Search the Community
Showing results for tags 'act'.
-
The NSA’s phone-snooping program is on its last legs after senators voted Tuesday to approve the USA Freedom Act, banning bulk collection of Americans’ data two years after the practice was revealed to the public by Edward Snowden. President Obama signed the bill late Tuesday, moving quickly to kick-start several Patriot Act powers that expired this weekend after senators missed a deadline for renewing them. But the bill, which cleared the Senate on a 67-32 vote, puts limits on a key power. Investigators still can demand businesses to turn over customers’ documents and records, but the data must be targeted to individuals or groups and cannot be done indiscriminately. The National Security Agency must end its snooping program within six months, forcing intelligence officials to set up a system that will leave the information with phone companies. Investigators will be able to submit a query only if they have a specific terrorism lead. “It’s the first major overhaul of government surveillance in decades and adds significant privacy protections for the American people,” said Sen. Patrick J. Leahy, a Vermont Democrat who led a two-year fight to end the NSA’s snooping. “Congress is ending the bulk collection of Americans’ phone records once and for all.” Supporters of the NSA program predicted that intelligence officials will not be able to get the same kinds of results if phone companies rather than government agencies hold the data. Senate Majority Leader Mitch McConnell, Kentucky Republican, said Mr. Obama will be blamed for weakening U.S. security and that the NSA program’s end was in line with the president’s opposition to detaining suspected terrorists at Guantanamo Bay, Cuba, and failing to confront the Islamic State. “The president’s efforts to dismantle our counterterrorism tools have not only been inflexible, they are especially ill-timed,” Mr. McConnell said. But it was the majority leader’s miscalculations about scheduling that backed NSA supporters into a corner. Mr. McConnell wanted the entire program to be extended and tried to use the June 1 expiration deadline to force fellow senators into a take-it-or-leave-it choice. But his colleagues, including a large percentage of Republicans, rejected his bid, sending the Senate over the deadline and undercutting Mr. McConnell’s leverage. On Tuesday, Mr. McConnell made a last-ditch effort to change the bill, doubling the six-month grace period for the NSA and requiring the government to certify that it could keep producing the same results even without storing the phone data itself. Even some senators who were sympathetic to his cause, though, voted against the amendments, saying any changes would have sent the bill back to the House and prolonged the fight, leaving the Patriot Act neutered in the meantime. Nearly half of Senate Republicans voted for the USA Freedom Act, joining all but one Democrat and a Democrat-leaning independent. The vote was a major vindication for the House, which for the second time this year has driven the legislative agenda on a major issue, striking a bipartisan compromise that senators were forced to accept. The bill also had the backing of the intelligence community, which has assured Congress that it won’t be giving up any major capabilities and can make the new system work even with the data held by phone companies instead of the NSA. Mr. Obama initially defended the program, but after several internal reviews found it to be ineffective and potentially illegal, he said he would support a congressional rewriting to end the law. The George W. Bush and Obama administrations justified the program under Section 215 of the Patriot Act, which gives federal investigators power to compel businesses to turn over customers’ documents and records. Using that power, the NSA demanded the metadata — the numbers, dates and durations involved — from all Americans’ calls. The information was stored and queried when investigators suspected a number was associated with terrorism and wanted to see who was calling whom. Backers said the program didn’t impinge on Americans’ liberty because the information, while stored by the government, wasn’t searched until there was a specific terrorism nexus. They said there were never any documented abuses of the program. But opponents said repeated reviews, including one last month by the Justice Department’s inspector general, found the program has never been responsible for a major break in a terrorism case. Given its ineffectiveness, they said, it was time to end it. Sen. Ron Wyden, an Oregon Democrat who had been battling behind closed doors for years as a member of the intelligence committee to end the program, said the vote was a first step. He said he and like-minded colleagues now will turn to other powers under the Foreign Intelligence Surveillance Act that the government uses to scoop up emails — a power Mr. Wyden said is increasingly gathering information on Americans, contrary to its intent. “This is only the beginning. There is a lot more to do,” he said. Some of Mr. Wyden’s colleagues in those fights, including Sen. Rand Paul, Kentucky Republican, voted against the USA Freedom Act. “Forcing us to choose between our rights and our safety is a false choice,” said Mr. Paul, who is running for the Republican presidential nomination and making his stand against the Patriot Act a major part of his campaign. Mr. Paul even used the obstruction powers the Senate gives to a single lawmaker to block action Sunday, sending Congress hurtling across the deadline and causing three powers to expire: the records collection, the ability to target “lone wolf” terrorists and the power to track suspected terrorists from phone to phone without obtaining a wiretap each time. The lone-wolf and wiretap powers were extended without changes. Source
