back to article GCHQ bod tells privacy advocates: Most of our work is making sure we operate within the law

Privacy advocates, journalists and a representative from GCHQ squared off in a debate on surveillance in Cambridge today. The heavyweight exchange of ideas between Cambridge security engineering professor Ross Anderson and Ian Levy, technical director of the National Cyber Security Centre, the assurance arm of GCHQ, took place …

  1. Pascal Monett Silver badge

    "If you whack governments on privacy it will only drive the vulnerability market."

    You mean, like all the stuff the NSA had stashed for a rainy day and got stolen ?

    You can tout the NSA's "efforts" at transparency all you want, we all know that the NSA is just lying through its teeth, making puppy eyes to better stab us in the privates (pun intended).

    Encryption, encryption and more encryption. No backdoors, proper stuff. If it just delays discovery by a week, that'll be good enough for TLA's to throw up their hands in disgust and give up.

    Either that, or Intel gets pressured into inventing a new 48-core desktop CPU that runs at 8Ghz and has 100GBps bandwidth. Can it run Crysis ? Can it ever !

    Better privacy and more powerful computers. Who can complain about that ?

    1. Primus Secundus Tertius

      Re: "If you whack governments on privacy it will only drive the vulnerability market."

      "Who can complain about that ?"

      We can (in silence) after we become ruled by religious nutters, commie conspirators, or other ruthless but selfish minorities. That may happen if they are not defeated by surveillance and arrest.

      Some admirers of technology have no idea how the ordinary selfish human world works.

      1. Kabukiwookie

        Re: "If you whack governments on privacy it will only drive the vulnerability market."

        ruthless but selfish minorities.

        Of course, if you look at history, it's always the minority groups with no power who abuse said lack of power.

        Some people who see 'evil terrorists' in every nook and cranny, don't seem to understand how power corrupts selfish humans who should be working for the good of general population.

      2. Doctor Syntax Silver badge

        Re: "If you whack governments on privacy it will only drive the vulnerability market."

        "Some admirers of technology have no idea how the ordinary selfish human world works."

        Well, this one does because he spent about 14 years helping investigate crime, much of it terrorist related because we had a little local problem largely funded by the US. And emerged from that with a strong belief in the presumption of innocence and due process of law, fundamental concepts for a free society which surveillance tends to trample on rather severely.

        1. mwnci

          Re: "If you whack governments on privacy it will only drive the vulnerability market."

          Agreed...Not much has changed since Benjamin Franklin. "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

  2. Anonymous Coward
    Anonymous Coward

    Facebook vs FISA

    Can anyone tell the difference between Facebook and FISA? Look at Zuck's Testimony to Congress / EU: 'Deny-Deny-Deny' regarding shadow profiles and 24/7 Offline-Tracking of Users and NON-Users... Then if ever caught out, just say: 'We'll get back to you on that'.

    This isn't about tinfoil hats or associating the two, which Snowden shows happens away. Its about having another layer of espionage / surveillance available for hire... What is Palantir / Emerdata / Firecrest really anyway, except privatized NSA/CIA for special interests and their black ops...

    -------------------

    http://www.theregister.co.uk/2015/12/07/reason_clapper_lied_about_nsa_spying/

    https://www.theguardian.com/commentisfree/2016/feb/09/internet-of-things-smart-devices-spying-surveillance-us-government

    http://www.theregister.co.uk/2016/02/09/clapper_says_iot_good_for_intel/

    http://www.theregister.co.uk/2016/11/17/us_director_national_intelligence_resigns/

    https://www.bloomberg.com/news/articles/2014-04-02/nsa-searched-americans-e-mail-phone-calls-clapper-says

    1. Anonymous Coward
      Anonymous Coward

      Re: Facebook vs FISA

      Quote: "Levy controversially claimed that GCHQ is scrupulous."

      *

      Yes....but scrupulous about what exactly?

      *

      Also:

      https://theintercept.com/2014/12/13/belgacom-hack-gchq-inside-story/

      https://forums.theregister.co.uk/forum/2/2017/11/30/investigatory_powers_act_illegal_under_eu_law/

      https://www.theguardian.com/technology/2017/oct/17/uk-spy-agencies-intelligence-mi5-mi6-law-data-sharing-tribunal

      1. Sir Runcible Spoon

        Re: Facebook vs FISA

        Perhaps he could be challenged to devise a strict policy himself that would prevent scope creep and frog boiling by politicians within GCHQ?

