UK Home Sec stumbles while trying to justify blanket cyber-snooping UK Home Secretary Theresa May was grilled on Wednesday during the last evidence session held by the Parliamentary committee scrutinizing fresh powers proposed for GCHQ. Crucially, she was unable to explain to the panel exactly why Blighty's intelligence services need the ability to intercept and retain millions of innocent …
'Greater transparency' on the reasons for surveillance?
To paraphrase Pratchett, when reasoning is said to be 'transparent' it normally means you can see right through it or not see it at all...
For that matter why refuse access to information like the Sheinwald report on data sharing if they truly want to be more open, instead of relying on a summary that amounts to the government's own interpretation of the report?
It's difficult to take them seriously when on one hand they tell us they want to be more transparent when we can easily see them busily trying to hide information from us.
On the subject of government and transparency...
http://blog.dilbert.com/post/103051182896/the-transparency-party
Somehow I can imagine the following strip happening in a meeting somewhere in the Home Office. I wonder what Theresa May's 'biggest obstacle to success' happens to be?
http://dilbert.com/strip/1995-10-22
This is also APT and ACTive here, and quite impossible to transparently deny is evidently true too ....... http://dilbert.com/strip/1995-10-30
"Last I heard, written evidence submitted to Parliamentary committees all gets published."
And last I heard, Adrian Kennard of AAISP who has submitted evidence on this bill to this committee was told he could not publish his submitted evidence, its publication form and date would be determined by The Authorities.
Take your pick.
I'm afraid I can't quickly find the reference right now but it's likely buried somewhere on Mr Kennard's bog at www.revk.me.uk, probably tagged with SNOOPING or similar. Worth a read anyway even if I've misremembered this.
@Anonymous Coward: you mean this post here - the one with the link to his submission?
Yeah, horrific censorship there.
Thanks for looking, and indeed that seems to be *one of* his submissions. There are others, and I'm still somewhat convinced that since Dec 9th when your link was posted he has been told that he is not at liberty to publish his evidence (and no I can't see how it makes sense, but hey I don't make the rules).
Further research most welcome. I'll have another dig myself eventually but not for a couple of days.
And May was also challenged on cost - Vodafone, EE, O2 and 3 have testified to costs of £240M each. Even if they're not just stitching the govt up this could be £1-2B once all the operators are in there with recurring costs on top.
That buys an awful lot of investigation specific intelligence work.
"once all the operators are in there"
As far as I can tell, anyone providing communication services is covered. As I provide email accounts to my customers, that presuambly means me too. And all the other micro-business web services companies like me. And every WiFi-providing organisation in the country, not only coffee shops and internet cafes.
From what I could see of watching her evidence, the Home Seretary could not rule out that anyone providing a WiFi connection to anyone else would be caught by this new legislation. So pretty-much everyone is going to have to do some logging of Internet Connection Records, even though we don't yet know what those might be.
David Anderson QC is NOT the person to believe.
Professor Ross Anderson (Cambridge University) is your man. He's been at it for decades and at the 'what matters to ordinary people (being shafted by banks)(being shafted by security by obscurity)(being shafted by security-bollocks)' level and slogging for Britain for 'we know what you're up to'.
"Anyone know if the MPAA, RIAA or similar organizations donated to her political campaign?"
Reasonable question.
Donations of that nature are supposed to be regulated and recorded by The Electoral Commission, which has a website which allows you to search their records.
I don't know what the rules are re foreign donations; it has been claimed hereabouts that MPAA and RIAA couldn't legally donate as they are foreign.
The Electoral Commission website does record a £1500 donation from the BPI (record industry association) to Nick Herbert MP in 2009
http://search.electoralcommission.org.uk/?currentPage=1&rows=10&query=bpi&sort=AcceptedDate&order=desc&tab=1&et=pp&et=ppm&et=tp&et=perpar&et=rd&prePoll=false&postPoll=true
I couldn't quickly think of any other interesting names to search for besides BPI. Try it for yourself?
Obviously there are potentially a great many ways of disguising donations so that the Electoral Commission doesn't immediately see them. But our nice corporates etc wouldn't do that kind of thing would they; even if it was legal it would be inappropriate and quite possibly unjust and immoral. Right?
Check out her response to encryption at 17:09. It was pointed out that when companies use end to end encryption they would be 'unable to help' the government when served with a warrant to provide legible data. When asked what practical steps a company would be expected to take in order to fulfil the warrant she did not address the question, and simply reiterated that companies would be expected to comply with the warrant. Ridiculous.
