elhagyása). De azért mindenképpen akarnak csinálni valamit. Ha mást nem, akkor annak ekvivalensét, hogy nem lehet folyadékot repülőgépen szállítani. Így hetente jelenik meg egy-egy webes, de "katonai szintű" kripto-chat alkalmazás. Vagy valaki előbújik valami lyukból, aki megmenti az emailt. Önjelölt szakértők hada kripto-partikat szervez 5-10 évvel ezelőtti ellenség modellek ellen készült technológiákat tukmálva ismerőseiknek. Ez utóbbiaknak szól leginkább a következő poszt, hogy ez nem partizás, ez nagyon felelősségteljes és esetenként veszélyes móka:

1. a biztonság egy tudatos, gazdasági és többrétegű folyamat,
2. bizonyos ellenfelek jól motiváltak, és több kapacitással rendelkeznek,
3. védekezőként csak veszíthetsz, erre fel kell készülni, minimalizálni kell a támadás értékét és felületét,
4. ismerni kell az ellenfeleket és kapacitásaikat, ennek megfelelően kell védekezni,
5. környezeti/közvetett támadások,
6. nem-technikai vetületek,
7. sok mitigácíós stratégia nagyon macerás a védekezőnek.

Tudatosság, gazdaságosság és többrétegűség: minél jobban ismered és kontrollálod az eszközöd, annál jobban felismered, hogy mikor csinál olyat, amihez nem járultál hozzá. Ha nem értesz hozzá ki vagy neki szolgáltatva. Tudatosan kell a biztonságot folyamatosan értékelni és megfelelő mitigációs stratégiákat alkalmazni. Ez egy gazdasági folyamat is, 1. egyrészt ha nem célzott támadásról van szó, akkor a támadások nagy része kivédhető, ha a te védekezésed marginálisan drágább megtörni, mint az átlagét. 2. A nem célzott támadó is gazdaságos, minimalizálja a költségeket és maximalizálja a hasznot. 2014-ben a PC-s világban még mindig a Windows/Adobe felhasználók a leggazdaságosabb célcsoport. Van olyan becslés [citation welcome], hogy az Apple felhasználok kb. 18%-os piaci részesedéskor válnak hasonlóan zsíros falattá. Innen fakad, hogy a diverzifikálás egy hatékony védekezés, ha egyedi a rendszerünk (és ez sajnos drága), a támadónak is egyedi - azaz drága - támadást kell kifejlesztenie. 3. túlköltekezni sem érdemes, klasszik példa a 30e forintos bicikli lakat, 10e forintos biciklin. A többrétegűség azt jelenti, a mitigációs stratégiákat rétegszerűen alkalmazzuk, ha az egyik védelem besül, a következő újabb akadályt jelent, és fura mód itt már támadási költség növelő hatása lehet a security-by-obscurity-nak, de csak valós mélységi védelemmel kombinálva.

Kapacitások: mivel ez egy gazdasági rendszer is, ezért a védekezésre befektetett energia és a támadásra költött energia egy bizonyos szint után a biztos vereséget jelenti egy megfelelően erőforrás-gazdag ellenféllel szemben. Másképp: egy megfelelően elszánt és "gazdag" támadó ellen nincs védekezés.

Csak veszíthetsz: támadóként van egy sikermetrika, sikerült elérni a célt. Védekezőként, ha jól csinálod a legjobb, amit csinálhatsz, hogy nem veszítesz. Akkor sem lehetsz biztos, hogy ez nem azért van mert nem vetted észre a támadást. Amatőrként profikkal szemben állni, azt valószínűsíti hogy a védelem elbukik (ld. pl. sony). Emiatt minimalizálni kell a várható veszteséget és ugyanígy a nyújtott támadófelületet is. Az egyik leghatékonyabb módja az adatspórolás, azaz minimalizálod az adatok mennyiségét. pl. nem osztasz meg magadról semmit és rendszeresen törlöd a fél évnél régebbi dolgokat a rendszereidről.

Ellenfél ismerete: 1. tudni kell kik az ellenfelek, 2. mik a képességeik, 3. milyen erőforrásokkal rendelkeznek? 4. mik a lehetséges mitigációs stratégiák Nagyon leegyszerűsített ellenfél osztályok a következők: 4c adversary model: citizen, criminal, corporation, country. Ahol a citizen az átlagos felhasználó. A criminal nyilván mindenfele törvényen kívül szervezett és kevésbe szervezett elem. A corporation az lehet akár google/facebook, de pl akár lehet a munkáltatód is, ha pl bluecoat-ozik - talán ez az egyik leggumibb kategória. És az utolsó osztály az állami szintű ellenfél, ez elsősorban más államoknak van, de ugye vannak pl. mindenféle ellenzéki és kisebbségeket képviselő aktivisták, újságírók, whistleblowerek, akik környezete esetenként kiérdemelnek mindenféle figyelmet.

Környezeti/közvetett támadások: egy támadó számára nem csak a célszemély lehet közvetlen célpontja, hanem annak a környezete is. Így az ellenfél ismerete nem csak a saját ellenfél modellre kell alkalmazni, hanem végig kell gondolni például, hogy a kommunikációs partnereim közül van-e olyan akinek az "ellenfél-modellje" esetleg magasabb szintű, mint az enyém, erről az ellenfél osztályról milyen ismereteim vannak? Látható hogy célszemély kiterjedt közösségi hálója ugyanúgy (ld facebook fényképes taggelés, nsa selfie adatbázis) támadási felület mint bármi más, ami a célpont környezetéhez tartozik. A tudatos támadó a leggyengébb láncszemet igyekszik támadni. És ha ez valami ismerős, aki kevésbé tudatosan védekezik, akkor azt.

Egyéb vetületek: sajnos? a támadások és a mitigációs stratégiák nem mindig technikaik. Gazdasági, oktatási, társadalmi és jogi vetületek is vannak. Sajnos sokan akik leginkább tehetnének valamit, azok ellenérdekeltek. Például jogi szinten várható hogy, mind a hálósemlegességi, mind az adatvédelmi szabályozást el fogják szabotálni az Európa Tanácsban. A lehallgatással kapcsolatban úgy néz ki nem lesz komoly reakció. Az adatmegőrzési irányelv Európai bíróság eltörölte, de lépni még nem léptek a tagállamok. Ezen kívül van a szűkebb jogi vetület - nekünk a törvényen belül kell mozognunk, ez nem minden ellenfélre igaz. És azok akikre ez igaz és lehetőségük van rá folyamatosan tágítják, ami jogszabály-módosításokkal vagy bírósági döntésekkel való legitimációja bizonyos új támadásoknak (ld alkotmánybíróság és a kommentek). Néhány szabályzási javaslat, ami sokat dobna jelenlegi (globális, nem magyar-specifikus) helyzeten:

• általános jogi sérthetetlenség mindenki számára, aki biztonsági lyukakat tár fel, a saját infrastruktúrák hackolásának ösztönzése - nem üldözése, oktatás,
• gyártói felelősség nem-szabad szoftverek esetén (azok gyártó nélkül is javíthatók),
• komoly pénzbeli kártérítések személyes adatokkal való visszaélés esetén,
• minden incidensre nyilvános értesítés és teljes jelentés az incidensről,
• adatvédelmi, hálózatsemlegességi szabályozások bevezetése, adatcsere és adatgyűjtő egyezmények és hasonlók beszüntetése,
• digitális hozadék egy jelentős részét "nem-engedélyköteles" frekvenciaként felszabadítani.

