JOINT COMMITTEE ON THE DRAFT INVESTIGATORY POWERS BILL
CALL FOR WRITTEN EVIDENCE
The Joint Committee on the Draft Investigatory Powers Bill, chaired by Lord Murphy of Torfaen, was appointed by the two Houses of Parliament in late November 2015 to consider the Draft Investigatory Powers Bill, which was presented to the two Houses on 4 November 2015. The Committee invites any interested individuals and organisations to submit evidence to this inquiry.
The Committee in particular will explore the key issues listed below in detail, and would welcome your views on any or all of the following questions. Please note that questions are not listed here in any particular order of importance.
Written evidence should arrive no later than 21 December 2015. Public hearings will be held in November and December 2015 and January 2016. The Committee has been asked to report to the Houses, with recommendations, in February 2016. The report will receive a response from the Government. The time available for the Committee’s inquiry is short, and its focus will be on the contents of the draft Bill rather than more general aspects of policy. The Committee will not consider as part of its inquiry the merits of individual cases which have been, or are now, subject to formal proceedings in courts or tribunals.
Are the powers sought necessary?
o Has the case been made, both for the new powers and for the restated and clarified existing powers?
Are the powers sought legal?
o Are the powers compatible with the Human Rights Act and the ECHR? Is the requirement that they be exercised only when necessary and proportionate fully addressed? Are they sufficiently clear and accessible on the face of the draft Bill? Is the legal framework such that CSPs (especially those based abroad) will be persuaded to comply? Are concerns around accessing journalists’, legally privileged and MPs' communications sufficiently addressed?
Are the powers sought workable and carefully defined?
o Are the technological definitions accurate and meaningful (e.g. content vs communications data, internet connection records etc.)? Does the draft Bill adequately explain the types of activity that could be undertaken under these powers? Is the wording of the powers sustainable in the light of rapidly evolving technologies and user behaviours? Overall is the Bill future-proofed as it stands?
Are the powers sought sufficiently supervised?
o Is the authorisation process appropriate? Will the oversight bodies be able adequately to scrutinise their operation? What ability will Parliament and the public have to check and raise concerns about the use of these powers?
To what extent is it necessary for
(a) the security and intelligence services and
(b) law enforcement to have access to investigatory powers such as those contained in the Draft Investigatory Powers Bill?
Are there any additional investigatory powers that security and intelligence services or law enforcement agencies should have which are not included in the draft Bill?
Are the new offences proposed in the draft Bill necessary? Are the suggested punishments appropriate?
Are there sufficient operational justifications for undertaking
(a) targeted and
(b) bulk interception?
Are the proposed authorisation processes for such interception activities appropriate? Is the proposed process for authorising urgent warrants workable?
Are the proposed safeguards sufficient for the secure retention of material obtained from interception?
How well does the current process under Mutual Legal Assistance Treaties (MLATs) work for the acquisition of communications data? What will be the effect of the extra-territorial application of the provisions on communications data in the draft Bill?
Are the definitions of content and communications data (including the distinction between 'entities' and 'events' sufficiently clear and practical for the purposes of accessing such data?
Does the draft Bill allow the appropriate organisations, and people within those
organisations, access to communications data?
Are there sufficient operational justifications for accessing communications data in bulk?
Is the authorisation process for accessing communications data appropriate?
Do the proposed authorisation regime and safeguards for bulk data retention meet the requirements set out in the CJEU Digital Rights Ireland and the Court of Appeal Davis judgments?
Is accessing Internet Connection Records essential for the purposes of IP resolution and identifying of persons of interest? Are there alternative mechanisms? Are the proposed safeguards on accessing Internet Connection Records data appropriate?
Are the requirements placed on service providers necessary and feasible?
Should the security and intelligence services have access to powers to undertake
(a) targeted and
(b) bulk equipment interference? Should law enforcement also have access to such powers?
Are the authorisation processes for such equipment interference activities appropriate?
Are the safeguards for such activities sufficient?
Bulk Personal Data
Is the use of bulk personal datasets by the security and intelligence services appropriate? Are the safeguards sufficient for the retention and access of potentially highly sensitive data?
What are the advantages and disadvantages of the proposed creation of a single Judicial Commission to oversee the use of investigatory powers?
Would the proposed Judicial Commission have sufficient powers, resources and independence to perform its role satisfactorily?
Are the appointment and accountability arrangements for Judicial Commissioners appropriate?
Are the new arrangements for the Investigatory Powers Tribunal including the possibility of appeal adequate or are further changes necessary?
GUIDANCE FOR SUBMISSIONS
Written evidence should be submitted online using the written submission form available at www.parliament.uk/draft-investigatory-powers-submission-form. This page also provides guidance on submitting evidence.
If you have difficulty submitting evidence online, please contact the Committee staff by email to
or by telephoning 020 7219 8443. The deadline for written evidence is 21 December 2015.
Short submissions are preferred. A submission longer than six pages should include a onepage
Paragraphs should be numbered. All submissions made through the written submission form will be acknowledged automatically by email.
Evidence which is accepted by the Committee may be published online at any stage; when it is so published it becomes subject to parliamentary copyright and is protected by parliamentary privilege. Submissions which have been previously published will not be accepted as evidence. Once you have received acknowledgement that the evidence has been accepted you will receive a further email, and at this point you may publicise or publish your
evidence yourself. In doing so you must indicate that it was prepared for the Committee, and you should be aware that your publication or re-publication of your evidence may not be protected by parliamentary privilege.
Personal contact details will be removed from evidence before publication, but will be retained by the Committee Office and used for specific purposes relating to the Committee's work, for instance to seek additional information.
Persons who submit written evidence, and others, may be invited to give oral evidence. Oral evidence is usually given in public at Westminster and broadcast online; transcripts are also taken and published online. Persons invited to give oral evidence will be notified separately of the procedure to be followed and the topics likely to be discussed.
Substantive communications to the Committee about the inquiry should be addressed through the clerk of the Committee, whether or not they are intended to constitute formal evidence to the Committee.
This is a public call for evidence. Please bring it to the attention of other groups and individuals who may not have received a copy direct.
You may follow the progress of the inquiry at www.parliament.uk/draft-investigatorypow
UPDATE 26th November 2015:
The Chairman of the Draft Investigatory Powers Bill Joint Committee has been appointed: Lord Murphy of Torfaen. Paul Murphy was a Labour Minister for Northern Ireland (and Wales) and was the Chair of the Intelligence and Security Committee from 2005 to 2008, which failed to properly investigate the 7/7 2005 London bombings (required a second investigative report in 2009 with Kim Howells as Chair).
Draft Investigatory Powers Bill Joint Committee - membership
The target date for the scrutiny of this complicated 200 page Bill is set for 11th February 2016, which really is not enough time to do a thorough job, given the Christmas and New Year holidays.
|Victoria Atkins MP||Conservative||Barrister specialising in fraud, stood unsuccessfully in the Police and Crime Commissioner elections for Gloucestershire Constabulary|
|Suella Fernandes MP||Conservative||Barrister|
|Rt Hon David Hanson MP||Labour||Former Home Office Minister for Security, Counter-Terrorism, Crime and Policing|
|Stuart C McDonald MP||SNP||Former immigration lawyer|
|Dr Andrew Murrison MP||Conservative||Medical doctor and ex Royal Navy Surgeon-Commander|
|Matt Warman MP||Conservative||Former technology editor of Daily Telegraph|
|Baroness Browning||Conservative||Former Home Office Minister of State in the House of Lords|
|Lord Butler of Brockwell||Crossbench||Former member of Intelligence & Security Committee (did look at previous Draft Comms Data Bill) , former Cabinet Secretary|
|Bishop of Chester||Bishops||BA in Chemistry before becoming a cleric|
|Lord Hart of Chilton||Labour||Former planning solicitor & Special Advisor|
|Lord Henley||Conservative||Former Home Office Minister Crime Prevention and Anti-Social Behaviour Reduction|
|Lord Murphy of Torfaen||Labour||Chairman of this Committee,former Chair of Intelligence & Security Committee (which failed to properly investigate 7/7 2005 London bombings etc.)|
|Lord Strasburger||Liberal Democrat||Businessman, only member of previous Draft Communications Data Bill committee.|
Note the preponderance of likely "gone native" politicians with "experience" of Policing and Intelligence agencies.