        Not saying we should immediately adopt it, but it would be interesting to see what kind of safeguards he deems to be important over others.

  3. }{amis}{
    Black Helicopters

    must be an error

    This :

    Levy controversially claimed that GCHQ is scrupulous. "The biggest amount of work we do at GCHQ is to make sure we operate within the law," he said.

    Should read :

    Levy controversially claimed that GCHQ is scrupulous. "The biggest amount of work we do at GCHQ is to figure out how we can twist the letter of the law to our purposes," he said.

    1. nematoad
      Unhappy

      Re: must be an error

      "The biggest amount of work we do at GCHQ is to figure out how we can twist the letter of the law to our purposes," he said.

      No need, the tame poodles at the Home Office will quickly run up a new law so as to shield GCHQ from any nasty attempts to hold them accountable.

    2. macjules

      Re: must be an error

      Have an upvote.

      Or:

      "The biggest amount of work we do at GCHQ is to make sure we operate within the law, The second biggest amount of work we do at GCHQ is to make sure we never get caught breaking the law."

  4. Tigra 07
    Thumb Down

    "Levy went on to argue that GCHQ or the UK government wasn't arguing for government mandated backdoors"

    Both the last Home Secretary was and the Prime Minister is too. So...Bullshit!

  5. deive

    "difficulty for GCHQ to interpret laws that weren't clearly written" - what's the odds on GCHQ having a hand in writing those laws in the first place? About as much as business "leaders" helped write tax laws with all their vagaries and loopholes.

  6. Trollslayer

    Liars

    Sorry, but I've been the for interview and frankly the way they behave is disgusting.

    HR are like scared rabbit's the electric wheelchairs they are required to have were tucked in a corner with flat tyres. It went downhill from there.

  7. ShowEvidenceThenObject

    Sure, when my phone/mobile computing device has backdoors baked in, and it is legal for the security services to get all the information "need, to make [you] secure", the people that really need to be monitored will be aware of it, and won't be using one.

    The security services continue to try and socially engineer acceptance (or apathy) for these things, but telling everyone who groks the repeated failings in continuing to use dumb surveillance that "they are part of the problem", will never be a solution.

  8. Destroy All Monsters Silver badge
    Paris Hilton

    Duh? Wuh?

    The world has changed since former NSA sysadmin Edward Snowden revealed the levels of mass surveillance being done by the world's governments on their citizens, said Levy. The quality and availability of encryption schemes and security engineering have both improved. Agencies such as GCHQ and the NSA have become more open and transparent about their work, he added.

    Really? Things have improved a lot since the Summer of Surveillance? Remember that was ... 2013. I don't see any improvement anywhere whatsoever. But maybe I'm just reading Evil Newspapers.

    Now going back in time, all through the the War on Stuff, through Echelon, through Gulf War 1, through the time when Clinton ruled the shitheap and pushed Clipper, through moral panics about encryption and Sex On The Internet, through AOL, we arrive at the moment when PGP was released in the wild while pretending that RSA somehow had mumbled their agreement for this over a beer. That was 1991.

    Yes, things have improved regarding encryption since 1991. Not so much for regarding TLAs

    1. diodesign (Written by Reg staff) Silver badge

      Re: Duh? Wuh?

      "I don't see any improvement anywhere whatsoever. "

      The sudden surge of HTTPS Everywhere, and strong end-to-end encryption, as well as Privacy Shield and GDPR, and so on, all passed you by? They were all the result of the Snowden revelations.

      They didn't need the leaked files to happen, but the files sure acted like a catalyst.

      C.

      1. Destroy All Monsters Silver badge

        Re: Duh? Wuh?

        > They were all the result of the Snowden revelations.

        "HTTPS Everywhere", maybe.

        "Privacy Shield and GDPR" I doubt this very much. These are the result of politicians getting a move on because of corporate overreach. I don't believe TLAs are particulary fazed by such initiatives, nor are they targeted.

        But these are scant improvements. Improvements would be dropping all unnecessary complexity from the systems, get back to some kind of sanity, implement QubesOS-like compartimentalization, those kind of things. That would be a "next step".

        Instead we are being handed more slurping, Management Engines and bugfests, with JavaScript on top.

        Sadly, the road to hell is being travelled still.

