February 2004 Archives

Yet Another Home Office "Consultation"

|

The document published by the Home Office on Wednesday 25th February 2004
COUNTER-TERRORISM POWERS: Reconciling Security and Liberty in an Open Society (.pdf) is in 3 sections.

In reverse order: there is a table about some of the details about the people who are being held without trial under part 4 of the Anti-terrorism Crime and Security Act. 2001 (ATCSA)

There is the Government's response i.e. rejection, of most of the recommendations in the Newton Committee of Privy Councellors' report on the ATCSA.

The first part of the document is, apparently, what was promised by David Blunkett as result of his remarks made during his trip to India and Pakistan at the start of February.

The absence of any details in this "discussion document" about David Blunkett's reported ideas involving "lowering the burden of proof", the use of secret courts, and of the admission of phone/electronic communications intercepts as
evidence seems to prove the earlier comments on Radio 4 by Baroness Helena Kennedy QC that David Blunkett has been flying several political kites and domesday scenarios regarding civil liberties, in order to sneak in the measures that he was after in the first place.

Having yesterday denied that he was ever threatening to "lower the burden of proof", it seems, that judging by the debate in Parliament yesterday, he has succeeded in bamboozling his supporters and the opposition into thinking that the admission of phone intercepts into courts as evidence, could somehow be of use in resolving some of the unacceptable detention without trial cases.

If GCHQ submits "evidence" of an allegedly intercepted phone call from, say an alleged aide to Osama bin Laden, how on earth could the defence ever disprove this ?

We have already noted that current computer technology such as Voice Morphing, is quite capable of producing convincing fakes.

Following the various computer virus/worm epidemics which fake email addresses, even the most technophobic of judges must question the authenticity of any allegedly intercepted emails.

Given the appalling way in which the thousands of public responses to the Entitlement/ID Card consultation via the STAND website and the Privacy International voice mail system, were suppressed and misrepresented by the Home Office, is it even worth bothering to cooperate with this latest "public debate" inspired by David Blunkett's vague ideas and soundbites ?

Blunkett in Parliament Wed 25th Feb 2004

|

Yesterday's House of Commons debate on the Anti-terrorism Crime and Security Act report by the Newton Committeee of Privy Councillors has been completely overshadowed in the media by the ex GCHQ translator trial and Claire Short Official Secrets affairs.

The MI5 expansion was officially announced in a bizarre and weasely fashion:

http://www.publications.parliament.uk/pa/cm200304/cmhansrd/cm040225/debtext/40225-09.htm

" Mr. Blunkett:

The surveillance and work of the security services are our best means of prevention, and that is why I can confirm that we have already substantially increased the resourcing of the Security Service so that we can double its capacity to process and use the materials that it adduces as part of its intelligence gathering. The development of the Joint Terrorism Analysis Centre that we established last June will be helpful for drawing together a range of evidence from not only MI5, but MI6, GCHQ and the defence intelligence service. The increase of staff numbers by 50 per cent. will also be helpful.

Mr. Oaten: Liberal Democrats fully support the Home Secretary's plans to staff up MI5 and other intelligence services. He said in the press?and just now on the Floor of the House?that he expects a doubling of staff. What is the date by which he hopes to achieve that increase?"

N.B. an increase of staff numbers by 50 per cent (i.e. allegedly from around just over 2000 to 3000) is an increase of one half, and not a "doubling of staff" i.e. an increase of 100%. which would imply about 4000 staff.

Update from the new MI5 website which was re-launched at the end of April 2004:

http://www.mi5.gov.uk/output/Page22.html

"The Security Service currently employs around 2,200 people, 2,100 of whom are full-time. 47% of staff are women and 53% are under the age of 40. 140 staff currently work in the Service on secondment or attachment from other departments and agencies."


"Mr. Blunkett: That has already begun. I confirm that at the end of last year we agreed additional resources for this year and the next with the Security Service so that it could develop its work, as it has been doing. We described that privately and in more detail to the Intelligence and Security Committee. Obviously, recruitment, training and ensuring that people operate in an acceptable way takes time. Resources have been provided at each stage at which the Security Service has requested them so that it may continue its expansion at a scale and rate that is appropriate to its ability to recruit.

We have also increased the co-ordination of special branches, following the review that we undertook, by pulling them together into eight regional co-ordinating units. We have appointed a new co-ordinator, Bryan Bell, who was the assistant chief constable of Cleveland, to undertake that work. I referred to the White Paper a moment ago, and I shall say more about that and the necessary border controls and co-ordination in due course. All the elements go together in terms of prevention, surveillance and making sure that we act on an acceptable basis.

Dr. Julian Lewis (New Forest, East) (Con): I hope that the Home Secretary will accept that I wish to make a non-partisan point. It is vital that the security services are expanded to meet the threat, but is it really such a good idea to make announcements that major recruiting programmes are under way in advance of the expansion? Is there not a danger that people sympathetic to the al-Qaeda cause may make special efforts to get themselves recruited? Would it not usually be better to do the recruitment first and make the announcement afterwards?

Mr. Blunkett: Actually, that is what I have just said; I was very careful. I notice that the right hon. Member for

25 Feb 2004 : Column 304

Berwick-upon-Tweed (Mr. Beith), who is a member of the Intelligence and Security Committee, is smiling. He knows that that is correct. I was confirming that we had done it rather than giving al-Qaeda notice that something terribly new was about to happen. However, I take the point.

Dr. Lewis: I am sorry to have to return to this point, but the BBC news report on this subject stated:

"The Home Secretary will announce plans to recruit another 1,000 staff in Parliament next week".

Is he saying that the report is wrong and that the recruitment has already taken place, or is he saying that it is going to take place?

Mr. Blunkett: The BBC was wrong in only one regard. I am confirming the event this afternoon. The point is well taken that we do not want to parade what we are doing to those who would use what we are doing against us. The point is noted."

So why was the BBC the recipient of an accurate briefing, presumably by the Home Secretary himself or by someone acting on his authority, in advance of any statement to Parliament on thes important National Security matters ?

Unsuprisingly, despite the call by the Newton Committee to replace the Internment without Trial part 4 section of the Anti-terrorism Crime and Security Act, this was rejected by the vote of the Labour and Conservatives, against the Liberal Democrat amendment, with the honourable exceptions of some of those who had spoken knowledgably in the sparsely attended (except for the actual vote) debate.

HAC oral evidence session 24th Feb 2004

|

The Home Affairs Committee Inquiry into ID Cards met at 2.30 pm on Tuesday 24 February They heard evidence from Professor Ross Anderson, the Foundation for Information Policy Research; Professor Martyn Thomas, the UK Computing and Research Committee; and Nick Kalisperas, Senior Programme Manager, Intellect, and Geoff Llewellyn, Member, Intellect ID Card Working Group on Identity Cards.

This session was broadcast by the BBC Parliament television channel on Sunday 29th February 2004 at 18:00.

Our impressions:

Our general impression was that Professor Ross Anderson (Professor of Security Engineering at Cambridge University) and Professor Martyn Thomas, both with vast academic and commercial experience of IT computer systems, and security mechanisms considered the Government's Compulsory Biometric ID Card proposals as unworkably complicated.

It was surprising to hear Geoff Llewellyn talking about how difficult it was to tamper with Smart Cards, when sitting on the same table was Professor Ross Anderson, whose book (which was referred to a couple of times): "Security Engineering: A Guide to Building Dependable Distributed Systems" demonstrates how any moderately well equipped university or commercial laboratory could do so, and is illustrated with photos of such experiments.

Both of the Professors seemed to agree that the Centralised Biometric Database approach was a case of "putting all of one's eggs in one basket", providing an extremely vulnerable Single Point of Failure which currently does not exist in our Critical National Infrastructure.

The representatives from IT and Electronics company trade body Intellect, were much more optimistic that the practical technical problems could be overcome.

There was a certain amount of controversy between the witnesses. Professor Thomas denounced the lack of use of rigourous software engineering programming and quality assurance techniques by the commercial IT supply industry as a whole. and Nick Kalisperas then commented that Professor Thomas "was on the outside, looking in", implying that somehow the technology which Intellect members who had been "working with the Home Office for 2 years" was in some way immune to the security and reliability problems mentioned by Professors Thomas and Professor Anderson.

Nick Kalisperas promoted Intellect as a forum for the Government to use as a sounding board to help prevent poorly specified and scoped Government IT projects (of which there have been far too many). He did admit, that this was a relatively new initiative since the end of last year, and that Intellect had, therefore not yet ever had to say to the Government "no you cannot possibly do this with current or forseeable technology". He also seemed to have faith in the the Office of Government Commerce Gateway Review process.