Who will be elected as Chair of this Joint Committee ? Lord Butler the supposedly Cross Bench former Cabinet Secretary ?
Only Lord Strasburger (Liberal Democrat) served on the previous Draft Communications Data Bill Joint Committee, although Lord Butler of Brockwell did scrutinise some of it as a then member of the Intelligence and Security Committee.
The Emergency Debate on the Wilson Doctrine on Monday 19th October 2015:
Commons Hansard 19 Oct 2015 : Column 694
Almost no MPs bothered to attend this Emergency Debate on the operation of the Wilson Doctrine.
The MPs who did speak:
Chris Bryant (Rhondda) (Lab)
Mr Peter Bone (Wellingborough) (Con)
Mr David Davis (Haltemprice and Howden) (Con)
Lady Hermon (North Down) (Ind):
The Secretary of State for the Home Department (Mrs Theresa May)
Mr Kenneth Clarke (Rushcliffe) (Con)
Andrew Gwynne (Denton and Reddish) (Lab)
Tom Pursglove (Corby) (Con)
Mr Alistair Carmichael (Orkney and Shetland) (LD)
Mr David Winnick (Walsall North) (Lab)
Joanna Cherry (Edinburgh South West) (SNP)
Mark Field (Cities of London and Westminster) (Con)
Dr Andrew Murrison (South West Wiltshire) (Con)
Ms Margaret Ritchie (South Down) (SDLP)
Gavin Robinson (Belfast East) (DUP)
Caroline Lucas (Brighton, Pavilion) (Green)
Martin John Docherty (West Dunbartonshire) (SNP)
Will Her Majesty's Opposition hold the Government to account over this shoddy deception ? Or will the Corbynistas be overshadowed by the Scottish Nationalists ? Will the handful of Conservative MPs who seem to care about liberty and privacy and freedom have any effect on the Government ?
Chris Bryant, who lead this Emergency Debate, made a lot of sense in his analysis of the current Wilson Doctrine debacle, but the attitude of the rest of the Labour party, almost none of whom bothered to turn up, is still suspiciously unclear.
He rightly chided the Home Secretary for rushing through the Data retention and Investigatory powers Act in a single day, and hoped that the forthcoming Investigatory Powers Bill which might be able to ut the Wilson Doctrine or similar into law would not be similarly rushed through.
Andy Burnham (Lab) the Shadow Home Secretary turned up for a bit, and lurked next to Chris Bryant, but did not bother to speak
Where was the Deputy Leader Tom Watson (Lab), who is supposed to be a patron of the Open Rights Group and who did ask the Question which prompted Theresa May's "caveated statement" on the Wilson Doctrine earlier this year ? ?
Where were the Corbynistas ?
Dominic Grieve's contribution to the debate was restricted to promising that as Chair of the Intelligence and Security Committee, the Committee would consider MP and Constituency interception procedures along with other legally privileged lawyers and journalists etc.
Given the other things they must look into, it is unclear if they will contribute anything before the full Investigatory Powers Bill is set in motion early next year.
Peter Bone yet again asked the Home Secretary how many MPs have had their telephones intercepted since 1966. Her silence confirms that the number is clearly not zero, making a mockery of even the very narrow definition of the Wilson Doctrine which is now being spun by the Government.
David Davis correctly summed up the Wilson Doctrine is effectively dead:
"the doctrine is dead. Whether or not it is legally dead, it is in practice dead. It is dead in the eyes of the people--whistleblowers, campaigners and so on--who might come to us, and we have to do something to replace it."
He also mentioned the vital importance of metadata, which the Wilson Doctrine sneakily does not "protect".
Spy Blog would also like to see protection for Constituents, Campaigners, Journalists, Whistleblowers and other elected representatives all the other RIPA an non-IPA surveillance techniques included in the new Investigatory Powers Bill e.g. MetaData / Communications data / Traffic Data (RIPA 2000 Part II) , compelled access access to Encrypted Data (RIPA III), CHIS Covert Human Intelligence Sources (informers and infiltrators), bugging and tracking devices (Police Act 1997 Part III) etc.
The Scottish Nationalist Party outnumbered the Labour Party and emphasised the need for Scottish Parliament, Welsh Assembly, Northern Ireland Assembly and UK Members of the European Parliament to have their communications with constituents and whistleblowers etc. protected.
The 3 MPs from Northern Ireland pointed out what even Theresa May admitted was a "conundrum" - it is unclear with the shifting changes made in secret to the Intelligence Agencies Guidance, did the Wilson Doctrine apply or not apply to those "double dipping" Members of Parliament MPs who were also simultaneously Members of the Legislative Assembly (MLA) ?
Caroline Lucas of course was a party to the the Investigatory Powers Tribunal case and mentioned the point Spy Blog noticed that even though the Wilson Doctrine has no legal power, neither do the Draft Code of Practice (not yet presented to, let alone approved by Parliament) nor the internal Intelligence Agency Guidance.
The lack of interest in their constituents' privacy and liberties shown by the absent MPs does not bode well for the forthcoming Draft Investigatory Powers Bill.
The secretive Investigatory Powers Tribunal, which always seems to side with the Whitehall securocrats at the expense of ordinary, innocent people, has done it again with their judgment on the Wilson Doctrine
Spy Blog has always assumed that the deliberate vagueness and extreme brevity of any official Answers to Parliamentary Questions about the Wilson Doctrine, even as it has changed slightly over the years, meant that the public and Parliamentarians were being lied to by Downing Street regarding the confidentiality of the communications between Members of Parliament and their Constituents.
IPT/14/79/CH IPT/14/80/CH IPT/14/172/CH
Caroline Lucas MP, Baroness Jones of Moulsecoomb AM, George Galloway vs. the Security Service, SIS, GCHQ
The Tribunal heard and resolved issues relating to the status, meaning and effect of what has been called the Harold Wilson Doctrine, or the Wilson Doctrine, originating in the statement in the
House of Commons on 17 November 1966 by the Rt Hon Harold Wilson, the then Prime Minister. The Tribunal made declarations that the Wilson Doctrine applies only to targeted, and not
incidental, interception of Parliamentary communications, but that it has no legal effect, save that in practice the Security and Intelligence Agencies must comply with their own Guidance,
which has now been disclosed in the Judgment.
Full judgment (.pdf 25 pages) http://www.ipt-uk.com/docs/Caroline_Lucas_JUDGMENT.pdf
10. There are relevant passages in the Codes, to which we are satisfied the Home Secretary was referring: the Interception of Communications Code of Practice pursuant to Section 71 of RIPA in force until this year ("the Code") does not make express reference to communications between parliamentarians and their constituents as being confidential, in that such communications are not listed among the examples given, but they are particularised in the new draft Code which has been de facto in operation since the beginning of this year, and complied with by the Security and Intelligence Agencies, although it has been the subject of consultation and has not yet been put before or approved by Parliament ("the Draft Code").