A védekezés macerás: sajnos sok mitigációs stratégia nagyon körülményes a védekezőnek is, így vagy ritkán hajt végre ehhez kapcsolódó tevékenységet, vagy teljesen elhagyja az alkalmazását. Olyan ez mint a fogmosás, nem azért csináljuk, mert úgy élvezzük, hanem azért mert ennek a tevékenységnek a hozadéka nem csak egészségügyi előnyei vannak, hanem a fajfenntartás esélyeit is javítja. Lehet macerás, de vannak dolgok, amiket érdemes alaposan végigcsinálni. Az alaposság fontos, mivel az ördög az implementációs részletekben rejlik (ld openssl pl), és így ez sajnos általában nem triviális. Főleg, ha a rendelkezésre álló eszközök ilyen-olyan okokból még akadályozzák is a triviális használatot.

Egy védekezőnek nyilván az lenne a jó, ha ez az egész pofon egyszerű lenne. A támadó erre a legritkább esetben van tekintettel.

A'tuin Terry Pratchett Discworld világában annak a teknős neve, aki a saját hátán hordja világot, és alatta is végig teknősök vannak ("turtles, all the way down"). Ez jó analógia, arra hogy minden biztosított réteg alatt van meg egy nem-biztosított: a'tuin -> intézményi -> fizikai -> pszichológiai -> böngésző -> OS -> HW -> hálózat -> hálózati OS -> hálózati hw -> tempest sugárzások -> egyéb side-channel -> a'tuin.

A böngészőkre külön kitérek, mert azt mostanában sokan szeretik használni mindenféle snakeoil security megoldás terjesztésére. Ezek a böngészők már rég nem azt szolgálják, hogy böngésszünk weboldalakat. Ezek arra vannak, hogy reklámokat fogyasszunk, online szolgáltatásokat vegyünk. Kiváló példa firefox, akik reklámokat akartak a kezdőlapra, tabokat fényesítettek Snowden óta és DRM-et építenek be a böngészőbe. Ezzel el is jutottunk 7 alapvető ökölszabályhoz, amivel a snakeoil security megoldások 99%-át ki tudjuk szűrni, a legújabb hype snakeoil ha:

1. nem szabad szoftver
2. böngészőben fut
3. telefonon fut
4. nem a felhasználó generálja és kizárólagosan birtokolja a titkosításhoz szükséges titkos kulcsokat
5. nem tartalmaz megalapozott threat modellt.
6. cyber/kiber, katonai, stratégiai, vagy egyéb marketing-szuperlatívuszok használata.
7. figyelmen kivül hagyja a végpontok biztonságának szomorú valóságát.

És akkor befejezésül és gondolatébresztőnek három "költői" kérdés:

1. milyen gyakran frissíted a rendszereid?
2. az emailes jelszavad más weboldalon is használod jelszóként?
3. hány ismerősödnek van gmailes címe, vagy tartod vele facebookon vagy skype-on a kapcsolatot?

Javaslom minden kedves érdeklődőnek bemelegítésnek a https://myshadow.org -ot végigcsinálni és végiggondolni. Aztán jöhet a'tuin. ;)

(I have to take a short break from forging code to share my concerns regarding the important upcoming European elections:)

Recent developments regarding the security of the internet show a striking resemblance to western societies apathy towards the crumbling of basic democratic values. Looking a little closer the seeds of the European Union started about the same time a bunch of Californian hippies worked for the military on the internet. The idealistic spirit of those times is a unique heritage, never before did we have a decentralized means of communication and never before did we have such a diverse representation in policy-making as in the European parliament. "United in diversity" - indeed. Let's avoid the sad corruption of the internet to a tool of oppression and keep the EP working in the idealistic spirit of its creators.

Wins

Besides legislating on the standard parameters of toothpaste-stripes there are few very important policy domains that point beyond the usual 5 year horizon of the average elected EP representative. The European Parliament has been fundamental in stopping ACTA just 2 years ago. A battle which started long before (thanks wikileaks) the current batch of members of the European Parliament (MEPs) took their seats. Stopping the attempt to install EU-wide censorship - disguised as a child porn filter - was also a success. We have a lot of hope in the recently revised data protection regulation and just this month the network neutrality regulation proposal got saved by a broad coalition against the intent and interests represented by the lead rapporteur.

Losses

We lost the unitary patent battle last year - and thus also the EU economy and competitiveness. We still have all kind of data sharing agreements with the US. The network neutrality and the data protection proposal by the EP will also probably go into a second round after the elections. But the council will be smart enough to wait for the results before committing itself to the next step (which seems to involve the UK to veto this in the name of censorship hidden behind the ragged excuse of child porn.) We lost the cybercrime issue as well, vendor liability has not even been mentioned in the final proposal. We also lost the Radio Spectrum Policy Programme, an important initiative about the prospects of the radio frequencies freed up by switching to digital television. Instead of opening up parts of this liberated commons, it is auctioned away to telco companies. With good legislation we could have created a new industry that provides local radio-based internet services. Instead we fed the quasi-monopolies.

Future

Among the many outstanding issues, most importantly ACTA is back on steroids called Transatlantic Free Trade Agreement (TAFTA), a classical FTA renamed to TTIP so it does not sound so scary. Another concerning agreement is the Trade in Services Agreement (TISA), which seems to be coming out of the same corner as TTIP. Similar future challenges are the conclusions of the Data Protection and the Network Neutrality initiatives. Data retention has just been ruled unconstitutional by the European Court of Justice, this topic will surely come back in the next term. The world is copying our laws, let's make sure they are copying good stuff.

We live in exciting times, on the global level Europe has a lot of merit. However the other global players are not interested in a strong Europe, thus Euro-skepticism and national politics plays into our global competitors hands. The NSA scandal is a great example of this, as it shows weak isolated inaction in the member-states. The only serious effort has been the more than dozen hearings on this issue in the Civil Liberties Committee of the EP.

Euro-skeptics

As with many populists movements, the root-causes of euro-skepticism are partly valid and quite interesting. The European institutions are overly bureaucratic, some useless or redundant (looking at EP in Strasbourg for example), non-transparent, undemocratic and quite corrupt. The answer of the euro-skeptics to the broken system is quite wrong, the tool is great we just need to take responsibility, fix it and learn to use it! We are not living in a small isolated town, Europe is a major player in a global competition. As such we must use our power in a concentrated way, we must fix the problems identified by the euro-skeptics and be a role-model for the whole world with positive action like the rejection of ACTA or a strong Data Protection regulation.

