torsdag, februari 28, 2013

NSA använder sannolikhetsvärden för att rikta signalspaning

Det här verkar vara en intressant bok om NSA. I recensionen står det: "If the NSA wants to collect information on a specific target, it needs one additional piece of evidence besides its own "link-analysis" protocols, a computerized analysis that assigns probability scores to each potential target". Det här med 1) link-analys (trafikanalays), 2) sannoliketsvärden och 3) automatisering i signalspaning har jag försökt uppmärksammat tidigare, se sid. 530-531 denna artikel.

Ett centralt verktyg för att kunna identifiera vilken kommunikation som är relevant för innehållsbearbetning är trafikbearbetning. Förarbetena uttrycker det på följande sätt.

Trafikbearbetningen syftar till att bringa ordning i det skenbara kaos som det inhämtade materialet erbjuder. Härigenom kan man konstatera vem som kommunicerar med vem och varför. De uppfångade radiosignalerna identifieras och trafikmönster fastställs.

Med andra ord, FRA bearbetar trafiken och fastställer vilka trafikmönster som är intressanta. Trafikbearbetningen sker i efterhand genom analys av mönster i trafikdata, dvs. man fastställer vem som kommunicerar med vem. Detta ger myndigheten förmågan att avgöra till eller från vilka telefonadresser och IP-adresser som kommunikationen behöver granskas närmare. Kryptering av innehållet i ett meddelande erbjuder inget skydd mot trafikbearbetning, eftersom det endast förutsätter tillgång till trafikdata. Trafikbearbetning benämns ibland även som trafikanalys.
Förarbetena förklarar inte hur FRA genom trafikbearbetning kan identifiera ”varför” viss kommunikation äger rum. Följande resonemang kan erbjuda en tänkbar förklaring. Om FRA först identifierar vem som kommunicerar med vem och med vilken frekvens (intensitet) denna kommunikation äger rum kan myndigheten även dra andra slutsatser. FRA kan avgöra om dessa personer tillhör en fast grupp eller ett lösare nätverk, vem som är ledare för denna grupp samt om deras kommunikation kan kopplas till aktivitet som är känd genom andra informationskällor. I en amerikansk studie beskriver National Research Council hur brottsbekämpande myndigheter använder metoder (Data Mining) för att identifiera mönster som i regel är kopplad till terrorverksamhet. Liknande metoder för trafikanalys kan i militära sammanhang ge indikationer på att ytterligare förband förts in i ett område, eller att förband försvunnit därifrån. På sådant sätt kan myndigheter som FRA göra mer eller mindre säkra slutsatser om varför en viss kommunikation äger rum. Det finns en viss grad av osäkerhet i slutsatser som endast grundas på trafikbearbetning varför de ska hanteras med försiktighet. 
Samt sid. 102-103 i denna artikel.
Public authorities as well as private parties hold transactional records, for example 1) applications for passports, visas, work permits and drivers’ licenses; 2) credit and debit card transactions; 3) automated teller machine (ATM) withdrawals; 4) airline and rental car reservations; 5) in the context of this article: Internet access, records of phone calls and e-mail messages. The fact that all of the data in question are in digital form means that increasingly powerful tools - such as automated data mining - can be used to analyze it. ...  
In a report from the U.S. National Research Council the following definitions on two different data mining techniques are provided. Subject-based data mining uses an initiating individual or other datum that is considered, based on other information, to be of high interest, and the goal is to determine what other persons or financial transactions or movements, etc., are related to that initiating datum. This data mining technique simply expands and automates what a police detective or intelligence analyst would carry out with sufficient time. Patternbased data mining looks for patterns (including anomalous data patterns) that might be associated with terrorist activity —these patterns might be regarded as small signals in a large ocean of noise. In its report, the National Research Council Such presents the conclusion that automated terrorist identification is not technically feasible because the notion of an anomalous pattern - in the absence of some well-defined ideas of what might constitute a threatening pattern - is likely to be associated with many more benign activities than terrorist activities. It is argued that the utility of pattern-based data mining is found primarily if not exclusively in its role in helping humans to prioritize attention and deploy scarce investigative resources.
Källhänvisningar finns i de länkade artiklarna.

onsdag, februari 27, 2013

Evidence in International Criminal Trials: Confronting Legal Gaps and the Reconstruction of Disputed Events

Martinus Nijhoff has now published my book Evidence in International Criminal Trials: Confronting Legal Gaps and the Reconstruction of Disputed Events.

