• United States



Judge cites use of secure email Riseup as a potential terrorist indicator

Jan 11, 20155 mins
Data and Information SecurityMicrosoftPrivacy

Although it’s a ridiculous notion that protecting online privacy by using secure email implies criminal activities, a judge in Spain cited the use of secure email as a reason to partially justify arrests under a new anti-terrorism law.

Is it possible that using secure email services can be construed as an indicator of being a terrorist? Although it’s a ridiculous notion that using secure email implies criminal activities, a judge cited that reason to partially justify arrests in Spain.

In December, as part of “an anti-terrorist initiative” Operation Pandora, over 400 cops raided 14 houses and social centers in Spain. They seized computers, books, and leaflets and arrested 11 people. Four were released under surveillance, but seven were “accused of undefined terrorism” and held in a Madrid prison. This led to “tens of thousands” participating in protests. As terrorism is alleged “without specifying concrete criminal acts,” the attorney for those seven “anarchists” denounced the lack of transparency.

The case grabbed my attention thanks to this EFF tweet. It is unacceptable for privacy and security measures to get people flagged as potential terrorists.

The EFF points toward a quote from a Riseup blog post titled “Security is not a crime.” Reasons given by the judge to hold seven people in jail “include the possession of certain books, ‘the production of publications and forms of communication’, and the fact that the defendants ‘used emails with extreme security measures, such as the RISE UP server’.

“We reject this Kafka-esque criminalization of social movements, and the ludicrous and extremely alarming implication that protecting one’s internet privacy is tantamount to terrorism,” wrote Riseup.

In case you don’t know, Riseup provides secure email services and online communication tools popular among activists and people opposed to “full pipe monitoring” in the U.S. “Riseup like any other email provider, has an obligation to protect the privacy of its users,” the blog post states.

Many of the “extreme security measures” used by Riseup are common best practices for online security and are also used by providers such as hotmail, GMail or Facebook. However, unlike these providers, Riseup is not willing to allow illegal backdoors or sell our users’ data to third parties.

In the same way that visiting the Tor Project’s (The Onion Router) website, viewing the TAILs (The Amnesic Incognito Live System) website or documentation, or even surfing to the Linux Journal can mean the NSA has “fingerprinted” your IP to track and watch you, it’s an exceedingly dangerous precedent to cite the use of secure email as a potential indicator of involvement in terrorist activities.

But using secure email is not the only reason the judge mentioned for holding the seven in a Spanish prison. Just as possession of the FBI-hated (pdf) Anarchist Cookbook (pdf) has been cited in terrorism cases, reading the book Against Democracy (Contra la democràcia [pdf]) was also cited as partial justification for the arrests.

As explained on Rabble:

According to the prosecutor, the evidence against them includes finding numerous copies of a book called “Against Democracy”, written by the “Grupos Anarquistas Coordinados” (“Coordinated Anarchist Groups”, GAC), in the raided buildings. The GAC is an anarchist organization, active since 2012, which the Spanish state is trying to paint as a “terrorist” network. 

325 provides more about Against Democracy, while anarchist news reprinted a Spanish flyer that states:

The coordination between the police force and the media during Operation Pandora was immediately apparent. Together, they created panic and justified the repressive operation in terms of “criminal groups”, “terrorists” and “violent ones”. These police raids happened one day after the enactment of the “Ley Mordaza”, a very restrictive law that criminalizes disobedience and protest.

There may be other reasons and possibly other evidence instead of unproven accusations, such as destroying ATMs with homemade bombs during 2012 and 2013, but Judge Javier Gómez Bermúdez cited a book and the use of secure email as “evidence” to apply the anti-terrorism law. The judge, according to Directa, said he is not investigating the possible attacks, but is investigating the organization based on possible danger it might pose in the future. Put another way, “not judging what one has done but what you could do in the future.”

This is not the first time Riseup services have been targeted by law enforcement; in 2012, the FBI seized a Riseup server in a facility it shared with May First/People Link. The EFF got involved because the FBI’s investigation led them to an anonymous remailer program called MixMaster, which “should have been the end of the story.” Eventually, the seized server was returned.

Regarding Riseup email services being cited in the Spanish terrorism case, as if protecting online privacy is a crime, Riseup wrote:

The European Parliament’s report on the US NSA surveillance program states that “privacy is not a luxury right, but the foundation stone of a free and democratic society.” Recent revelations about the extent to which States violate everyone’s right to privacy show that everything that can be spied upon will be spied upon. Furthermore, we know that criminalizing people for using privacy tools also has a chilling effect on everybody, and human-rights defenders, journalists, and activists, in particular. Giving up your basic right to privacy for fear of being flagged as a terrorist is unacceptable.

More will surely come out about the case, but it’s not looking good right now as it seems to ridiculously indicate that maintaining online security and privacy is a bad criminal-like thing.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.