It will be interesting to see if the Committee takes oral evidence from those OGC project managers and accountants who have supposedly already conducted two "pre-zero" reviews and who should have conducted their "phase 0" review of the ID Cards project by the end of January.

Professor Anderson was more sceptical about Government IT procurement, and noted how often in the past, suppliers were willing to exaggerate their own capabilities, knowing that once they had secured the contract, the Government was effectively locked in, and had no option but to pay them more money to fix the problems which they had not originally budgeted for. This scepticism of the commercial IT sectors' sales and marketing methods seemed to be shared by David Cameron MP, (Conservative, Witney).

When asked about acceptance of ID cards, Professor Anderson did mention the unfairness of the way that the over 5000 negative individual responses to the Home Office Entitlement Card consultation via the STAND website were lumped together as if they were one, which as he pointed out, also did a disservice to the relatively few people who supported the idea of an ID Card, since their response was now being treated as "one five thousandth of a negative response" instead of a whole positive one. David Winnick MP (Labour, Walsall North), who had posed the question said that they might ask the Home Secretary about this.

All of the witnesses agreed that there needs to be much more detailed clarification from the Home Office of exactly what the ID Card system is supposed to achieve and what it is not expected to do.

Mention was made of the German ID card system, which does not use Biometrics and which has a card serial number which changes when the card is re-issued periodically, and which, by law, it is forbidden to use this card serial number as a key to central government databases.

This was contrasted with the Identity Theft problems in the USA, caused by the Social Security number being widely used for all kinds of purposes for which it was not designed for.

Mention was made of the Passport Office 10,000 user trial currently underway, which seems to be the only Home Office pilot project that is being contemplated before rolling out their ID card project to 60 million people.

N.B. it was not made clear that Geoff Llewellyn, of Intellect, apparently works for SchlumbergerSema, which is the company which is financially involved in running the Passport Office pilot scheme.

Kablenet have published a view of this oral session. "Cards split the table Witnesses to a Parliamentary committee have argued over the credibility of the Government's proposal for a national identity card"

The transcript of the uncorrected oral evidence session of the Home Affairs Committee Inquiry into ID Cards held on 10th February 2004 is now available online:

http://www.publications.parliament.uk/pa/cm200304/cmselect/cmhaff/uc130-iii/uc13002.htm

The Home Secretary David Blunkett made some interesting remarks in the House of Commons yesterday:

Reduced burden of proof for terrorist offence:

http://www.publications.parliament.uk/pa/cm200304/cmhansrd/cm040223/debtext/40223-04.htm#40223-04_sbhd0

"Terrorism
11. Vera Baird (Redcar) (Lab): What plans he has for changing the standards of (a) proof and (b) evidence in criminal cases believed to involve terrorism.

The Secretary of State for the Home Department (Mr. David Blunkett): On Wednesday, at 9 o'clock in the morning, so that right hon. and hon. Members will have the opportunity to read it before the debate, I intend to publish a discussion document on the challenges laid down by the Newton Committee, and the challenges that were posed to us when we, as a Parliament, originally passed the Anti-terrorism, Crime and Security Act 2001.

Vera Baird : I acknowledge the difficult task that my right hon. Friend has in protecting the public from British people whom he believes to be a terrorist threat, when, almost by definition, the intelligence that informs him of that is not admissible in court, but I ask him to bear it in mind that there is a whole range of powers currently in statute that have not yet been brought into force, which could help, including in particular, in the Criminal Justice Act 2003, the admissibility of hearsay, which can be second-hand, third-hand or written evidence from abroad. Using that provision could transform the picture. If what is said in the press this weekend is right, I encourage him enormously to pursue the course that he appears to have embarked on, and allow the admission of phone-tap material in court as quickly as possible.

Mr. Blunkett: My hon. and learned Friend is right, in that we want a sensible, balanced approach that protects the rights of the innocent and retains the long-standing presumption of innocence, acknowledging that all of us in the House are committed to maintaining those historic rights, while allowing us to admit evidence in a way that is acceptable. The current review of intercept is an important part of that debate. I appeal to everyone?and I will do so on Wednesday?to address these very difficult issues in a spirit that presumes that even the Home Secretary is innocent until proven guilty.

Mr. Elfyn Llwyd (Meirionnydd Nant Conwy) (PC): What the Home Secretary said about the presumption

23 Feb 2004 : Column 14

of innocence is most welcome, but I urge him also not to interfere with the standard of proof, which would, unfortunately, undermine respect for the rule of law.

Mr. Blunkett: In the lecture that I gave to human rights lawyers and members of the supreme court in New Delhi, I did not suggest that we were intending to alter the standard of proof wholesale. I said, and my hon. and learned Friend has just said, that there are other ways forward. When I publish the paper, hon. Members will see that we are trying genuinely to find the right ways, with a lengthy consultation that will avoid anybody being bounced into any solution. All I want is that people come up with solutions, not with objections, because in the end the primary duty of Government is to protect our citizens from the undermining of their freedoms and democracy by those who know no bounds and have no understanding of the issues of punishment or prosecution when they take the lives of others through suicide bombing.

David Winnick (Walsall, North) (Lab): Is my right hon. Friend aware that the interpretation of his remarks was bound to cause concern that there could be a weakening of the rule of law? At the same time, will he accept that those who have concerns and reservations about what he said?or what he is alleged to have said?recognise that 9/11 was not meant to be a one-off in respect of attacks on western democracies and that this country is no less under attack than it was immediately after 9/11?

Mr. Blunkett: It is precisely for that reason that I am initiating this discussion, but I do not accept the first premise of my hon. Friend's question. I did not expect a noble Baroness or, for that matter, a solicitor whom I remember well from joining in battle with her when she was defending the Militant Tendency, to be the ones whose pronouncements were reflected on, rather than the speech I actually gave in New Delhi. "

So why did he make this policy announcement in New Delhi and not, first of all, to Parliament in the UK ? Was this idea discussed even with his Home Office junior Ministers before his trip to India ? Beverely Hughes, the Minister supposedly in charge of anti-terrorism measures seemed to be unclear about what David Blunkett had actually said or meant, so presumably the Home Office has been frantically cobbling together this "discussion document" over the last three weeks.

ID Card plans:

http://www.publications.parliament.uk/pa/cm200304/cmhansrd/cm040223/debtext/40223-09.htm

"Mrs. Ann Cryer (Keighley) (Lab): I appreciate everything that my right hon. Friend said in the statement. I want to ask him about the comment that the proposals would provide a platform for a national ID card scheme, under which, in time, all non-UK nationals would be required to register. How will we know who are non-UK nationals if we depend on employers, such as, for example, the gangmaster who allowed the men to die in Morecambe bay, to be in charge of registering? Are we reaching the point where we may have to move towards a national ID scheme for us all?

Mr. Blunkett: We are moving towards an ID scheme for us all, as I said at the end of last year. We will introduce a draft Bill in the spring for prior consideration and scrutiny and present it for the House to decide whether it wants to go ahead with the scheme that is being recommended and is now agreed by the Cabinet. Yes, we need to toughen up on gangmasters and ensure that any ID card scheme that commences with overseas nationals takes account of the terrible exploitation of clandestines that I am trying to avoid, through the measures announced this afternoon."

How exactly would illegal migrant workers and gangmasters be detected and prevented by the rest of us being forced to register and pay for Compulsory Biometric ID Cards ?

RFID blocker tag set to be unveiled

| | TrackBacks (2)

It looks as if the RFID blocker tag device posited by researchers from the well known security and cryptography company RSA Labs, is likely to be demonstrated at their annual conference next week.

The idea behind this device is to exploit the polling anti-collision protocol which an RFID tag uses when communicating with the reader. The reader emits a radio signal which is picked up by the antenna of the RFID tag (the antenna is many times the size of the actual RFID chip containing the electronics and the serial number) which in most current designs then powers the circuitry of the RFID chip, usually (but not always) through induction.

RFID readers essentially communicate with one RFID tag at a time. The RFID tags do not transmit their entire 96bit serial number (for EPC compliant tags) in one burst, they respond to signals from the reader by revealing one binary digit at a time.