-
Apple, Microsoft, Facebook, Google, Yahoo! – and many, many others – have appealed to American politicians and g-men to rein in mass digital surveillance this May, and bring the intelligence community under some kind of effective oversight. "It has been nearly two years since the first news stories revealed the scope of the United States’ surveillance and bulk collection activities," the group wrote in an open letter to President Obama, congressional leaders, and the heads of the NSA and US Department of Justice. "Now is the time to take on meaningful legislative reforms to the nation’s surveillance programs that maintain national security while preserving privacy, transparency, and accountability." And, presumably, prevent future annoying headlines like this and this appearing on the web. The tech goliaths are members of the Reform Government Surveillance coalition, along with pro-privacy and civil-rights warriors. The group has been piling on the pressure over global spying, which they say hurts their business. In their latest open letter, the gang call for reform of the USA PATRIOT Act, which is up for renewal shortly. On May 31 this year, Section 215 of the act (or to give it its full and faintly ridiculous name, the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act) expires. Section 215 is the part of the anti-terror law that the NSA uses to justify snooping on everyone's phone metadata. The group is pressing that the section be allowed to expire on June 1 without being reauthorized. Section 214, which covers pen registers and trap and trace devices, will also expire on that date. The group says that if they are renewed, proper oversight is needed by an independent third party. With the sections of the Patriot Act coming up for renewal, there's an increasing amount of pressure to curb the blanket spying revealed by whistleblower Edward Snowden. Earlier this week, a bipartisan bill was introduced into the US House of Representatives to abolish the PATRIOT Act altogether, but El Reg suspects Satan will go to work on a snowplow before it passes. Source
-
The Supreme Court of India today struck down Section 66A of the Information Technology Act -- a controversial law that allowed law enforcement officials to arrest people for posting "offensive" comments on social networks and other internet sites. After hearing a clutch of petitions by defenders of free speech, the Supreme Court described the 2009 amendment to India's Information Technology Act known as section 66A as vague and ambiguous and beyond ambit of the constitutional right to freedom of speech. "Section 66A is unconstitutional and we have no hesitation in striking it down," said Justice R F Nariman, reading out the judgement. "The public's right to know is directly affected by section 66A." SECTION 66A OF THE IT ACT The Information Technology Act 2000 was amended in the year 2008 and this amended act contains the 66A section. Under this section, "Any person who sends, by means of a computer resource or a communication device, — 1. any information that is grossly offensive or has menacing character; or 2. any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device, 3. any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages, shall be punishable with imprisonment for a term which may extend to three years and with fine." SECTION 66A MISUNDERSTOOD But, the legality of section 66A has been in Question from years. The Supreme Court earlier had said that terms like 'illegal', 'grossly offensive' and 'menacing character' were vague expressions and were likely to be dangerously twisted and misused. Section 66A act stops people to share and express their different or controversial opinion freely that may not necessarily be dangerous or a subject of 'grossly offensive' and 'menacing character'. Like for example, Theory of Evolution may be a ‘false information’ for those religious people who believes that God created the whole world, but it may be useful information for those who study Science. CASES IN WHICH SECTION 66A IS MISUSED BY POLITICIANS In 2012, two young women – Shaheen Dhanda and Rinu Shrinivasan – were arrested in Palghar in Thane district, Mumbai under the Section 66A act for posting comments against the shutdown in Mumbai following Shiv Sena leader Bal Thackeray's death. The charges on two young ladies were later quashed by a Mumbai court, but this first case filled under Section 66A followed a number of arrests across the country for uploading political cartoons or posting comments on social network, which sparked outrage and fierce debate about online censorship in India. Some other controversial arrests under Section 66A of the IT act are as follows: • Recently, a class XII student was arrested for posting about Uttar Pradesh Minister Azam Khan on his Facebook timeline. • Businessman Ravi Srinivasan was booked by police for allegedly tweeting that the son of then union minister P Chidambaram, Karti Chidambaram, was 'corrupt'. • Last year, Devu Chodankar was arrested in Goa for writing on Goa+, a popular Facebook forum with over 47,000 members, that if elected to power, Modi would unleash a 'holocaust'. • Ambikesh Mahapatra, a Jadavpur University professor, was arrested in Kolkata for forwarding a cartoon about Mamata Banerjee. The government argued that the section 66A of the IT act was needed to protect the government data from hackers, to which the court was not at all impressed as this situation was already dealt with viruses and hacking for which Section 65 of the IT Act was relevant.