You can order it here in an hardback version. It is also published as an e-book which makes it free of cost for you if accessed through an institution that has a Brill subscription, most university libraries have such access.

Here is the abstract:

In Evidence in International Criminal Trials Mark Klamberg compares procedural activities relevant for international criminal tribunals and the International Criminal Court, including evaluation, collection, disclosure, admissibility and presentation of evidence. The author analyses what objectives are recognized in relation to the aforementioned procedural activities and whether it is possible to establish a priority between them. The concept of “robustness” is introduced to discuss the quantity of evidence in addition to concepts that deal with quality. Finally, the exclusion of every reasonable hypothesis of innocence method is examined as one of several analytical steps that may contribute to the systematic evaluation of evidence. The book seeks to provide guidance on how to confront legal as well as factual issues

lördag, februari 16, 2013

Samhällsvetenskaplig metod - tvärvetenskapligt inslag eller grund för rättsvetenskapen?

Till min vänner inom akademin: ska man se samhällsvetenskaplig metod som ett tvärvetenskapligt inslag eller grund för rättsvetenskapen? Mitt intryck är att vi rättsvetare har en tendens att klassificera samhällsvetenskapliga metoder som tvärvetenskap när det i många fall handlar om att rättsvetenskap istället borde ses som en gren av samhällsvetenskap där vissa metoder är gemensamma. Vad tycker ni?

Fick denna tanke efter att ha läst Rapley (kapitel 15 i Silverman "Qualitative Research")

tisdag, februari 05, 2013

Intervju i P1-morgon om tortyr

Igår medverkade jag i P1-morgon om varför brottsrubriceringen "tortyr" saknas i svensk lag. Du kan lyssna här. Frågan är intressant eftersom justitiedepartement under lång tid utrett ett förslag till lag om internationella brott, det är oklart när ett sådant förslag kommer presenteras och hur frågan om tortyr som självständigt brott kommer att hanteras. Jag kommenterade samma sak för ett år sedan i DN.

fredag, februari 01, 2013

Svenskt cyberförsvar

Jag har brevledes för någon månad sedan blivit tillfrågad om skillnaden/likheten mellan FRAs signalspaning och förslag om ett svenskt cyberförsvar, särskilt om "tekniskt detekterings- och varningssystem för att bemöta avancerade IT-angrepp". När nu en dansk journalist ringde om en dansk lag som verka röra samma sak kände jag att det var dags att skriva ett kort blogginlägg.

Jag har ännu inte sett något lagförslag men viss information finns på FRAs hemsida.

FRA definierar cyberförsvar som "användning av den nationella förmågan att skydda Sverige och svenska intressen mot IT-angrepp från de mest resursstarka aktörerna".

När det talas om "detekterings- och varningssystem" så uppstår frågan var sensorerna ska vara placerade, är det hos teleoperatörerna eller i anslutning till en myndighets förbindelse till internet? Det förstnämnda vore väldigt snarlikt signalspaning. Det förefaller uifrånm FRAs uppgifter mer handlar om det sistnämnda. Föjande står i en rapport från 2 april 2012 (sid. 14).

Sensorn bör placeras mellan Internet och den verksamhet som ska skyddas vilket innebär att den bör placeras utanför verksamhetens egen skyddsbarriär (till exempel brandvägg). Placeringen av sensorn är viktig för att

- kunna ge en oförvanskad trafikbild
- kunna upptäcka IT-angrepp som sker samordnat mot flera organisationer
- kunna urskilja angreppstrender
- undvika att sensorn får tillgång till organisationens interna trafik.