How does the reader distinguish one RFID tag from its neighbours within range ? The reader interrogates the RFID tags to ask "whose serial number starts with a 1 in the first position ?" Those RFID tags which do not meet this test then remain silent, and ignore the rest of the interrogation sequence, whilst the rest of them transmit a "yes that is correct" answer back to the reader and then await a similar question about the next digit in their binary serial number. The process is repeated until the reader has identified each of the RFID tags in range.

The idea of RSA Labs RFID blocker device is to essentially construct an RFID tag (or more probably something somewhat larger and more expensive at this stage) which mimics the "yes" answers transmitted by the RFID tags when the reader asks about a particular digit of the RFID tag's serial number.

If the RFID tag blocker device always answers "yes", or answers "yes" in a random manner, then the RFID reader believes that there are thousands or millions of RFID tags within range and cannot reliably distinguish between any real RFID tags that you are carrying and the false RFID tag serial numbers it is apparently reading.

This "universal blocking" approach is, as described in the research paper, effectively a Denial of Sservice attack on the RFID reader, and so the RSA Labs researchers are talking about "selective" tag blocking limited to ranges of RFID tag serial numbers, and that is the sort of device that is likely to be made public next week.

This illustrates that the privacy weaknesses of the current RFID tag standards and proposals, go hand in hand with security weaknesses as well. How will stock control be enforced even in warehouses and the distribution logistics chain, when such devices fall into the hands of thieves , or, since the military authorities are so interested in RFID tagged logistics , into the hands of saboteurs or terrorists ?

If the RFID tags are meant to trigger alarms when unauthorised movements of goods are detected by a reader, how long before such alarms are switched off due to false alerts caused by RFID blockers ? If a "Smart Shelf" or doorway portal reader in a warehouse is monitoring a number of expensive or, in the case of the military, lethal RFID tagged objects, a selective RFID blocker tag could be used to fool the system into thinking it has a full inventory, even though some or all of the items have been stolen.

There is no reason why the RFID tag blocker device should not be actively powered with an extended range antenna and used maliciously. Since the radio frequencies used by these RFID tags are all in the licence free Industrial, Scientific, Medical bands, it is not currently illegal to own or operate such a blocker device.

The proper way to protect against such attacks would be to have a strong cryptographic handshake between the rader and the tag and to encrypt all the radio transmissions. This would also protect the currently vulnerable plans for a "kill" code which has been mooted by EPCglobal, but which has not been tested in any supermarket trials so far.

Obviously this functionality is more akin to the current Contactless Smart Card technology, involving tamper resistant circuitry and on chip cryptographic engines etc. which is used in some relatively expensive, re-usable RFID tags suitable for shipping containers and to some extent in transport pre-payment cards etc. e.g. the Oyster Card. These technologies are not yet cheap enough to be incorporated into "5 cent" disposable smart labels for individual consumer items.

MI5 expansion story spin

|

The relationship between the traditional TV, Radio and Newspaper media and the the Government is particularly murky when it comes to "intelligence agency" stories.

This weekend's "scoop" by the BBC of the apparent details about the forthcoming plans to expand the Security Service MI5 from by around 1000 new recruits (about a 50% increase in staff) on Saturday afternoon, is typical. How did the BBC get such a story ? According to the Sunday Times, a briefing was given by a senior Home Office official.

All the other TV news media outlets followed the BBC story i.e. they cloned an edited, unattributed version, even apparently quoting the same Tory opposition spokeman exactly.

The Observer devotes a front page article to the story and throws in speculation about the use of "telephone intercepts" as evidence in court. This is despite the Home Secretary David Blunkett's previous media spin after his comments on his foreign trip to India and Pakistan that he would be publishing a discussion paper at the end of the month.

"However a liberal consensus is now growing over allowing intercepted communications - so-called 'electronic eavesdropping' on phone calls - to be admissible in court"

That must mean that we are not part of this "liberal consensus":

  • Did public revelations in a US Court about the phone intercepts of Osama bin Laden's Satellite Phone really help in the war on terrorism ?

  • With the Voice Morphing computer technology available even today, how will it be possible to prove in court, that "telephone intercept" evidence from the security services has not been edited or faked ?

It would be astonishing if the Home Secretary commited himself to such a major change in policy, which would involve wholesale changes to the hugely controversial and complicated Regulation of Investigatory Powers Act, either on Monday or on Wednesday when he is due to reply to the Privy Council report on his controversial Anti-Terrorism Crime and Security Act.

Why is Parliament content to let the Home Secretary "spin", "leak" and "brief" newspapers and tv media about major policy changes affecting National Security, such as reducing the burden of proof in terrorist trials or expanding MI5, before an official statement has been made to Parliament ?

Why are the media so desparate to provide partial reporting and inaccurate "instant" analysis ahead of such official announcements, and then ignore the details of the policy and its knock on implications as "old news" once the policy has been announced ?

Is it really too much to expect Sunday newspapers to comment on and analyse in depth a Government policy statement made the week before they publish rather than to attempt to speculate on leaks and briefings about a statement of policy due in the following week ?

Of course, some news media are still insulting their readers' intelligence, by illustrating their versions of the MI5 story with photographs of the distinctive MI6 Secret Intelligence Service building at Vauxhall Cross, rather than the MI5 Thames House headquarters on the other side of the river Thames between the Millbank tower and Parliament.

ITV News website main headline Sat 21 Feb 2004

ITV News website Saturday 9.36PM, 21 Feb 2004

ITV News website, Sunday 11.12AM, 22 Feb 2004

MI5 the Security Service set to expand by 50%

|

The BBC reports that "MI5 expands to meet terror threat" .

MI5, the Security Service, is, apparently, set to recruit 1,000 extra staff (they currently employ some 1,900 people) including Arabic speakers and more surveillance staff who need to be

"able to blend into the background. We are looking for average height, build, appearance etc. Applicants therefore would ideally be no taller than 1.80m (5'11") for men and 1.73m (5'8") for women."

N.B. these MI5 recruits will be spying on people at home in the UK, not acting as "glamorous" James Bond style foreign secret agents.

Will this really help to achieve the Home Office's motto of "Building a safe, just and tolerant society" or will the balance shift even further in the direction of police state repression and Big Brother snooping, thereby playing into the hands of the terrorists who aim to destroy our precious democratic freedoms and liberties ?

It is interesting, that despite the Government versus BBC animosity over the Hutton Inquiry report, the BBC was still chosen to be "briefed" or to be the recipients of a "leak", prior to any formal statement by the Home Secretary to Parliament, which is where this story should have been announced first. This calls into question the alleged "independence" of the BBC from central Government.

BA223 name changes to BA293

|

According to ITV news, the British Airways daily 15:05 scheduled flight from London Heathrow to Washington Dulles airport is to be renamed after March 28th from BA223 to BA293. and will be scheduled to depart 5 minutes earlier at 15:00.

Will this really make it any safer to fly over the Atlantic ?

Will BA293 really be delayed less frequently by the wolf crying security bureaucracies than BA223 ?

Work and Pensions & Inland Revenue Longitudinal Study

|

It is just so hard keeping up to date with all the potential privacy threats by all the UK Government departments:

The Department for Work and Pensions Longitudinal Study was announced in Parliament in a written statement by the Secretary of State for Work and Pensions Andrew Smith on the 16th December 2003:

"The Secretary of State for Work and Pensions (Andrew Smith): From January 2004, the Work and Pensions longitudinal study will link benefit and programme information held by the DWP on its customers, with employment records from the Inland Revenue.

This follows the Employment Act 2002 which introduced new data sharing provisions. This opened the way for the DWP to receive more data on employment from Inland Revenue and use the information for more purposes. The DWP and Inland Revenue have been working together to enable this data sharing to take place and to develop safeguards for the initiative.

The Work and Pensions Longitudinal Study will be used to perform a range of statistical and research analyses, as well as being used for some limited operational purposes, to give the Department further opportunities to evaluate the effectiveness of its businesses. It will, for example:

  • provide statistics, management information and research on the success of Jobcentre Plus in helping people into work and keeping them in work;
  • help to evaluate individual DWP policies and their impact in the short, medium and long-term;
  • help to ensure that pensioners receive the money they're entitled to;
  • aid in the investigation of benefit fraud; and
  • improve targeted information and marketing to clients.