-
1. Introduction Electronic signatures were used for the first time in 1861 when agreements were signed by telegraphy using Morse code. In 1869, the New Hampshire Court confirmed the legality of such agreements by stating that: “It makes no difference whether [the telegraph] operator writes the offer or the acceptance in the presence of his principal and by his express direction, with a steel pen an inch long attached to an ordinary penholder, or whether his pen be a copper wire a thousand miles long. In either case the thought is communicated to the paper by the use of the finger resting upon the pen; nor does it make any difference that in one case common record ink is used, while in the other case a more subtle fluid, known as electricity, performs the same office.” In the past, electronic signatures were accepted with mixed feelings. Nowadays, they are considered as a secure way of authentication and are often used for signing legal documents, such as contracts and tax declarations. The European Union (EU) and the United States (US), the two largest financial markets, have adopted legislation recognizing the enforceability of electronic signatures. This article provides an overview of the laws concerning electronic signatures in the EU (Section 2) and the US (Section 3). Afterward, it examines the similarity and difference between the EU and the US laws (Section 4). Next, this article analyses the validity of EU electronic signatures in the US and vice versa (Section 5). Finally, a conclusion is drawn (Section 6). Before proceeding with Section 2, it is necessary to clarify the difference between the electronic signature and digital signature. Any signature in electronic form can be generally defined as an electronic signature. The digital signature is a type of electronic signature that is created by using cryptographic techniques. Such cryptographic techniques are typically based on Public Key Infrastructure (PKI) systems. The term “PKI” refers to the set of computer systems, individuals, policies, and procedures necessary to provide encryption, integrity, non-repudiation, and authentication services by way of public and private key cryptography. 2. EU electronic signature laws The EU Electronic Signatures Directive 1999/93/EC (the “Directive”) currently regulates the electronic signatures in the EU. However, on July 1st, 2016, the Directive will be replaced by a new European Regulation which will ensure the cross-border operability of electronic signatures within the EU. The Directive defines three types of electronic signature, namely, basic electronic signature (Section 2.1), advanced electronic signature (Section 2.2), and qualified electronic signature (Section 2.3). These three types of electronic signature are discussed below. 2.1 Basic electronic signature The term “basic electronic signature” refers to “data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication.” This type of electronic signature is considered as weak in terms of reliability and security of authentication. For example, a scanned signature which is attached to a document will be regarded as a basic electronic signature. The basic electronic signatures can be easily faked. Actually, there are numerous malware programs that use fake electronic signatures, including basic electronic signatures. A 2012 McAfee report stated that, at that time, there were 200,000 malware programs that used valid electronic signatures. A large number of those signatures were faked or based on stolen certificates. Some of the faked signatures indicate that the signature is made by Microsoft, whereas it is actually made by a hacker. Advanced electronic signature An advanced electronic signature allows the unique identification and authentication of the signer of a document. Moreover, the advanced electronic signature enables the check of the integrity of the signed data. In most cases, asymmetric cryptographic technologies (e.g., PKI) are used for advanced electronic signatures. There is no difference between the legal value of the electronic signature and the advanced electronic signature. Both types of electronic signature can have a legal effect if they offer sufficient guarantees with respect to authenticity and integrity. According to the Directive, an advanced electronic signature should meet four requirements, namely: (1) it is uniquely linked to the signatory; (2) it is capable of identifying the signatory; (3) it is created using means that the signatory can maintain under their sole control; and (4) it is linked to the data to which it relates in such a manner that any subsequent change in the data is detectable. Pertaining to the first requirement, the uniqueness of an electronic signature depends on how unique a signature key is to an individual. Signature keys should be unique if they are generated properly. For instance, the recommended parameters for RSA (a widely used digital signature algorithm) should provide at least the equivalent security of a 128-bit symmetric key, which means that there should be 1040 possibilities for a signature key. Because this number exceeds the number of the people in the world, it is very unlikely that two individuals will be able to generate the same signature key. Concerning the second requirement, a signatory can be “identified” by verifying an electronic signature created by the signatory. Such a verification can be done, for example, by a PKI system. With regard to the third requirement, the confidence that an electronic signature could only be produced by the designated signatory requires confidence in: (1) the processes that surround the generation of signature keys; (2) the ongoing management of signature keys; and (3) the secure operation of the computing device that was used to compute the electronic signature. In relation to the fourth requirement, the only form of electronic signature that is capable of complying with this requirement is the private key of electronic signature. 