Då det gäller anslutningen av en sensor till ett nätverk kan det göras på flera olika sätt. Antingen kan placeringen göras så att all trafik passerar rakt igenom sensorn eller så används en nätverksprodukt, en så kallad trafikkopierare, som kopierar trafiken till sensorn. Det tillvägagångssätt som rekommenderas är det sistnämnda. Överföringen från trafikkopieraren bör vara enkelriktad, vilket innebär att sensorn blir helt passiv och ingen påverkan kan göras på trafikflödet och dess innehåll. En passiv lösning innebär även ett extra säkerhetsskydd för sensorn, vilket är en fördel då denna kategori av system ofta är utsatta för angrepp.
Personligen anser jag det som mindre probelmatiskt med sensorer som är i anslutning till en myndighets förbindelse till internet än att staten får direkttillgång till en teleoperatörs kabel.

Här är den danska lagen som verkar röra samma sak.

Kan ICC pröva åtal för krigsförbrytelser begångna av Malis armé?

För två veckor sedan fick mina studenter i kursen internationell straffrätt skriva tenta. Frågorna rörde Mali, bl.a. huruvida brott begångna av Malis regeringsarmé kan prövas av Internationella Brottmåsdomstolen (ICC). Idag skriver Svenska Dagbladet att "Malis armé anklagas för krigsbrott", en fråga som berördes i tentan. Därför tänkte jag att det kunde vara intressant om jag la upp tentafrågorna och mina typsvar.

Question 1

In April 2012, rebel groups, some with links to al-Qaeda, took control of the large areas of the north of Mali. Mali is a state party to the ICC. On 18 July 2012, the Government of Mali referred the situation in Mali since January 2012 to the ICC. The Government of Mali requested the ICC to investigate alleged crimes perpetrated by the rebels. The situation in Mali has been assigned to Pre-Trial Chamber II.

One of the accusations of the Government of Mali is that the rebels are involved in widespread recruitment of young people, including children under the age of 15, on an enforced basis. Assume that the Prosecutor at the ICC starts an investigation against the leader of the rebel group that is involved in these activities. The Prosecutor claims that the leader has: 1) been informed, on a substantive and continuous basis, of all key aspects of the operations of the rebel group and 2) been involved in all key policy decisions of the group, including military strategy, organization, recruitment and financing. 1a) How would you as a Prosecutor formulate the charges in order to hold the rebel leader responsible, both in terms of the crime prosecuted and the mode of liability? (7,5 p)

Answer: It is the war of conscripting children. It is a non-international armed conflict which makes Rome Statute, article 8(2)(e)(vii) applicable, 5 p

Mode of liability: commission of the crime, article 25(3)(a) of the Rome Statute, 2,5 p

Answers that have only discussed superior/command responsibility has given some, but not full, points. Some of the witnesses are very young and the Prosecution wants to prepare them in substance before giving evidence (witness proofing). The Prosecution also wants to familiarize the witnesses with courtroom procedures (witness familiarization). The defence objects to these practices.

1b) How would you as a judge rule on the issues of witness proofing and witness familiarization? (7,5 p)

Answer: Provide explanation what witness proofing and witness familarization is: 2,5 p Reference to case law, Limaj (ICTY), Karemara (ICTR), Lubanga (ICC), 2,5 p,

Arguments where you explain your position, 2,5 p please note that a decision from a pre-trial chamber (Lubanga) is not binding on other chambers, article 21(2). It is not enough with just a reference to the Lubanga case, you have to explain your view.

See page 462 in the textbook

Question 2

On 20 December 2012 the UN Security Council decided to authorize the deployment of an African-led International Support Mission in Mali (AFISMA) which shall take all necessary measures, among other tasks, to support the Malian authorities in recovering the areas in the north of its territory under the control of terrorist, extremist and armed groups and in reducing the threat posed by terrorist organizations.

In January 2013 France deployed troops in the capital of Mali to provide security and French fighter jets have attacked rebels in the north of Mali.

