GCHQ Hacking Deemed Legal by Tribunal

Today it has been announced that computer and smartphone hacks used by the intelligence agency GCHQ are legal according to the UK’s Investigatory Powers Tribunal. The inquiry was launched after the extents of the agency’s hacking was uncovered by whistleblower Edward Snowdon, which led to GCHQ revealing that they had agents hack into devices both within the UK and aboard.

At the conclusion of the inquiry, the senior judges on the panel ruled that they were satisfied that GCHQ’s ability to forcefully gain access to devices in order to gather intelligence was striking a proper balance between safeguarding the privacy of individuals and the ability to investigate crime and protect the public. Understandably, Privacy International, the civil liberties group who launched the investigation said they were “disappointed” with the outcome and would continue to combat state-sponsored hacking.

GCHQ’s hacking efforts were reported to the tribunal as covering computers, smartphones, servers, routers and more. They were told that it was possible for the hackers to remotely enable microphones and cameras, log keyboard input, install malware, track locations and even copy documents from target devices. Currently, the only restrictions on hacking in place are laid out in the Home Office’s code of practice for hacking, or “equipment interference”, which is set to be expanded as part of the Government’s Investigatory Powers bill which is currently being drafted. These documents dictate that a warrant must be issued before any hacks can take place. The judges agreed that these codes had the right balance between the “urgent need for the Intelligence Agencies to safeguard the public and the protection of an individual’s privacy and/or freedom of expression”. These restrictions did not exist when the investigation was originally launched, however, which brings GCHQ’s previous actions into question.

Once again, the cyber security and privacy of citizens are under threat from government agencies, who strive to increase their own power and supposedly the safety of their people at the cost of their freedom. While in future GCHQ’s hacking is expected to be kept in check by codified legal rules, the fact that their previous actions were ruled to be lawful could set a dangerous precedent if a security agency tried to take advantage of the circumstance to work outside these laws.

Parliamentary Committee Tears UK Snooper’s Charter to Shreds

A new Parliamentary Joint Committee on the latest draft of the UK’s Investigatory Powers Bill proposal – colloquially known as the Snooper’s Charter, due to its wide-ranging powers of mass surveillance – has called for “significant changes” and “important clarity” to be added to the controversial proposal.

“The Government still needs to make explicit on the face of the Bill that CSPs (communication service providers) offering end-to-end encrypted communication or other un-decryptable communication services will not be expected to provide decrypted copies of those communications if it is not practicable for them to do so,” the Joint Committee’s report reads. “We recommend that a draft Code of Practice should be published alongside the Bill for Parliament to consider.”

The report also criticises those involved in the creation of the IP Bill, a proposal driven primarily by Home Secretary Theresa May MP, and their (mis)comprehension of the internet. “We recommend that more effort should be made to reflect not only the policy aims but also the practical realities of how the internet works on a technical level,” the report says.

Nick Clegg, former Deputy Prime Minister under the previous coalition government, and former leader of the Liberal Democrat party, branded the bill draconian, saying on BBC Radio 4 (via The Guardian), “Very few other countries other than Russia take this dragnet approach.”

Clegg was instrumental in the abandonment of the previous iteration of the Investigatory Powers Bill in 2012 and, despite being out of office now, his position on the proposals have not wavered. “Why there is this great congregation of concern from all wings of political opinion is because what the home office is in essence proposing is that in order to be able to surveil and analyse something they are saying they want to collect everything on everyone,” he added.

“This report shows just how much homework the Government has to do on this landmark legislation. Despite reams of evidence from the Home Office, the Committee finds the case for unprecedented powers to bulk hack, intercept and collect our private data has not been made,” Shami Chakrabarti, Director of human rights group Liberty, said. “The Government needs to pause, take stock and redraft – to do anything else would show astonishing contempt for parliamentarians’ concerns and our national security.”

Image courtesy of Londontopia.

Ex-NSA Director Warns UK Snooper’s Charter Will Kill People

The former Technical Director of the NSA has warned that should the UK Investigatory Powers Bill – nicknamed the Snooper’s Charter – pass into law that it will result in the deaths of innocent people. Bill Binney says that the sheer quantity of information that GCHQ analysts will be forced to sift through will actually distract them from protecting citizens, leaving the country more vulnerable to attack.

