April 22, 2019

Pritam Gupta - page 1480

Pritam Gupta has 8361 articles published.

EU states’ data retention laws still violating privacy rights, report warns

in Brexit/CJEU/data retention/Delhi/Digital Rights Ireland/eu/Europe/European Union/Government/India/law/mass surveillance/national security/Policy/Politics/privacy/Privacy International/TC/Tele-2/Watson by

Two legal judgements at the highest level in Europe in recent years have reaffirmed that all Member States’ data retention regimes must comply with core principles of legality, necessity, and proportionality in order to avoid breaching citizens’ fundamental rights. However a new report surveying the current status of legislation pertaining to the retention of communications data across the region has found that many of the EU’s 28 members are not adhering to what privacy rights advocacy organization Privacy International describes as the “basic standard”.

It’s urging all EU Member States to review their national legislation and amend it where necessary to come into compliance, while also recommending that telcos and other companies subject to data retention obligations should challenge existing non-compliant data retention regimes.

The two recent CJEU judgements of note here are the Digital Rights Ireland case (2014), and the Tele-2/ Watson decision (2016). The former judgement rolled back an earlier EU directive aimed at harmonizing data retention regimes across the bloc by asking Member States to impose obligations on providers of comms services to retain certain types of data for a period of between six months and two years. While the latter expanded on the earlier jurisprudence.

In the Digital Rights Ireland decision the CJEU held the 2006 directive to be invalid as a disproportionate exercise of the EU legislature’s powers and in breach of citizen’s human rights.

The court was concerned about the lack of satisfactory limits to access, and by the fact data retention periods were not tailored to the goals or crimes concerned.

In the more recent Tele-2/Watson decision, at the end of last year, the court expanded on Digital Rights Ireland, with a judgment which positively asserted minimum safeguards of EU law that must be prescribed in any national data retention legislation — specifically precluding:

…national legislation which, for the purpose of fighting crime, provides for general and indiscriminate retention of all traffic and location data of all subscribers and registered users relating to all means of electronic communication, [and] national legislation governing the protection and security of traffic and location data and, in particular, access of the competent national authorities to the retained data, where the objective pursued by that access, in the context of fighting crime, is not restricted solely to fighting serious crime, where access is not subject to prior review by a court or an independent administrative authority, and where there is no requirement that the data concerned should be retained within the European Union.

However Privacy International’s survey of Member States data retention regimes indicates that many are yet to make the necessary changes to ensure domestic legislation is compliant with the court rulings.

It’s urging the European Commission to provide guidance on reviewing national data retention laws to help ensure states’ conformity with fundamental rights, as interpreted by Europe’s top court, the CJEU.

“Member States have an obligation to ensure that their laws comply with the CJEU’s jurisprudence, and EU law more generally. It is thus concerning to notice that only a limited proportion of Member States have actually annulled their pre-Digital Rights legislation and that practically no Member States’ laws currently comply with Tele-2/Watson,” it writes in the report.

“Very few governments have taken the lead in pushing legal reforms, and to the extent that limited positive changes at the national level have occurred, they have been the result of litigation initiated by NGOs and other small interest groups.”

Privacy International found that close to half (40 per cent) of the countries surveyed for the report still had the invalidated 2006 directive in place. While, as a generally rule, it said it found that where repeals or amendments had taken place this was as a result of challenges in national courts predominantly by human rights NGOs — with governments and legislators “largely inactive”.

And even in Member States where the prior data retention regime has been invalidated in the national courts, and where new data retention legislation has come into force after Digital Rights Ireland, it found national laws to be “nonetheless inconsistent” with the CJEU’s most recent ruling in Tele-2/Watson — saying this was true for around a fifth of the countries surveyed.

“In those countries the regimes might allow indiscriminate retention of data in bulk or provide vague and ill-defined regulation on access to that data by relevant authorities,” it warns.

“Data retention legislation is being considered or is on hold in about 30% of the jurisdictions surveyed, and in about half of these cases attempts to ensure compliance with Tele-2/Watson are being pushed. Nonetheless, we are now eight months into the CJEU decision, and the slow pace by which changes are evolving in these jurisdictions is concerning, given how impactful these data retention regimes are on Europeans’ fundamental rights and freedoms,” it adds.