        1. diodesign (Written by Reg staff) Silver badge

          Re: Destroy All Monsters

          '"Privacy Shield and GDPR" I doubt this very much.'

          The collapse of Privacy Shield and EU-US data sharing was a direct result of Schrems asking awkward questions about Facebook in light of Snowden's mass surveillance leaks. Also, Google et al started encrypting their data center links. E2E crypto was no longer for tinfoil-hat paranoids. So many things kicked off.

          Sure, none of these are Diffe-Hellman Exchange groundbreaking, but you can't stand there and claim there has been no effect.

          I think you're just having a grumpy day, and decided to pick a fight online - like a geezer sitting on a deckchair on his lawn, shouting at the kids across the street to quieten down.

          C.

          1. EnviableOne

            Re: Destroy All Monsters

            Privacy shield hasnt colapsed yet ... (but its on its way)

            Schrems VS Facebook killed Safe Habour

            Privacy Shield was supposedly a "better" replacement, but is still so full of loopholes and get-out clauses, along with the US.gov survelence, that it too will get ripped up, untill the US introduce a GDPR of their own.

            and EU-US data sharing as part of FIVE EYES hasnt stopped.

            E2E crypto and HTTPS ubiquity have helped, but we're still nowhere near there.

            and calling NCSC head a GCHQ bod is technically tue, but NCSC are a very different part of the organisation, with a completley different mindset.

  9. Mark 85

    Part of the problem or maybe it is the problem: users don't care

    I'm not sure but the problem seems to be the average user of phones and computers. They don't care if there's a backdoor because .. well the government won't abuse it and only the bad guys will. Or the "I have nothing to hide" right up to the time they get their bank account cleaned out.

    A big part of the problem is users and the mainstream media. Users don't read articles on security but which celeb is screwing another celeb, sports, who wore what to an event, etc. Maybe who's house got broke into in the local media. So, media doesn't cover it.

  10. GrumpyKiwi

    Legal =/= moral or right

    Just because something you are doing has been made legal by the government(s) of the day does not make it moral or right or justifiable.

    Here is a free clue for the likes of GCHQ and NSA - when you treat every citizen as a potential criminal, don't' act all innocent and "gosh we have no idea why people are upset by this". For a group of supposedly smart people you sure act like a bunch of 'tards.

    1. veti Silver badge

      Re: Legal =/= moral or right

      Do you really want public employees making decisions about what is "moral or right" rather than "legal"?

      Are you going to defend the cop who plants drugs in someone's pocket because they know he is a bad guy, even if he happens to be clean right now? The judge who leaks a rape victim's name because he has this gut feeling that she's lying? The minister who lies to parliament because the question she's been asked is "unfair"?

      Laws are what we, as a society, have agreed is the minimum standard of "moral and right" that people should abide by. The whole reason we have them is precisely so that public servants don't have to go through their lives making these calls on the basis of their own internal moral compass every day. If you don't agree with the standard that's been set, the correct course is to change the law, not to claim that it's not the point.

      1. DCFusor

        Re: Legal =/= moral or right

        @veti

        You have your strawman precisely backwards. In your examples you have public employees breaking a law because they feel it's the right thing.

        The OP had them not doing everything that was legal because some of what's legal isn't moral.

        Going less than the speed limit is legal. You're equating it with speeding.

        Everything that's not forbidden need not be mandatory.

      2. GrumpyKiwi

        Re: Legal =/= moral or right

        Governments pass immoral and/or BS laws all the time. Stating that this gives a fig-leaf of virtuosity to immoral or otherwise BS government activities doesn't make it right

        You have heard of the concept of the consent of the governed? This BS doesn't have that consent which is why they are scrabbling so hard to find ever more desperate justifications for it.

      3. Harry Stottle

        Re: Legal =/= moral or right

        To begin with, not relevant to your post but to the article and Levy's stereotypical response; I make my obligatory reference to Accountability Theater, which covers the issue of Surveillance amongst others.

        In response to your rhetorical quiestion: "Do you really want public employees making decisions about what is "moral or right" rather than "legal"?"

        I draw your attention to the Nuremberg trials where it was made explicit, in international law, that no citizen can use, in their defence, the argument that they committed the obviously immoral act only because they were "following orders" (legal or otherwise). This imposes a direct obligation on each citizen explicity to consider the wider moral implications of their actions, over and above the Law of their land.

