W7y8w3

MexicoThe FinFisher caseScreenshot from BLOM Bank current online banking portal (https://eblom.blombank.com)stories that are similar to the Lebanese one. Many ofthese we have learned from the Snowden revelations.Those revelations changed the conversation onprivacy and surveillance from a government-citizendebate into an international debate between states.“Spying”, which traditionally was a “targeted” operationon specific political actors in foreign states,turned into mass surveillance and catch-all, detailedmonitoring and wiretapping of terabytes ofdata per second.This mass surveillance is enabled by technologyand can exist only because of it. Huge amounts ofdata on our social interactions and economic transactionssimply exist “online”. Technology, with itsalgorithms, cheap storage and processing cycles isable to store and “make sense” of data that is almosthumanly “un-crunchable”. This data needs tobe captured only once – it can be copied and cannever really be “returned”.However, technology comes with costs, rangingfrom research and development to the day-to-dayoperating costs of large systems. This only addsinsult to injury by increasing the digital divide betweenpoor and rich and enabling rich countries tohave the “advantage” of big data over many othernations.Privacy protection measures also come at a highcost for governments and the private sector. Theyalso come with a hit on user-friendly interfaces andinteractions. Security and usability have alwaysbeen at odds.The digital divide is already raising concerns andplays a major role in surveillance, since most of theservices and infrastructure like internet exchange datacentres are hosted in “rich” countries or owned bycompanies who follow the legal jurisdictions of thosecountries. This gives those countries easier access tolarge amounts of data being routed through their territoriesor legal reason to demand disclosure of datafrom companies who have to comply with their laws,not the laws its clients are subject to.The best option that countries have to upholdtheir contract with their citizens and protect privacyis to try to keep as much of the data as possiblewithin their own territories – for example, Germanyand France are leading efforts to secure EU traffic bykeeping it within borders. German Chancellor AngelaMerkel has called for creating a “European communicationsnetwork” – something that poses a newrisk of “fragmenting” the internet. In response tothat call, US President Barack Obama announcedthe extension of US citizen privacy protections to EUcitizens. 13This announcement shows how much powerdynamics and politics are at play in internationalsurveillance and how different people using the“open internet” – our biggest common shared resource– are not treated equally, while equality isparaded as an international human right that everyonemust uphold.Action stepsThere is no direct action point with immediate outcomethat can be taken to tackle extraterritorialsurveillance. But here are some of the ideas that canbe helpful:• The internet is a global, open and shared resourcethat everyone helped build and everybody uses.The benefits of accessing the internet have beendemonstrated in many studies. Data is what weshare on the internet – without data and metadata,the internet is an expensive set of cables.We should lobby to include privacy of data on theinternet as a global human right, and offer easyand solid safeguards for all countries to abide by,with clear punishments for those who refuse to.• Inform local policy makers of different researchbeing done, especially of the International Principleson the Application of Human Rights toCommunications Surveillance. 14• Localise and strengthen the ability of activiststo debate these issues in each country.• Have media discussions with the general public,especially inside the US or countries more likelyto conduct surveillance.• Increase awareness and the technical abilitiesto counter surveillance.13 MacAskill, E. (2014, June 25). US to extend privacy protection rightsto EU citizens. The Guardian. www.theguardian.com/world/2014/jun/25/us-privacy-protection-rights-europe14 https://en.necessaryandproportionate.org/textSonTusDatosCédric Laurant and Monserrat Laguna Osoriosontusdatos.orgIntroductionThe right to privacy is protected by the MexicanConstitution, which establishes that the privacyof one’s person, family, residence, documents orpossessions cannot be violated. In addition, theconstitution recognises the human rights establishedin it, and those included in internationaltreaties that Mexico has signed. However, it was notuntil 2007 that Mexico started to regulate the areaof data protection: the constitution was amendedin order to guarantee the right to data protectionand established that any interference in communicationsmust be approved by a judge. In July 2010,Congress enacted the Federal Law on Protection ofPersonal Data Held by Private Parties (LFPDPPP).The scope of this law only applies to individualsand companies, not government and other publicentities.Policy and political backgroundThe Federal Institute of Access to Information andData Protection (IFAI) is the autonomous institutionmandated to safeguard individual rights todata protection. In the beginning, IFAI only existedto guarantee the right of citizens to access governmentpublic information. However, since 2010 itsmandate has been extended in order to guaranteethe right to the protection of personal data.In March 2013, Privacy International’s report,The Right to Privacy in Mexico, Stakeholder ReportUniversal Periodic Review 17 th Session, 1 pointed toconcerns over surveillance practices. It highlightedthat between 2011 and 2012, the Department of Defencebought USD 350 million worth of surveillancesoftware to be used by the Mexican Army. Of concernhere is the lack of transparency on the purchase anduse of this software. Recent news also revealed that1 Privacy International. (2013). The Right to Privacy in Mexico,Stakeholder Report Universal Periodic Review 17 th Session.London: Privacy International. https://www.privacyinternational.org/sites/privacyinternational.org/files/file-downloads/mexico_stakeholder_report_-_privacy_international.pdffederal agencies had purchased software that mightplace individuals’ right to privacy at risk.Today there is doubt about whether Mexico hasadequate laws and institutions to deal with any violationof their citizens’ rights in terms of privacy anddata protection, considering that the responsibleparty might be its own government.FinFisher in MexicoIn March 2013, the Citizen Lab, 2 an interdisciplinaryresearch centre at the University of Toronto, publishedan investigation about a spyware programmecalled FinFisher, marketed by the company GammaInternational.FinFisher is malicious software that requiresthe user to download fake updates from apparentlyreliable sources such as Adobe Flash, iTunesand BlackBerry. Once it is installed on a computersystem, a third party can remotely control the user’scomputer and access it as soon as the deviceis connected to the internet. As soon as the devicebecomes infected by FinFisher, the hacker whoused it is able to see the user’s emails and socialmessaging conversations, take screenshots, obtainpasswords, and switch on microphones andcameras. FinFisher cannot be easily detected by anantivirus or antispyware.The Citizen Lab detected 25 countries with serversthat host the programme. 3 In Mexico, an infectedserver was detected at the provider UNINET S.A. deC.V, while another was detected at IUSACELL S.A. deC.V., but in Malaysia where the company has someof its servers. 4Previously, reports had revealed that activistsand members of political opposition aroundthe world had their phones and computers tappedbecause they had been infected by FinFisher. Forexample, in February 2013, the European Centre for2 The Citizen Lab’s areas of investigation include human rightsviolations in the digital environment, censorship and surveillance.https://citizenlab.org3 Marquis-Boire, M., Marczak, B., Guarnieri, C., & Scott-Railton,J. (2013). You Only Click Twice: FinFisher’s Global Proliferation.Canada: The Citizen Lab. https://citizenlab.org/wp-content/uploads/2013/07/15-2013-youonlyclicktwice.pdf4 Sánchez, J. (2013, July 17). Fijan plazo a UniNet y Iusacell parainformar sobre FinFisher. El Universal. eleconomista.com.mx/tecnociencia/2013/07/17/fijan-plazo-uninet-iusacell-informarsobre-finfisher168 / Global Information Society Watchmexico / 169