I see however a chance to become a skeptic myself. As with any technology, the EP itself I believe it is neutral, what matters is who and how uses it. If we allow the EP to degenerate by staffing it with the corrupt political elite that fails us daily at home, then I see a reason for skepticism myself, but still not against the institution but its inhabitants and rules.

Villains

"United in diversity" - indeed. the European parliament has members from 28 countries, between 170-190 parties, even if there are large political blocks - or groups as they're called in Brussels-speak - in the EP. There's no sign of a suffocating and anti-democratic majority dominating the parliament, there's almost always some dissenting splinter-group. Of course in such a diverse crowd there are also all kinds of interests represented, mostly narrow interests. Some are fully legitimate such as the narrow interests of Mediterranean fishers for example are not concerns shared by a polish miner, or less legit meddling of foreign, non-european interests like the tobacco industry, or the US State department, Hollywood, Monsanto, or the pharma industry, you name it. Of course the bulk of the parliament is from dumb populist parties that have no values but lots of closely controlled voters. But for every topic you have some kind of small core group of representatives that is deeply engaged and informed about the issue. Some of these core MEPs can be considered the villains representing narrow industry or interests external to Europe.

Champions

Some representatives have a strong interest to strategically serve the diverse European society. Issues like copyright, patents, data protection, network neutrality have been heroically fought over by a handful of few MEPs. These sound like quite technical matters, but they are very much defining our environment and our daily lives. One of the most heroic of all was Amelia Andersdotter the young Pirate MEP from Sweden. Who although started only at half-time of her term - due to the blocking of the french - she took on responsibility as some kind of rapporteur for 17 issues with quite hard topics. She also authored more than a 1000 amendments, putting her way ahead of most of her colleagues when it comes to hard work and representing European social interest. Other notable champions were

• Claude Moraes (NSA hearings),
• Jan Philip Albrecht (Data Protection),
• David Martin, Francoise Castex, Zuzana Roithová, Alexander Alvaro, Stavros Lambrinidis, Pawel Zalewski (ACTA)
• Carlo Casini (roll-call votes in committees)

...and lot's of others, see the following part:

Ranking of MEPs

The campaigns of the leading political groups are incredibly boring, promising populistic visions of "Jobs, Growth and Security". Let's not get into the statistics and history game about their merits in this regard. Instead let's look at some facts on long-term strategic positions affecting all our society. score-ep.org ranks all MEPs based on their voting behavior on Climate Change, Fracking, GM Crops, Arms Trade and LGBT Issues. The presentation of this data-set is beautiful. Much less visual, and overlapping in the Climate Change dataset I have also prepared such a scoreboard.

Based on the input of four interests groups whose assessment of the MEPS was available to me, this is a ranking of all MEPs serving in the 7th (currently ending) term of the EP. The four data-sets I used came from:

• La Quadrature du Nets Memopol - and covers various internet and digital rights related topics.
• Lobbyplag created an assessment based on the amendments submitted in the civil liberties committee to the Data Protection Regulation.
• CAN Europe, Sandbag and WWF Europe rates MEPs based on votes related to climate change (this is overlapping with the ep-score.org data).
• Phillip Morris tried to influence the tobacco directive and some of its MEP assessments have leaked to the public and thus into this list ;)

The results: eastern countries and conservatives have the least respect for civil liberties, long-term public good or social benefit. On the good side the official champion is Rui Tavares, he and his green fellows rank highest when it comes to representing the widest interests. Personally I was expecting someone else to come out on top, Amelia Andersdotter. Her problem, she was in the wrong committee - Industry instead of Civil Liberties - only members of the latter got scored by Lobbyplag. If not only the amendments of the civil liberties but also the Industry committee would have been rated she would've come out on top.

The top 10 MEPs

Total Score	MEP	Country	Party
2.8888	Rui Tavares	Portugal	Bloco de Esquerda (Independente)
2.8809	Jean Lambert	United Kingdom	Green Party
2.7909	Mikael Gustafsson	Sweden	Vänsterpartiet
2.6472	Jan Philipp Albrecht	Germany	Bündnis 90/Die Grünen
2.6333	Pavel Poc	Czech Republic	Česká strana sociálně demokratická
2.6174	Tarja Cronberg	Finland	Vihreä liitto
2.6166	Cornelis De Jong	Netherlands	Socialistische Partij
2.6111	Marije Cornelissen	Netherlands	GroenLinks
2.6055	Bas Eickhout	Netherlands	GroenLinks
2.5681	Rebecca Taylor	United Kingdom	Liberal Democrats Party

The bottom of this list is mostly populated by (french) conservatives.

Ranking of countries according to the 4 criteria:

rank	country	avg	total
1	Denmark	0.729	10.206
2	Sweden	0.723	15.912
3	Netherlands	0.536	15.566
4	Estonia	0.458	2.751
5	Ireland	0.398	5.980
6	Belgium	0.349	8.725
7	Austria	0.325	6.825
8	Finland	0.297	5.056
9	Portugal	0.246	5.920
10	Cyprus	0.206	1.651
11	Malta	0.196	1.767
12	Greece	0.138	3.738
13	Slovenia	0.115	1.042
14	Germany	0.106	11.155
15	United Kingdom	0.052	4.073
16	France	-0.003	-0.339
17	Lithuania	-0.025	-0.333
18	Latvia	-0.035	-0.318
19	Romania	-0.044	-1.660
20	Spain	-0.068	-4.104
21	Croatia	-0.072	-0.875
22	Italy	-0.142	-11.390
23	Slovakia	-0.149	-1.938
24	Luxembourg	-0.174	-1.049
25	Czech Republic	-0.180	-4.324
26	Bulgaria	-0.346	-7.622
27	Hungary	-0.370	-9.634
28	Poland	-0.730	-39.423

You can download these datasets in a CSV format that you can load into your favorite spreadsheet editor: meps.csv, countries.csv, parties.csv.

Conclusion

So what I want to say is that, the EP is a powerful tool, there are a lot of important issues, there are a few good people in the parliament, they have been working hard, there's also a few corrupt people in the parliament that have vast industry support. And then we have the majority of the parliament who is so busy with other issues that they have no clue, they amount to about 90-95%. These masses follow either the champions or the villains. We must make sure that we have more champions and less villains and that the remaining masses are aligned with the Champs.

So please look at the rankings, go and vote, express your skepticism of the people who brought us here, not the institutions that have been abused. It matters. Thank you.

stash is a private dropbox.

If you want someone to be able to upload files from their browser directly onto your computer at home, install stash once, and allow dedicated access to your friends to share files with you. Maybe your dad wants to send you the video from the family event, or a colleague a huge database, stash might be the right thing. Just send them a URL to your stash upload form and done. If you run stash on a server on the internet, your uploads are encrypted and only accessible with your secret PGP key. There's a short time when the file is unencrypted in memory (but not on disk!) on your server while uploading, but you can get around that uploading stuff that is already encrypted.