Privacy International’s report was compiled after consulting with digital rights NGOs and industry in 21 national jurisdictions across the EU — specifically in: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, France, Germany, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom.

In the UK’s case, the government passed expanded state surveillance legislation at the end of last year — aka the Investigatory Powers Act (or, to give it its colloquial name, the ‘Snoopers’ charter‘) — which includes a provision requiring that ISPs retain web activity data for all their users for a period of 12 months.

Asked what it has been able to glean regarding the UK government’s intention to respond to the Tele-2/Watson ruling, a Privacy International spokeswoman noted that the case has been remitted back to the court of appeal — saying there’s therefore still no clarity on how the legislation might be amended.

“The government stated recently that “…in light of the CJEU judgement, and in order to bring an end to the litigation, the government have accepted to the Court of Appeal that the Act was inconsistent with EU law in two areas.” However, until a hearing takes place, the details of what the government is prepared to accept, the response to this from the Claimants’ and ultimately what results from the CJEU’s ruling is unknown,” she told us.

The spokeswoman also said it’s unclear whether the data retention obligations the law places on ISPs have been activated yet, or whether they’re on pause as a result of the ongoing legal uncertainty. “It is unclear whether this is current in force,” she said, adding: “Not all of the Investigatory Powers Act has come into force.”

There’s a further uncertainty in the UK’s case relating to the Brexit referendum decision for the country to leave the European Union.

Since that vote last year, the government has said it wants to extract the UK from the jurisdiction of the CJEU — raising questions of whether it might seek to avoid compliance with the EU-level data retention rules once it’s no longer a Member State.

However the Privacy International spokeswoman suggested any such move by the UK to ignore Europe-wide principles on data retention could complicate the government’s stated aim for “a quick and seamless data flow with the EU following Brexit” — an essential component if UK digital businesses are to continue to serve customers in the EU after the two-year Brexit negotiation process comes to an end in May 2019.

“Failing to comply with this judgement will raise questions as to whether the UK law provides equivalent protection to personal data as the EU standards,” she suggested. “Further, the government’s recent position paper on Brexit raises more questions than it answers in relation to the CJEU and the bearing its rulings will have on the UK.”

Featured Image: Josh hallett/Flickr UNDER A CC BY 2.0 LICENSE

News Source =

Cryptocurrencies have already recovered from last weekend’s crash

in Bitcoin/crash/crypto/cryptocurrencies/Delhi/ethereum/Finance/ICOs/India/market recovery/Politics/TC/Valuations by

When cryptocurrency markets crashed 20% a few days ago, I wrote “the next day or so will tell us if this was a temporary bump in the road or the start of the next major correction.”

Well here we are, a day or so later. And the temporary crash seems to have just been a bump in the road. The entire market cap of cryptocurrencies is up 16% from a low of $135B yesterday to $162B today.

Bitcoin is back above $4,600, which is about 13% higher than yesterday. Ethereum is trading around $333, which is 16% higher than the low it hit earlier this week.

Checking the chart below shows that results are pretty similar across the board. Most currencies are up double digits over the last 24 hours, bringing them close to where they were before the weekend’s crash.

There is one exception – NEO, the Chinese-based ICO/cryptocurrency never recovered and is down 39% over the last week – but this makes sense, because the crash was likely caused by China’s ICO ban, which particularly affects NEO.

Of course extreme volatility is common in the cryptocurrency world – even double-digit swings in major currencies like Bitcoin and Ethereum. But a market-wide crash that affects every single digital currency, like we saw over the weekend, is almost always a sign of some outside influence and not day-to-day volatility. In this case the influence was China’s ICO crackdown.

Today’s recovery shows that the cryptocurrency market (and accompanying valuations) is more resilient that some have thought.

While cryptocurrency investors are reluctant to admit it publicly, many think the rapid appreciation in value over the last few months is the sign of a bubble about to pop. Some of those same investors are hoping that rising valuations will actually come down a bit, to give the industry time to catch its collective breath.