“It is 99 per cent useless,” Binney said in a letter to MPs leaked by human rights group Liberty (via InfoSecurity). “Who wants to know everyone who has ever looked at Google or the BBC?  We have known for decades that that swamps analysts,” adding that mass surveillance “costs lives, and has cost lives in Britain because it inundates analysts with too much data.”

While mass surveillance data has proved useful in the aftermath of, say, the World Trade Center attacks, to provide further background on the perpetrators, Binney argues that the act of collecting that data makes such an attack more likely to slip through the net.

“The net effect of the current approach is that people die first, even if historic records sometimes can provide additional information about the killers (who may be deceased by that time),” Binney wrote. “The alternative approach based on experience is to use social networks as defined by metadata relationships and some additional rules to smartly select data from the tens of terabytes flowing by.  This focused data collected around known targets plus potential developmental targets and represented a much smaller set of content for analysts to look through.”

Binney, who left the NSA in 2011 in protest at its mass surveillance program and became a whistleblower, will be speaking to MPs at the Joint Committee today (6th January) about the ineffectiveness of GCHQ’s BLACK HOLE data collection system which will support the IP Bill.

Image courtesy of The Independent.

Dell CEO Says “Post-PC” Era has been Great for PCs

Despite what the folks at Apple are thinking, it looks like there are still plenty of companies that believe the PC market is still pretty vibrant. CEO, founder and owner of Dell, Michael Dell has come out and expressed his confidence in the PC. This is in stark contrast to Apple CEO Tim Cook who said there is no reason to buy PCs anymore.

Despite some doom and gloom about shipments, Dell notes that since Apple first declared the PC “dead” half a decade ago, PC shipments have largely grown. With the continued innovation in both performance and aesthetics, Dell believes that newer PCs are going to be more attractive to consumers than ever. While there are now many devices competing with the PC for consumer’s attention, it just means that PC makers will have to step up their game and face their competition head on.

On a separate note, Dell spoke out against the Snooper’s Charter being contemplated in the UK. On this note, Dell and Cook are on the same page, both adamantly opposed against the surveillance law. Dell noted that backdoors would allow both legitimate and illegitimate access to systems and are fundamentally flawed. Even with many experts and officials already speaking out against the wide range of new powers being granted, the recent events in Paris may yet exert their impact.

ISPs Claim UK Snooper’s Charter Could Push Up Broadband Prices

Internet Service Providers in the UK have warned that they will need to put up their broadband charges should Home Secretary Theresa May (pictured) MP’s Investigatory Powers Bill, nicknamed the Snooper’s Charter, pass into law. Representatives of ISPs told the House of Commons Science and Technology Committee that money allotted by the government, £175 million, to support the storage of every customer’s data for 12 months, and the requisite security required to protect that data, is nowhere near enough.

“A typical 1 gigabit connection to someone’s home, over 50 terabytes of data per year [are] passing over it,“ Matthew Hare, the chief executive of ISP Gigaclear, told MPs. “If you say that a proportion of that is going to be the communications data—the record of who you communicate with, when you communicate or what you communicate—there would be the most massive and enormous amount of data that in future an access provider would be expected to keep. The indiscriminate collection of mass data across effectively every user of the Internet in this country is going to have a massive cost.”

Hare also dismissed the notion that tracking metadata is a simple task, since multiple internet services – internet browser, Steam, Skype, and even anti-virus software or operating system updates – often operate simultaneously, which results in data packets becoming mixed.

“All those applications are running simultaneously,” Hare said. “They are different applications using different servers with different services and different protocols. They are all running concurrently on that one machine.”

“There would be a huge amount of very sensitive personal data that could be used by bad guys,” John Shaw, Vice President of Product Management for Sophos, added. “The TalkTalk example is an unfortunate recent one that demonstrates that it is very hard for companies to protect everywhere the kind of data they keep about people, and this would be a requirement to keep a huge amount of further data.”

Shaw also feared that sales in software would decline should it become public knowledge that it contained government-mandated backdoors, telling the committee, “If I was a software business […] I would be very worried that my customers would not buy my software any more if it had anything to do with security at all. I would be worried that a backdoor was built into the software by the [Investigatory Powers] Bill that would allow the UK government to find out what information was on that system at any point they wanted in the future.”

Would you be happy paying more for your internet connection so that you could be spied on?

Image courtesy of The Guardian.