2.3 Qualified electronic signature According to the Directive, the qualified electronic signature is an advanced electronic signature which is based on a qualified certificate and which is created by a secure-signature-creation device. In practice, the qualified electronic signature relates to a PKI-based electronic signature for which the signature certificate and the device used to create the signature meet certain quality requirements. The qualified electronic signature benefits from an automatic legal equivalence to a hand written signature within the territory of the European Union. If a non-qualified signature is used, it will be necessary to assess the following two factors before accepting it for the specific context in which it is used: (1) the characteristics of this electronic signature; and (2) whether it offers sufficient guarantees regarding authenticity and integrity. For the qualified signature, such an assessment is not necessary. 3. US electronic signature laws The US Electronic Signatures in Global and National Commerce Act (E-Sign Act) allows the use of electronic signatures to “satisfy any statute, regulation, or rule of law requiring that such information be provided in writing, if the consumer has affirmatively consented to such use and has not withdrawn such consent.” According to the E-Sign Act, the electronic signature means “an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” Consequently, the electronic signature as defined by the E-Sign Act may include, but is not limited to, encryption-based signatures, signatures created by electronic signing pads, and scanned signatures. The E-Sign Act does not apply to every type of documentation. Certain types of records and documents are not covered by the E-Sign Act. These documents include, without limitation, adoption paperwork, divorce decrees, court documents, documentation accompanying the transportation of hazardous materials, foreclosures, prenuptial agreements, and wills. It should be noted that 48 US States have adopted the Uniform Electronic Transactions Act (UETA) with the aim to create more uniformity in relation to electronic signatures. The UETA and the E-Sign Act overlap significantly. However, UETA is more comprehensive than the E-Sign Act. Similarly to the E-Sign Act, the UETA does not distinguish different types of electronic signatures. 4. Similarity and difference between the EU and the US laws The similarity between the e-Sign Act and the Directive is that both laws recognize the enforceability of electronic signatures. The difference between the two laws is that, whereas the Directive distinguishes three types of electronic signatures, the E-Sign Act provides a broad definition of electronic signature that encompasses signatures made through various technologies. 5. The validity of the EU electronic signatures in the US and vice versa In most cases, electronic signatures meeting the requirements of the Directive would also comply with the E-Sign act because the e-Sign Act defines the electronic signature broadly. However, electronic signatures complying with the e-Sign Act would need to meet additional requirements in order to comply with the requirements of the Directive in relation to advanced electronic signatures and qualified electronic signatures. 6. Conclusions This article has shown that the electronic signatures are legally enforceable in both the EU and the US. However, the EU and the US have adopted different legislative approaches with regard to electronic signatures. While the US provides a broad definition of electronic signature, the EU distinguishes three types of electronic signatures, namely, (1) basic electronic signature, (2) advanced electronic signature, and (3) qualified electronic signature. Each of these three types allows the authentication of electronic communications. The advanced electronic signature and the qualified electronic signature ensure greater security as to the authenticity of electronic communications than the basic electronic signature. The qualified electronic signature benefits from an automatic legal equivalence to handwritten signatures. Although the EU has a comprehensive legal framework regarding electronic signatures, the framework does not ensure the cross-border interoperability of electronic signatures throughout the entire EU. The new EU Regulation which would enter into force on 1st July 2016 would address this issue by ensuring that electronic trust services (e.g., electronic signatures, electronic seals, time stamp, electronic delivery service, and website authentication) will work across all EU countries. The EU Commissioner Neelie Kroes justified the new Regulation as follows: “People and businesses should be able to transact within a borderless Digital Single Market, that is the value of Internet. Legal certainty and trust is also essential, so a more comprehensive eSignatures and eIdentification Regulation is needed.” * The author would like to thank Rasa Juzenaite for her invaluable contribution to this article. References 1. Abelson, H., Ledeen, K., Lewis, H., ‘Blown to Bits: Your Life, Liberty, and Happiness After the Digital Explosion‘, Addison-Wesley Professional, 2012. 