The DWP have a legal and ethical responsibility to ensure that the Work and Pensions longitudinal study is used appropriately. We have, therefore, developed a set of safeguards around access rights, system monitoring, storage/retention of the information and vetting new uses. Information on this and a full range of the study's uses, has been placed in the Library and on the DWP website at http://www.dwp.gov.uk/asd/longitudinal_study/ic_longitudinal_study.asp"

Some obvious questions not answered by the Safeguards section of the DWP website:

  1. By inviting new "business cases" to be judged, it seems that there is no limited scope to this "Study". Should it in fact be more properley decribed as open ended "Gateway" process, permanently linking the DWP and IR databases, which will never end ?
  2. Where is the publicly available Privacy Policy under which this study will take place ?
  3. The study has already started in January 2004, so who exactly is serving on the Ethics Committee and how can they be contacted ?
  4. Will this just be a random selection of records from the Department for Work and Pensions and the Inland Revenue, or will it attempt to analyse and cross reference all of them ?
  5. How often will the combined datasets be compiled ? Will this be on a batch basis, or on demand ?
  6. Will external academic or commercial consultants be used to conduct this study, or will access be confined to civil service statisticians and IT staff ?
  7. Will the Inland Revenue be given reciprocal access to the Department for Work and Pensions records ?
  8. With whom will the combined datasets be shared, and why ?
  9. How long will such combined datasets be retained for ?
  10. Will such combined datasets be destroyed once the statistics have been aggregated ?
  11. Will explicit individual permission be sought from each person whose data is to be analysed by this study or not ?
  12. Will individuals have to play ?10 Data Protection Act roulette in order to ascertain if their records have been "studied" yet or not ?
  13. Why is abuse by DWP employees only considered to be an internal disciplinary offence, and not to be prosecuted criminally under the Official Secrets Act, especially as the individually identifiable data is to be Protectively Marked at the level of "Confidential" ?

The Bichard Inquiry which was set up after the notorious Soham murders, seems, through the online publication of evidence on its website, to be slightly lifting the veil of secrecy and obscurity employed by the police, legal, health and education bureaucracies with respect to criminal records and so called "soft intelligence", akin somehat to the Hutton Inquiry.

There is interesting evidence from PITO the Police Information Technology Organisation about the PNC (Police National Computer), and the new ViSOR (Violent Offender and Sexual Offender Register) system (which, astonishingly, does not seem to be available to the Probation Service).

There is the worrying results of the Criminal Records Bureau initial audit of the accuracy of data from the PNC .

N.B. this accuarcy audit gives a false impression of how the accurate the transfer of convictions from the court systems into the Police National Computer is. Address information was deliberately excluded as being too difficult to check for errors in the 5000 or so record sample.

Previous audits have hinted at just how bad this data really is e.g. the article in the now defunct Punch magazine: "Police computer puts justice at risk"

This has serious implications for the debate on Biometric ID Cards. If the National ID Register is as bad as the PNC, then there will be at least 3.6 million inaccurate or missing records - how will this help to combat terrorism, illegal immigration etc. as claimed by the Home Office ?

Hopefully the Bichard Inquiry will investigate the inconsistencies in the application of data retention policies by different Police forces with respect to "soft intelligence" covered by the Data Protection Act, despite centrally available guidance and the massive exemptions for the Police etc. which are built into this weakly enforced and over complicated Act.

As has been pointed out by the evidence from PAT, the Professional Association of Teachers, there are many levels of "soft intelligence" and in the rush to close the deficiencies highlighted in the Soham murders case, we should not ruin the lives and careers of innocent teachers, health workers and police officers etc. who regularly have to face rumours, false allegations and libels.

Why should anyone trust the CRISP (Cross Regional Information Sharing Proposal) being run by the crapitised Criminal Records Bureau to share "soft intelligence" accross 12 police forces ?

DVLA electronic Driving Licence consultation

|

The Driver Vehicle Licensing Agency has today issued a consultation document:
The Future of the Counterpart to the Photocard Driving Licence

It is seems that the DVLA's preferred option is for a Smart Card with a massive central database run by themselves, rather than another Government Agency.

No indication is given of the additional costs which would be involved with each of the DVLA's suggested options.

This document does not bother to explain any of the Privacy implications of the various options which they are suggesting.

There is no mention of the Home Office's Biometric ID Card plans, nor of the various suggestions about possible combined ID Card and Driving Licence and /or Passport.

There is no mention of the Office of National Statistics/ Treasury Citizien Information Project population register.

There is no mention of the existing Data Sharing of DVLA data with the Passport Office and others.

There is no mention of whether or not the DVLA actually should be permitted to continue to store personally sensitive data such as Address information which it shares with other agencies or commercial companies without the explicit permission of the Data Subjects.

The Driving Licence is not currently, and should never become in the future, a de facto ID Card.

"3.4 Please send your responses to:

David Houston
Drivers Policy Group
Driver and Vehicle Licensing Agency
Swansea Vale 2
Sandringham Park
Swansea SA7 0EP

Telephone number 01792 765264
Fax number 01792 765242
E.mail : david.houston@dvla.gsi.gov.uk

3.5 Internet responses may be sent using the electronic version of this document available at http://www.dvla.gov.uk and sent to Mr. Houston's e-mail address given above. The closing date for responses is 31 May 2004.

3.6 Additional copies of this document may be obtained by telephoning 01792 765264 or 01792 765251 and leaving your name and address.

3.7 If you have any questions about the consultation or require clarification of any matters in the document you may send them to David Houston by post, fax or e-mail to the address above."

Foiling the Oyster Card

| | Comments (37) | TrackBacks (2)

Many people are worried about the privacy implications of the new Transport for London Oyster Smart Card. This promises greater convenience (and some introductory discounted fares) for travel on London Underground railways and Bus services, at the cost of greater surveillance of individuals, since each Oyster Card is uniquely numbered, and has to be swiped at the start and end of each journey. This self tracking behavior is reinforced by the poster advertising campaign and the policy of charging the maximum possible fare unless you swipe the card past the reader at the end of your journey, not just at the start.

The season ticket versions of the card have name and address and credit card details associated with them. Even the new pre-pay cards, which are more anonymous, unless you use a credit card or choose to register the card, still have a unique tracking serial number which can be tied to the omnipresent CCTV Surveillance on London Underground, and increasingly even on London Buses.

The system uses contactless MIFARE based smart cards with distinctive yellow readers at Tube station barriers and on buses.

There is no authentication mechanism e.g. a Personal Identification Number as with "Chip and PIN" credit cards, it depends only on whether the Oyster card is within range of a reader, typically 10 centimetres or so for the readers currently deployed by Transport for London (which is far less than what the equipment is actually capable of). The only security against being accidentaly overcharged or having your private details read or associated with a particular Oyster Card by people operating their own MIFARE scanners, is to shield the Oyster Card from unwanted radio signals. These private details includes information about the last 10 or so trips that you have made, which is data stored directly on the card, and which will be available to the 3rd party retailers who come on board the "electronic purse" aspects of the scheme.

The MIFARE system uses one of the Industrial Scientific Medical licence free frequencies at 13.56 MHz, so it is not illegal for other people to have or to use their own reader equipment.

One way to preserve your privacy somewhat is to shield the Oyster Card with aluminium kitchen foil. This seems to block the readers on the charge up ticket machines even when only the back of the Oyster Card is shielded i.e. you have to remove the Oyster Card from the shielded holder for it to be read/charged up:

Foiling_the_Oyster_Card.jpg

Even if, like us, you do not think that non-Oyster Card readers are very common yet, there is still a case for shielding your Oyster Card. especially the pre-paid one which currently only operates in the central zones 1 to 3. If you travel into London from outside these zones, on a paper ticket which you present to the slot in a Tube ticket barrier on your right, you do not want money to be deducted from your zone 1 to 3 Oyster Card as well - it depends on your physical size as to how close the Oyster Card readers are to whatever pocket or handbag etc you keep your card in.

Similar use of aluminium foil to line pockets or handbags or shopping bags etc. will also block RFID tags on consumer items which have not been "killed" or disabled at the checkout (again, more of a potential problem in the future, rather than a big risk at the moment).

However, if you choose to use such radio frequency shielding techniques, be aware, that you currently run the risk of being suspected of carrying concealed weapons or explosives by the operators of the still rare but controversial "see under your, or your childrens', clothes" Passive Millimetre Wave Radar cameras and scanners being tested by the Police and other military security forces.