Researcher Makes Live Browser History Public to Show Impact of UK’s Surveillance Bill

Since details of the UK’s proposed Investigatory Powers Bill – a law nicknamed the Snooper’s Charter and that aims to open police and intelligence services’ mandate to, amongst other things, access and monitor the internet browser history of any UK citizen – there has been growing concern over the right to privacy of internet users. To illustrate just how intrusive the IP Bill would be, security researcher Brett Lempereur has launched ICREACHAround, a blog which shows a real-time list of websites he has visited.

“This page streams information about the pages I’m visiting on the internet in real-time. A public ICREACH on a really cheap domain name. Some of these links may be NSFW,” Lempereur writes. “This is an attempt to show the amount of information that will be available about you without and with a warrant if the new Investigatory Powers Bill comes into force in its current form.”

ICREACHAround is a play on ICREACH, an NSA search engine that allows US government agencies to navigate through phone records, mobile phone GPS, e-mails, and instant messaging history, the records for which total 850 billion. Lempereur hopes that, by sharing his own browser history, he can demonstrate the personal data that the UK Government would have access to if the surveillance bill is voted into law.

The browser extension that Lempereur uses to gather his own browsing data is available on GitHub if you want to try it for yourself. Lempereur has said that he is happy to field any questions regarding his endeavour via Twitter.

UN Privacy Chief Brands UK Surveillance Bill “Worse Than Scary”

Joseph Cannataci, the Special Rapporteur on Privacy for the United Nations, has attacked the UK Government’s Investigatory Powers Bill, branding the so-called “Snooper’s Charter” as being “worse than scary,” adding that he has seen no evidence that mass surveillance is successful for fighting crime. Cannataci, during his keynote speech at the Internet Government Forum in Brazil, also accused Member of Parliament of orchestrating an “absolute offensive” media campaign to mislead the public and shut down debate of the bill.

“What we’re talking about here is the context, and the context is completely different. When those laws were put into place there was no internet or the internet was not used in the way it is today,” Cannataci said. “It is the golden age of surveillance, they’ve never had so much data. I am just talking about metadata, I haven’t got down to content.”

“Mass surveillance is alive and well but governments are finding ways of making that the law of the land,” he added. “It can be necessary and proportionate to have targeted surveillance and what I am saying is that there’s not yet any evidence which convinces me that it is necessary and proportionate to have mass surveillance.”

When the bill was announced, Home Secretary Theresa May MP, the brains bedind the bill, said, “We are setting out a modern legal framework which brings together current powers in a clear and comprehensible way.”

The current draft of the Investigatory Powers Bill is due to be scrutinised by a committee of MPs before being put to Parliament to vote in as law.

Apple CEO Predicts ‘Dire Consequences’ For Privacy if Snooper’s Charter is Passed

The UK government’s Investigatory Powers Bill allows the police, and officials to record each person’s web activity for a 12 month period. Additionally, internet service providers are required by law to assist the state and break through any encryption. Technically, this could make it illegal for Apple to sell their products in the UK due to their handset encryption methods. Apple’s CEO weighed in on the bill and told The Telegraph:

“We believe very strongly in end-to-end encryption and no back doors,”

“We don’t think people want us to read their messages. We don’t feel we have the right to read their emails.”

“Any back door is a back door for everyone. Everybody wants to crack down on terrorists. Everybody wants to be secure. The question is how. Opening a back door can have very dire consequences.”

Tim Cook also discussed the latest TalkTalk data breach and proclaimed:

“It’s not the case that encryption is a rare thing that only two or three rich companies own and you can regulate them in some way. Encryption is widely available. It may make someone feel good for a moment but it’s not really of benefit. If you halt or weaken encryption, the people that you hurt are not the folks that want to do bad things. It’s the good people. The other people know where to go.”

Consumers rightfully do not trust huge corporations or governments to keep their data secure. History shows us that breaches are commonplace, and the huge amount of sensitive data from this bill could have catastrophic consequences. Furthermore, the voyeurism, and police state monitoring can only be described as disgraceful.

Full Scope of UK’s Worrying Surveillance Bill Revealed

The UK Home Secretary, Conservative MP Theresa May, has outlined the full scope of the proposed Investigatory Powers Bill. The bill, which has been teased by both May and UK Prime Minister David Cameron as a legal means by which police and intelligence services can bypass internet and telecommunication encryption and access the internet history of any UK citizen without judicial oversight, has confirmed the fears of many that the concept of privacy on the internet will become a thing of the past in the UK.