How can this possibly be compliant with Human Rights Act 1998 ECHR Article 8 Right to respect for private and family life "in accordance with law", when the supposed protections are still only a Draft Code of Practice which has not been approved by Parliament or are internal Intelligence Agency Guidance, which has no legal force at all ?
Liberty/Privacy provides, particularly having regard to the well-established proposition as to the reduced foreseeability required in the field of national security, a sufficient and adequate system for ECHR purposes, and one which does not require the Wilson Doctrine to underlie it. Unlike journalists' and lawyers' communications, there is no ECHR authority for enhanced protection for parliamentarians. There are very good reasons, as Sir Swinton Thomas pointed out, for parliamentarians not being treated differently from other citizens. The s.5 RIPA criteria and the approved interception regimes, including other statutory provisions for the respective Agencies, impose and signal a high threshold for interception. It is not necessary for this Tribunal to make new law. Moreover any attempt to do so would entail inventing a new code to define the types of communications covered and where lines are to be drawn. The Wilson Doctrine, as now enunciated and put into effect, highlights a need for caution and circumspection in respect of parliamentarians' communications. But such caution and circumspection will be called for in respect of many other types of confidential and sensitive private communications, which come to be considered under the interception regimes.
Answers to the preliminary issues
33. The Tribunal accordingly answers the preliminary issues attached to this judgment as follows:i) The Wilson Doctrine does not apply to s.8(4) warrants at the stage of issue.
ii) It applies to targeted, but not incidental, interception of parliamentarians' communications both in respect of s.8(1) warrants at date of issue and in respect of s.8(4) warrants at the date of accessing/selecting such communications.
iii) The Wilson Doctrine does not operate so as to create a substantive legitimate expectation.
iv) The Wilson Doctrine has no legal effect, but in practice the Agencies must comply with the Draft Code and with their own Guidance.
v) The regime for the interception of parliamentarians' communications is in accordance with the law under Article 8(2) and prescribed by law under Article 10(2), in particular by reference to s.5(3) of RIPA.
34. MPs' communications with their constituents and others are protected, like those of every other person, by the statutory regime established by Part 1 of RIPA 2000. The critical control is the requirement for a Secretary of State's warrant, which can only be issued if the requirements of Section 5 are satisfied. That regime is sufficient to protect such communications and nothing further is required by the ECHR.
It would be truer to say that
"MPs'communications with their constituents and others are unprotected, like those of every other person"
"That regime is insufficient to protect such communications"
- What now, that the Wilson Doctrine is effectively dead ?
There is a 3 hour Emergency Debate in the House of Commons on the Wilson Doctrine from some time after 14:30, tomorrow Monday 19th October 2015.
Will Her Majesty's Opposition hold the Government to account over this shoddy deception ? Or will the Corbynistas be overshadowed by the Scottish Nationalists ? Will the handful of Conservative MPs who seem to care about liberty and privacy and freedom have any effect on the Government ?
At a guess the Government will pretend that the the still only Draft Code of Practice is somehow important, even though it is the "incidental interception" on a massive industrial scale by GCHQ and our 5 Eyes intelligence foreign agency partners which is the threat to the privacy of a Constituent's emails or mobile phone or landline phone or postal communications with their Member of Parliament.
How can an MP be trusted with any sensitive personal or legal or whistleblower information, from their Constituents, especially if it pertains to a complaint against or wrongdoing by a branch of the UK Government, when there is no legal protection for such communications at all ?
- OPSEC and COMSEC training for MPs etc.
The Open Rights Group has offered to help to train Members of Parliament (and other UK elected representatives not covered by the Wilson Doctrine in the Scottish Parliament, Welsh Assembly, Northern Ireland Assembly and the European Parliament) in the sort of secure digital communications techniques involving risk assessment, personal computers and smartphones etc. which journalists and political activists have had to resort to
These same techniques can be used to help to hide MPs' shady private and business lives, but that is a price worth paying for access to our democratically elected representatives, without UK or other Government snooping.
Spy Blog has some experience with organising and teaching at CryptoParty events in London and even started to organise one for MPs, Peers or their staff in the last Parliament, until it became obvious that MPs didn't care about such things, by rushing the badly scrutinised Data Retention and Investigatory Powers Act through in an unnecessary hurry.
Perhaps there will be more interest in such techniques by our elected representatives after this Wilson Doctrine debacle.
Unless and until Members of Parliament who criticise the Government over the Wilson Doctrine start to do things like using and publishing a PGP / GPG Public Encryption Key for their Constituency or Campaign business, nothing will change, and the public will become even more alienated from untrustworthy politicians and bureaucrats.
Police Oracle announced that Commissioner of the City of London Police Adrian Leppard has announced his retirement. Will this come in to effect before the Investigatory Powers Bill is scrutinised by Parliament in the autumn ?
City of London Police are supposed to be the UK National Policing lead for preventing economic crimes. They run two controversial private industry funded national units Police Intellectual Property Crime Unit (PIPCU) dealing with "intellectual property" and counterfeit goods and the
Dedicated Cheque and Plastic Crime Unit (DCPCU)
It is therefore very peculiar that Commissioner Adrian Leppard should put his name to this New York Times Op Ed article, attacking Apple and Google mobile phone handset encryption. How many billions of pounds of UK economic secrets are protected by such
encryption on mobile phones belonging to City of London financial industry workers ?
Commissioner Leppard should be collecting hard evidence of the numbers and types of of mobile phones his officers have actually seized as evidence and the numbers reported lost or stolen, with and without strong encryption enabled (N.B. only recent versions of Android can do this and the feature is not switched on by default)
so that he can inform the Investigatory Powers Bill scrutiny with some facts rather than cherry picked handwaving examples, which is the usual inadequate or deliberately deceitful Home Office and Police
Don't hold your breath though, as Commissioner Leppard is seemingly ignorant of some of the basics of today's internet protocols
UK Police: Enforcement won't work against a piracy
When Phone Encryption Blocks Justice
By CYRUS R. VANCE Jr., FRANÇOIS MOLINS, ADRIAN LEPPARD and JAVIER ZARAGOZAAUG. 11, 2015
Cyrus Vance Jr. , clearly the main author of this article, is the son of the Washington political insider Cyrus Vance who is associated with several US Foreign Policy disasters such as the end of the Vietnam war and the Iran hostage crisis.
Like previous New York public prosecutors (these are political appointments), he may well be trying to stir up political support for a future political career, like Rudy Guiliani
In June, a father of six was shot dead on a Monday afternoon in Evanston, Ill., a suburb 10 miles north of Chicago. The Evanston police believe that the victim, Ray C. Owens, had also been robbed. There were no witnesses to his killing, and no surveillance footage either.
With a killer on the loose and few leads at their disposal, investigators in Cook County, which includes Evanston, were encouraged when they found two smartphones alongside the body of the deceased: an iPhone 6 running on Apple's iOS 8 operating system, and a Samsung Galaxy S6 Edge running on Google's Android operating system. Both devices were passcode protected.
An Illinois state judge issued a warrant ordering Apple and Google to unlock the phones and share with authorities any data therein that could potentially solve the murder. Apple and Google replied, in essence, that they could not -- because they did not know the user's passcode.
The homicide remains unsolved. The killer remains at large.
Until very recently, this situation would not have occurred.
Last September, Apple and Google, whose operating systems are used in 96 percent of smartphones worldwide, announced that they had re-engineered their software with "full-disk" encryption, and could no longer unlock their own products as a result.