No large company (see for example HSBC - money laundering, enabling tax evaders - the unlawful one - to avoid prosecution, and other things) gets a thorough tax investigation in the UK. The head of HMRC has 'no embarrassing tax investigations for the current governments favourite donors' clause in his/her (currently) job description.
Yeah that was another one that threw me, they cannot have both of these states. Quick transcript I pulled from that point.
May: When a warrant is lawfully served on them there is an expectation that they will be able to take reasonable steps to ensure that they can comply with that warrant ie that they can provide the information that is being requested in that lawful warrant in a form that is legible for the authorities.
Dr ? : So your not looking to them to provide a back door for the agencies or a key as it were?
May: No, there is no suggestion. Were not saying to them that government wants keys to their encryption. No Absolutely not.
Chair: ...So whatever information the warrant demands is then readable by those who need to read it, that the encryption facilities of the company are safeguarded.
May: The government doesn't need to know what the in encryption is, doesn't need to know the keys to the encryption. But if there is a lawful warrant requesting certain information ... it is about that information being readable.
That cannot work. IF companies provide a service that enables end-to-end encryption they cannot break this without having a back-door as the actual keys would be created at the client on each end, hence end-to-end, not end-to-eve-to-end. So restating again the only way a company would then be able to comply with a warrant of this nature and provide it to them in a readable format is if the company has a back-door. Which makes it just as good as handing the keys/back-door over to the government.
She can't justify it because to justify it would be to expose its true planned use.
Handy Tin Foil Hat scale, 1 being already wearing one to 10 considering purchasing tin foil mostly for cooking purposes.
1. Mass population control and obedience.
to
10. Councils fining you for putting bins out early because you happened to book a flight the day before your bins were due to be put out.
Alternatively they have this information already but to use in the way they want to they first have to legitimise it.
> She can't justify it because to justify it would be to expose its true planned use.
Maybe I am not using my imagination but I can't quite figure out what use the bulk collection is at all. The spies are hinting that collecting everything means that they can't find anything as they must wade through a sea of junk. It seems basically impractical to use this data for anything as there is so much of it and so much of it is irrelevant (and so much of it is missed due to encryption or extra-territoriality).
The only thing I can think of is that there is a small set of specialist vendors who want to sell the collection kit and there is a small set of civil servants who want a place on the boards of said vendors.
I rather hope it's not that simple as that would be truly dystopian; running an entire country into a wall in order to preserve the golf appointments of half a dozen old white men...
Are you serious, you can't think of anything?
Someone reports a suspected terrorist, You look up there browsing history and message logs and find out yes this guy is definitely a terrorist. Pass it on to your colleagues to be investigated thoroughly. Maybe nothing is found, but that doesn't rule them out, you just pass it on saying needs more investigation, no corroborating on line information found.
It's a first line process that would save them lots of time and help ensure that a lot of people who need investigating are investigated with priority. That's just one thing, finding links with other people etc. priceless.
The question I believe is more a case of, just because we can do this, should we? I am of the opinion no we shouldn't, it is too much power to put in the hands of a few people who have shown they cannot be trusted to follow the gesture of law, happy to bend the law to the absolute maximum which is was never envisioned for. Power corrupts, it's one of the certain things in life. I'd rather we prioritised keeping the country safe from corruption than an improvement on fighting terrorists. I know a lot of people would disagree on that which I put down to fear mongering by the government, but that is the question it comes down to in my opinion.
"Simple techniques would catch lots of these people."
And millions of false positives now conviniently labeled as 'terrorists'.
That has already happened in US because NSA doesn't care at all about false positives: Once you are suspected, by automated tools or anything else, you and everybody you communicate with, will stay suspected. For ever.
It doesn't take decades to put everybody to 'no-fly'-list as suspected terrorists with this method.
It's always seemed to me that serious investigation of suspected crime demands the collection of the least information necessary to verify (or refute) the suspicion. But "intelligence" wonks think it's better to collect everything "in case we need it later". This is like the hoarder who saves every piece of trash, every defunct appliance, every empty container, every old magazine and newspaper for the exact same reason. Indeed, it's not to far from saving every soiled piece of toilet paper in case you later think you may have intestinal parasites.
Better to call them stupidity wonks. Amateur stupidity wonks. Like May.
We wants it" would make her sound like a power mad dictator with a Stalin sized desire for control of everyone.
Which might make people disinclined to pass this Bill without drastic reductions in powers and gagging.
Nevertheless that's the bottom of data fetishism. The believe that more data is always better and all data (all the time, stored forever) is best.
Put that way does it not sound like a delusion caused by a mental illness?
""We wants it" is Gollum."
Correct. But nothing conveys the unlimited, unbounded desire for possession (in this case of all users data, all the time, forever) quite like Gollum's monologues.
Interesting you refer to him as Gollum, when the characters name is "Schmegle." Gollum being who he is turned into by his lust for the Ring.
Kind of like the list of sock puppets Home Secretaries who turn into instant fanbois for this once they enter office.
"Kind of like the list of sock puppets Home Secretaries who turn into instant fanbois for this once they enter office."
Odd that. It's almost like a big neon sign saying 'I've had my history investigated and they found stuff that would ruin my career'.
"It's almost like a big neon sign saying 'I've had my history investigated and they found stuff that would ruin my career'."
Minor correction: "they found stuff" just needs to be "they ***claim to have credible-looking stuff***" (it doesn't have to be genuine, just capable of being thought reasonably plausible).
You're not dealing with nice people here.
"Interesting you refer to him as Gollum, when the characters name is "Schmegle." Gollum being who he is turned into by his lust for the Ring."
it's "Sméagol"; and he is called Gollum because few know his name (he barely remembers it himself) and that is the noise he makes when he swallows or speaks. It is arguable, also, that it was the power of the Ring itself that corrupted Sméagol and that the lust for the Ring is a manifestation of that power; a way of the Ring defending itself.
....I'll get my (very geeky) coat now.
How is that Royal Prerogative? It's not one of their discretionary powers listed, like calling an election, or granting of honors.
It was simply "We have budget for Mastering the Internet / Parliament says no / so we apply the law we've been using for tapping international phone calls to the Internet / We'll fix Parliament later".
It's not within their discretionary powers to do that. They just decided they were bigger than the pesky democracy, and the inconvienient Parliamentary decision could be ignored.
Lord Blair (not that one) had his go at fixing it by slipping in an amendment to a bill (he was in on it, as ex MET anti-terror Police, he would know there was a split between Parliaments laws and Charles Farr's actions). And this is the latest attempt to bring Parliament to heel.
The protections against an abusive GCHQ was "GCHQ cannot spy on Brits". In exchange they got relative free access to surveillance data... but not *British* surveillance data.
If you say they can spy on Brits, then each and ever piece of data has to go through judicial warrant with the right of the Brit to challenge it. That is the RIGHT we are ENTITLED to.
And as for classifying some data as "content", as a means to strip privacy rights for all the other data, yeh, its a trick, we get it, you're very good lawyers and scheming politicians, but that will just be abused in secret.
This "well its only websites not pages", bullshit, if knowing (hypothetically), that Andy Burnham visits BackdoorMilfsGaped.com it would give extraordinary leverage against Burnham. Sure we might not the exact milf he ejaculates too... for that we'd have to ask GCHQ, which would have grabbed that data as part of their UK fishing trawl, and could hand it to a (hypothetical) Charlie Farr figure without any process or limit.
So you'd have an enormous among of leverage over the political system by a few bad actors in Government. Exactly the thing a judicial system is meant to stop.
But we're not talking about some future "hypothetical" system are we? You did it in secret and now its being abused.
Either you're philosophically pro 'freedom' in which case no snooping is ever going to be good and any invasion of privacy is bad-guy-stuff, or you pro 'safety' in which case the freedom brigade are just childish terrorist-abetting kiddie porn downloaders.
Much insulting, little logic.
...or you're pro-oversight, in which case you recognise that sometimes bad actors need surveilling, but that it is also a clear conflict-of-interests for the government to be doing so, which is why you have judicial oversight and warrants.
Bulk data gathering without a warrant, or rubber-stamped by the home secretary of the time (and home secs are generally about as trustworthy as a used car salesman with a gambling addiction), has no oversight and is wide open to abuse by those with power and/or oodles of cash.
Or you're Pro-Actual-Safety, in which case you would know for certain that bulk collection is worse than useless for protecting the populace.
To use an old analogy, piling on more hay doesn't help find needles.
This kind of bulk collection serves two purposes only.
1) It makes it easy to frame someone you wish to make trouble for. It may not be enough to hang them, but ruining their life and career is quite simple.
2) You can put together a dossier on someone after they have committed atrocities.
It simply does nothing whatsoever to prevent an atrocity - and seems likely to increase the probability of same due to the manpower issue.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