HAC ID cards oral evidence 3rd Feb transcript online

|

The Home Affairs Committee inquiry into ID Cards uncorrected oral evidence transcript from the Law Society, Liberty, Privacy International and the Information Commissioner, taken on February 3rd 2004 is now online:

http://www.publications.parliament.uk/pa/cm200304/cmselect/cmhaff/uc130-ii/uc13002.htm

BA 223 to be cancelled yet again

|

Monday 15th February's British Airways flight BA223 from London Heathrow to Washington Dulles airport seems to have been cancelled on "security advice" from the government.

http://news.bbc.co.uk/2/hi/uk_news/3481725.stm

Could someone please explain what conceivable threat or breach of security could there be to BA223, that would not also endanger any other flight from Heathrow ?

If there is a genuine credible threat, which the authorities know about ahead of time, then why does this not also apply to every other flight ? Is Heathrow security really so bad ? Are terrorists incapable of choosing other targets of opportunity ?

If some of the 184 passengers booked on this flight are terrorists suspects, why are they being allowed to re-book onto different flights ?

What are the US and UK security bureaucracies and Government media manipulators playing at, apart from helping terrorists win the "War on Tourism" ?

HAC oral evidence ID Cards - 10th Feb 2004

|

The House of Commons Home Affairs Committee met at 2.30 pm on Tuesday 10 February in the Thatcher Room, Portcullis House. They heard evidence from Martin Hall, Director General, Finance and Leasing Association; Councillor Gerald Vernon-Jackson, the Local Government Association; and Jan Berry, Chairman, the Police Federation on Identity Cards.

The uncorrected transcript of this session is now available online on the Parliament website, eventually.

The BBC Parliament TV channel broadcast this session on Sunday 15th February 2004 staring at 18:00.

Our impressions of the session:

As the Chairman John Denham summarised, each of the organisations which gave evidence were broadly supportive of the idea of a National ID scheme, but they all wanted something at odds with the vague Home Office plans so far presented.

Serious Organised Crime Agency announced

| | Comments (4)

The Home Office has announced a few details about the the new Serious Organised Crime Agency:

NEW UK-WIDE ORGANISED CRIME AGENCY POOLING EXPERTISE TO TRACK DOWN THE CRIME BOSSES

"Reference: 058/2004 - Date: 9 Feb 2004 10:38
An elite squad of specialist investigators will take on the new challenge of fighting modern organised crime in the 21st century, the Home Secretary announced today.

Modern organised criminals operate across global networks using hi-tech communications and technology. The new UK-wide Serious Organised Crime Agency will bring together world-class experts including hi-tech and financial specialists and those with criminal intelligence and investigative skills. It will exploit hi-tech 21st century technology to uncover the new wave of crime bosses whose lucrative illegal enterprises range from drug trafficking and people smuggling through to fraud and money laundering.


A policy paper, to be published next month, will set out the Government?s comprehensive strategy to tackle organised crime and arrangements for the new agency in more detail."

Notes to Editors:

The single organised crime agency will bring together the responsibilities which currently fall to the National Criminal Intelligence Service, the National Crime Squad, Home Office responsibilities for organised immigration crime and the investigation and intelligence responsibilities of HM Customs and Excise in tackling serious drug trafficking and recovering related criminal assets. It will be centrally funded.

A Taskforce is being set up to consider the most appropriate form of governance for the single agency. It will comprise representatives of each organisation that will make up the single organised crime agency, will consult widely with stakeholders and report to Ministers within a month.

The Government will be appointing an executive search agency immediately to help in the quest for a Chairman and Director-General.

The earliest legislative opportunity will be sought to seek Parliament?s approval for the necessary legislative changes needed to create the new agency."

What does this mean for the National High Tech Crime Unit of the National Crime Squad ?

What does this mean for the Serious Fraud Office ?

What does this mean for the new Assets Recovery Agency ?

A new British "Organised Crime Agency" is due to be announced by the Prime Minister and Home Secretary later on today, according to the usual media manipulation leaks.

Will the concentration in power drawn from the National Crime Squad, the National Criminal Intelligence Service and the investigative branches of the Immigration Service and of Customs & Excise actually do a better job than the current setup, where cooperation between departments has in theory been good, but in practice seems to have fallen foul of the usual turf wars and empire building that state security bureaucracies always seem to indulge themselves in at the taxpayers expense.

Just how effectively will the appalling state of Her Majesty's Customs & Excise investigations be addressed by this new Agency, or will HMCE still retain an invesigative branch ?

Customs officers' perjury in fraud trials exposed

Sylvia Jones
Monday February 9, 2004
The Guardian

A group of customs officers systematically committed perjury in court and lied to judges in secret hearings or allowed others to do so, according to evidence seen by the Guardian.

"Customs bosses have been formally warned by police that at least 16 officials from all ranks, including the solicitors' office in charge of the LCB prosecutions, could be charged with offences including perjury, perverting the course of justice and malfeasance in a public office."

There will, presumably have to be new Statutory Instruments to allow this new Agency rather than the National Crime Squad or the National Criminal Intelligence Service to conduct Electronic Surveillance and to use Covert Human Informants under the Regulation of Investigatory Powers Act.

The disgraceful turf wars, lack of coordination and duplication of effort, between various UK police and intelligence agencies was described last year by Nick Davies in the Guardian.

Culture of muddle hinders fight (part two

"The system from hell

 

 Terror

 Drugs

Human Traffic

Migrant

Fiscal

  The Security Service MI5

 Yes

 Yes

 No

No

No

Special Branch

Yes

No

No

No

No

National Crime Squad

 No

 Yes

Yes

No

No

National Criminal Intelligence Service  

 No

Yes

Yes

 No

No

 Her Majesty's Customs and Excise

 No

Yes

No

No

Yes

Immigration Service

 No

No

No(!)

Yes

No

 The Secret Service MI6

 Yes

Yes

Yes

No

No

 GCHQ

 Yes

Yes

No

No

No(!)

So what exactly will the "Organised Crime Agency" tackle, and will the existing agencies still duplicate their work ?

Will it be truely National. i.e. will it include Scotland and Northern Ireland ?

Will there be extra funding for this new Agency ?

What are the limits on its power, and who audits those powers ?

What will the complaints procedure be ?

Or is this just going to be yet another Government soundbite policy ?

Passport Office price increases and data sharing

|

How long before a UK "ID Card" costs over £150 ?

Computer Weekly has an article, also picked up on Kablenet, which shows how the Passport Office is planning to use commercial databases like Experian as part of its ID document checking, but is also going to reduce the validity period of a Passport from 10 years to only 5 years.

"The Home Office confirmed last year that the introduction of biometrics would be paid for by raising the cost of passports from £42 to £73 and driving licences from £38 to £73. But under the latest proposals, the public could have to pay for new passports every five years rather than every 10, effectively doubling the price."

The price of a Passport went up last October 2003 from £33 to £42 (i.e. a 21% increase) to pay for "extra security", and that the recent change in the Birth Certificate requirement for first time passports to no longer accept the cheaper "short" certificate, which means that a lot of people are going to have to get a "full" birth certificate costing £11.50

Is this all part of a plan so as to be able to offer discounts to those who sign up for a "Voluntary" Biometric ID Card ?

Here is an impression of Richard Thomas, the Information Commissioner's oral evidence on Tuesday 3rd February 2004, to the House of Commons Home Affairs Committee Inquiry into ID Cards. He did pretty well in his session, making some powerful points which had John Denham, the chairman and his colleagues looking very thoughtful.

The Information Commissioner's official position, prior to the detailed publication of the Government's detailed plans is one of "healthy skepticism", which has not changed from his opinions expressed during the consultation process.

He has a statutory duty to rule on the ID card system, but obviously, like the rest of us, can only speculate on the devilish detail, which has not yet been produced by the Home Office, but which might be clearer when the Draft ID Cards Bill is eventually published.

He seemed to be very aware about the privacy dangers of massive centralised databases, and the danger of "function creep".

He plainly told the Committee that he wants fundamental
privacy safeguards written "on the face of the Bill", not in secondary legislation and that this has to apply to both the "voluntary" stages of the scheme and the "compulsory" ones He wants these to include a clear statement of what the permitted uses of the ID Card are, and what the restrictions are.

He specifically called for the prohibition against "stop and search" powers by the police regarding the ID Card, to be explicitly written in to the wording of the Bill, rather than merely having an implied absence of such a power.

He would be "unhappy" (which is a strong hint that he would rule as being illegal under the Data Protection Act) if, for example, either the National Insurance Number (NINO) or an Address appearing on the card itself (either stored inside the chip, or printed on the outside ?).