According to Apple's website: "On devices running iOS 8.0 ... Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user's passcode, which Apple does not possess."
A Google spokeswoman said, "Keys are not stored off of the device, so they cannot be shared with law enforcement."
Now, on behalf of crime victims the world over, we are asking whether this encryption is truly worth the cost.
Not only is this strong encryption worth the cost, there should, in fact be much more of it, switched on by default.
Between October and June, 74 iPhones running the iOS 8 operating system could not be accessed by investigators for the Manhattan district attorney's office -- despite judicial warrants to search the devices. The investigations that were disrupted include the attempted murder of three individuals, the repeated sexual abuse of a child, a continuing sex trafficking ring and numerous assaults and robberies.
Criminal defendants have caught on. Recently, a suspect in a Manhattan felony, speaking on a recorded jailhouse call, noted that "Apple and Google came out with these softwares" that the police cannot easily unlock.
Apple, Google and other proponents of full-disk encryption have offered several rationales for this new encryption technology. They have portrayed the new policy as a response to the concerns raised by Edward J. Snowden about data collection by the National Security Agency. They say full-disk encryption makes devices generally more secure from cybercrime. And they assert that, if the companies had master encryption keys, then repressive governments could exploit the keys.
These reasons should not be accepted at face value. The new Apple encryption would not have prevented the N.S.A.'s mass collection of phone-call data or the interception of telecommunications, as revealed by Mr. Snowden. There is no evidence that it would address institutional data breaches or the use of malware. And we are not talking about violating civil liberties -- we are talking about the ability to unlock phones pursuant to lawful, transparent judicial orders.
The NSA is not the only threat to privacy and security, how would Vance & his co-signatories protect our privacy and financial information from criminals and terrorists and hostile foreign intelligence agencies who may steal or access such secrets held on mobile phone handsets ?
In the United States, Britain, France, Spain and other democratic societies, the legal system gives local law enforcement agencies access to places where criminals hide evidence, including their homes, car trunks, storage facilities, computers and digital networks.
Carved into the bedrock of each of these laws is a balance between the privacy rights of individuals and the public safety rights of their communities. For our investigators to conduct searches in any of our jurisdictions, a local judge or commissioner must decide whether good cause exists. None of our agencies engage in bulk data collection or other secretive practices. We engage in targeted requests for information, authorized after an impartial, judicial determination of good cause, in which both proportionality and necessity are tested.
Nonsense. There is is no independent judicial warrant involved in most UK mobile phone handset searches or seizures - these are self authorised by the UK police themsleves.
It is this workable balance that proscribes the operations of local law enforcement in our cities, and guides our residents in developing their expectations of privacy. But in the absence of laws that keep pace with technology, we have enabled two Silicon Valley technology companies to upset that balance fundamentally.
The Evanston case is just one example. In France, smartphone data was vital to the swift investigation of the Charlie Hebdo terrorist attacks in January, and the deadly attack on a gas facility at Saint-Quentin-Fallavier, near Lyon, in June. And on a daily basis, our agencies rely on evidence lawfully retrieved from smartphones to fight sex crimes, child abuse, cybercrime, robberies or homicides.
Note the weasel words "smartphone data" - this is not SmartPhone handset encrypted data held on the internal or external microSD card or in the local address book or locally saved SMS message which is what the rest of this article is talking about.
Over the air SmartPhone metadata may have been used in the hunt for the Charlie Hebdo murderers (who brazenly called TV news stations whilst on the run), but there are no reports of any mobile phone handset encryption being used at all.
The murderers had been under full telephone monitoring and intercept for months previously, with nothing to alert the authorities.
It turns out the wives of the murderers had been in contact with each other hundreds of times, but the murderers themselves had stuck to face to face meetings.
Full-disk encryption significantly limits our capacity to investigate these crimes and severely undermines our efficiency in the fight against terrorism. Why should we permit criminal activity to thrive in a medium unavailable to law enforcement? To investigate these cases without smartphone data is to proceed with one hand tied behind our backs.
Nonsense. None of the Mobile Phone network generated calling pattern or physical location metadata is affected by "full disk encryption" - none of it is actually stored on the SmartPhone handset anyway. This is all accessible to law enforcement with a judicial warrant, or, in the UK, without one at all.
The new encryption policies of Apple and Google have made it harder to protect people from crime. We support the privacy rights of individuals. But in the absence of cooperation from Apple and Google, regulators and lawmakers in our nations must now find an appropriate balance between the marginal benefits of full-disk encryption and the need for local law enforcement to solve and prosecute crimes. The safety of our communities depends on it.
Cyrus R. Vance Jr. is the Manhattan district attorney. François Molins is the Paris chief prosecutor. Adrian Leppard is the commissioner of the City of London Police. Javier Zaragoza is the chief prosecutor of the High Court of Spain.
Last week the US Government admitted to a second massive security failure within a year at the Office of Personnel Management, which holds human resources details on all 4 million or so current and former Federal Government employees.
These systems appear to have been hacked for over a year and most if not all of the data has been exfiltrated, allegedly to China (not a firm attribution, given how easy it is to leave fake clues in malware).
As the OPM announcement of 4th June 2015 makes clear, this puts millions of people at risk of financial fraud via so called "identity theft".
However, things are much, much worse than mere "identity theft". It is now reported that the copied data includes the completed SF86 Questionnaire for National Security Positions forms (127 pages 7.4Mb .pdf also mirrored here in case you are blocked from accessing a US government website) and perhaps the results of Background Information interviews and checks for the highest levels of security clearances, not just for ordinary Federal bureaucrats, but also for Intelligence Agency personnel.
It should be obvious how a Foreign Intelligence agency could be assisted in finding potential sources / agents / traitors to suborn, through bribery or blackmail or appeals to ideology or religion, who have listed their financial, marital, medical or other personal details and problems on such forms.
It should be obvious how a Foreign Counter Intelligence Agency could use the information revealed in this form on relatives and contacts living abroad, as well as the Passport or ID Card numbers of the applicants for security clearance and those of their families.
Given the closeness of the Intelligence Agencies of the United Kingdom and the United States of America, it is not unreasonable to ask:
1) When was the UK government informed of the OPM security breach ? The admission came only last week, but the breach appears to have been discovered in April and the security breaches seem to have been active for over a year.
2) How many UK nationals holding US security clearances are affected ?
3) What is the UK government doing to protect them ?
4) Given the similar nature of United Kingdom security vetting systems i.e. an allegedly secure Web Portal, a long and complicated Security Vetting form submitted online (possibly insecurely due to the reliance on an Adobe plug-in which only worked in insecure versions of Microsoft Internet Explorer - only changed recently) and a back end Oracle database, what evidence rather than mere assertions, is there that UK systems like the Defence Business Services National Security Vetting Portal has not been attacked and similarly compromised ?
5) Who, if anyone, has audited the UK systems in the light of the OPM disaster and when will their report be published ?
N.B. This should be a task that the Intelligence and Security Committee should have been working on, but they stopped working 2 months before the General Election and a new Committee has still not yet been appointed.
6) Given the push for cost savings and a possible rationalisation of the disparate GCHQ, Security Service MI5 and Secret Intelligence Service SIS/MI6 security vetting systems onto a common platform, as recommended by the Intelligence and Security Committee Annual Report 2011 pages 79 - 80, is it safe to do so ?
7) Why isn't the Government pro-actively reassuring the public about these National Security worries by ordering independent security penetration tests of these systems right now, and publishing the outcomes (but obviously not any detailed vulnerabilities found) instead of their lazy and corrupt policy of Neither Confirm Nor Deny ?