Question 2a). Assume that a bomb from a French fighter jet hits a village townhouse resulting in a lot of civilian casualties. The French air force claims that an important rebel leader was at the site. At this point of time it is unclear how much information the French military was in possession of and what precautionary measures were taken. Assume that there are also allegations that Government forces have committed international crimes. As indicated above the Government of Mali requested the ICC to investigate alleged crimes perpetrated by the rebels. Does the ICC have jurisdiction over French and Government forces? Is it possible for the Government of Mali to limit the jurisdiction to the rebels? How would you rule on this issue as a judge? (7,5 p)

Answer: Explain the basis for jurisdiction: French soldiers/leaders are under the jurisdiction of the ICC on two possible grounds: ii) territory, article 12(2)(a), (crimes committed in Mali’s territory and Mali is a state party) ii) nationality, article 12(2)(b) (French citizens and France is a state party), 5 p

A possible answer on the second part of the question: There is no basis for Mali’s limitation to rebel forces in the Rome Statute. Otherwise the ICC could be used as a tool against the opponents of a Government. The ICC can exercise jurisdiction over potential crimes committed by Government forces and French forces. The self-referral of Mali activates the Court in relation to the situation in Mali but Mali does not have any control beyond that in relation to specific case selection. 2,5 p

Question 2b). Assume that the French authorities investigate the incident and decides not to initiate a trial against the fighter pilot and his superiors. No reasons for the closure of the investigations are given to the media or the public. Is the case admissible at the ICC? (7,5 p)

Answer: Explain the complementarity principle, reference to article 17 of the Rome Statute, discuss willingness, ability and genuiness in the investigation and purpose of the French investigation (is it shielding?), article 17, 5 p

Argue and motivate whether this specific case is admissible, noting that no reasons for the closure of the investigations are given to the media or the public, 2,5 p

A Paradigm Shift in Swedish Electronic Surveillance Law

The book "Digital Democracy and the Impact of Technology on Governance and Politics: New Globalized Practices" has been published with my article "A Paradigm Shift in Swedish Electronic Surveillance Law", available in hardcopy as well as ondemand pdf download. Here is the abstract.

Electronic surveillance law is subject to a paradigm shift where traditional principles are reconsidered and the notion of privacy has to be reconstructed. This paradigm shift is the result of four major changes in our society with regard to: technology, perceptions of threats, interpretation of human rights and ownership over telecommunications. The above-mentioned changes have created a need to reform both the tools of electronic surveillance and domestic legislation. Surveillance that was previously kept secret with reference to National Security is now subject to public debate, including Communications Intelligence (COMINT), a sub-category of Signals Intelligence (SIGINT). This chapter covers systems of “mass surveillance,” such as data retention and COMINT, and whether these are consistent with the European Convention on Human Rights. The chapter comes to two conclusions in relation to COMINT. First, the perceived threats have changed, shifting the focus of COMINT from military threats towards non-state actors such as terrorists and criminal networks. Second, COMINT involves relatively narrow interception of the content of messages compared to its large-scale collection and storage of traffic data, which through further processing may reveal who is communicating with whom.
The present text is an updated version of my contribution  "FRA and the European Convention on Human Rights - A Paradigm Shift in Swedish Electronic Surveillance Law" published 2010 by the publisher Fagoforlaget, Bergen. The reason why I updated the original article is twofolded: 1) The publisher Fogforlaget did not print one table as it was submitted by my and 2) the original article was written 2008. During 2009 the legislation was amended (effective 1 December 2009) and thus there was a need to provide an updated assesment of the 2009 changes.

I submitted the present contribution in September 2011 and it has not been published until now (1 February 2013). Since then some provisions of the legislation has been amended. This is not a major problem because in the article I indicated that the changes were forthcoming. For example on pages 188 and 198 I write the following.
Thus, at the present time only the Government, the Government office, and the Defence Forces have the authority to request the FRA to conduct electronic surveillance. … The Government has commissioned a second inquiry to consider signals intelligence for law enforcement purposes. The inquiry has at the present date not yet presented a formal proposal, but it appears as only the Secret Service (SÄPO) and no other law enforcement agency will have the power to issue requests for signals intelligence operations
The Government has since I submitted the article presented a proposal which been adopted as a law adopted effective 1 January 2013. The law now grants SÄPO and the regular police the power to issue requests for signals intelligence operations. Based on the position of the Government and the main opposition party (the Socialdemocrats) I believe that the legislation is stable as it is and no substantial changes are to be expected in the foreseeable future.

For those of you interested in a comparison with the US, please read my article "The Chilling Effect of Counter-Terrorism Measures: A Comparative Analysis of Electronic Surveillance Laws in Europe and the USA" published in the essay collection "Freedom of Expression - Essays in honour of Nicolas Bratza, President of the European Court of Human Rights".