UK spies secretly granted power to spy on journalists and lawyers

The UK Investigatory Powers Tribunal secretly granted permission to MI5 and MI6 to spy on journalists and lawyers, in ways that violate attorney-client privilege.

Read the rest

Honorable spies anonymously leak NSA/GHCQ-discovered flaws in Tor

Andrew Lewman, head of operations for The Onion Router (TOR), an anonymity and privacy tool that is particularly loathed by the spy agencies' capos, credits Tor's anonymous bug-reporting system for giving spies a safe way to report bugs in Tor that would otherwise be weaponized to attack Tor's users.

Read the rest

GCHQ's black bag of dirty hacking tricks revealed

The dirty tricks used by JTRIG -- the toolsmiths of the UK spy agency GCHQ -- have been published, with details on how the agency manipulates public opinion, censors Youtube, games pageview statistics, spy on Ebay use, conduct DDoS attacks, and connect two unsuspecting parties with one another by phone.

Read the rest

Snowden: #DRIP "defies belief," could have been dreamed up by NSA


Edward Snowden has spoken out on #DRIP, the surveillance bill that the UK's major parties have vowed to ram through without any debate.

Read the rest

ISPs sue UK spies over hack-attacks


ISPs in US, UK, Netherlands and South Korea are suing the UK spy agency GCHQ over its illegal attacks on their networks in the course of conducting surveillance.

Read the rest

UK secretary of state: "There is no surveillance state"


UK Secretary of State Theresa May -- part of a regime that presides over a spy service that claims the right to intercept all webmail, search and clicks; that spends hundreds of millions sabotaging Internet security; that dirty-tricks and psy-opses peaceful protest groups;

Read the rest

GCHQ claims right to do warrantless mass interception of all webmail, search and social media


The UK spy agency GCHQ says it doesn't need a warrant to intercept and store all UK social media traffic, search history and webmail because it is headed offshore, so it's "foreign communications". It had kept this interpretation of English and Welsh law a secret until now, and only revealed it after a protracted legal battle with the excellent people at Privacy International and six other civil liberties groups, including Amnesty International, and ACLU.

Read the rest

Privacy vs network effects


Respected cryptographer and security researcher Ross Anderson has a fascinating new paper, Privacy versus government surveillance: where network effects meet public choice [PDF], which explores the "privacy economics" of mass surveillance, pointing out the largely overlooked impact of "network effects" on the reality of who spies, who is spied upon, and under what circumstances.

My first big point is that all the three factors which lead to monopoly – network effects, low marginal costs and technical lock-in – are present and growing in the national-intelligence nexus itself. The Snowden papers show that neutrals like Sweden and India are heavily involved in information sharing with the NSA, even though they have tried for years to pretend otherwise. A non-aligned country such as India used to be happy to buy warplanes from Russia; nowadays it still does, but it shares intelligence with the NSA rather then the FSB. If you have a choice of joining a big spy network like America's or a small one like Russia's then it's like choosing whether to write software for the PC or the Mac back in the 1990s. It may be partly an ideological choice, but the economics can often be stronger than the ideology.

Second, modern warfare, like the software industry, has seen the bulk of its costs turn from variable costs into fixed costs. In medieval times, warfare was almost entirely a matter of manpower, and society was organised appropriately; as well as rent or produce, tenants owed their feudal lord forty days’ service in peacetime, and sixty days during a war. Barons held their land from the king in return for an oath of fealty, and a duty to provide a certain size of force on demand; priests and scholars paid a tax in lieu of service, so that a mercenary could be hired in their place. But advancing technology brought steady industrialisation. When the UK and the USA attacked Germany in 1944, we did not send millions of men to Europe, as in the first world war, but a combat force of a couple of hundred thousand troops – though with thousands of tanks and backed by larger numbers of men in support roles in tens of thousands of aircraft and ships. Nowadays the transition from labour to capital has gone still further: to kill a foreign leader, we could get a drone fire a missile that costs $30,000. But that's backed by colossal investment – the firms whose data are tapped by PRISM have a combined market capitalisation of over $1 trillion.

Third is the technical lock-in, which operates at a number of levels. First, there are lock-in effects in the underlying industries, where (for example) Cisco dominates the router market: those countries that have tried to build US-free information infrastructures (China) or even just government information infrastructures (Russia, Germany) find it’s expensive. China went to the trouble of sponsoring an indigenous vendor, Huawei, but it’s unclear how much separation that buys them because of the common code shared by router vendors: a vulnerability discovered in one firm’s products may affect another. Thus the UK government lets BT buy Huawei routers for all but its network’s most sensitive parts (the backbone and the lawful-intercept functions). Second, technical lock-in affects the equipment used by the intelligence agencies themselves, and is in fact promoted by the agencies via ETSI standards for functions such as lawful intercept.