He would be "unhappy"/(rule as illegal ?) if organisations e.g. commercial ones, which are not officially empowered by the Bill, demand the ID Card or discriminate against people who cannot produce one, rather than using it as just one component of a "Biographical Footprint". He clarified that this even applied to the financial services rules about establishing identity to reduce money laundering, where he said that there was a choice of acceptable identifying primary documentation.

He pointed out there are different issues between the ID Card itself and the centralised Register.

He wants it clearly stated who has access to the National Identity Register.

When asked about the relationship between the Office of National Statistics / Treasury plan for a Citizen Identification Project and whether this would be suitable for the basis of the National ID Card Register, his answer was, "good question", there has been nothing detailed published from the Home Office or recently from the ONS or said to him in private about this yet.

He pointed out that all the European countries with various forms of much less sophisticated ID Cards than what is being proposed, are all subject to powers of search and inspection by their equivalent Data Protecion commissioners.

He floated some ideas about whether the scant mention of "independent oversight" should be an Independent Authority acting to police an ID Card scheme, with his office acting as a backstop for Data Protection issues, or wether his office should take up the role, which , given the massive scale of the project would require extra resources. He was not sure if there would actually be any such independent oversight in the Government's plans.

The question of database quality was raised.

When asked about whether his proposed Independent Oversight body should rule on the suitability of exisiting Government databases, he said that, as an existing statutory independent commissioner, he could officially tell the Committee right now, that the use of the existing DVLA driving licence and Passport databases would be a "nightmare", and he welcomed the apparent plan to start afresh, just using the existing systems for confirmation checking.

Jonathan Bamford answered a question or two on Biometrics, but this deserves a whole session on its own. He did express doubts about the need for multiple biometrics, but unfortunately what seemed to have stuck in the MP's mind was the "one in a billion" comment which Simon Davies from Privacy International had mentioned earlier, without his qualifier that this was just a soundbite figure and not actually true.

Richard Thomas also called for a Privacy Impact Assessment of the proposed scheme

The BBC Parliament TV channel broadcast this session on Sunday 8th February from 18:00 - 19:50.

The full transcript of this session is now online on the Parliament website.

UK passenger profiling

|

It seems that Her Majesty's Customs and Excise have issued a Request for Information to see who can sell them an
easy to use passenger profiling system. Presumably the existing system is not easy to use.

The tender notice published in the Official Journal of the European Union states:

Title: UK-Salford: software development services
Purchase Authority: HM CUSTOMS AND EXCISE, COMMERCE DIVISION
Document Ref: 900367
Published on: 21-Jan-2004
Deadline: N/a.
Contract Type: This is a service contract.
Language: English
Country: United Kingdom
Notice Type: Prior-information procedure
Regulations: This document is regulated by the European Services Directive 92/50/EEC.
Source: Notice published in the European Journal "

"UK-Salford: provision of software tool for retrieval of air passenger
information.

II.2) Nomenclature
II.2.1) Common Procurement Vocabulary (CPV): 72262000.

II.3) Nature and quantity or value of supplies or services for each of
the service categories:

The contracting authority requests information from potential service providers regarding their ability to provide a software tool for retrieving and filtering passenger name record data and check-in information provided by the airlines to UK Customs.

This tool will apply risk-based profiles to the name records and automatically highlight those passengers thought to pose a threat to Customs controls.

The tool must offer ease of use to non-specialist Customs staff and be capable of eventual application across the UK Customs network.

Interested parties should be aware that the information provided by the airlines is currently accessed by Customs on various airlines' systems and not through a common interface or gateway."

Is this a UK version of controversial USA passenger profiling systems like CAPPS or CAPPS 2 or TIA ?

Will there be a similar outcry to the JetBlue and Delta airlines debacles where "test data" was handed over in secret to NASA, the US Army etc. ?

Will Autonomy or i2 or Qinetiq or other suppliers of intelligence visualisation or search tools get their hands on passenger data ?

Will this HMCE system end up as a parallel system which does not communicate effectively with the Immigration and MI5 anti-terrorists systems, despite leaching and datamining the same personal data belonging to passengers ?

What safeguards are there in the existing system and in this proposed one, to protect against racial profiling or trawling through the credit card data of the majority of innocent passengers ?

About this blog

This United Kingdom based blog attempts to draw public attention to, and comments on, some of the current trends in ever cheaper and more widespread surveillance technology being deployed to satisfy the rapacious demand by state and corporate bureaucracies and criminals for your private details, and the technological ignorance of our politicians and civil servants who frame our legal systems.

The hope is that you the readers, will help to insist that strong safeguards for the privacy of the individual are implemented, especially in these times of increased alert over possible terrorist or criminal activity. If the systems which should help to protect us can be easily abused to supress our freedoms, then the terrorists will have won.

We know that there are decent, honest, trustworthy individual politicians, civil servants, law enforcement, intelligence agency personnel and broadcast, print and internet journalists etc., who often feel powerless or trapped in the system. They need the assistance of external, detailed, informed, public scrutiny to help them to resist deliberate or unthinking policies, which erode our freedoms and liberties.

Email & PGP Contact

Please feel free to email your views about this blog, or news about the issues it tries to comment on.

blog@spy[dot]org[dot]uk

Our PGP public encryption key is available for those correspondents who wish to send us news or information in confidence, and also for those of you who value your privacy, even if you have got nothing to hide.

We wiil use this verifiable public key (the ID is available on several keyservers, twitter etc.) to establish initial contact with whistleblowers and other confidential sources, but will then try to establish other secure, anonymous communications channels, as appropriate.

Current PGP Key ID: 0x1DBD6A9F0FACAD30 which will expire on 29th August 2021.

pgp-now.gif
You can download a free copy of the PGP encryption software from www.pgpi.org
(available for most of the common computer operating systems, and also in various Open Source versions like GPG)

We look forward to the day when UK Government Legislation, Press Releases and Emails etc. are Digitally Signed so that we can be assured that they are not fakes. Trusting that the digitally signed content makes any sense, is another matter entirely.

Hints and Tips for Whistleblowers and Political Dissidents

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

Links

Watching Them, Watching Us

London 2600

Our UK Freedom of Information Act request tracking blog

WikiLeak.org - ethical and technical discussion about the WikiLeaks.org project for anonymous mass leaking of documents etc.

Privacy and Security

Privacy International
United Kingdom Privacy Profile (2011)

Cryptome - censored or leaked government documents etc.

Identity Project report by the London School of Economics
Surveillance & Society the fully peer-reviewed transdisciplinary online surveillance studies journal

Statewatch - monitoring the state and civil liberties in the European Union

The Policy Laundering Project - attempts by Governments to pretend their repressive surveillance systems, have to be introduced to comply with international agreements, which they themselves have pushed for in the first place

International Campaign Against Mass Surveillance

ARCH Action Rights for Children in Education - worried about the planned Children's Bill Database, Connexions Card, fingerprinting of children, CCTV spy cameras in schools etc.

Foundation for Information Policy Research
UK Crypto - UK Cryptography Policy Discussion Group email list

Technical Advisory Board on internet and telecomms interception under RIPA

European Digital Rights

Open Rights Group - a UK version of the Electronic Frontier Foundation, a clearinghouse to raise digital rights and civil liberties issues with the media and to influence Governments.

Digital Rights Ireland - legal case against mandatory EU Comms Data Retention etc.

Blindside - "What’s going to go wrong in our e-enabled world? " blog and wiki and Quarterly Report will supposedly be read by the Cabinet Office Central Sponsor for Information Assurance. Whether the rest of the Government bureaucracy and the Politicians actually listen to the CSIA, is another matter.

Biometrics in schools - 'A concerned parent who doesn't want her children to live in "1984" type society.'

Human Rights

Liberty Human Rights campaigners

British Institute of Human Rights
Amnesty International
Justice

Prevent Genocide International

asboconcern - campaign for reform of Anti-Social Behavior Orders

Front Line Defenders - Irish charity - Defenders of Human Rights Defenders

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

Reporters without Borders internet section - news of internet related censorship and repression of journalists, bloggers and dissidents etc.

Judicial Links

British and Irish Legal Information Institute - publishes the full text of major case Judgments

Her Majesty's Courts Service - publishes forthcoming High Court etc. cases (but only in the next few days !)

House of Lords - The Law Lords are currently the supreme court in the UK - will be moved to the new Supreme Court in October 2009.

Information Tribunal - deals with appeals under FOIA, DPA both for and against the Information Commissioner

Investigatory Powers Tribunal - deals with complaints about interception and snooping under RIPA - has almost never ruled in favour of a complainant.

