The UK tax authority HMRC abused the country's controversial anti-terrorism law to spy on a whistleblower and journalists at the Guardian after it was embarrassed by the revelation that it had given a sweetheart deal to Goldman Sachs. Osita Mba revealed a government oversight body that HMRC forgave GBP10M in interest owed by Goldman Sachs after a failed tax-evasion scheme, and in the ensuing public furore, HMRC's top executives invoked RIPA, the country's anti-terror law, to spy on its employees and on Guardian journalists in order to discover the identity of the leaker. Under RIPA, HMRC is able to spy on the nation's emails, Internet traffic, text messages, phone records and other sensitive data.
Lin Homer, the head of HMRC has appeared before a Parliamentary committee to explain its use of anti-terror spying powers to uncover the identity of a whistleblower whose personal information is protected by legislation, and was unrepentant, and would not rule out doing it again in the future.
Margaret Hodge, the committee chair, expressed shock at this. But it was under her party's last government, the Blair regime, that RIPA was put into place, over howls of protest from campaigners who predicted that it would be used in just this way.
Read the rest
The Australian attorney general has mooted a proposal to require service providers to compromise their cryptographic security in order to assist in wiretaps. The proposal is given passing mention in a senate submission from the AG's office, where it is referenced as "intelligibility orders" that would allow "law enforcement, anti-corruption and national security agencies" to secure orders under which providers like Google, Facebook and Yahoo would have to escrow their cryptographic keys with the state in order to facilitate mass surveillance.
Edward Snowden referenced this possibility in his SXSW remarks, pointing out that any communications that are decrypted by service providers are vulnerable to government surveillance, because governments can order providers to reveal their keys. This is why Snowden recommended the use of "end-to-end" security, where only the parties in the discussion -- and not the software vendor -- have the ability to spy on users.
The "intelligibility order" is the same kind of order that led to the shutdown of Lavabit, the secure email provider used by Snowden, whose creator shut the service down rather than compromising his users' security.
Read the rest
UK Labour Member of Parliament Tom Watson writes, "I thought you might be interested to read the latest developments on the drones and data collection front. I've asked privacy expert Jemima Stratford QC for her legal opinion on aspects of the Snowden revelations. Contrary to reassurance from the Foreign Secretary and Chair of the ISC she finds [PDF]:
1. interception of 'internal' contents data of British citizens in the UK is unlawful under RIPA [ed: the Regulation of Investigatory Powers Act 2000; the UK's controversial spying bill]
2. the RIPA framework is outdated and not fit for purpose, leaving British citizens exposed to unlawful interference
3. transfer of data to NSA, which shares data with CIA, leaves GCHQ officials exposed to charges of aiding murder in the UK where the government knows that data is available for use to direct drone strikes against non-combatants
Further, she argues:
4. the government should agree and publish a new memorandum of understanding with the US specifying how data from UK can be stored and used by foreign agents.
Watson doesn't do the report justice, really -- Stratford's opinion includes that UK participation in US drone strikes opens up individual UK intelligence operatives to being charged as accessories to murder. Watson sent copies of the report to all the members of the all-party parliamentary drone group, which of which he is chair. He's also sending it to the parliamentary intelligence and security committee for their own hearings on surveillance.
The Guardian has a great summary of the memo here, but really, you should read it yourself [PDF] -- it's a very quick and easy read. Stratford is a leading public law barrister, and she argues beautifully.
Read the rest
The Guardian has published information from another Edward Snowden leak, this one detailing a British wiretapping program by the UK spy agency GCHQ that puts Prism to shame. The GCHQ program, called Tempora, stores all submarine cable traffic and all domestic traffic (Internet packets and recordings of phone-calls) for 30 days, using NSA tools to sort and search it; the quid-pro-quo being that the NSA gets to access this data, too. The program is reportedly staffed by 300 GCHQ spies and 250 NSA spies, and the data produced by the taps is made available to 850,000 NSA employees and contractors. This is all carried out under the rubric of RIPA, the controversial Regulation of Investigatory Powers Act, a UK electronic spying law passed by Tony Blair's Labour government.
The GCHQ mass tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and internet servers in north America.
This was done under secret agreements with commercial companies, described in one document as "intercept partners".
The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. They were assigned "sensitive relationship teams" and staff were urged in one internal guidance paper to disguise the origin of "special source" material in their reports for fear that the role of the companies as intercept partners would cause "high-level political fallout".
The source with knowledge of intelligence said on Friday the companies were obliged to co-operate in this operation. They are forbidden from revealing the existence of warrants compelling them to allow GCHQ access to the cables.
"There's an overarching condition of the licensing of the companies that they have to co-operate in this. Should they decline, we can compel them to do so. They have no choice."
GCHQ taps fibre-optic cables for secret access to world's communications