Essentially this recovery reveals a cryptocurrency market resilient enough to withstand the shocks of government regulation, meaning that the steady climb of value continues.

News Source =

Don’t rely on Face Unlock to keep your phone secure

in Delhi/Face Unlock/galaxy note 8/Hardware/India/iPhone 8/Politics/Samsung/Security/TC by

With Samsung’s Galaxy Note 8 arriving in stores soon, here’s an important reminder: Face Unlock isn’t anywhere near as good at securing your phone as a fingerprint. If you follow the tech news cycle, you’ve seen the stories: first following the release of the Galaxy S8 and now the new Note. The technology is easily fooled.

Sure, there’s a little bit of sensationalism and breathless reporting as the videos go viral, but they also serve as an important reminder to find better ways to lock down your phone, as these devices continue to play an even more centralized role in nearly every aspect of our daily lives.

The videos of people unlocking the phones are pretty easy to find online this week, as the phone makes its way into more people’s hands. I honestly had a bit of trouble recreating the two-phone trick using an image of myself, but I’ve reached out to Samsung and the company acknowledges that Face Unlock is, indeed, not the ideal way to keep your stuff secure.

In fact, the company likens the feature to a simple swipe to unlock in a statement given to TechCrunch, “Facial recognition is a convenient action to open your phone – similar to the ‘swipe to unlock’ action,” the company says. “We offer the highest level of biometric authentication – fingerprint and iris – to lock your phone and authenticate access to Samsung Pay or Secure Folder.”

Samsung’s been fairly transparent on the matter. A visit to the Security tab on the Galaxy S8 page, for example, notes by way of an asterisk that “Face recognition is less secure than pattern, PIN, or password.” It’s also worth noting that there’s a “Faster recognition” setting hidden behind a few menus (including the ominous message “Your face has been registered”). Turning it off “increase[s] security and make[s] it harder to unlock using an image or video.”

Though this appears to be on by default. In essence, Face Unlock is just an interesting alternative to leaving your phone in Swipe to Unlock mode, and another feature the company can add to its ever-growing list. But it doesn’t keep your phone particularly secure. 

The company probably could have (and still can) do more to be upfront on the relative security of the feature — or perhaps ditch it altogether, now that the more secure Iris Scanning is onboard these devices. Look for this issue to flare up again in the coming week — Apple, after all, is rumored to be introducing its own similar feature for the iPhone 8, and people will without a doubt start trying to fool it pretty much immediately. Even more devices will be adding it, as well, as Qualcomm works to standardize its own version across Android handsets.

Security levels will most likely differ from implementation to implementation. Aspects like depth sensing can add a fuller image of the data collected by the face scanner and thus make it more difficult to spoof with a two-dimensional print out or by holding up a picture of a person on an adjacent phone. Whatever the cause, companies need to be fully transparent about the efficacy of their given technology, and users need to keep a close eye on the fine print during the setup process.

News Source =

Mesosphere adds Kubernetes support to its data center operating system

in containers/Delhi/Enterprise/India/Kubernetes/mesosphere/Politics/TC by

There can be no doubt that Kubernetes is where it’s at for container orchestration services these days. Mesosphere, which was one of the early companies to adopt containers and which focuses on allowing businesses to run their big data and analytics workloads in the cloud, today announced that it now also supports Kubernetes on its DC/OS platform for running big data applications in the cloud. This announcement is going to come as quite a surprise to many, given that Mesosphere has long offered its own container orchestration tool for DC/OS and Apache Mesos in the form of Marathon.

Kubernetes will be available in beta as part of the DC/OS 1.10 release that’s scheduled to launch on September 11.

The Information, which broke this story earlier this morning, argues that this means that Mesosphere is “bowing” to Kubernetes. That’s something Mesosphere co-founder and CEO Florian Leibert and Mesosphere CMO Peter Guagenti strongly denied when I talked to them earlier today. They both stressed that the idea here is to give Mesosphere’s users — which tend to be large enterprises — more choice. “Our customers tend to be infrastructure and operations professionals at large companies who are serving hundreds or thousands of developers in an organization,” Guagenti said. “For them, the most important thing they provide is freedom of choice.”

