Author: Glyn Moody

The UK government has confirmed that it wants to bring in legislation increasing the maximum sentence for online copyright infringement to 10 years of imprisonment, despite widespread objections and doubts about its feasibility.

Baroness Neville-Rolfe, parliamentary under-secretary of state and minister for intellectual property, writes in her foreword to the document responding to the consultation held at the end of last year: "we are now proposing changes that include increasing the maximum sentence, but at the same time addressing concerns about the scope of the offence. The revised provisions will help protect rights holders, while making the boundaries of the offence clearer, so that everyone can understand how the rules should be applied."

As the UK government's summary of responses reveals, 1,032 submissions were received, of which 938 came through the Open Rights Group. Concerns raised included the fact that there was no requirement to prove that an infringer had intent to cause harm for them to be considered guilty. That meant the proposed offence had an element of "strict liability," which would result in somebody being held liable even if they had no intention of causing harm.

Exceptions in the proposed EU-US Privacy Shield framework that would allow the US to carry out mass surveillance of EU citizens are "not acceptable," the Article 29 Working Party of EU data protection authorities said today in a press conference.

The Chairman of the group, Isabelle Falque-Pierrotin, explained that the Article 29 Working Party would look with "great interest" on the forthcoming ruling by the Court of Justice of the European Union (CJEU) on whether mass surveillance of EU citizens could be legal. If the CJEU finds that the surveillance carried out by GCHQ is unlawful, it would have a big impact on the national security exceptions included in Privacy Shield.

Falque-Pierrotin said that the data protection authorities also had some concerns about the independence and effectiveness of the Privacy Shield ombudsperson who will deal with complaints from Europeans about how their data has been used by the NSA.

Leaked extracts from an imminent assessment of the EU-US Privacy Shield replacement for Safe Harbour suggests that a key group of EU data protection authorities will not support it in its present form.

It is expected that the Article 29 Working Party will say that it is "not yet in a position to confirm that the current draft adequacy decision does, indeed, ensure a level of protection [in the US] that is essentially equivalent to that in the EU." Any transatlantic data transfer scheme that does not provide an "essentially equivalent" level of protection is unlikely to withstand a legal challenge in the EU courts.

The leaked extracts, which have been seen by Ars, were found in an online PDF of the mandate for the German members of the Article 29 Working Party, which is expected to publish its official position of the Privacy Shield scheme soon. The extracts were first pointed out on the blog of the lawyer and privacy expert Dr. Carlo Piltz, who wrote: "These excerpts show that the European Data Protection Authorities are not able to okay the draft adequacy decision by the European Commission." At the time of publishing, it appears the mandate file has been deleted or removed from the Web.

Key evidence that helped convict two British men last week for terrorist offences was reportedly obtained from a locked phone using a simple but highly effective ruse.

According to CNN, which cited a source close to the investigation, undercover police officers visited Junead Khan, 25, of Luton posing as company managers and asked to check his driver and work records.

"When they disputed where he was on a particular day, he got out his iPhone and showed them the record of his work. The undercover officers asked to see his iPhone and Khan handed it over," CNN reported. At that point they apparently arrested Khan and changed the password settings on the iPhone to prevent it from becoming locked.

New details of the Paris attacks carried out last November reveal that it was the consistent use of prepaid burner phones, not encryption, that helped keep the terrorists off the radar of the intelligence services.

As an article in The New York Times reports: "the three teams in Paris were comparatively disciplined. They used only new phones that they would then discard, including several activated minutes before the attacks, or phones seized from their victims."

The article goes on to give more details of how some phones were used only very briefly in the hours leading up to the attacks. For example: "Security camera footage showed Bilal Hadfi, the youngest of the assailants, as he paced outside the stadium, talking on a cellphone. The phone was activated less than an hour before he detonated his vest." The information come from a 55-page report compiled by the French antiterrorism police for France’s Interior Ministry.