8) Why aren't professional journalists and Parliamentarians holding the Government to account by asking such questions instead of Spy Blog ?
This Royal Navy whistleblower is absent without leave, but claims he will give himself up to the police soon.
My name is William McNeilly. I am an Engineering Technician
Submariner for the UK's Trident II D5 Strategic Weapons System.
I sent this report on the 05/05/15 to every major newspaper,
freelance journalists, and whistleblower I could find.
It is now the 12/05/15. Ive had one email reply
so he published it on scribd as a .pdf
Creator : Microsoft® Word 2013
Modify Date : 2015:05:14 20:04:06+01:00
Author : William Mcneilly
Create Date : 2015:05:12 20:10:06+01:00
Clearly he was not thinking clearly or else nobody gave him any sensible whistleblowing advice:
Why did William McNeilly expect a reply from any UK newspapers etc. only 2 days before the General Election of the 7th of May ?
The Sunday Herald seems to be the first media outlet to publish the whistleblower allegations, early on Sunday 17th May2015:
N.B. The story was mentioned on their Twitter feed on Saturday night
9:47 PM - 16 May 2015
WikiLeaks have jumped on the bandwagon by publishing their "exclusive" version of what he probably sent them on 5th May, some 20 hours after The Herald
10:12 PM - 17 May 2015
and 10 hours after the Scottish National Party (which opposes Trident) had issued a press release.
"Safety blunders & security lapses" at Faslane
Sun, 17/05/2015 - 11:55
He has also updated his Facebook page, and published images of his UK passport and his Royal Navy ID Card.
This whistleblower has eschewed anonymity, but seems to be trying to keep his physical location secret for now.
The security and safety allegations need to investigated immediately by the Ministry of Defence, not just by the Navy on its own and a Minister needs to make a statement to Parliament and the public
McNeilly claims to have infiltrated the Trident program on purpose, to gather information on it, by working hard and passing the engineering courses with distinction.
I knew I had to get assigned to a boat and go on patrol as soon as possible in order to gather this information. Fast Track to a Leading Engineer was the answer. If I got fast tracked I would be on the first available boat after training. I worked hard day and night, and at the end of the 10 week course I had the achieved the highest test result on average out of a 20plus people on the SMQ course. At the end of SMQ dry training No-one received fast track. However the achievement went onto my JPA record. There was just one course left, one last shot.. The
Trident Training Facility (TTF). At the end the course I was told I had more SWS (Strategic Weapons System) knowledge than most of the supervisors onboard. It was a nice compliment but I doubt it. I was awarded Fast Track to Leading Engineering Technician and received an award for best student.
Just weeks after passing out of training I had a draft for HMS Victorious. My work mates started calling me a terrorist robot because I remembered everything and I have a Northern Ireland accent. This reputation would have undoubtedly made it difficult for me to gather information. I needed to create distance between them, and create a new persona; I aimed for mixture of dumbness and eagerness to learn for simple curios reasons. Within days of being on patrol I was no longer the terrorist robot, soaking up all the information for terrorist reasons. Playing dumb came easy for me, I've been doing it and been it most of life. It makes people open up and explain a lot more. If someone assumes you know something they might leave that part out of the conversation, meaning you've just lost information which might have been valuable. It also helps with getting out of certain situations. I watched a lot of Columbo when I was a kid.
Apart from the safety hazards he himself apparently witnessed, he seems to have collected reports and ancedotes from his ship mates about HMS Victorious on which he was posted, but also on the lucky / unlucky HMS Vanguard.
He warns about the lax checking of military ID cards, the lack of adherence to top secret security procedures and the lack of enforcement of the bans on prohibited items such as mobile phones with cameras, BlueTooth devices (in the Trident missile room) and e-cigarettes.
Clearly no effective crackdown on mobile phones (with cameras) has happened on Trident nuclear missile submarines since the 2012 spy case invovling Edward Devenney, a depressed, drunken HMS Vigilant Petty Officer, who like McNeilly, is also from also from Northern Ireland.
Devenney stupidly phoned the Russian embassy offering to sell secrets, which he was able to photograph and smuggle onshore with his mobile phone. Thankfully the "Russians" he thought he was talking to were MI5 agents, although there are still unanswered questions why he was not spotted as a security risk - passed over for promation, depressed, drinking heavily.
This contains references to CB8890: The instructions for the safety and security of the Trident II D5 strategic weapon system. I'm sure all the Strategic Weapon System (SWS) personnel are scratching their heads and wondering how I'm writing this on my personnel laptop and referencing a book, which is contained within a safe in the Missile Control Centre (MCC). The MCC is the compartment used to control the launch of the nuclear missiles. It can only be accessed by people on the access list, and no personnel electronics are allowed. I was on the access list but how could I have gotten a copy of every single chapter on to my phone? A hidden camera? No. Smuggled the book out then filmed it? No. What I did was walk into a room were no recording devices are allowed. I sat down; took my Samsung Galaxy SII (white) out of my pocket, and recorded the entire book word for word. I held the phone still, about a foot in front of my face and anyone who looked at the screen or used common sense, would've seen I was recording. There were other SWS personnel in the room; in the video you can see a SWS JR about 3 feet in front of me talking to another SWS JR sitting right beside me. You probably think that's impossible but I've got the evidence to prove it. The complete lack of concern for security worries me. The fact is it would've been even easier for me to cause a nuclear catastrophe than to gather that information, and gathering that information was actually quite simple, due to the amount of ignorance.
McNeilly also notes a couple of crew mates who seem to be aggressive and unstable, so perhaps the psychological monitoring of Trident nuclear missile submarine crews has not improved since the Devenney case either.
McNeilly's own mental state is, of course, being questioned by the anonymous Royal Navy press briefings, but they do seem to confirm that he is a genuine Trident submariner, who has not yet revealed anything which damages national security.
As one would expect, the Royal Navy is trying to downplay any security or safety issues with the Trident nuclear missile system, but, given the involvement of SNP politics, it is doubtful if they will be believed, unless there is a fully transparent independent inquiry.
Hopefully the Government will not try to prosecute this whistleblower.
When you write to your MP, sometimes they do sometimes elicit a response from Government Ministers (or at least their civil servants).
If only Spy Blog had the necessary skills and tools to hand, to use fingerprints and DNA analysis, to examine more closely what looks like an original letter from Theresa May, the Home Secretary, which has been forwarded to us:
2 Marsham Street, London SW1P 4DF
Rt Hon Dr Vince Cable MP
2A Lion Road
RECEIVED 3 March 2015
26 FEB 2015
CTS Reference: M1775/15
Thank you for your letter of 30 January on behalf of your constituent,
[name & address redacted]
who wrote to you to express concerns about the Counter Terrorism and Security Act 2015 (CTSA).
It is the first duty of Government to protect the public. Our law enforcement and intelligence agencies must have access to the tools they need, subject to robust safeguards, to keep us safe from terrorists and organised criminals. Communications data -- the who, where, when and how of a communication, but not its content -- is a vital tool in the investigation of crime and safeguarding the public. It has been used in 95 per cent of serious and organised crime investigations handled by the Crown Prosecution Service and every major Security Service counterterrrism investigation over the last decade.
Note the weasel words " It has been used in 95 per cent... "
Grabbing Communications Data seems to be the Standard Operating Procedure for the Police etc., regardless of whether it is actually relevant to the case and regardless of the supposed tests of Necessity and Proportionality under RIPA.
