Backdoors

Backdoors

Earlier this week, the Guardian in conjunction with its partner publishers, New York Times and ProPublica ran an article, Revealed: how US and UK spy agencies defeat internet privacy and security. As we’ll see, the title is a bit misleading, but the agencies certainly gave it their best shot. This story builds on the initial Snowden leaks that the NSA has been using computer technology to spy on everyone using the internet in the USA. The story rapidly came to the UK where it became clear that Britain’s GCHQ was tapping the UK/USA telecom links, sharing intelligence with the USA and providing the NSA with a slightly more legal way of spying on US citizens. There is little doubt that the US & UK’s intelligence agencies have outsourced their own domestic spying which is legally restricted to each other.

A letter to Yvette Cooper and Sadiq Kahn

Dear Yvette and Sadiq,

At the Open Rights Group’s annual meeting, ORGCON 2013, which was held last week end under the shadow of the Guardian’s scoop exposing the US Government’s industrial  scale invasion of the rest of the world’s privacy, one of the panel sessions was on the subject of the stalled Communications Data Bill.

Julian Hupert MP was speaking and said that Clegg’s veto on Parliamentary time will ensure that unacceptable legislation will not get through this Parliament. He referenced the pre-legislative joint parliamentary committee, the report from which was unanimous but stated that the Labour Party supported the passage of a revised version of the Communications Data Bill. He said this in the context of his inaccurate boast that only Lib Dem vote in 2015 will ensure that the UK never has such a surveillance system.

The passage of the Communications Data Bill would have enabled a surveillance system that the Statsi would have been proud off. The Joint Committee rightly described it as disproportionate and fanciful.  Yvette welcomed the report, saying,

…this gives too much wide ranging power to the Home Office, provides too little protection for people’s privacy, and no proper safeguards over cost.

As we know, the Home Office have no intention of giving up, and events in Woolwich last month when Drummer Lee Rigby was attacked and killed became the event which leads to the Securocrats, including some of Labour’s own ex-Home Secretaries calling for the Bill’s reintroduction.

In the BBC’s reporting of this story, they say,

Shadow justice secretary Sadiq Khan told the BBC the original bill would have given the home secretary too much power, been too expensive and did not have the right checks and balances.

“If she [the home secretary] wants to come back with a new bill, of course we will work with the government to make sure we can give the police and the authorities the proportionate powers that they need,” he said.

I note that Sadiq does not diminish the Labour Party front bench’s commitment to proportional powers, balancing the police need to investigate with the public’s right of privacy. I read Sadiq’s comments as a promise to discuss timetables. I hope I am right.

The BBC reports today an open letter signed by three Labour ex-Home Secretaries, together with two Tories and one Lib Dem peer, Lord Carlile, asking that the Tories work with Labour in Parliament to revive the Communications Data Bill. I am unable to comment on the extent to which they are concerned about the privacy intrusions inherent in the previous bill since the BBC did not publish the letter which is to be published in the Times presumably behind a pay wall; I do not propose to pay the Murdoch press to read it.

Privacy is an issue of importance to the Labour Party and the Trade Union movement. The last time Government extended the Police and security services surveillance powers they were used against ordinary workers and activists who were organising strikes to defend their wages and jobs. They did this under the excuse of national security.  Today we see the continued victimisation and blacklisting of trade union activists by the building and construction trade, almost certainly in contravention to the current privacy laws. Prior to that MI5 were bugging and spying on leading civil liberty campaigners including Harriet Harman and Patricia Hewitt.

The creation of a database with the UK citizen’s web history would be a mistake of gravest order. Not only is it unlikely that it could be kept secret from unscrupulous bosses and other criminals but it is likely that Judges would incrementally extend the crimes which it is valid to use this data for. It may start with Terrorism but it will be extended via child protection to computer misuse. The UK will follow the USA into the lunacy where rapists get lighter punishment than their pursuers. (See i.e. google “Steubenville Hacker”). None of this will make the people of Britain any safer.

Furthermore there is no judicial oversight in today’s systems. Who is targeted is in the hands of politicians; their decision making is secret. It should be the cornerstone of our opposition. Police action that breaches our Article 8 rights to privacy should be overseen by judges.

You should also consider the defence of Parliamentary Privilege and the Wilson Doctrine; the UK Intelligence services are currently prohibited from monitoring MPs.

Privacy is a Human Right. Privacy is necessary in a democracy for political organisation.

You have the opportunity to continue to do the right thing, to balance the privacy of the British people against their safety from terrorists. Please do not backtrack on requiring any extension of Police powers to be proportionate and effective. The sad thing is that Labour’s record in power is such that allegations that we would support the unwarranted

The best way to defend democracy is to be one.

Is not just hackers, its leaking as well

I have suggested in two blog articles, that the should the UK’s security services build their proposed internet surveillance system, that it will be accessed illegally by the well resourced and technically savvy, and legally by those that can afford the lawyers, mainly big business or the sensitive libel litigators. There is well proven precedent that laws designed for a narrow purpose will bleed into broader areas.