Parliamentary Opposition

The incompetent yet authoritarian Labour party have not apologised for their time in Government. They are still not providing any proper Opposition to the current Conservative - Liberal Democrat coalition government, on any freedom or civil liberties or privacy or surveillance issues.

UK Government

Home Office - "Not fit for purpose. It is inadequate in terms of its scope, it is inadequate in terms of its information technology, leadership, management systems and processes" - Home Secretary John Reid. 23rd May 2006. Not quite the fount of all evil legislation in the UK, but close.

No. 10 Downing Street Prime Minister's Official Spindoctors

Public Bills before Parliament

United Kingdom Parliament
Home Affairs Committee of the House of Commons.

House of Commons "Question Book"

UK Statute Law Database - is the official revised edition of the primary legislation of the United Kingdom made available online, but it is not yet up to date.

FaxYourMP - identify and then fax your Member of Parliament
WriteToThem - identify and then contact your Local Councillors, members of devolved assemblies, Member of Parliament, Members of the European Parliament etc.
They Work For You - House of Commons Hansard made more accessible ? UK Members of the European Parliament

Read The Bills Act - USA proposal to force politicians to actually read the legislation that they are voting for, something which is badly needed in the UK Parliament.

Bichard Inquiry delving into criminal records and "soft intelligence" policies highlighted by the Soham murders. (taken offline by the Home Office)

ACPO - Association of Chief Police Officers - England, Wales and Northern Ireland
ACPOS Association of Chief Police Officers in Scotland

Online Media

Boing Boing

Need To Know [now defunct]

The Register

NewsNow Encryption and Security aggregate news feed
KableNet - UK Government IT project news
PublicTechnology.net - UK eGovernment and public sector IT news
eGov Monitor

Ideal Government - debate about UK eGovernment

NIR and ID cards

Stand - email and fax campaign on ID Cards etc. [Now defunct]. The people who supported stand.org.uk have gone on to set up other online tools like WriteToThem.com. The Government's contemptuous dismissal of over 5,000 individual responses via the stand.org website to the Home Office public consultation on Entitlement Cards is one of the factors which later led directly to the formation of the the NO2ID Campaign who have been marshalling cross party opposition to Labour's dreadful National Identity Register compulsory centralised national biometric database and ID Card plans, at the expense of simpler, cheaper, less repressive, more effective, nore secure and more privacy friendly alternative identity schemes.

NO2ID - opposition to the Home Office's Compulsory Biometric ID Card
NO2ID bulletin board discussion forum

Home Office Identity Cards website
No compulsory national Identity Cards (ID Cards) BBC iCan campaign site
UK ID Cards blog
NO2ID press clippings blog
CASNIC - Campaign to STOP the National Identity Card.
Defy-ID active meetings and protests in Glasgow
www.idcards-uk.info - New Alliance's ID Cards page
irefuse.org - total rejection of any UK ID Card

International Civil Aviation Organisation - Machine Readable Travel Documents standards for Biometric Passports etc.
Anti National ID Japan - controversial and insecure Jukinet National ID registry in Japan
UK Biometrics Working Group run by CESG/GCHQ experts etc. the UK Government on Biometrics issues feasability
Citizen Information Project feasability study population register plans by the Treasury and Office of National Statistics

CommentOnThis.com - comments and links to each paragraph of the Home Office's "Strategic Action Plan for the National Identity Scheme".

De-Materialised ID - "The voluntary alternative to material ID cards, A Proposal by David Moss of Business Consultancy Services Ltd (BCSL)" - well researched analysis of the current Home Office scheme, and a potentially viable alternative.

Surveillance Infrastructures

National Roads Telecommunications Services project - infrastruture for various mass surveillance systems, CCTV, ANPR, PMMR imaging etc.

CameraWatch - independent UK CCTV industry lobby group - like us, they also want more regulation of CCTV surveillance systems.

Every Step You Take a documentary about CCTV surveillance in the Uk by Austrian film maker Nino Leitner.

Transport for London an attempt at a technological panopticon - London Congestion Charge, London Low-Emission Zone, Automatic Number Plate Recognition cameras, tens of thousands of CCTV cameras on buses, thousands of CCTV cameras on London Underground, realtime road traffic CCTV, Iyster smart cards - all handed over to the Metropolitan Police for "national security" purposes, in real time, in bulk, without any public accountibility, for secret data mining, exempt from even the usual weak protections of the Data Protection Act 1998.

RFID Links

RFID tag privacy concerns - our own original article updated with photos

NoTags - campaign against individual item RFID tags
Position Statement on the Use of RFID on Consumer Products has been endorsed by a large number of privacy and human rights organisations.
RFID Privacy Happenings at MIT
Surpriv: RFID Surveillance and Privacy
RFID Scanner blog
RFID Gazette
The Sorting Door Project

RFIDBuzz.com blog - where we sometimes crosspost RFID articles

Genetic Links

DNA Profiles - analysis by Paul Nutteing
GeneWatch UK monitors genetic privacy and other issues
Postnote February 2006 Number 258 - National DNA Database (.pdf) - Parliamentary Office of Science and Technology

The National DNA Database Annual Report 2004/5 (.pdf) - published by the NDNAD Board and ACPO.

Eeclaim Your DNA from Britain's National DNA Database - model letters and advice on how to have your DNA samples and profiles removed from the National DNA Database,in spite of all of the nureacratic obstacles which try to prevent this, even if you are innocent.

Miscellanous Links

Michael Field - Pacific Island news - no longer a paradise
freetotravel.org - John Gilmore versus USA internal flight passports and passenger profiling etc.

The BUPA Seven - whistleblowers badly let down by the system.

Tax Credit Overpayment - the near suicidal despair inflicted on poor, vulnerable people by the then Chancellor Gordon Brown's disasterous Inland Revenue IT system.

Fassit UK - resources and help for those abused by the Social Services Childrens Care bureaucracy

Former Spies

MI6 v Tomlinson - Richard Tomlinson - still being harassed by his former employer MI6

Martin Ingram, Welcome To The Dark Side - former British Army Intelligence operative in Northern Ireland.

Operation Billiards - Mitrokhin or Oshchenko ? Michael John Smith - seeking to overturn his Official Secrets Act conviction in the GEC case.

The Dirty Secrets of MI5 & MI6 - Tony Holland, Michael John Smith and John Symond - stories and chronologies.

Naked Spygirl - Olivia Frank

Blog Links

e-nsecure.net blog - Comments on IT security and Privacy or the lack thereof.
Rat's Blog -The Reverend Rat writes about London street life and technology
Duncan Drury - wired adventures in Tanzania & London
Dr. K's blog - Hacker, Author, Musician, Philosopher

David Mery - falsely arrested on the London Tube - you could be next.

James Hammerton
White Rose - a thorn in the side of Big Brother
Big Blunkett
Into The Machine - formerly "David Blunkett is an Arse" by Charlie Williams and Scribe
infinite ideas machine - Phil Booth
Louise Ferguson - City of Bits
Chris Lightfoot
Oblomovka - Danny O'Brien

Liberty Central

dropsafe - Alec Muffett
The Identity Corner - Stefan Brands
Kim Cameron - Microsoft's Identity Architect
Schneier on Security - Bruce Schneier
Politics of Privacy Blog - Andreas Busch
solarider blog

Richard Allan - former Liberal Democrat MP for Sheffield Hallam
Boris Johnson Conservative MP for Henley
Craig Murray - former UK Ambassador to Uzbekistan, "outsourced torture" whistleblower

Howard Rheingold - SmartMobs
Global Guerrillas - John Robb
Roland Piquepaille's Technology Trends

Vmyths - debunking computer security hype

Nick Leaton - Random Ramblings
The Periscope - Companion weblog to Euro-correspondent.com journalist network.
The Practical Nomad Blog Edward Hasbrouck on Privacy and Travel
Policeman's Blog
World Weary Detective

Martin Stabe
Longrider
B2fxxx - Ray Corrigan
Matt Sellers
Grits for Breakfast - Scott Henson in Texas
The Green Ribbon - Tom Griffin
Guido Fawkes blog - Parliamentary plots, rumours and conspiracy.
The Last Ditch - Tom Paine
Murky.org
The (e)State of Tim - Tim Hicks
Ilkley Against CCTV
Tim Worstall
Bill's Comment Page - Bill Cameron
The Society of Qualified Archivists
The Streeb-Greebling Diaries - Bob Mottram

Your Right To Know - Heather Brooke - Freedom off Information campaigning journalist

Ministry of Truth _ Unity's V for Vendetta styled blog.