In Leibert’s view, offering support for Kubernetes as an orchestration engine is no different from offering support for multiple data services, continuous integration platforms and networking tools. Guagenti also later stressed that it’s important to remember that for Mesosphere’s customers, the platform isn’t about containers — it’s about deploying and managing data-intensive applications.

Leibert also noted that Marathon and Kubernetes have different use cases because Marathon can also be used to run legacy applications without container technology, while Kubernetes is obviously solely focused on containers. “So it’s natural for us to support both,” Leibert said. “A lot of these technologies are really like a layer cake. Kubernetes and Mesos can work really well together. Kubernetes takes over the container workflow but it can’t handle workflows that typically don’t run on containers like Hadoop.”

Guagenti also noted that he believes that Mesosphere is currently a leader in the container space, both in terms of the number of containers its users run in production and in terms of revenue (though the company sadly didn’t share any numbers).

Leibert and Guagenti both stressed that Mesosphere will continue to invest in Marathon, just like it always has.

Going forward, developers will be able to use DC/OS to set up and manage their Kubernetes-based container deployments (including different versions of Kubernetes) right from DC/OS and on the same infrastructure that runs the rest of their container deployments. Mesosphere worked with Google on this project and Mesosphere will offer its users a pure up-stream version of Kubernetes without any vendor-specific changes to ensure there are no compatibility issues.

“In bringing Kubernetes to DC/OS, Mesosphere provides customers with a robust platform for building, deploying, and operating data-rich, containerized applications in your data center and on public clouds,” said Allan Naim, a Google product manager in charge of Kubernetes and the Google Container Engine. “With projects like Kubernetes for containers and TensorFlow for machine intelligence running on both our platforms, Mesosphere DC/OS and Google Cloud Platform together offer a compelling open hybrid cloud platform. We’re excited to continue to work with Mesosphere and the community going forward.”

At the end of the day, Mesosphere argues that it’s simply giving its customers more choice, though it’s also clear that this is yet another win for the Kubernetes ecosystem, which really isn’t so much of a threat to Mesosphere, which has long found its own niche, but more for Docker, which runs the risk of falling behind, even as it kickstarted the container movement. Indeed, I can’t help but think that this move by Mesosphere is actually going to make it harder for Docker to find its own niche going forward.

News Source =

Apple just released iOS 11 beta 10 to developers

in Apple/Apps/Delhi/Gadgets/India/iOS/ios 11/mobile/Politics/TC by

Apple is pushing the limits of its beta program as the company just released the tenth beta version of iOS 11. If you have a developer account and want to try out the next version of iOS, you can download the new beta version right now.

iOS 11 is the next major release of the operating system for the iPhone and iPad. Apple first unveiled iOS 11 at its WWDC event back in June 2017. Developers and early adopters have been able to try out the new version for three months.

And the wait is almost over as Apple should release iOS 11 a week after the new iPhone event on September 12. Existing iPhone and iPad owners will be able to update for free.

At this point, beta versions of iOS 11 feel quite stable. I wouldn’t recommend installing iOS 11 on the iPhone you use every day — beta versions of iOS usually drain your battery life. But if you have an iPad and are feeling adventurous, you can install it right now.

If you have a developer account and pay $99 per year to access new betas, developer tools and content, you can download iOS 11 beta 10 on Apple’s developer website. If you don’t want to pay $99, Apple now has a public beta program.

The iPad is going to receive the biggest changes in iOS 11. The update turns your iPad into a more capable tablet as you can drag and drop files, app icons and more across the operating system. There’s a system-wide dock, a new app switcher and a Files app so you can launch apps and manage your documents more easily.

If you don’t have an iPad, most of the changes are under the hood, starting with Apple’s augmented reality framework ARKit. Many developers have been working on ARKit-enabled apps, but they’re not in the App Store just yet. There’s also a completely redesigned Control Center with customizable shortcuts. I wrote a preview of the upcoming changes in iOS 11 if you want to learn more.

News Source =

Go to Top