Brit spooks 'kept oversight bodies in the dark' over data sharing Concerns have been raised that neither of the bodies tasked with overseeing the UK's spy agencies were aware that data they collected was shared with the private sector. According to documents released as part of an ongoing court case between the UK government and Privacy International, GCHQ and MI5 didn't tell watchdogs they …
"Despite what it may seem, people do have an expectation of privacy to some degree on their social media"
Stupid people perhaps.
I suspect that what most people are really pissed about is that didn't like/favourite/retweet the data as they collected it. That's why most people made it public after all.
Joke alert not joke alert --->
Well, define "stupid". People *should* be able to assume that the only people reading those posts are the people they authorise, plus possibly the system admins and law enforcement bearing a valid court order.
Law enforcement accessing the data without a warrent and then deciding to sell/give it to whomever they feel like should not be a thing given that it's illegal under even existing laws supposedly controlling GCHQ. It shall be interesting to see how this plays out.
That being said, personally I assume that everything online (including encryption) is compromised or compromisable by GCHQ/NSA and that anything posted or communicated online is probably read by them. I'm confident that the contents of my internal business network is safe from prying, but not utterly certain given the extreme resources that can be brought to bear on suppliers making security assumptions invalid. (ie, that certs won't be forged by high level suppliers, tokens ID's are secure and that out of band auth via phone will mean the end users phone rings etc)
Maybe social media platforms should add an extra tick box to their privacy options: "Please share my data with the security services on their request, even without an appropriate court order: y/n".
Then we will find out what we should "assume" people want.
That being said, personally I assume that everything online (including encryption) is compromised or compromisable by GCHQ/NSA and that anything posted or communicated online is probably read by them. .... Peter2
Quite so, Peter2, and I also like to assume and presume such. And it does present a major problem and highlights a catastrophic vulnerability for such not so secretive services which be tasked with knowing/preknowing what is going on all around them, and in the deeper darker dimensions of the webs which are sharing valuable secrets, in that whenever there is no action taken with or against information/intelligence which is shared/discovered ...... and imagine that everything on El Reg must be examined if/whenever some things on El Reg may be of significant national security interest ...... must the information be of no interest to such services and thus can be safely exported to competitors, or of such an unusual and non-conventional nature, that it be beautifully secured against detection.
Good heavens, our resident bot has made something approaching a coherent post. Maybe AI is improving after all... Peter2
Improving and Live Active BetaTesting NEUKlearer HyperRadioProActive LOVE Programs, Peter2 .....
Can Do Lovers Providing Nectar for Can Be HookersA SophisticatedD LOVE Program [Live Operational Virtual Environment] is where NEUKlearer HyperRadioProActive IT Enables and Drivers Quantum Communications Activity with and for ESPecial AIgents on and into Heavenly Bodied Assignments/Assignations.
What are Ur Future Plans?
I Kid U Not. :-) Mars and Venus on Joint AIdVentures Proof Testing Alien Code to XSSXXXX is a hard act to eclipse or surpass, given what Greater IntelAIgent Games Players can so easily do, and in tandem and consort with others, do together with further AIdVentures Diving Deeper into Magic Honey Pots. :--)
Spooky Sensitive 3342deg Stuff and beyond, Peter2.
What are Ur Future Plans?
"Stupid people perhaps."
IANAL, but assuming you have an option when posting to set a visibility to "everyone, everywhere" and "just my mates please", and you choose the latter, you have a (legal) expectation of privacy.
That most people know that the piss will be taken, doesn't mean you lose that right.
This is in much the same way that you have an expectation of privacy in your own home/hotel room etc. So if you wander around in the buff, and someone takes pictures from a public space outside (or other place a photographer could legally be), then the photographer is violating the expected right to privacy. Yes, wandering around naked and being shocked that someone took some snaps is perhaps "stupid" but it doesn't change the fact that the people taking the pictures are the criminals.
GCHQ et al are allowed* to scoop up public data, which is anything where you don't have an expectation of privacy. Driving your car on a public highway does not confer any expectation of privacy, for example. If they want to do something that crosses that threshold, then there is supposed to be some sort of warrant like process. Exactly what aspects of meta data are public or private is always going to be a bit of a bun fight.
Just to note, this is not (and never will be) about the gathering of information on actual targets. If the security services believes you are dangerous enough to get a warrant, even a secret one, then all bets are off. This is about collecting data on people that have yet to come up on the radar.
* well, now I think they're pretty much allowed to do anything, and then get it retroactively legalized.
Even log in credentials can stop users seeing either all of the structure of a data base or limit them to seeing a very small part of a much larger design.
We all know that the structure of the data is just as important as size of the database, especially the cross referencing of data sets within the DB and across multiple DBs.
Let's see how well this Commissioner responds to the fact they seem to be being played by the snoops.
My thought too as a rank amateur but one with friends who are database experts and someone who has had cause to interrogate databases. If the data are unstructured to that degree how the hell do they search it efficiently? Or do they just dump a load of stuff on poor minimum wage grunts and make them sift it?