We already have example of the Norwich Pharmacal case, where HMRC were subpoenaed to release records to a party in a civil case. This has bled from intellectual property to other cases. It should be noted that giving HMRC the facts they require is mandatory. It’s this bleeding of law from its original purpose to others that often makes the worse law.

The inland revenue refused point blank to take on the Child Support Agency’s collection duties and also fought tooth and nail to keep its data private from the CSA. They felt that many men would tell the truth to them, but seek to avoid co-operating with the CSA; inter-agency co-operation would in their eyes make their duties more difficult; they’d loose co-operation of many of taxpayers.

The decennial Census is mandatory. The privacy guarantee is that neither individual returns nor micro-sets that allow the identification of individuals will be published, yet this was run by Lockheed Martin, an organisation subject to Patriot Act supervision?

The establishment of the Criminal Records Bureau (CRB) has also created another luge, from the specific to the general. It was created to ensure that staff in schools criminal records were known. It is now used for parent volunteers and it is becoming common place for large employers to ask for a criminal records check before offering work. The CRB won’t release their data to organisations with no child protection roles without the permission of data subject, so guess what the options are if you want or need the job.

(That’d be quite a good caveat, no non law enforcement organisations can access the snoopers database without permission of the data subjects, but we need to change RIPA, since very large number of organisations can issue.)

This is all an interesting contrast as private (i.e. legally confidential) data is made available to the interested, but public data is being privatised.

Actually the Tories seem conflicted, their manifesto promises and early actions suggest they’d like to live with and act on the view that public data should be made available to allow the crowd-sourcing of innovation using the data, such as TFL and the train locations, enabling the private sector to create jobs and income on the back of a public sunk investment. They were persuaded that the public or the taxpayer as they like to see it had already paid for the data. However, the cutting of the Universities funding system weakens the public claim on the research output of these institutions; enabling the enclosure of this research by the academic publishers.

Alec Muffett has performed a sterling service in a bunch of articles at Crypticide, including reviewing the evidence presented to Parliament to pointing out that at the time, the Home Office consider Facebook and Twitter to be UK ISPs and seem to plan to require them to retain message data, not message header data for 12 months.

As a penultimate point, someone called Derek, writes and explains how the technology works. His article is quite simple and so a good point to start; he explores the ease of adoption of encryption technology, which is quite useful, but this is why the Home Office asked questions in their consultation as to how and if encryption technology should be restricted.

My final comment is that the recent hacking of Twitter and the NYT is further proof that the growing amount of literature that “brute force” attacks on password systems are getting cheaper and cheaper is right; at least if you are a state actor. To keep a site secure, you have to do everything right, to hack it, they need to have forgotten or been cheap once.

#lab12 conference diary

#lab12 Despite being a member of the Labour Party for 38 years, I have never been to conference before; I have just returned from Manchester, where I attended for 2½ days. It was rather fun, jolly useful and thanks to some of the people I met, inspiring.

I got there late-ish on Sunday and met up with my comrades from Lewisham Deptford CLP, including @vickyfoxcroft, @joe_dromey, @joeperryuk, @mjrharris and @Len_Duvall in a bar near the conference centre. I had been disappointed that the conference and fringe running order had not been sent to me until after I bought my train ticket. This meant I missed part one of the shenanigans and the debate on “Refounding Labour” which I had wanted to attend. After the Lewisham meetup, I moved on to the New Statesman party. I think as a subscriber, I should have had an invite, I didn’t, but anyway, I got in OK. I met up with one of their staff, and expressed my views that I didn’t want to pay to read Dan Hodges and could they stop publishing his stuff. I was advised to write to the Editor, Jason Cowley, with that view, but I can’t find his email or twitter handle! Poor show!

Citizens not Suspects

I attended the Open Rights Group’s London meetup on Monday night; Rachel Robinson, Liberty’s Policy Officer was speaking at the Angel, a pub near Old St, probably the inspiration for the London monopoly board space. She spoke about planned legistation in the UK known variously as the Communications Capabilities Development Programme or the Communications Data Bill. Interesting how the British Government develop such annodyne names for their oppressive measures, the Digital Economy Act vs the US “Stop Online Piracy Act” or the “Commerce before Leisure on the Internet Act”, I made the last one up, or I think I did.

They won’t snoop, if you’ve nothing to hide (1985 style).

A night at the ORG London meetups, talking to Jim Killock he asks why the Labour Party and Trade Unions aren’t opposing the Communications Data Bill; he forecasts a time when these new laws will be used against the Unions. He’s too young to remember the last time this was an issue,

Bugging Harriet Harman and the NCCL, and leading Trade Unionists in the NUM, AEUW and CPSA.They probably wouldn’t be breaking the law today, and the CDP will make it easier. Massiter was a warrior for the truth, a brave women;  I am grateful for her courage and Nick Davies is still fighting the fight.

The Denning quote in the last five minutes is quite fun.

“…the Security Services …are to be used for one purpose and one purpose only, the defence of the Realm.

Most people in this country would, I am sure wholeheartedly support this principle for it would be intolerable to us to have anything in the nature of a Gestapo or Secret Police to snoop into all that we do…even at the behest of a Minister or a Government department…”

This isn’t the article I expected to write when I set out to attend, perhaps I’ll post my notes tomorrow.