Given that there are a quarter of a million Communications Data requests a year, why can't the Home Office give hundreds of examples of where this has provided the investigative breakthrough in identifying a criminal or in providing the critical evidence which convicts him ?
Instead they regularly trot out a tiny handful of serious cases which have grabbed the attention of the tabloid media, which, mostly, do not actually support their case for Communications Data Retention at all:
Communications technology and communication services are changing fast. More communications are now taking place on the internet. Internet Protocol (IP) address resolution is the process of uniquely identifying who used an IP address at a given point in time.
This is not technically correct.
Human beings do not have IP addresses, only computer or telecommunications devices do.
More than one individual can use such equipment, so an IP address cannot be guaranteed to identify a specific individual at any point in time.
There is also a big difference between Private and Public Internet Protocol Addresses, which this paragraph glosses over. Millions of people have home or office Routers with an IP Gateway Address of 192.168.0.1 or 192.168.1.1 or 192.168.0.254 or 192.168.1.254.
Communications service providers (CSPs) do not always keep the data necessary to do this. This means that it is not always possible for law enforcement and the intelligence agencies to find out who is engaging in illegal activity on the internet. That is why we brought forward proposals for IP address resolution in CTSA.
Where available, the police, and other public authorities with communications data access powers under the Regulation of Investigatory Powers Act 2000, use this data during investigations to identify suspects, victims or vulnerable people, where it is necessary and proportionate to do so. For example, IP address resolution could be used to identify who has accessed a server containing illegal child abuse images or who is plotting a terrorist attack.
CTSA received Royal Assent on 12 February. The Act has amended the Data Retention and Investigatory Powers Act 2014 (DRIPA) to include a provision, enabling the Government to require CSPs to retain the necessary information to enable the identification of which user of an IP address is responsible for sending a specific communication.
Your constituent has raised concerns about the range of companies that might be impacted by this provision. The provision only relates to domestic communications service providers that have been served a retention notice under the Data Retention Regulations 2014.
That may be the intention of the Home Office, but that is not what this badly drafted Act says. If the Home Office meant Communication Service Providers, why not use that term on the face of the Data Retention and Investigatory Powers Act 2014 instead of "telecommunications operator" ? Why does Counter Terrorism and Security Act 2015 part 3 introduce two new legally undefined terms "internet access service" and "internet communications service" ?
Notices are served on CSPs on a selective basis, where the Secretary of State considers the obligation to be necessary and proportionate, and these notices are kept under review. It is also the Governments policy to provide for full cost recovery of the additional costs that fall to communications service providers in connection with the retention, storage and provision of communications data. This ensures that the business interests of communications service providers are not adversely impacted by their obligations.
This distortion of the commercial market through state subsidies by the eminently unqualified Home Office, should be the subject of a European Union level investigation.
Previously, the Home Office has refused Freedom of Information Act requests to name the favoured companies being paid these Data Retention subsidies,
Since DRIPA repealed the old Data Retention Regulations, perhaps the Home Office will now lift the administrative secrecy, which has no statutory provision under any of the Acts, unlike, e.g. Interception warrants or Cryptographic Key disclosure notices
In relation to your constituents specific concerns in relation to the ongoing reviews into investigatory powers, DRIPA required the Independent Reviewer of Terrorism Legislation, David Anderson , to undertake a review into the operation and regulation of investigatory powers and report by 1 May 2015.
DRIPA, as amended by CTSA, contains a sunset provision to repeal it on 31 December 2016. The legal framework concerning the retention of communications data will therefore be reviewed again by Parliament before then. This will take place in the full context of the findings of David Anderson , as well as the other ongoing reviews, such as the Intelligence and Security Committees current review into the balance between privacy and national security.
Further, the IP resolution provisions in CTSA had previously been subject to public consultation and parliamentary scrutiny by the Joint Committee on the Draft Communications Data Bill in 2012. Your constituent might be interested to note that the Joint Committee stated in their report: 'We accept that if CSPs could be required to generate and retain information that would allow IP addresses to be matched to subscribers this would be of significant value to law enforcement. We do not think that IP address resolution raises particular privacy concerns.'
It is misleading of the Home Office to claim that the Joint Committee somehow scrutinised the same or even similar IP Address Resolution wording to that in Counter Terrorism and Security Act, when the Draft Communications Data Bill contained no such wording at all.
The Draft Communications Data Bill Joint Committee - First Report section on IP Address resolution and Web Logs:
73. As outlined in paragraph 65, Home Office officials eventually told us in public evidence that they would like clause 1 to enable them to access two specific types of data: subscriber data relating to IP addresses and web logs.
Regarding your constituents concerns about definitions in CTSA, both internet access service and internet communications service are defined in the Explanatory Notes to the Counter Terrorism and Security Bill, which are available at www.parliament.uk. An internet access service is a service that provides access to the internet and can include a home broadband connection, mobile internet or publicly available WiFi. An internet communications service is a communications service which takes place on the internet and can include internet telephony, internet email and instant messaging services.
If you read any Explanatory Notes for the CTSB or any other Bill, they all rightly contain warnings like:
They do not form part of the Bill and have not been endorsed by Parliament.
Therefore this paragraph does not refute the point being made that there are no proper legal definitions of "internet access service" or "internet communications service" in CTSA, DRIPA, RIPA or in any other legislation.
It is important to recognise that, although the IP address resolution provisions in CTSA are a step in the right direction, the other capability gaps that we sought to address in the Draft Communications Data Bill will remain. These continue to have a damaging impact on the capabilities of our law enforcement and intelligence agencies. It is therefore vital that we return to this issue in the next Parliament to ensure that our law enforcement and intelligence agencies maintain the capabilities they need to protect the public and keep us safe.
The Rt Hon Theresa May MP
Will the Home Office be able to present any quantifiable evidence of the scale of this alleged "capability gap" after the General Election ? They failed to do so back in 2012.
Who is scrutinising the activities of the United Kingdom's Intelligence Agencies ?
Not, it appears, Parliament's Intelligence and Security Committee according to this Press Release issued on Tuesday 24th February 2015:
INTELLIGENCE AND SECURITY COMMITTEE OF PARLIAMENT
At a meeting of the Intelligence and Security Committee of Parliament earlier today, the Rt.
Hon. Sir Malcolm Rifkind MP informed the Committee that he had decided to step down from the role of Chairman with effect from the end of the meeting, and Would be making a public statement to that effect.
The Committee accepted the Chairman's decision.
Regardless of whether it right for Members of Parliament to supplement their £67,000 a year plus expenses incomes, as Sir Malcolm Rifkind claimed the Intelligence and Security Committee and especially its public face, the Chairman, needs to be seen to be impartial and independent, both from the Government and from private sector lobbying influence.
N.B. it is still a bit unclear whether the passing of the Justice and Security Act 2013, making the ISC a statutory "Committee of Parliament", entitles the Chairman of the ISC to claim an extra £14,876 a year which Chairmen of Select Committees are paid.
He also needs to be competent and to be aware that he personally is a target of hostile and perhaps even of "friendly" government and private sector intelligence agencies.
The fact that Sir Malcolm fell for a journalistic sting involving an apparently Chinese communications company, really did bring his Operational Security judgement into question. He met representatives of an apparently Chinese company, within what should have been his secure office environment, without having done any background security checks first and without having them scanned to see if they were carrying surveillance electronics (which they were).
It is irrelevant that he thought that he was not discussing anything secret with these potential Chinese employers, he should have known that all intelligence agency recruitment plays start off with something innocuous. He and / or his office staff would have been more vulnerable to targeted email or phone malware attacks, coming from a "trusted" source i.e. his potential or actual Chinese employer. Even arranging for future meetings could betray the timing and perhaps the location of supposedly secret meetings with intelligence agency staff.