Just as these three factors led to the IBM network dominating the mainframe age, the Intel/Microsoft network dominating the PC age, and Facebook dominating the social networking scene, so they push strongly towards global surveillance becoming a single connected ecosystem.

Privacy versus government surveillance: where network effects meet public choice (via Schneier)

(Image: Friendwheel, Steve Jurvetson, CC-BY)

Did GCHQ reveal secrets about computer insecurity when it exorcised the Snowden leaks from the Guardian's laptops?


When Prime Minister David Cameron ordered two GCHQ spooks to go the the Guardian's offices and ritually exorcise two laptops that had held copies of the Snowden leaks, we assumed it was just spook-lunacy; but Privacy International thinks that if you look at which components the spies targeted for destruction, there are hints about ways that spies can control computer hardware.

Read the rest

Mathematicians: refuse to work for the NSA!


In a stirring editorial in the New Scientist, University of Edinburgh mathematician Tom Leinster calls on the world's mathematicians to boycott working for the NSA, which describes itself as the "largest employer of mathematicians in the US" and which may the world's number one employer of mathematicians. Leinster suggests that mathematicians could refuse to work for the NSA, that university heads could refuse to grant professors leave to work at NSA or GCHQ, that national mathematical societies could refuse NSA job-posting ads, and even "expel members who work for agencies of mass surveillance."

Read the rest

Yahoo beefs up security in two meaningful and important ways

Yahoo has taken some serious steps towards protecting user-privacy, writes the Electronic Frontier Foundation's Seth Schoen. After revelations that the NSA and GCHQ had hacked its services, intercepted private video-chats, and harvesting mass data from its fiber optic links, the company has added forward secrecy and STARTTLS to its roster of default-on security measures. Of the two, forward secrecy is the most interesting, as it protects the privacy of old intercepted Yahoo data even if the company loses control of its keys. Bravo, Yahoo! Cory 7

Britain is turning into a country that can't tell its terrorists from its journalists


Sarah Harrison, a British journalist who's worked with Wikileaks and the Snowden papers, writes that she will not enter the UK any longer because the nation's overbroad anti-terror laws, combined with the court decision that validates using them to detain journalists who are not suspected of terrorism under any reasonable definition of the term, means that she fears begin detained at the airport and then jailed as a terrorist when she refuses to decrypt her files and grant police access to her online accounts. Under the UK's Terrorism Act of 2000, journalists who write because they hope to expose and halt corruption are liable to being jailed as terrorists because they report on leaks in a way that is "designed to influence the government." And "the government," according to the Act, is any government, anywhere in the world -- meaning that journalists who report on leaks that embarrass any government in the world can be treated as terrorists in the UK.

Nor is this an idle risk: Glenn Greenwald's partner, David Miranda, was detained under terrorism rules when he transited through the UK, and a UK judge subsequently found that the detention was justified on these grounds, even though no one suggests that Miranda is involved in terrorism in any way. As Harrison writes, "Britain is turning into a country that can't tell its terrorists from its journalists."

The final paragraphs of Harrison's editorial sum it up neatly:

Read the rest

NSA wiretapped 122 world leaders; GCHQ penetrated German satellite companies for mass surveillance potential


Newly disclosed documents from the trove Edward Snowden provided to journalists reveal the existence of the "Nymrod" database that listed 122 world leaders, many from nations friendly to the USA, that were spied upon by the NSA. Included in the list is German Chancellor Angela Merkel, who was already known to have been wiretapped by the NSA thanks to an earlier disclosure. Nymrod's "Target Knowledge Database" combed through the NSA's pool of global intercepts to amass dossiers of private communications -- emails, faxes, calls and Internet traffic -- related to the leaders.

Additionally, the UK spy agency GCHQ infiltrated and compromised two German satellite communications companies -- Stellar and Cetel -- and IABG, a company that supplied them with equipment. It wiretapped their senior executives as well. None of these companies are accused of having done anything amiss, but were targeted by British spies because their services carried Internet traffic and were a convenient "access chokepoint" from which to conduct mass-surveillance programs.

Read the rest

Podcast: If GCHQ wants to improve national security it must fix our technology

Here's a reading (MP3) of my latest Guardian column, If GCHQ wants to improve national security it must fix our technology where I try to convey the insanity of spy agencies that weaken Internet security in order to make it easier for them to spy on people, by comparing this to germ warfare.

Read the rest

UK Deputy PM commissions independent review of spy powers

Glyn sez, "UK Deputy PM Nick Clegg has commissioned a review into the new intrusive capabilities of British intelligence agencies and the legal framework in which they operate."

Read the rest