Previously we’ve reported on the Snooper Charter (the official name of which is the Investigatory Power Bill). The focus for the snooper charter has been on large companies, with groups like Facebook and Microsoft coming out with some observations over just how bad an impact the charter might have on companies working in the UK. Even the NSA’s ex-director warned that it could “kill people”. Worst may be yet to come, with Theresa May clarifying not only the extent, but also that the Snooper Charter could cost a lot more than initially thought.
Theresa May stated the cost of the snooper charter may, in fact, exceed the original estimate of 240 million pounds. With companies like EE and Vodaphone saying that the cost to them may be that figure alone in order to meet the bill’s requirements.
One of the initial thoughts regarding the bill was that small-scale internet providers might be excluded from the requirement, but this isn’t the case. The defence and security industries, alongside the information commissioner, asked for a “sunset clause”. This clause would mean that after five to seven years the bill would be revisited because of the rapid pace of technological change, May rejected this thought saying that the bill was fit for a rapidly changing world and was “technology neutral”.
An issue brought up by groups like Facebook and Microsoft was the dealing of extra-territorial warrants. In the current bill, a notice could be provided to a company with employees in the UK for data stored abroad, a topic which has been at the forefront of data request issues for years now.
It was then asked if the government would have a limit on the finances available, the answer to which was that they were going to work on a “cost recovery basis”. This means that companies could seek back the cost for installing the hefty systems needed and that they will “have reasonable cost recovery when we require these companies to provide these capabilities”. Not only could the bill mean worrying levels of powers and data stored about people, but it also seems like we will also be footing the bill for it.
While those of us in the UK worry about risks to our internet security posed by the Snooper’s Charter and the calls for removing or weakening encryption in the wake of the recent terrorist attacks, Kazakhstan is one step ahead of the west. After January 1st 2016, every internet capable device in the country will be required to install a “national security certificate”, which will allow the government to gain access to its communications, whether they are encrypted or not. In order to help enforce the requirement, ISPs and network carriers must keep records of users that do and don’t install the certificate code, making it almost impossible to avoid it if you want to access the internet.
There are many risks with implementing such a backdoor on a nationwide level. As well as allowing the government to potentially keep tabs on those who would challenge the current government, the backdoor could also be misused by unscrupulous parties for the own ends, whether it is criminals finding a way to misuse the backdoor to access sensitive date or even opening its citizens up to surveillance or cyber attacks from other nations.
The requirement of using the certificate is shaky too, as while it is designed to work on Windows, Mac OSX, Android and iOS, it has no provision for users of Linux. And there could be problems if the certificate were to be revoked, or become incompatible with future versions of operating systems. Were someone wishing not to play by the rules, they could find ways to encrypt data that the backdoor won’t reveal or spoof their usage of it.
In this day and age, where internet security is a topic of hot debate, it will be interesting to see how well these backdoors work for Kazakhstan or whether they do more harm than good.
In the wake of the tragic and devastating attacks in Paris last week, many questioned why the authorities were unable to predict and stop the attacks. In fact, despite the wide-ranging and intrusive surveillance systems in place, the only whiff of intelligence was about a generalized threat against France. Now many officials are coming out across the spectrum and blaming Edward Snowden and his leaks for allowing the terrorists to go undetected.
Former director of the CIA James Woolsey has been among the most forceful, claiming Snowden “has blood on his hands” while current CIA director John Brennan blames the unauthorised disclosures as well. London Mayor Boris Johnson has also blamed Snowden for teaching the terrorists “how to avoid being caught”.
Encryption and methods of avoiding electronic detection, however, have not been new to the terrorist toolkit. Since before the 9/11 attacks and in the many that followed it, terrorists have used encryption and other methods of secure communication to co-ordinate. Those attacks all happened before Snowden even revealed the surveillance systems in place, revelations which only confirmed what many already believed the government was already doing. This is especially true of terrorists who knew they would be monitored and generally used methods to conceal themselves already, with Bin Laden famously using couriers only to communicate.
With the focus in recent days on backdoors, it would not be surprising to see pressure placed on Sony to allow monitoring of the PSN and PS4 given its use by the terrorists. Even if governments end up creating backdoors in many popular products, there will still be nothing to stop peer-to-peer encryption and other forms of encrypted communications from being used.
In a development that is likely to place more pressure on the technology sector, reports are coming out that the perpetrators of the recent Paris attacks used Sony PS4s to communicate and coordinate their attack. This comes after authorities have taken away the PS4s from the attackers homes and Belgian home affairs minister has said that the PS4 was chosen due to its difficulty to track.
Games and consoles have always been on the radar for authorities in monitoring suspects. After all, Edward Snowden revealed that the NSA and GCHQ had agents embedded into MMORPG World of Warcraft and Second Life in order to monitor suspects. XBox Live was monitored and part of the reason many were hesitant about the always on functions of the new consoles and the once mandatory Kinect.
At that time, PSN, the Sony’s Playstation Network was not mentioned as a target for monitoring. If it turns out the PS4 was used, authorities will likely start looking into PSN communications as well. Given the myriad number of ways players can communicate with each other in game, the large volume of communications and the importance of context, whether or not extra monitoring would help remains to be seen.