2. ‘Community framework for electronic signatures’, a webpage published by the European Commission, last updated on 6th of July 2011. Available at Community framework for electronic signatures . 3. Chander, H., ‘Cyber Laws and IT Protection‘, PHI Learning Pvt. Ltd., 3.04.2012. 4. De Andrade, N., ‘Electronic Identity‘, Springer, 2014. 5. Howley v. Whipple 48 N.H. 487 (1869). 6. Liard, B., Lyannaz, C., ‘Adoption of a new European legal framework applicable to cross-border electronic identification and e-signatures’, September 2014. Available at Bad Request . 7. Mason,S., ‘Electronic Signatures in Law‘, Cambridge University Press, 2012. 8. Menna, M., ‘From Jamestown to the Silicon Valley, Pioneering A Lawless Frontier: The Electronic Signatures in Global and National Commerce Act’, 6 VA. J.L. & TECH 12, 2001. 9. Miller, R., ‘Cengage Advantage Books: Fundamentals of Business Law: Excerpted cases‘, Cengage Learning, 2012. 10. Orijano, S., ‘Cryptography InfoSec Pro Guide‘, McGraw Hill Professional, 16 August 2013. 11. Savin, A., ‘EU Internet Law‘, Edward Elgar Publishing, 2013. 12. Savin, A., Trzaskowski, J., ‘Research Handbook on EU Internet Law‘, Edward Elgar Publishing, 2014. 13. Schmugar, C., ‘Signed Malware: You Can Run, But You Can’t Hide‘, 23 March, 2012. Available at https://blogs.mcafee.com/mcafee-labs/signed-malware-you-can-runbut-you-cant-hide . 14. Srivastava, A., ‘Electronic Signatures for B2B Contracts: Evidence from Australia‘, Springer India, 2014. 15. Wang, F., ‘Law of Electronic Commercial Transactions: Contemporary Issues in the EU, US and China‘, Routledge, 2014. Source
-
The law that the Obama administration cites to allow bulk telephone metadata collection expires on June 1, and the FBI has already begun lobbying to keep Section 215 of the Patriot Act from expiring. Bad guys "going dark" using encryption, the FBI says, is one of the reasons why the government needs to collect the metadata of every phone call made to and from the United States. Robert Anderson, the FBI’s chief of the Criminal, Cyber, Response, and Services Branch, told reporters during a roundtable discussion Tuesday that the Patriot Act is necessary because encrypted communications are becoming more commonplace in the wake of the Edward Snowden disclosures. "In the last two to three years, that whole ‘going dark’ thing went from a crawl to a flat-out sprint because the technology is changing so rapidly," Anderson said. Joseph Demarest, assistant director of the FBI's Cyber Division, told reporters that if Section 215 expires, "Obviously it’s going to impact what we do as an organization and certainly on cyber." The comments, especially as they relate to encryption, are part of a growing chorus of calls—from as high as President Barack Obama—that the government needs Silicon Valley's assistance for backdoors into encrypted tech products like the iPhone. Silicon Valley has (at least publicly) shunned the administration's attempts to get backdoors into their products. And while no legislation at the moment requires them to comply, the nation's spy apparatus and others are turning their attention toward not losing the bulk telephone metadata spying program that spun heads when The Guardian—armed with classified documents from Snowden—exposed it in 2013. As it turns out, the secret Foreign Intelligence Surveillance Act court that was authorizing the program was doing so under the authority of Section 215 of the Patriot Act. While many leading lawmakers are behind renewing the program, there are plenty of reasons why it should expire come June. According to the EFF: One federal judge has upheld the program while another has declared it unconstitutional. A Supreme Court showdown over the snooping isn't likely to happen any time soon. There's plenty of rhetoric on all sides of the issue, too. Sen. Marco Rubio (R-FL) said Section 215 should never expire. House Speaker John Boehner (R-Ohio) and Majority Leader Mitch McConnell (R-KY) are big fans of Section 215. Sens. Ron Wyden (D-OR) and Martin Heinrich (D-NM) said that "none of the claims appear to hold up to scrutiny" that the bulk metadata collection program prevents terrorism. When Congress publicly re-authorized Section 215 three years ago, the public didn't know that lawmakers were secretly approving the bulk telephone metadata program. And some lawmakers who had voted for re-authorization claimed that they didn't even know about the bulk collection program. At least this time, when it comes up for a vote in the coming months, lawmakers can't claim that they didn't know they were voting to allow the government to scoop up data that includes phone numbers of parties involved in calls, calling card numbers, the time and duration of the calls, and the international mobile subscriber identity number for mobile callers. The database is said to have more than 1 trillion records. Source