Stash should be easy to use for uploaders, while providing the following attributes:

• Allow upload of huge files (I know, it's HTTP, still).
• The only private information retained is the public PGP keys of the stash owners. No passwords even. Just make an extra PGP key and email for an added anon factor.
• Uploaded files are automatically encrypted with the stash owners key. This can be disabled, if you want to upload data that is already encrypted.
• Stash owners are automatically emailed to the email address listed in their public key about new uploads. These emails are also PGP encrypted.
• User authentication is done using tlsauth: uploaders do not need a cert, new stash owners registering either, but all other parts require valid certs.
• Stash IDs are generated randomly and should be hard to guess, this the only protection - tlsauth does not protect these upload forms - this is intentional to make it useful for "mom". however you can also specify your own human parseable stash ID if needed, tlsauth should be mandatory then for uploads as well.
• Even though stash uses certificates for authentication, the user management is very simple and similar to normal user admin workflows, the only difference is that users have to import their cert into their browser after certification.

  Screenshots

registration with certificate generation!

only one stash here

upload succeeded, upload something else?

Get stash from github.com/stef/stash

The tool I release today is genkeyid part of my gpk PGP key management suite, which is a tool that helps you bruteforce arbitrary PGP key ids by modifying the timestamp field of public keys so that the packet hashes to a given key id.

I also release setfp.py which allows you to set arbitrary timestamps in PGP RSA key pairs and recalculates the RSA signature accordingly. You might want to combine this with the other already previously released genkey tools.

The two steps are separated, because the bruteforcing does only need a public key, but setfp also needs an unencrypted private key. So if you want to have a special key id, but also maintain Key Management Opsec, you should do the patching offline in a clean system that you discard later.

For the truly ignorant and the ones having extra clean systems and lots of entropy available in bulk, there's genid.sh which does the two steps in one, generating as many unencrypted keypairs as necessary until a suitable is found.

Of course this is nothing new, there are existing examples of manipulated key ids. Some people have issues with the ambiguity of key ids, but one of the authors of PGP says this is ok. The PGP FAQ has more on this.

get it from github/stef/gpk

Or read more: README.genkeyid.org

I wanted to switch to KeepassX to store all my passwords, but I wanted to use GPG to encrypt the passwords. So I came up with pwd.sh. It's a simple shell script that you can bind to your window manager keybindings, and when you invoke it, it uses the current focused window to deduce a key to store the user and the password. For better browsers like Firefox, Chromium, luakit and uzbl this means the currently loaded URLs, for all other windows the current window title. When creating a new password, it is automatically generated only the username is queried. I also wrote a small script that imports all passwords from Firefox into the new format. I'm very happy that now all my passwords isolated from my browsers and they are also protected by my PGP key on my external cryptostick.

When I showed this yesterday in our hackerspace, 2 members immediately installed and started massively improving pwd.sh, thanks asciimoo + potato!

So if you're running linux, like stuff based on the KISS principle, and are a crypto/gpg fetishist you might want to consider trying out this new "keepassx niche-killer" ;)

Check it out: pwd.sh

I just released tlsauth, a lightweight implementation of a CA and supporting scripts and config snippets that should make TLS client certificate-based authentication a bit easier to set up. The current implementation works in nginx (if someone knows how to do this in Apache, please contribute).

I also provide Flask-tlsauth and Django-tlsauth bindings, available also on pypi. Both contain simple web-based Certificate Authority functions, like sending in CSRs, listing and signing them, and even something similar to regular user registration. With the only difference, that when you are finished registering you have to import the certificate.

So when you look at this from a traditional PKI perspective something is fishy. User registration, and I get a cert back? Wait a minute, shouldn't the CSR be submitted by the user in the first place? Yes. But. :) Considering this from a traditional user registration workflow, the user usually trusts the server with his secret, the password. With TLSAuth however the server drops the secret after creating it and sending it to the user. So with most users blindly trusting their service providers I assume they'll trust them also diligently dropping them. The certs are not very good for anything else than log in to the server. And the CA can produce certs as many as he wants anyway.

Why is this good?

No more passwords

Your users win, because now they only need a password for importing the key into their browser, and then it is protected by the browser master key. This also prohibits users to reuse the same passwords on unrelated sites.

You can also copy your key around and load it on different devices, if you want to be able to access the services also from them, but this only needs to be done once in each browser.

This means also automatic authentication on all services sharing the issuing CA with the clients issuer. This means you can log in to all services on various servers certified by your issuing CA.

With appropriate security tokens you can even store your keys on smartcards and keep you certificates safe from your browser.

No more user databases!

Server operators win because they do not need to store a user database! This removes all kind of privacy issues, and reduces the costs of database leaks considerably.

Your users always send their their TLS cert, which is signed by the CA - you. So when someone comes and says: "hey i'm Joe, here's a certificate about that from you", then you can be sure about it. ;) Also a cert can contain more information, like an email address, or even an real life address for shipping, etc. You decide when you sign your users certificates what your require them to contain.

Authentication on TLS level

You know your client before it even says "GET / HTTP/1.1". This means you can redirect your handler accordingly, showing static only content for unauthenticated visitors, full dynamic server-side scripting and security bugs for trusted peers, and maybe even IMAP or SSH for certain certificates. ;)

Why is this bad?

Bad Browser UIs

On the user side log out is kinda impossible currently. But there seems to be a key-manager for stock firefox - iceweasel is not supported :/ - that could be helpful with log out and other key management related tasks.

It would be nice if the vendors would put more effort behind improving their related user interfaces instead of slacking or reinventing existing protocols.

Losing your phone/tablet/laptop

Losing HW is always a bad thing, especially when you have your certificates on it, hopefully they are protected by a master password in the browser, and full disk encryption on the hard drive. But this should be standard anyway.

Deleting users

CRL or OCSP (and OCSP Stapling already supported in nginx) are the normal way to do this. The question is how to keep track of the serial numbers without exposing the privacy of the end users by keeping server-side database.

Protecting your own CA root key

This is something that kinda makes the operator the weakest link in the whole setup. If anyone has access to your CA signing key, they can MITM attack any connections of all browsers that trust this CA. So you should apply utmost key management security with air gaping and possibly use some kind of cheap HSM like a smartcard or even better.

Loose ends

I understand that TLSAuth does not solve all problems. But for small groups or projects TLSAuth might make a lot of sense. It's perfect for protecting a phpmyadmin from all the probes on the internet, and still make it available to the admins, or you can run your own webmail for all your family and not care about the web as an attack vector.

There's a few open questions and loose ends to be explored here. But I'm quite hopeful to use TLSAuth in future projects, maybe even Parltrack.

TL;DR please contribute a bit to the Parltrack fund-raiser.