        Clearly, for example, if the Law mandates the persecution of a class, race, religion or gender on no other basis than those attributes, it follows, from the Nuremberg judgements, that is the duty of the citizen to challenge and disobey such laws.

        So yes, we do want public employes, when making decisions on how to implement public policy, first to understand the law and what it mandates but second to consider whether in the circumstances of a given case, implementing the law as mandated would itself breach the implied higher laws of International ethics.

        An obvious example of where precisely such employee overrides should have taken place (in the UK) has been aired in considerable detail recently in the context of the Windrush scandal, where civil servants have (for the most part) enthusiastically implemented the "hostile regime" designed primarily by the current Prime Minister during her role as Home Secretary.

        In my view both the politicians who mandated that regime, and the civil servants who implemented it have all committed serious criminal offences worthy of incarceration (though it would have more been fitting, had the option still existed, to have deported them to a prison colony)

        1. veti Silver badge

          Re: Legal =/= moral or right

          @DCFusor: The issue is, "do we want public servants following the law, or do we want them making their own private decisions?" That's not a strawman, that's precisely the point the OP raises. I'm just pointing out where else that logic might lead.

          @GrumpyKiwi: If you don't consent to the laws, then lobby to change them. If your lobbying isn't successful, then that is the verdict of the democratic system you live in: "the governed" as a group have decided to consent, even if you as an individual dissent. You don't get to opt out of laws once passed, any more than you get to decide what the speed limit on any given road "should be".

          @Harry Stottle: First, are you seriously comparing breaches of privacy with Nazi war crimes? If so I'm gonna have to declare the thread Godwinated, because that's ridiculous. Moreover, the Nuremberg defence relates to "following orders", which is separate from "following the law".

          The most recent treaty on the subject, the 1998 Rome Statute of the International Criminal Court, says:

          1. The fact that a crime within the jurisdiction of the Court has been committed by a person pursuant to an order of a Government or of a superior, whether military or civilian, shall not relieve that person of criminal responsibility unless:

          (a) The person was under a legal obligation to obey orders of the Government or the superior in question;

          (b) The person did not know that the order was unlawful; and

          (c) The order was not manifestly unlawful.

          2. For the purposes of this article, orders to commit genocide or crimes against humanity are manifestly unlawful.

          When international law feels it necessary to spell out that "genocide or crimes against humanity" are "manifestly unlawful", I find it very hard to imagine a court bracketing "mail tampering" in the same category. In other words, the Nuremberg precedent is not relevant here. Not even close.

          The Windrush scandal is different again. Capita unlawfully sent letters to people who shouldn't have received them. The issue there is precisely that they weren't following the law, but rather bowing to pressure from (presumably, though the detailed chain of blame is still coming out) politicians.

          For myself, I want to see public servants following the law, as debated in parliament, and written, and published, and adjudicated by independent courts. I don't want them each obeying the little voice in their own heads, because that makes them basically unaccountable to anyone. And some of those voices are frankly scary.

          1. GrumpyKiwi

            Re: Legal =/= moral or right

            I disagree. I feel myself moral-bound to disobey and (better yet) work to destroy immoral laws, regardless of their support by the political class. If a law was repressing 1% of the population and was supported by 80% of it, that has zero indication of that laws righteousness.

            Slavery in the US South was legal. That didn't make it moral, it didn't make it right. It did make lawbreakers of those people who refused to help or actively impeded the Federal US Marshall's who tried to recapture escaped slaves.

            Basically, f*** those slavers. Whether 19th century or 21st. If I can assist in making their lives harder then I will.

  11. This post has been deleted by its author

    1. Sir Runcible Spoon
      Black Helicopters

      Re: Honeypot?

      "Twas always thus, and always thus will be"

  12. amanfromMars 1 Silver badge

    Deeper Understanding and Greater Application Needed in Secret Circles within Dodgy Doughnuts

    who reminded us of this case, the existence of which suggests that GCHQ is perhaps not entirely adverse to backdoors.

    No shit, Sherlock?

    And if they aren't planning some sort of off the books, super stealthy alternative intelligence program for floating onto markets and into the ether to lead everything in myriad other directions, and all current available/escaped evidence suggests such has not yet been energised and activated, are they always going to be playing second fiddle in a vast orchestra being conducted by a maestro ... for that is the score they be following.