I realise it is hard to accurately categorize stuff, especially in an automated manner. But surely they can do better than 'unstructured'?
A very good question.
"Free text searching" is (technically) what Google does.
Various obvious tactics are to build dictionaries of common words and phrases and build a DB of who uses them (something dating back to the NSA's speech work in the 1970's). Likewise tracking "likes" and downvotes on different sites. So using a not entirely random example "how many times did Ahmed and Abdul use the word jihad since the 7/7/5 attacks"
The problem for the intelligence agencies now is that no sane minded and/or relatively informed person believes or trusts a word of what either they, the Government or GCHQ utters. Such is the extent of what they want to grab in terms of "powers", the more cynical part of my mindset can absolutely see how they could be entirely responsible for seeding (i.e. by deliberately misplacing) certain datasets out into the wild so as to cause data loss, 3rd party hacking instances, and personal collateral damage to people and organisations, with the intent of thereby reinforcing full-circle their own arguments and demands for those powers.
As I said, it might be a cynical perspective, but I'm not convinced that on past form, previous obfuscation, misinformation and lies; but mostly on the basis that all of their shady operations conveniently hide under the banner of "national security" - that it is beyond these organisations in any way shape or form.
Who'd want to be an Investigative-Journalist / Whistleblower / Activist-protestor, in this climate:
"Social media data shared by spy agencies - BBC News - UK spy agencies are collecting citizens' social media and medical data, a court has heard. The details emerged in a case brought by Privacy International, looking at the legality of mass data collection. - The body which oversees UK surveillance did not know that highly sensitive data was being shared, it emerged. - The long-running legal case was brought by Privacy International, following revelations in March 2015 that the intelligence agencies were collecting not only targeted data on specific suspects but also information from the general public. The details were revealed in an Intelligence and Security Committee report which, although heavily redacted, stated that so-called bulk personal datasets (BPDs) vary in size from hundreds to millions of records. - According to Privacy International it is the first time that the type of data being collected has been made public, although it is still not clear how such data is collected. "We don't know whether it it is intercepted or given to it by the companies - One of the biggest reveals of the court case was that private contractors had "administrator" access to some of the information the agencies collect. The Investigatory Powers Commissioner's Office (IPCO), which oversees the UK's surveillance regime, has raised concerns over the role of these private contractors. In letters shared with PI, it said that there are "no safeguards" in place to prevent the misuse of the systems by third parties."
http://www.bbc.co.uk/news/technology-41651840
I didn't know BBC News were a spy agency, AC. When was the transition?
Are HQ planning any Novel Leading Programs for Projection into the Mass Body Politic for Prime Steering into Alternate Beta Conditions ....... Future Augmented Virtual Reality Productions. Mother Russia has already recently [ Oct 17, 2017 2:45 PM ] been Offered the Same Prime Proposal too initiated by the open invitation shared in the following media tale/news item.
Putin is openly inviting investment capital into Russia that is legal and above board. Russia wants legitimate businesses to operate in Russia in whatever currency they like as long as that business is transparent.Here's a SMARTR Joint AIBusiness Venture, methinks worthy of Putin Presidential Consideration ..... A Safe Harbour for Russia Crypto-Rubles be their very own CyberIntelAIgent Network of Global Operating Devices Live Active BetaTesting with Future Augmented Virtual Reality Productions for NEUKlearer HyperRadioProActive Live Operational Virtual Environments. ....... Quite Alien Space Places.
Is anyone able to Offer and Deliver More, Even Better or Different and Working in a Parallel Dimension ....... which we can from here deeper explore and further examine with simple complex searching questions looking at forthright answers for dynamic future secured solutions.
Privacy International did mention summat about the University of Bristol getting a raw pipeline of (our)cheltenham-slurped-data, once a day - with seemingly un-monitored access.
I’m guessing wildly that it would be sent directly to the Psychology department, hopefully with the aim of finding elusive terrorists, rather than just pure fascism? Or would it be more open, better check!
Searching www.bristol.ac.uk gave this “Heilbronn Institute for Mathematical Research – a joint partnership between GCHQ and the University of Bristol. This institute has not only provided a focus for the growth of pure mathematics at Bristol; it has also acted as a catalyst for the subject’s sustainability across the United Kingdom” excellent!
Datamining - rather than psycho-history?
If you want your privacy, do not use social media...
Or any other internet usage Also ditch the smartphone, hell, better ditch cellphone service altogether, and never use credit cards, then all you have to worry about is being tracked because you don't use any of these things.
"Subject still in his cave as of Oct 19, 2017, left once to defecate in the bush at 22:15 today as usual, then returned.
Stool sample taken for analysis of any possible terrorist activities. Will advise of any updates."
A similar investigation in Canada resulted in secret (ie. classified) findings that cannot be disclosed. Not even the submissions of the complainants can be released.
https://bccla.org/dont-spy-on-me/
All the oversight and review IPCO claims is of little use if the agencies cannot be shamed or prosecuted into compliance.
AC for the usual raisons d'etre.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