At the meeting, the Committee completed its major Inquiry into Privacy and Security, and its Report will now be sent to the Prime Minister.
Given that that concludes the substantive work of the Committee in this Parliament, and that the Committee has no further formal meetings scheduled before the prorogation of Parliament, the Committee decided that there was therefore no need for it to elect a new Chairman for the remaining few weeks.
All further matters which arise during the life of this Parliament will be dealt with by the
Committee as a whole.
NOTES TO EDITORS:
1. The ISC was established in 1994 under the Intelligence Services Act, and was reformed under the Justice and Security Act 2013. This legislation made the ISC a statutory committee of Parliament and strengthened its powers.
The Committee now has greater access to information, including primary material held within the Agencies. Its remit has also been expanded to include oversight of intelligence and security operations, and oversight of all intelligence and security activities of Government.
2. The ISC is a cross-party committee of nine parliamentarians from the Commons and the Lords. The Committee's membership is as follows:
The Rt. Hon. Lord Butler KG GCB CVO
The Rt. Hon. Hazel Blears MP
The Rt. Hon. George Howarth MP
The Most Hon.the Marquess of Lothian QC PC
The Rt. Hon.Sir Malcolm Rifkind MP
The Rt. Hon. Sir Menzies Campbell CH CBE QC, MP
Dr Julian Lewis MP
Mr Mark Field MP
Ms Fiona Mactaggart MP
Why is Sir Malcolm Rifkind still a Member of the Intelligence and Security Committee ?
The security risks and the impression of "cash for access" sleaze from the lobbying for a "Chinese" company sting, should have been enough for an "ordinary" Member to "step down".
Why has the ISC not bothered to elect even a temporary Chairman ?
Were they hoping not to have to answer questions from the media or the public, by pretending that convention that only the Chairman speaks for the ISC in public still applies ?
The reason for the convention i.e. possible public confusion, is clearly not working. There have been press quotations from both Sir Malcolm Rifkind (why doesn't he maintain a dignified silence until he is exonerated for everything except stupidity or vanity, by the Parliamentary Commissioner for Standards and by the Conservative party inquiry ?) and from Sir Menzies Campbell on the "Jihadi John" radicalisation and MI5 story.
3. The completion of the Committee's Inquiry into Privacy and Security marks the end of a major piece of work which began in July 2013.
The ISC has since taken evidence from a wide range of witnesses, from Ministers to academics and campaign groups, including in public sessions held in October 2014.
In line with its procedures, the completed report is now being sent to the Prime Minister and a version will be published before the end of March.
It is extraordinary that Malcolm Rifkind was so stupid or greedy to appear to be peddling influence / lobbying contacts for cash from a Chinese communications company (thankfully a journalistic fake.)
It is intolerable that there now appears that there will be no scrutiny whatsoever of the intelligence agencies by this Committee, for at least the next 2 months, until after the General Election.
Have ISIS, AL Quaeda and Putin all decided to go on holiday ? Of course not and hopefully neither have our intelligence agencies, so neither should the ISC.
There is a massive amount of scrutiny work which they simply have not done in the past, some of which they could certainly be working on before the General Election in May.
One feature of the ISC Reports under the Chairmanship of Malcolm Rifkind, compared with those under his predecessors, has been a lot less public reporting on the various dodgy building and information infrastructure projects upon which large sums of public money have been spent and in some cases, wasted.
At the very least the ISC could spend the next few weeks getting status reports on all the ongoing and planned building and IT and recruitment and training projects.
If they had been reviewing the monthly project management reports, which the intelligence agencies surely must compile internally, then perhaps they would actually have known about hugely controversial and dangerous schemes like GCHQ's TEMPORA, which took them by surprise when it was revealed as a result of the media revelations of Edward Snowden.
For the ISC not to have bothered to schedule any meetings on these ongoing oversight issues for the next 2 months, is a dereliction of their public duty.
I am spending too much time on @spyblog Twitter and not enough on this blog.
With Twitter, you can do very little with 140 characters (some of Spy Blog's blog post titles are that long !) but when a media article contains so many errors, one wonders if this is because of ignorance or if it is deliberate disinformation.
The supposedly right of centre magazine The Spectator has a tiny print readership (under 50,000 a week) compared to many blogs, but it has a venerable history and so is an influential part of the UK commentariat.
What are we willing to do to make our intelligence agencies' job easier ?
Robin Simcox 19 February 2015 16:45
Ottawa. Sydney. Paris. Copenhagen. Four major Western cities attacked in five months by Islamist terrorists and all committed by perpetrators with lengthy histories of criminal activity.
When the next terrorist attack occurs, there will be those that demand to know why intelligence agencies failed to watch the perpetrators closely enough (as was the case with the murder of Drummer Lee Rigby).
So what ? The securocrats and the Intelligence and Security Committee always either ignore these critics , or absolve the agencies of any blame retrospectively regardless.
There has never been any discplinary action against, or prosecution of, inept securocats.
However, should we not also ask what we, as a society, are willing to do to make our intelligence agencies' job easier?
There are several things which would make the job of our intelligence agencies easier:
- Stop demanding that they protect us all, 100% of the time - they do not have magical abilities. They need and cannot be trusted with, 100% surveillance powers
- Stop pretending that mass surveillance trawling of millions of innocent people's data, rather than narrowly focussed targeted investigations, somehow detects, let alone prevents, real terrorist attacks or serious crimes.
- Stop wasting intelligence agency resources on trying to stop "lone wolves". Let the police rapid response teams deal with mad dog / lone wolf small scale terrorist attacks, but without creating huge collateral economic damage, by disrupting a whole city because of a single gunman, trapped in a siege, as happened in Sydney.
- Put some real money and resources in to prisons to counter the radicalisation which turns petty criminal losers into suicidal murderers.
- Stop converting mentally unstable religious extremists into actual terrorists by inept attempts to recruit them as informers on their family members, friends and associates.
- Stop pretending that Terrorism Act 2000 s.58 Collection of information prosecutions for "thought crimes" under the are somehow effectively "disrupting" wannabe terrorists, who have no access to money or weapons
- Simplify and repeal the horrendously complicated Terrorism and RIPA / DRIPA legislation
- Repeal all thee terrorism and national security criminal offence legislation which pretends to have a global scope. When the Serious Crime Bill "national security of any country" amendments to the Computer Misuse Act become law, the Police and Intelligence Services will be forced to waste resources to investigate Distributed denial of Service attacks by Americans against North Korea or by Russians against Ukraine, with no hope of a prosecution.
- Stop wasting resources on people planning to go to Syria or Afghanistan etc. to fight and die, or to be wounded or raped or robbed - concentrate on the survivors, if they ever come back to the UK.
- Stop sharing Top Secret STRAP1 and STRAP2 documents with hundreds of thousands of United States people holding generic security clearances. Prosecute the UK securocrats under the Official Secrets Act 1989 s8 Safeguarding of information, who allowed such information to fall into the hands of whistleblower Edward Snowden and who know how many current or future Geoffrey Prime style Russian or Chinese etc. spies.
Consider the current debate surrounding communications data (the who, when, where, and how of a communication, but not the what - i.e. the content). Access to communications data is not so different to other long-standing forms of state interception. Imagine communications data being the equivalent to the interception of an envelope showing an address and a postmark containing a date and geographic location. The content data would be the actual letter inside the envelope.