French parliamentarians have adopted an amendment to a penal reform bill that would punish companies like Apple that refuse to provide decrypted versions of messages their products have encrypted. The Guardian reports: "The controversial amendment, drafted by the rightwing opposition, stipulates that a private company which refuses to hand over encrypted data to an investigating authority would face up to five years in jail and a €350,000 (£270,000) fine."

This is only the bill's first reading, and the final fate of the amendment is uncertain. Earlier this year, the French government rejected crypto backdoors as "the wrong solution." "Given the government’s reluctance to take on the big phone companies in this way, it remains to be seen whether the thrust of the amendment can survive the lengthy parliamentary process that remains before the bill becomes law," The Guardian writes.

Amendment 90 (original in French) is just one of several proposals that sought to impose stiff penalties on companies that refused to cooperate with the authorities. As the French site Numerama notes, even harsher proposals were rejected. For example, Amendments 532 and 533 suggested imposing a fine of €1,000,000 (£770,000) on companies that refused to decrypt messages.

The European Commission has published details of its transatlantic "Privacy Shield" agreement, which is designed to ensure that personal information of citizens is protected to EU standards when it is sent to the US—even though it would appear that the NSA will continue to carry out bulk collection of data under the new pact.

The new deal replaces the earlier Safe Harbour framework, which was struck down by the Court of Justice of the European Union (CJEU) following a complaint by privacy activist Max Schrems.

An accompanying Privacy Shield FAQ released by Brussels' officials explained that there are four main elements. According to the commission, the new agreement will "contain effective supervision mechanisms to ensure that companies respect their obligations, including sanctions or exclusion if they do not comply."

German police are now permitted to infect a suspect's computers, and mobile devices with special trojan software to monitor communications made with the systems, the country's interior ministry has confirmed.

The malware can only be deployed when lives are at risk, or the state is threatened, and will require a court order to allow police officers to infect the machines of alleged criminals.

However, the government-developed malware must not be used to monitor other activities on the system, or to change data or programs. It follows a decision by Germany's Constitutional Court in 2008, which ruled that the an individual's private life should have absolute protection, and that eavesdropping must be limited to a person's communications with the outside world.

An Android-based smartphone costing about the same as a cup of coffee has been launched today in India by the local company Ringing Bells. The Freedom 251 costs 251 rupees (about £2.50 or $4), comes with a one-year guarantee, and has surprisingly decent specifications, on paper at least. The phone's price is not subsidised by a carrier contract: it really costs £2.50.

It sports a 4-inch display, a 1.3 GHz quadcore processor, and a 1450mAh battery. It comes with 1GB RAM and 8GB of internal memory, with micro SD card support up to 32GB. There's a 3.2-megapixel rear camera and a 0.3MP front camera.

The Freedom 251 runs Android 5.1, and offers a range of pre-installed apps: global ones such as WhatsApp, Facebook, and YouTube, along with others designed for the Indian market. These include Women Safety, Swachh Bharat ("a mass movement for cleanliness"), and vertical apps aimed at those in the health, farming, and fishing sectors. Sales of the Freedom 251 start in India tomorrow, Thursday February 18, at 6am local time.

Opera Software, which is best known for its browser of the same name, has urged its shareholders to accept a buyout offer from a Chinese consortium that values the Norway-based company at £820 million ($1.2 billion).

The acquisition bid comes from a number of Chinese tech firms, including Qihoo—a leading security software company—and mobile Internet provider Kunlun. Opera has been looking for what it calls "strategic opportunities" since August last year, and said that its decision to recommend the offer, led by the Golden Brick Silk Road Fund Management of China, came after "careful consideration of the various opportunities for the company and the proposals received."

Opera's board and shareholders in its management team unanimously accepted the offer. In addition, "larger shareholders representing approximately 33 percent of the Opera shares outstanding, have undertaken to accept the offer for their shares in the company." The Chinese consortium said it was offering 71 NOK (about £5.60) per share, a premium of around 50 percent compared to the recent value of shares, which makes it quite likely that the offer will be accepted by the 90 percent threshold of shareholders needed for the deal to go through.