The new powers, as revealed by May in Parliament on Wednesday (4th November) and in draft form on the UK Government’s website [PDF], grant UK law enforcement agencies the ability to access and intercept a user’s internet data, which internet service providers will be required by law to store for up to 12 months, and place a legal obligation on companies to allow the UK Government backdoors by which to bypass encryption, but will be powerless to ban end-to-end encryption since such facilities being protected under European Union law.

The response to the bill outside the House of Commons has been almost uniformly negative, with many fearing that it marks an end to internet human rights in the UK, and that tech companies could pull out of the country over it:

https://twitter.com/jamesrbuk/status/661904968404873216

https://twitter.com/carlynyst/status/661895043490430976

A full summary of the Investigatory Powers Bill (via The Guardian):

  • Requires web and phone companies to store records of websites visited by every citizen for 12 months for access by police, security services and other public bodies.
  • Makes explicit in law for the first time security services’ powers for the “bulk collection” of large volumes of personal communications data.
  • Makes explicit in law for the first time the powers of the security services and police to hack into and bug computers and phones. Places new legal obligation on companies to assist in these operations to bypass encryption.
  • New “double-lock” on ministerial authorisation of intercept warrants with a panel of seven judicial commissioners given power of veto. But exemptions allowed in “urgent cases” of up to five days.
  • Existing system of three oversight commissioners replaced with single investigatory powers commissioner who will be a senior judge.
  • Prime minister to be consulted in all cases involving interception of MPs’ communications. Safeguards on requests for communications data in other “sensitive professions” such as journalists to be written into law.
  • New Home Office figures show there were 517,236 authorisations in 2014 of requests for communications data from the police and other public bodies as a result of 267,373 applications. There were 2,765 interception warrants authorised by ministers in 2014.
  • In the case of interception warrants involving confidential information relating to sensitive professions such as journalists, doctors and lawyers, the protections to be used for privileged information have to be spelled out when the minister approves the warrant.
  • Bill includes similar protections in the use of powers to hack or bug the computers and phones of those in sensitive professions as well.
  • Internet and phone companies will be required to maintain “permanent capabilities” to intercept and collect the personal data passing over their networks. They will also be under a wider power to assist the security services and the police in the interests of national security.
  • Enforcement of obligations on overseas web and phone companies, including the US internet giants, in the courts will be limited to interception and targeted communications data requests. Bulk communications data requests, including internet connection records, will not be enforceable.

Image courtesy of WikiMedia.

UK’s WhatsApp Ban Ruled Unlawful

UK Prime Minister David Cameron plans to ban any online messaging platform that uses end-to-end encryption, such that it would be unreadable by the country’s intelligence services, has been deemed “inconsistent with [European Union] law”. Messaging apps that use end-to-end encryption, such as the popular WhatsApp, Apple’s iMessage, and image sharing platform Snapchat, are protected under the EU’s Article Eight of the European Convention on Human Rights. Home Secretary Teresa May, creator of the Data Retention and Investigatory Powers Bill – or ‘Snooper’s Charter’ – has, however, appealed the decision.

The ‘Snooper’s Charter’ has been met with vocal opposition from both users and tech companies alike. Apple CEO Tim Cook declared that his company has “never worked with any government agency from any country to create a backdoor in any of our products or services […] and we never will.”

“In our country, do we want to allow a means of communication between people which, even in extremis, with a signed warrant from the home secretary personally, that we cannot read?” David Cameron said back in January. “Are we going to allow a means of communication where it simply isn’t possible to do that? And my answer to that question is no we must not. The first duty of any government is to keep our people and our country safe,” he added, using the age-old trick of citing terrorism prevention to infringe on civil liberties, despite the fact it doesn’t work.

Even MP for Uxbridge and South Ruislip and Nazi poster boy Boris Johnson is towing the Tory Party line of not giving a damn about human rights, saying, “I’m not interested in this civil liberties stuff. If they’re a threat, I want their emails and calls listened to.”

For all its faults, the European Union is the only body standing up for privacy and human rights in the face of Owellian levels of mass surveillance. Long may that continue.

Thank you The Express for providing us with this information.