It's worth to look back what happened so far in the campaign, since a lot of things happened by now and there's only 9 days left of the campaign to fund the next year of development for Parltrack.

The two main events since the beginning were the lobbyplag.eu launch and the La Quadrature donation.

The launch of the lobbyplag.eu initiative is related to the data protection regulation and is widely covered all over in the media. They used the amendments from Parltrack to do their analysis. The guys generously promised to donate 20% of their own fund-raising campaign to the Parltrack campaign and are calling for support on their site. We also have plans to work together on automatic lobbyplag processing.

The other major event was that the french organization La Quadrature du Net donated 1000 euros and secured not only their right to influence Parltrack more directly (that's the perk they choose). They also helped breaking the 2500 euro limit, guaranteeing the basic maintenance of Parltrack for the coming year.

In the mean time I was tweeting like never before and showcasing the current and possible future features of Parltrack.

My friends Amelia - working in the European Parliament - and Smari - working in Iceland -, produced awesome videos explaining why they believe Parltrack needs your support (btw check out Amelias show #exile6e). These videos are supported by written testimonials by members of major European digital rights organizations:

• Jérémie Zimmermann, La Quadrature du Net (co-founder), FR
• Javier Ruiz, Campaigns Director, Open Rights Group, UK
• Rejo Zenger, Bits of Freedom, NL
• Bram, Memopol main developer, La Quadrature du Net volunteer and Nurpa co-founder, BE
• Ante Wessels and Walter van Holst, Vrijschrift, NL
• Regards Citoyens, FR

The online the campaign was also covered in some publications:

• Media coverage started of in Germany with a call for support on netzpolitik.org - a major German blog focusing on digital rights. EPSIplatform - a European open data/government initiative - quickly joined in and also called for donations.
• The lobbyplag campaign also covered Parltrack and our fund-raising campaign, getting some kind mentions in articles like from Euronews.
• The making of the article with Joinup was amazing. We met very briefly at FOSDEM with Gijs (the author), and later we had a kind of interview on IRC. I don't interface very often with journalists who do PGP and IRC. Kudos.
• I was honored when I was invited to contribute an article to Orgzine a publication of the Open Rights Group. The first draft I wrote became later the slideshow on parltrack/about.

A third important but much less pleasant event was when Paypal blocked Indiegogo donations because of incoming donations hitting another 2500 euro limit mandated by European regulation. After the generous donation by LQDN and coverage in the Orgzine and Joinup, this put a considerable dent into the campaign. Even though the limit was lifted quickly by kind Paypal support, the fact the campaign was blocked, stopped all donations for a few days. Luckily Indiegogo support was kind enough to extend the campaign by 6 more days.

As of this writing the campaign is around 2700 euros, with about 55-60 founders, there's 9 days remaining. Like with many other campaigns where everything is decided in the last few days, I hope there will be a rush of a few more concerned citizens in Europe and the world that will support the further development of a free software tool that has been so widely praised and useful as Parltrack. Every euro counts, every repost/retweet to your peers as well. Your support is much appreciated. Thanks.

Please donate for more Parltrack.

La Quadrature du Net donates 1000 EUR to Parltrack fundraiser¹

The paris-based citizen advocacy group supports Parltrack² with a generous donation of 1000 Euro, not only securing their right to influence the priorities of the upcoming development, but also a half day of dedicated work on Parltrack for their benefit. This donation furthermore ensures the maintenance of the basic Parltrack features for the coming year.

La Quadrature du Net³ is one of Parltracks principal users. In fact campaigning with La Quadrature inspired the the development of Parltrack. LQDN however takes the next step and not only uses Parltrack, but they also take the liberated data and build their own awesome tools based on this, their tool Political Memory⁴ is an essential resource for anyone interested how our elected representatives relate to the fundamental rights and freedoms in the digital context.

The advanced usage of technology and the internet by LQDN is something that hints at the future of citizen-based advocacy for more traditional NGOs. Parltrack is proud to have contributed to the success of LQDN in defending freedoms.

"I would (and did) pay for supporting LQDN, their work is essential. I'm extremely honoured by this contribution, which enables Parltrack to explore further innovation in the citizen advocacy realm. I hope this mutual support between LQDN and Parltrack inspires other organisations to support the efforts of Parltrack to empower them as well."

reflects Stefan Marsiske developer of Parltrack.

Links

1. Fundraiser http://igg.me/p/316104/x/2150548

2. Parltrack http://parltrack.euwiki.org

3. La Quadrature du Net http://www.laquadrature.net

4. Political Memory: http://memopol.lqdn.fr

About Parltrack

Parltrack is a European initiative to improve the transparency of legislative processes. It combines information on dossiers, representatives, vote results and committee agendas into a unique database and allows the tracking of dossiers using email and RSS. Most of the data presented is also available for further processing in JSON format. Using Parltrack it's easy to see at a glance which dossiers are being handled by committees and MEPs.

Contact: stefan.marsiske@gmail.com

Az adatvédelem és (megint) mindannyiunk jövője forog kockán.

Bár vélhetően kevés a nokiás doboz, Brüsszelben hiperaktívak a jellemzően amerikai lobbisták, a tét az adatvédelem jövője és az, hogy milyen szereplők, milyen adatokkal tudnak bennünket kordában tartani. Ezen a héten 3 európai parlamenti bizottságban is végszavazáshoz közeledik az adatvédelmi szabályozasi javaslat. Egy korábbi február eleji bizottsági eredmény azt mutatja, hogy egyelőre európa vesztésre áll a nemzetközi és ipari érdekekkel szemben. Az alábbiakban megpróbálom bemutatni a legfontosabb tudnivalókat. Hogy tisztelt aktív olvasoim tájékozottan vehessék fel a kapcsolatot brüsszeli képviselőinkkel és rávegyék őket érdekeink képviseletére.

Európa mindig is élen járt az adatvédelem területén, ennek okai történelmiek, például a nácik a holland népszámlálás adatait felhasználva hatékonyan deportálhatták a vallási vagy etnikai szempontból nem kívánt elemeket.

Az hatályos EUs szabályozás 1995-ben készült, azóta több nagyságrenddel többen használják az internetet és elég sok szervezet komolyan vissza is él vele. Az 1995. évi irányelv sajnálatos módon a tagországokban eltérő szabályozást teremtett. Ami oda vezet, hogy a Facebook (nem csak adózási okokből) Írországban telepedett le, miközben például Németországban folyamatos ombudsmani vizsgálatokkal és bírósági eljárásokkal próbálják megakadályozni a Facebook visszaéléseit. Továbbá a Lisszaboni Szerződés és az Európai Emberi Jogok Chartája is "alaptörvényi" szintre emeli a személyes adatok védelmét és szükségelteti egy szabályozás bevezetesét. Az Európai Bizottság hatástanulmánya azt mondja, hogy a javaslat eredménye 2.3 milliárd Eurós adminisztrációs költségmegtakarítást jelent az EUs cégek számára.

Így hosszú előkészítés után az Európai Bizottság 2012 januárjában előterjesztette javaslatait az irányelv felülvizsgálatára és egy szabályozás megalkotására.

A szabályozás és az irányelv között fontos különbség, hogy a szabályozás kötelező érvényü, az irányelvvel szemben, amely a tagállamokban eltérő hatályú lehet. Ebben a konkrét javaslatban a szabályozás általános érvényü, mig az irányelv a hatóságokra vonatkozik.

Európa stratégiai fontosságú adatvédelmi szempontből, nem véletlen, hogy az összes amerikai online szolgáltató és az amerikai fogyasztóvédők és emberi jogi szervezetek is Brüsszelben nyomulnak. Washingtonban ez a téma egyértelmüen a cégek érdekeinek van alárendelve.

A La Quadrature du Net összegyűjtötte az elérhető lobbista módosító javaslatokat a lobbyplag.eu pedig összehasonlította ezeket a Parltrackban elérhető parlamenti módosító javaslatokkal. Azzal az eredménnyel, hogy kiderült a britek szilárd hídfőállása az amerikai érdekeknek az Európai Únióban, hiszen az Ebay, az Amazon és az Amerikai Kereskedelmi Kamera javaslatait a legtöbben a britek nyújtották be. Itt egyértelmű, hogy nem a választó polgárok akarata érvényesül. Malcolm Harbour képviselő például igazgatója egy brit lobbicégnek, amely többek között képviseli az IBM és a Microsoft érdekeit a választópolgárok helyett.

A fogyasztóvédelmi bizottságban sajnos már feladták a fogyasztók érdekeinek a védelmét. Február elején ez volt az első bizottság, amely véglegesítette a véleményét. Sajnos a nevével ellentétben kiárúsította a fogyasztói érdekeket. Az alábbiakban összefoglalom a legfontosabb pontokat és megemlítem ehhez képest a fogyasztóvédelmi bizottság mit szabotált el.

Személyes adatok definíciója

1995 óta jelentősen megváltozott az a környezet, amiben a személyes adataink vannak jelen és értéket képviselnek. Az anonimizálásról pár éve kiderült, hogy lehetetlen egyszerre anoním és hasznos adatokat előállítani. Így a személyes adatok körének kiterjesztése és pontos értelmezése kiemelt fontosságú.

A pseudonímek (álnevek) használata általános gyakorlat. A marketing ipar meg is tesz mindent, hogy úgy is azonosítson mindenkit. Úgy hogy közben elkerülhető a hagyományosan személyes adatok - név, születés, anyja neve, stb. - kezelése. Ennél hasznosabbak az elérhetőségi, demografiai és fogyasztási adatok - ezekkel is pontosan be lehet azonosítani szinte bárkit, de elég egy egyedi online azonosító is (bela42?) - és üzleti szempontból is hasznosabb ez a kategorizálás, ezt a gyakorlatot hívják idegen szóval "singling-out"-nak.

Nyilvánvaló az ipar és a állampolgárok érdekeinek szembenállása, a fogyasztóvédelmi bizottságban már eldőlt, hogy nem veszik be a singling-out szabályozását, viszont cserébe feladták a pseudonímek azonos védelmének biztosítását, de a többi bizottságban is várható a definíció hasonló gyengítése.

Hozzájárulás

Adataink kezeléséhez ma is szükséges a tudatos beleegyezésünk. Ezt a szabályt sok irányból támadások érík, hiszen sok esetben a felhasználó ki van szolgáltatva az adatkezelő piaci monopóliumának. Nincs sok választásunk, amikor értesítenek, hogy az általános szerződési feltételek megváltoznak. Sok esetben egyéb kényszerítő körülmények - pl. nem tud más szolgáltatóra váltani, mert nem tudja magával vinni az adatait -, miatt nem nagyon van alternativánk. És emiatt nem tekinthető az ilyen jellegű beleegyezés tudatosnak vagy kényszer nélkülinek.

Nyilvánvalóan az ipar érdeke ezen előírások gyengítése, ahogyan a fogyasztóvédelmi bizottságban már ki is árusították az európai polgárok jogait ezen pont gyengítésével.

"Jogos" érdek

Adatokat sajnos nemcsak a beleegyezésünkkel lehet kezelni, hanem akkor is, ha szervezetek úgy ítélik meg, hogy ez a "jogos érdekük" - namost ez messziről látható, neontáblákkal kivilágított jogi kiskapu. Ezt a kiskaput nyilván amennyire lehet be kellene zárni. Így csak természetes, hogy a fogyasztóvédelmi bizottságban már elkezdték ezt kitágítani.

Ide tartozik az a törekvés is, hogy feloldásra kerüljenek ezek az adatfeldolgozási korlátok és például lehetővé tegyék a bankoknak, hogy például szexuális vagy egészségügyi adatokat kezeljenek mondjuk csalások felderítésére is.

Felejtés és/vagy törlés joga

Ez a pont az állampolgárok erős kontrollját biztosítja az adataik felett, ahogyan beleegyezés szükséges az adatok kezeléséhez, úgy ezt a beleegyezést meg is lehet vonni. Arra viszont kifejezetten ügyelni kell, hogy ezzel ne lehessen szólásszabadságot korlátozni például újságokban és blogokban. Továbbá arra sem alkalmas ez a szabályozás, hogy más törvényi kötelességből gyűjtött adatokat kezelését korlátozzunk.

Adathordózhatóság

Az interneten sokan ki vannak téve választott szolgáltatójuk kénye-kedvének. Pár éve még a Microsoft kapcsán beszéltünk beszállítói kiszolgáltatottságról, most ugyanazt a bezártság hasonlatot alkalmazhatjuk az online szolgáltatásoknál tárolt adatainkra. Ha ott akarunk hagyni egy szolgáltatót, gyakran meg törölni sem tudjuk az adatainkat, nemhogy tudjuk átvinni őket egy más szolgáltatóhoz. Az adathordozhatóság így nem csak a személyes adataink feletti kontrollt biztosítja, hanem piaci mechanizmust is a verseny fokozására és így az adatvédelem megjelenését mint megkülönböztető szempont is ösztönözheti. Egyértelmü követelés, hogy az exportált adatoknak nyilt szabványosnak és így interoperábilisnek is kell lennie, hogy a kitűzött célok teljesűljenek.

Profilkészítés

A profilkészítés nem más, mint minden lehetséges személyes adat összegyűjtése, feltérképezése és ez alapján az emberek kategorizálása és események előrejelzése. Ezzel legalább három probléma van:

1. A profil készités nem tökéletes, és az ebből következő hibák az érintetteknek nagy károkat okozhatnak.
2. Nagyon nehéz a profilok valóságtartalmát ellenőrizni, és kijavítani, ezáltal akár örökre megbélyegezve azokat, akiknél az algoritmus "hibázik".
3. Megerősít előitéleteket, társadalmi különbségeket és a kisebbségek diszkriminációját.

A fogyasztóvédelmi bizottságban nemcsak, hogy nem támogatják a profilkészítés betiltását, sőt! Felmerült, hogy meg kéne fordítani az egészet és kihangsúlyozni, hogy a profilkészités milyen csodálatos dolog.

Adatok exportja harmadik országba

Mivel adatvédelem terén az EU az egyik legerősebb szabályozással rendelkezik, így a piaci szereplők részéről erős a motiváció az adatok kezelését olyan harmadik országban végezni, ahol az ezzel kapcsolatos szabályozás gyengébb (ld. USA). Így ilyen harmadik országbeli adatkezelés csak akkor engedhető meg, ha ez legalább eléri szigorban az EU szinvonalat.

Harmadik ország hatóságainak adathozzáférése

Aggasztó jelenség, hogy harmadik országok jogot formálnak az Európai Unión belül kezelt adatokra, ez leginkább az Egyesült Államok és a cloud szolgáltatások esetén tettenérhető. Az Egyesült Államok FISA Amendment törvénye lehetővé teszi, hogy amerikai hatóságok kémkedjenek amerikán kívüli állampolgárok akár politikai tevékenységei után is. Amerikai állampolgárok ez alól - alkotmányossági okok miatt - kivételt képeznek. Ezt az egyenlőtlenséget ki kell küszöbölni, és nyilván nem úgy, hogy mi is elkezdünk kémkedni az amerikaiak után...

Inkompatibilis felhasználás

Az inkompatibilis felhasználás azt jelenti, amikor egy adatkezelő jogszerüen kezeli az adatokat, de párhuzamosan más - nem jogszerü - célra is felhasználja. Sajnos pont ezt javasolja a Bizottsági javaslat, és ezt tágítja tovább a fogyasztóvédelmi bizottsági jelentés. Ez a javaslat teljesen feleslegessé tenné a teljes szabályozást, hiszen ezzel kiskapuval tökéletesen hatástalanítja. Csak kompatibilis felhasználás engedhető meg, és a kompatibilitást a lehető legszűkebben kell értelmezni.

Privacy-by-design és alapértelmezett adatvédelem

A privacy-by-design azt jelenti, hogy az adatvédelmet már a termék tervezése során - és a teljes életciklusán - legnagyobb gondossággal kezelik. Az alapértelmezett adatvédelem azt jelenti, hogy amikor egy felhasználó igénybe vesz egy szolgáltatást, akkor alapértelmezve a legszigorúbb adatvédelmi beállításokkal kezdje a szolgáltatás használatát. Ezzel biztosítva a felhasználó legteljesebb ellenőrzését az adatai felett. Ezek nem csak technikai követelmények, hanem olyanok amiket adatkezelő szervezeti intézkedéseire is értelmezni kell.

Ombudsmanok függetlensége, hatásköre és jogai

Az adatvédelmi ombudsmanok a védelem első vonalát képezik. Fontos, hogy erős hatáskörökkel, jogokkal, technikai, anyagi és emberi erőforrásokkal rendelkezzenek és teljes függetlenséget élvezzenek a kormánytól. Ezzel biztosítva a magas szinvonalú munkát és a polgárok bizalmát.

Szankciók

Rendkívül fontos, hogy ez a szabályozás megfelelő szankciókkal és büntetésekkel hatékonyan elriassza a visszaéléseket. Ez leginkább a "big data" - nagy adatok - korában alapvető jelentősségü. Ezek után nem okoz meglepetést, hogy a fogyasztóvédelmi bizottságban maximalizálták és alacsonyan tartották a pénzbüntetéseket.

Incidensek bejelentése

A Bizottság két bejelentési kötelezettséget javasol, az egyik azonnali - 24 órán belül - az adatvédelmi ombudsman felé, és a másik az adatvédelmi incidens áldozatai felé. Mindkettő kiváló javaslat, és eddig nem nagyon tudok ennek konkrét megfúrásáról.

Egyéb lobbizásra érdemes pontok

A lobbyplag.eu kutatása további érdekes vitapontokat azonosított a fentieken kívül. Többek között az ipari zoknibábok azt javasolják:

• Az adatminimalizálást, mint vezérelvet teljesen ki akarják fordítani, a "minimálisan szükséges" helyett a "nem túlzott" felhasználást akarják engedélyezni.
• a kollektív fellépés korlátozását, illetve azt, hogy érdekvédelmi szervezetek egységesen ne lépjenek fel a visszaélésekkel szemben.
• A cloud szolgáltatók felelősségét nagymértékben korlátozni akarjak.

Összegzés

Látható, hogy alapvető fontosságú kérdésről van szó, amit mi sem bizonyít jobban, mint az a számottevő lobbierő, ami leginkább az amerikai online szolgáltatóktól érkezik Brüsszelbe. Így minden európai polgár érdeke ezzel szemben fellépni, felvenni a kapcsolatot a képviselőkkel és meggyőzni őket arről, hogy még mindig a választők érdekeit kell képviselniük. Kiválogattam a magyar képviselőket:

Kedden az Ipar és K+F bizottságban három magyar is dönthet: Edit HERCZOG (MSZP), András GYÜRK (FIDESZ) és Béla KOVÁCS (JOBBIK). Szerdán a Jogi bizottságban József SZÁJER-t (FIDESZ) lehet nyaggatni, és a munkaügyi bizottságban pedig Ádám KÓSA és Csaba ŐRY FIDESZ-es képviselők fogják a nemzeti és remélhetőleg polgári értékeket védeni. Egy telefonnal vagy emaillel biztos lehet őket segíteni.

Fontosabb részletek a szabályozzással kapcsolatban:

• a European Digital Rights részletes elemzése a javaslatról.
• európai kampány az adatvédelemért, sok hasznos információval, ha fel akarod venni a kapcsolatot a képviselőkkel.
• kiváló tumblr blog adatvédelmi mémekkel
• Parltrack dosszié

Ma van az "I ♥ Free Software" nap, ilyenkor szokás:

• bloggolni a kedvenc szabad szoftverünkről,
• engedély után megölelni egy szabad szoftver fejlesztőt,
• médián keresztül köszönetet mondani számunkra fontos szabad szoftver projektnek,
• ebédszünetben a kollegákkal a szabad szoftverről beszélgetni.

ezennel az #ilovefs nap alkalmából szeretnék sok-sok adatszeretetet és virtuális öleléseket küldeni azon a szoftverek fejlesztőinek, akik miatt az vagyok aki: o/ <3 mutt, ssh, gnupg, seccure, emacs, mcabber, firefox thank you!

I've been maintaining a list of possible features for Parltrack if the funding campaign hits 10.000 EUR, I'd be interested to hear feedback and other suggestions to this list:

Monitor by subjects

Parltrack already provides listings by subjects (e.g. Protection of privacy and data protection) but there's neither a possibility to subscribe to any changes or new dossiers to these listings. Also missing is currently a user interface where users can browse and select all existing subjects. This feature would allow for broad tracking of policy areas instead of the currently supported dossier-by-dossier tracking.

Monitor by search phrase

Simply enter a search phrase and your email and get notified, if any dossier appears or changes that contains this phrase in its title.

Subscription management

A user-interface to better manage your subscriptions to things you're monitoring.

Visitor Trends

Display any trending dossiers or MEPs based on the visitor access statistics. This way you can identify what or who is currently hot in the EP.

Amendments from the 6th term

Adding also the amendments from the 6th parliamentary term between 2004 and 2009, different formats require the tuning of the scrapers to handle also these earlier documents.

Historical view

The preservation of historical data allows to present also snapshots from previous points in time. A nice timeline visualization is also imaginable.

Localized Parltrack data

Parltrack currently only scrapes in English, some information is easily scrapable also in the rest of the 22 European languages. Some might be harder, but for NGOs it would definitely make a difference, having this information also in their native language - especially if we're talking about re-users of the liberated datasets.

Commenting on dossiers and MEPs

Last but not least a feature that I have been long contemplating. It would be nice to somehow merge Pippi Longstrings, Herr Nilsson and Parltrack into a useful bundle, creating a possibility to comment on the legislative proposals and their procedural meta-information in one location. The issue with this is, that a public service like this needs a lot of moderation, and I fear that serious NGOs would not want to trust their internal political insights and commentary with an untrusted 3rd party like Parltrack. This feature is also the basis for the 750 EUR perk in the campaign by the way ;)

Conclusion

So this would be an initial list of medium to big features to be added, in addition to the site redesign and various small improvements that come up in the mean time, with possible other yet unplanned features to be added to this list. I expect this to occupy me for about a year especially if we reach funding levels that allow me to add new data sources as well.

There is also continued cooperation with NGOs reusing the Parltrack database, like with La Quadrature Du Nets awesome Political Memory and the just recently started Lobbyplag initiative which wants to expand its operations beyond the Data Protection dossiers.

If you agree with all or some of these goals, please consider supporting the current fundraising campaign by donating and making other people aware of this initiative. If you feel some important thing is missing let's talk about it, information and financial feedback are both important for the future of Parltrack, thank you.

About two years ago Parltrack started as another tool trying to get some information that was necessary at that time. Since then the amount and quality of data in Parltrack has come a long way. One year ago, I had to rewrite all the scrapers as the European Parliament upgraded their website. A couple of related tools have been developed, for example Herr Nilsson or - the most widely-known - Political Memory or memopol as we call it. Also ACTA has been defeated. I believe Parltrack contributed a small part to this success. Having recent and good data on the ground was essential for campaigning in and around the European Parliament.

I think Parltrack is a tool with lots of potential. I'd really like to find some more time to just data-mine Parltrack, which was one of my initial motivations when I started this project. As a good friend used to say: most of our work in the commons is financed by pre-accumulated wealth from the traditional system. The peculiar nature of this open data combined with free software makes it somewhat difficult to keep this project sustainable. I've tried Flattr, debated and rejected advertising, offered consulting/custom development jobs, and turns out i'm too small to be eligible for EU funding grants. Depleting resources resulted in a shift of my attention lately to other jobs, however Parltrack seems to be used quite a lot. The lack of maintenance already started showing, so to stop this degradation and to allow me to focus more on Parltrack in the coming year I started an Indiegogo campaign. If you care about freedom, datalove, kittens, puppies, or just me, go here and support this campaign. It will allow me to build more free infrastructure.

thanks, s

Thank you to all my friends who helped me setting up this campaign.

ps: for Parltrack related news you can follow @Parltrack, and RSS updates

The usage of "cyber" as a prefix is a strong hint for lack of detailed knowledge into a certain topic, the intent to make a profit or take control by diluting the exact issues. Hiding the issues behind such muddled phrasing does not help the understanding and possible solutions.

The more often you hear "cyber" the stronger should be the sense of your "bullshit-meter" signal. Chances are high, that it's about spreading FUD to sell an oppressive and expensive security theater - cyberfud is for the internet, like the liquid-bomb was for airport "security".

So if this greed is only going to make us more oppressed, not safer then how to deal with all these menacing online threats that we hear about in the evening news?

A very wise man said[MP4 video]:

"...I'm suggesting, the internet itself can in no more meaningful sense be secure, than the oceans are secure. The security activities in the oceans, there's the "law of the seas", there are many aspects of it, but the functioning of humanity has depended on the openness and diversity of the seas and i think it depends similarly on the openness and diversity of the internet..."

There's a saying in software development: "a bug is cheapest, when caught as early as possible in the development process". Meaning it's cheaper to fix bugs during unit testing, than after they've been shipped to customers. So instead of starting an arms race to create expensive defensive snakeoil technology, we should focus on making the software more resistant. There's excellent examples, some critical infrastructure - our browsers - show a good understanding of this principle:

• the relative difficulty to compromise Googles Chrome browser and the speed of only 10 hours to patch its latest public vulnerability,
• or the responsible fixing of the Firefox 16 privacy incident within 24 hours

Compare this with Siemens not fixing the bug for 625 days that enabled the Stuxnet malware to operate.

It is irresponsible that a vendor waits 625 days to fix bugs that can affect critical infrastructure. Choosing the right words is important, forget cyberfud, here's a positive message:

Responsible Vendor

Closed-source vendors that have a consistent track record fixing bugs promptly and exercising diligence should be awarded, those who are not, should be penalized with full liability.

Instead of spreading cyberfud there should be a publicly available resource where users can check the security track record of vendors, vendors must be absolutely transparent about the vulnerabilities in their products, and it must be possible to objectively compare, measure and rate the vendors according to this data. Procurement decisions must be based on this as a obligatory condition: "no transparency and no sign of responsibility, no contract"

This idea of vendor liability is not new, hackers raised this issue already 14 years ago in a testimony before the US Senate.

I know, this issue cannot be solved solely by suddenly turning this industry into responsible vendors, among others problems are:

• irresponsible customers disabling security features
• restrictive laws outlawing security tools reduce the defensive capabilities of the network (like outlawing the immune system),
• education, instead of paternalizing users into a victim role,
• increased privacy awareness on the demand side and a strict adoption of the "data-minimization" principle would reduce the amount of "bounty out there" to grab.

The next time you hear about a cyberfud event, or hear some industry guy talking cyberfud, ask a few unsettling questions about commercial vendors externalizing the costs of security that are then exploited by greedy security-corporations and politicians. You are also free to ridicule:

"ich find ja, daß william gibson der einzige ist, der 'cyber' sagen darf, ohne dabei blöd auszusehen" — fx #alternativlos #ftw

(Translation: "The only person who is allowed to use 'cyber' without looking stupid is William Gibson".)