[liberationtech] 'bullet proof' hosting

Eric King eric at privacy.org
Tue Aug 23 16:44:24 PDT 2011 

Beware of some of the lawful access regimes in Europe - particularly Sweden.
The powers granted under their FRA law were only curtailed at the last moment,
and it still isn't brilliant.

There were a number of government bills in 2006 that extended the use of
secret surveillance, including inter alia a bill to allow telephone tapping
for preventive reasons as well as bugging of conversations with the help of
hidden microphones. On 31 May 2006 the Parliament decided to postpone
discussion on the bill for at least a year and "insisted that safeguards
against abuse of power be introduced into the bill, including an obligation
for police to inform those subject to secret surveillance whenever this is
considered safe for investigative reasons."[66] In 2007, a proposed bill would
allow the National Defence Radio Establishment (FC6rsvarets Radioanstalt, FRA)
permission to use data mining software to search for sensitive keywords in all
phone and email communications passing through cables or wires across the
country's borders without a court order.[67]Until then the FRA could only
listen to radio transmissions and did not have the authority to monitor and
analyse Internet data traffic.[68] The FRA would need approval from a
parliamentary committee on military intelligence affairs and would only be
permitted to "tap into communications through pattern analysis and key word
searches, and would not be entitled to target specific individuals."[69]
Before this bill was approved on 18 June 2008, such traffic could only be
monitored with court approval if police suspected a crime, although the agency
was free to spy on airborne signals, such as radio and satellite traffic. The
new legislation became widely controversial and has posed a threat to
cross-border communications.[70]It allows for the interception of e-mail,
telephone and faxes, and is therefore a threat to anyone dealing with a
Swedish organisation.[71] Even where domestic Internet communication is
intended for two persons residing in Sweden, the same information may cross
national borders through Germany, Denmark, and the USA.[72] The implication is
that people residing outside of Sweden, as well as Swedes, may be subject to
the surveillance of FRA.[73]

The FRA wiretapping law adopted on 18 June 2008 consists of four statutes: a
newly adopted statute on signals intelligence and changes in three other
statutes.[74] "FRA has a mandate to search for 'external threatsb, which
involves everything from military threats, terrorism, IT security, supply
problems, ecological imbalances, ethnic and religious conflicts, and migration
to economic challenges in the form of currency and interest speculation."[75]
Causing further controversy is the lack of any requirement that the FRA should
have a reason to suspect crime or need a court order before being allowed to
conduct surveillance of Swedish residents.[76] After criticism by privacy
groups and a massive public debate about such sweeping powers, the Act was
amended.[77] In addition, "a legal complaint has been made to the EU in July
about this Act's possible breach of the EU's privacy and discrimination law
with regard to cross-border legal consultations."[78]The European Commission,
who would have to bring formal infringement procedures against Sweden, has not
yet made any such action.[79]

The law was supposed to enter into force by January 2009 but after the massive
debacle surrounding the issue in Sweden, the government proposed a modified
bill that included a number of privacy improvements to the original
legislation. Among other aspects, the details of FRA monitoring are now
subject to political scrutiny and the FRA must seek permissions for every
search made. The amendment was approved by the Parliament on 14 October 2009
and the new, restricted competences of the FRA came into force on 1 December
of the same year.[80] As of September 2010, the FRA has still to initiate its
surveillance scheme. Technical problems regarding access points as well as
resistance from some Internet service providers have allegedly delayed the
actual surveillance from starting.

https://www.privacyinternational.org/article/sweden-privacy-profile

Eric

On 24 Aug 2011, at 00:27, Moritz Bartl wrote:

> On 23.08.2011 21:11, Miles Fidelman wrote:
>>> With this in mind, can anyone suggest any methods for 'bullet proof'
>>> hosting that functions under a jurisdiction that upholds freedom of
>>> expression in ways that don't lead to such 'take down' notices?
>> The obvious strategy is to mirror on multiple hosts in different
>> jurisdictions, and make sure that domain registration and nameservice is
>> in a country that values freedom of expression (or is spammer friendly).
>
> I agree.
>
> It is best to approach potential hosters up front with a description of
> the project and worst case scenarios/attacks (complaints, takedown
> notices, etc). Sweden and the Netherlands were mentioned to have pretty
> good privacy laws, and for most cases it is not necessary to go with
> advertised "bullet proof" ISPs such as PRQ, which in general are very
> pricey. Iceland is even more expensive. Another well known decent
> privacy ISP for example is shinjiru in Malaysia (
> http://www.shinjiru.com/ ). If you need more detailed recommendations, I
> can compile a larger list of potential ISPs to contact, but again, it
> should not be hard to find 2-3 good ISPs in different jurisdictions
> willing to stand some heat.
>
> --
> Moritz Bartl
> https://www.torservers.net/
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
above) next to "would you like to receive list mail batched in a daily
digest?"
>
> You will need the user name and password you receive from the list moderator
in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>


_______________________________________________
liberationtech mailing list
liberationtech at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click
above) next to "would you like to receive list mail batched in a daily
digest?"

You will need the user name and password you receive from the list moderator
in monthly reminders.

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list