This paragraph espouses the sort of simplistic Home Office spin about Communications Data when they introduced the Regulation of Investigatory Power Act 2000 15 years ago i.e. before
- The massive rise in the use of Mobile Phones etc. and Cell Site Location Data
- USA based social media websites like FaceBook and Twitter even existed
In many cases, Communications Data is more "useful" and therefore more intrusive than the content of communications (which can entirely mundane, or obscured by jargon or pre-arranged codewords or rare foreign language dialects), especially that involving real time Location Tracking or when the "friendship tree" of a mobile phone or email account is traced automatically.
According to Home Secretary Teresa May, communications data 'played a significant role in every Security Service counter-terrorism operation over the last decade' and was 'used as evidence in 95 per cent of all serious organised crime cases handled by the Crown Prosecution Service'. It is also vital in preventing child abuse and exploitation; identifying and locating suicide risks; identifying rapists, kidnappers or threatening callers; and murder investigations. A Secretary of State signed warrant is required in order to access the data
This is a major factual error.
Any Secretary of State, usually the Home Secretary or the Foriegn Secretary (but also by their Officials) or only deal with Regulation of Investigatory Powers Act 2000 IPA Part 1 Interception warrants and Intelligence Services Act 1994 s5 overseas "licence to kill" warrants .
There are no Communications Data Warrants
Access to Communications Data is self authorised by the Police and Intelligence Agencies, and by the hundreds of other public bodies. Unlike other countries there is no independent judicial warrant system, only a medium ranking officials e.g. a Police Superindent or, even an Inspector (one rank above Sergeant) authorises access to Communications Data demands. Supposedly there is a "Chinese wall" between an investigatory team and their collegue who authorises the demand, but clearly this is open to abuse and to institutional groupthink.
and oversight is provided by independent commissioners (the extent to which this is oversight is sufficient is one of the subjects I explore in a soon-to-be-released Henry Jackson Society report on the impact that the Snowden disclosures have had on UK and US security).
The RIPA Commisioners are former Judges, without any power except to write Annual Reports, which are, with one execption (the latest report by the Interception of Communications Commissioner) , never made fully public. They are heavily restrained by the legislation and by a lack of resources and do not see their role to deal directly with the public at all.
The Intelligence Services Commisioner does not, so far as anyone can tell, do even this amount of scrutiny.
Just because grabbing Communications Data is part of the Standard Operating Procedure for Police investigations these days (as common as brewing cups of tea), does not mean that it actually contributes very much, in most cases.
The Home Office cannot, or does not dare to, provide any statistics for the number of serious crime or terrorism cases where Communications Data actually:
- Provided the initial investigative breakthrough in a case
- Was the crucial evidence leading to a conviction
With over 250,000 Communications Data requests a year, one would have expected there to be hundreds if not thousands of such examples ready to hand. Instead they cite a few headline grabbing cases, which, upon closer examination, did not actually rely on Communications Data, especially 12 months Retained Communications Data, at all.
To maximise its usefulness, communications data needs to be collected in bulk,
Nonsense ! To maximise its usefulness, Communications Data needs to be carefully targeted.
yet our intelligence agencies' access to it is declining. There are specific reasons for this. Previously, telephone communications and internet traffic traditionally took place via a fixed landline. Communications data - who was called, for what duration and the geographic location - was needed for billing reasons. Yet increasing amounts of people pay a fixed price monthly direct debit to their provider, making this data increasingly irrelevant to communication service providers (CSPs). As a result, CSPs have less need to generate - let alone retain - communications data. Furthermore, communications now increasingly take place via mobile networks and broadband. This has been accompanied by a growth in alternative communications methods: video messaging, instant messaging, Skype and social network platforms.
The government tried to address these challenges with the Communications Data bill in 2012
and was subsequently accused of trying to draw up a 'Snooper's Charter', not least by the Deputy Prime Minister Nick Clegg. The Parliamentary Joint Committee on the Draft Communications Data Bill concluded that the Bill paid 'insufficient attention to the duty to respect the right to privacy, and goes much further than it need or should for the purpose of providing necessary and justifiable official access to communications data'.
c.f. Report and evidence for the Draft Communications Data Bill
The Intelligence and Security Committee also encouraged more work to be done.
Even the securocrat biased Intelligence and Security Committee report, with a more limited, self imposed remit, was critical of this Draft Communications Data Bill.
The bill was shelved and the issue temporarily kicked back into the long grass.
Yet the urgent need to fix the issues that gave rise to the first Communications Data bill meant that inevitably the issue has been raised again, most recently by the Prime Minister and Home Secretary. The 'Snooper's Charter' accusations have already resurfaced. We saw another glimpse into how this is going to play out in the media when David Cameron recently said that both communications and content data must be viewable if there is a signed warrant from the Home Secretary. Rather than this argument being taken on its merits, he was immediately accused of wanting to ban all encryption technology.
That is not what David Cameron said. Even the Daily Telegraph reported that:
Mr Cameron said any new law would be in force from next year.
He said: "If I am prime minister I will make sure that it is a comprehensive piece of legislation that does not allow terrorists safe space to communicate with each other.
"That is the key principle: do we allow terrorists safer spaces for them to talk to each other. I say no we don't - and we should legislate accordingly. And if I am in Government that is what you will get."
That can only be interpreted as an attack on end to end estrong encryption. Such a stupidpolicy would destroy the UK's internet economy and make us vulnerable to the Four Horsemen of the Infoclypse.
An Interception warrant for content already allows for the associated Communications Data to be demanded, without any extra authorisation. This has been so since the Regulation of Invesigatory Powers Act 2000 came into force.
We demand privacy, the right to decide what data we share and security.
We are not stupid enough to believe that we can have 100% "security", so there is no practical moral or legal case for 100% surveillance, especially of the vast majority of innocent people.
Yet if the government attempts to plug gaps in the law that makes it easier to track or prosecute terrorists, cries of 'police state' erupt. Politicians are often accused of hypocrisy; but on these issues the hypocrisy mainly lies with the rest of us.
Gathering more data on innocent people does not help to prevent terrorism.
The murderers of Drummer Lee Rigby were described as "extremely security aware". One of the Charlie Hebdo murderers had already been convicted on the basis of phone intercept evidence, so was completely aware of it, and subsequent French phone intercepts heard nothing incriminating for years.
My upcoming report makes the clear case that all this needs to change. The debate regarding liberty/security/privacy has become - in part down to Edward Snowden - hopelessly skewed.
There has been some debate in Germany and in USA, but there has not been any significant debate in the United Kingdom.
All we get is the cynical mockery of "everything we do is legal, trust us".
While all citizens should be concerned about freedom and privacy, agencies like GCHQ are allies in this, not enemies. They protect the nation from a host of hostile state and non-state actors and, in fact, have been doing so for decades. Constantly denigrating those that help keep us safe is no way to build a more liberal or more secure nation.
Perhaps that used to be the case during the old Cold War, but now in the internet and mobile phone areas, by attacking the very infrastrucure of electronic communications, for mass surveillance data trawling, rather than narrowly targeted investigations, these agencies are actually perceived as more of a security threat to their own private citizens and companies, than foreign intelligence agencies from Russia or China, or organised criminals like drug cartels, or terrorist groups like Al Quaeda or ISIS.
Until there is a lot more transparency and really effective oversight of UK intelligence agencies, they will not be given the benefit of the doubt, no matter how ethical or effective they claim to be in secret.
Robin Simcox is a Research Fellow at The Henry Jackson Society. His report will be published in March.
Hopefully there will be fewer mistakes and misconceptions in this report, than in this annoying article