  13. Anonymous Coward
    Anonymous Coward

    The human condition

    Shall prob'ly get downvoted by you lot and/or arrested by the spooks for saying so, but the people at GCHQ are (or at least used to be) by and large OK, it's their taskmasters who put them in an impossible position. I worked with the legal team on occasion and they will not tolerate wrangling the law. But nobody is infallible and, put under intense political pressure to sail close to the line, they have occasionally wobbled over it. I can also vouch that they feel bad about that.

    To be fair to the politicians, pushing the line is often done with the best of intentions but an excessive dose of ignorance. It is hard to watch terrorists, warmongers and child abusers at work without pushing back every way you know how.

    On secret backdoors, I notice in passing that while some very influential individuals may be advocating them, the Government as a constitutional body appears not to be. That was how it was in my time, let's hope it stays that way.

    1. amanfromMars 1 Silver badge

      Re: The human condition

      Shall prob'ly get downvoted by you lot and/or arrested by the spooks for saying so, but the people at GCHQ are (or at least used to be) by and large OK, it's their taskmasters who put them in an impossible position. ... Anonymous Coward

      If they were used to, or able and enabled to be using their intelligence .... and some not so kind would be questioning whether they had themselves any greater intelligence to exercise .... would their task masters be placed in impossible positions.

      :-) Do you wonder, because of the present dire straits condition of geopolitical situations, have the worms turned?

      Alan Turing would be proud. Bravo, chaps and chapesses! WTF kept you so long in deciding to do something?

    2. Dodgy Geezer Silver badge

      Re: The human condition

      ...That was how it was in my time, let's hope it stays that way....

      In my time, staff at both GCHQ and Security Service were entirely interested in maintaining their jobs, in a sometimes difficult political environment. And the senior staff simply lobbied for the law to be changed if it got in the way...

  14. Milton

    Yeah, riiight

    I can fix the headline, anyway—

    "Most of our work is making sure you never see most of our work"

  15. amanfromMars 1 Silver badge

    The In-House Systemic Problem and Catastrophic Vulnerability which Just Keeps on Giving

    A system/organisation/GCHQ which is geared and only able to try to maintain and protect a flawed status quo position, rather than lead it, is obviously a puppet with its strings being pulled by A.N.Others who would rather you didn't know who and what and where they were/are.

    And as Knowledge is Power in Command of Control, is the human condition always going to be naturally questioning and rebelling against such a contrived reality.

  16. Dodgy Geezer Silver badge

    Everybody SHOULD be asking...

    ...WHY do we have GCHQ and the Security Services at all?

    These are WARTIME bodies - set up to deal with directed attacks from an enemy which was trying to defeat and invade us. In this case the rule of law no longer applied - if you suspected a person of being a spy you could haul him in and imprision him in secred indefinately on no evidence under wartime legisklation. This is the ethos that these bodies expected to operate under.

    After the war, most wartime organisations disbanded. But these two bodies kept running exactly as before, with the Russians as their new Cold War enemy. Their problem has arisen with the end of the Cold War, and collaps of their reason for existence.

    They now do nothing that the police cannot do, given the proper resources. But they have brought their 'above the law' attitudes with them. The police have always had the requirement to operate within the law, even if they sometimes don't.

    We should abolish, or drastically shrink, these wartime security organisations, and pass their responsibilities and budget to the police forces which work under legislative control....

  17. David Roberts
    Unhappy

    Whistle Blower Protection

    Not the direct subject, but relevant to the discussion.

    I have always been at least a little unconfortable where International Law effectively says "If you do something we consider obviously morally bad, even if it is within the local law and you are ordered to do it, then you are a criminal and we will get you later.".

    This places the individual in an impossible situation; sacrifice your job, family, possibly your life to maintain the moral high ground?

    Given that whistle blowers, especially in the NHS, have been persecuted and driven out of their jobs for highlighting unsafe and often illegal practices there is enormous pressure to conform driven from the top down, so it isn't surprising if the majority keep their heads down and do as instructed. It isn't really surprising if some become very enthusiastic because they see a clear way to gain favour from their superiors.

    So please don't trivialise the required personal sacrifice required to go against corporate culture.

    Drifting even further off topic and introducing a Brexit Godwin on Windrush, if a significant proportion of the population take Brexit as a "send the wogs home" mandate, is it any surprise if a lot of them are working for one of the largest UK employers? In probably low grade but effective positions.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon