Netizen Report: How Private is Our Email? Riseup Users Want to Know. · Global Voices
Netizen Report Team

“Hacker” by the Preiser Project via Flickr. (CC BY 2.0)
The email provider Riseup reported that it received two warrants from the US Federal Bureau of Investigation (FBI) requesting data for two users. One warrant requested the public contact address for an international DDoS extortion ring, and the other concerned an account involved in a ransomware scheme.
Riseup complied with the warrants after exhausting other legal options, explaining in a public blog post that to do otherwise would have left them in contempt of court. They also noted that both users had violated Riseup’s social contract, which all users sign. In short, they said, “We have your back so long as you are not pursuing exploitative, misogynist, racist, or bigoted agendas.”
Until this week, the warrants were under a gag order, leaving the provider legally unable to release any information about them to the public. However, in November 2016, civil rights and digital activists began to worry that the platform may have been facing a warrant, due to the sudden silence of its “warrant canary,” a signal that something had gone awry.
The warrant canary system takes its name from a once-common practice of coal miners, who would lower a caged canary into a coal mine as a rough measure of air quality. If the small yellow bird continued to chirp throughout its journey to the bottom of the mine, the workers knew it was safe enough for them to enter. If the canary stopped chirping, this indicated that the air was not safe enough to breathe.
The contemporary usage refers to a sort of digital chirping in which a company that processes communications data publishes routine notifications that all is well (“chirp! No warrants today!”). When Riseup stopped issuing these routine notifications in mid-November 2016, and posted a tweet quoting a song by the recently-deceased songwriter Leonard Cohen that urges us to “listen to the hummingbird,” users began to worry. Because Riseup serves so many human rights advocates around the world, the tweet triggered a great deal of concern that the company’s servers may have been seized or otherwise compromised.
Riseup has now implemented encryption on their servers so that only users themselves — not the company — can see the content of their messages when they are on Riseup servers. However, any message sent between a Riseup account and a different service can still be intercepted while in transit. Riseup plans to introduce a more secure, end-to-end encryption option later in 2017.
A group of rights advocates and economists concerned about the ongoing Internet shutdown in English-speaking regions of Cameroon say that the shutdown has cost the country at least USD $139 million. In a letter to CEOs of MTN, NexTel and Orange — all telcos that have carried out orders to shut down Internet access in the area — advocacy group Access Now called on telcos to restore access, citing businesses’ responsibilities to uphold human rights and “mitigate or remedy harms they cause or contribute to.”
New research shows that Iranian activists and human rights defenders who use Apple devices may not be as secure as previously thought. In the past, Windows and Android users were the most susceptible to government-linked hacking attacks due to their way their devices are built. New evidence from independent researchers suggests that malware targeting Apple devices is increasingly common.
A whale-themed game on the Russian social media platform VKontakte, which encourages self-harm and suicide, appears to have inspired officials in Kazakhstan and Kyrgyzstan to further scrutinize and restrict online content. In response to rumors that teens playing the game are led to self-harm, a court in Almaty, Kazakhstan banned the circulation of the game, while officials in Kyrgyzstan raided schools and checked students’ mobile phones for connections to the game. Despite widespread media reports, it remains under dispute whether the game is in fact linked to increased rates of self-harm by teens.
Tunisia’s data protection laws do not meet international standards despite the country’s 2014 adoption of a constitution that grants all citizens the right to privacy, writes Global Voices’ Dhouha Ben Youssef. In fact, the country’s privacy laws have not been updated since well before the 2011 ousting of Zine El Abidine Ben Ali.
Facebook rolled out a discrete new feature that discloses to users which advertisers have access to their contact information. This information can be found under Settings, if you select “Download a copy of your Facebook data.” This may be intended as a measure of compliance with European data protection laws, which now have been cited several lawsuits by European Facebook users. Users have reported seeing as many as 250 advertisers listed who have access to their contact information.
US civil liberties organizations authored a joint letter urging high-ranking UN officials to investigate reports that US border officials are demanding that visitors give them access to their electronic devices, including the passwords to their online accounts, before being authorized to enter the country. The letter asserts that the practice violates US obligations under human rights treaties. “It is a violation of human rights to obtain at the order or elsewhere, by force or coercion, suspicionless access to a person’s digital life,” the letter argues. The ACLU, the Council on American-Islamic Relations and the National Iranian American Council are among the signatories to the letter.
Ellery Roberts Biddle, Leila Nachawati and Sarah Myers West contributed to this report.