Bloggerheads - Tim Ireland

W. David Stephenson blogs on homeland security et al.
EUrophobia - Nosemonkey

Blogzilla - Ian Brown

BlairWatch - Chronicling the demise of the New Labour Project

dreamfish - Robert Longstaff

Informaticopia - Rod Ward

War-on-Freedom

The Musings of Harry

Chicken Yoghurt - Justin McKeating

The Red Tape Chronicles - Bob Sullivan MSNBC

Campaign Against the Legislative and Regulatory Reform Bill

Stop the Legislative and Regulatory Reform Bill

Rob Wilton's esoterica

panGloss - Innovation, Technology and the Law

Arch Rights - Action on Rights for Children blog

Database Masterclass - frequently asked questions and answers about the several centralised national databases of children in the UK.

Shaphan

Moving On

Steve Moxon blog - former Home Office whistleblower and author.

Al-Muhajabah's Sundries - anglophile blog

Architectures of Control in Design - Dan Lockton

rabenhorst - Kai Billen (mostly in German)

Nearly Perfect Privacy - Tiffany and Morpheus

Iain Dale's Diary - a popular Conservative political blog

Brit Watch - Public Surveillance in the UK - Web - Email - Databases - CCTV - Telephony - RFID - Banking - DNA

BLOGDIAL

MySecured.com - smart mobile phone forensics, information security, computer security and digital forensics by a couple of Australian researchers

Ralph Bendrath

Financial Cryptography - Ian Grigg et al.

UK Liberty - A blog on issues relating to liberty in the UK

Big Brother State - "a small act of resistance" to the "sustained and systematic attack on our personal freedom, privacy and legal system"

HosReport - "Crisis. Conspiraciones. Enigmas. Conflictos. Espionaje." - Carlos Eduardo Hos (in Spanish)

"Give 'em hell Pike!" - Frank Fisher

Corruption-free Anguilla - Good Governance and Corruption in Public Office Issues in the British Overseas Territory of Anguilla in the West Indies - Don Mitchell CBE QC

geeklawyer - intellectual property, civil liberties and the legal system

PJC Journal - I am not a number, I am a free Man - The Prisoner

Charlie's Diary - Charlie Stross

The Caucus House - blog of the Chicago International Model United Nations

Famous for 15 Megapixels

Postman Patel

The 4th Bomb: Tavistock Sq Daniel's 7:7 Revelations - Daniel Obachike

OurKingdom - part of OpenDemocracy - " will discuss Britain’s nations, institutions, constitution, administration, liberties, justice, peoples and media and their principles, identity and character"

Beau Bo D'Or blog by an increasingly famous digital political cartoonist.

Between Both Worlds - "Thoughts & Ideas that Reflect the Concerns of Our Conscious Evolution" - Kingsley Dennis

Bloggerheads: The Alisher Usmanov Affair - the rich Uzbek businessman and his shyster lawyers Schillings really made a huge counterproductive error in trying to censor the blogs of Tim Ireland, of all people.

Matt Wardman political blog analysis

Henry Porter on Liberty - a leading mainstream media commentator and opinion former who is doing more than most to help preserve our freedom and liberty.

HMRC is shite - "dedicated to the taxpayers of Britain, and the employees of the HMRC, who have to endure the monumental shambles that is Her Majesty's Revenue and Customs (HMRC)."

Head of Legal - Carl Gardner a former legal advisor to the Government

The Landed Underclass - Voice of the Banana Republic of Great Britain

Henrik Alexandersson - Swedish blogger threatened with censorship by the Försvarets Radioanstalt (FRA), the Swedish National Defence Radio Establishement, their equivalent of the UK GCHQ or the US NSA.

World's First Fascist Democracy - blog with link to a Google map - "This map is an attempt to take a UK wide, geographical view, of both the public and the personal effect of State sponsored fear and distrust as seen through the twisted technological lens of petty officials and would be bureaucrats nationwide."

Blogoir - Charles Crawford - former UK Ambassodor to Poland etc.

No CCTV - The Campaign against CCTV

Barcode Nation - keeping two eyes on the database state.

Lords of the Blog - group blog by half a dozen or so Peers sitting in the House of Lords.

notes from the ubiquitous surveillance society - blog by Dr. David Murakami Wood, editor of the online academic journal Surveillance and Society

Justin Wylie's political blog

Panopticon blog - by Timothy Pitt-Payne and Anya Proops. Timothy Pitt-Payne is probably the leading legal expert on the UK's Freedom of Information Act law, often appearing on behlaf of the Information Commissioner's Office at the Information Tribunal.

Armed and Dangerous - Sex, software, politics, and firearms. Life’s simple pleasures… - by Open Source Software advocate Eric S. Raymond.

Georgetown Security Law Brief - group blog by the Georgetown Law Center on National Security and the Law , at Georgtown University, Washington D.C, USA.

Big Brother Watch - well connected with the mainstream media, this is a campaign blog by the TaxPayersAlliance, which thankfully does not seem to have spawned Yet Another Campaign Organisation as many Civil Liberties groups had feared.

Spy on Moseley - "Sparkbrook, Springfield, Washwood Heath and Bordesley Green. An MI5 Intelligence-gathering operation to spy on Muslim communities in Birmingham is taking liberties in every sense" - about 150 ANPR CCTV cameras funded by Home Office via the secretive Terrorism and Allied Matters (TAM) section of ACPO.

FitWatch blog - keeps an eye on the activities of some of the controversial Police Forward Intelligence Teams, who supposedly only target "known troublemakers" for photo and video surveillance, at otherwise legal, peaceful protests and demonstrations.

Other Links

Spam Huntress - The Norwegian Spam Huntress - Ann Elisabeth

Fuel Crisis Blog - Petrol over £1 per litre ! Protest !
Mayor of London Blog
London Olympics 2012 - NO !!!!

Cool Britannia

NuLabour

Free Gary McKinnon - UK citizen facing extradition to the USA for "hacking" over 90 US Military computer systems.

Parliament Protest - information and discussion on peaceful resistance to the arbitrary curtailment of freedom of assembly and freedom of speech, in the excessive Serious Organised Crime and Police Act 2005 Designated Area around Parliament Square in London.

Brian Burnell's British / US nuclear weapons history at http://nuclear-weapons.info

Syndicate this site (XML):

Follow Spy Blog on Twitter

For those of you who find it convenient, there is now a Twitter feed to alert you to new Spy Blog postings.

https://twitter.com/SpyBlog

Please bear in mind the many recent, serious security vulnerabilities which have compromised the Twitter infrastructure and many user accounts, and Twitter's inevitable plans to make money out of you somehow, probably by selling your Communications Traffic Data to commercial and government interests.

https://twitter.com/SpyBlog (same window)

Recent Comments

  • wtwu: NetIDMe seems to be in process of being wound up read more
  • wtwu: The House of Lords have approved the Regulations, without a read more
  • wtwu: Data Retention and Investigatory Powers Bill Government Note on the read more
  • wtwu: The former Customs Officer and the others involved in dealing read more
  • wtwu: BBC reports the password was $ur4ht4ub4h8 http://www.bbc.co.uk/news/uk-25745989 When Hussain was read more
  • wtwu: "only" an extra 4 months in prison for failing to read more
  • wtwu: Although not confirmed as part of the Wilson Doctrine per read more
  • wtwu: For now (just before Christmas 2013) it appears that the read more
  • wtwu: As expected, the ISC did not give the intelligence agency read more
  • wtwu: N.B. the Intelligence & Security Committee is now legally consituted read more

Categories

Monthly Archives

August 2019

Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

UK Legislation

The United Kingdom suffers from tens of thousands of pages of complicated criminal laws, and thousands of new, often unenforceable criminal offences, which have been created as a "Pretend to be Seen to Be Doing Something" response to tabloid media hype and hysteria, and political social engineering dogmas. These overbroad, catch-all laws, which remove the scope for any judicial appeals process, have been rubber stamped, often without being read, let alone properly understood, by Members of Parliament.

The text of many of these Acts of Parliament are now online, but it is still too difficult for most people, including the police and criminal justice system, to work out the cumulative effect of all the amendments, even for the most serious offences involving national security or terrorism or serious crime.

Many MPs do not seem to bother to even to actually read the details of the legislation which they vote to inflict on us.

UK Legislation Links

UK Statute Law Database - is the official revised edition of the primary legislation of the United Kingdom made available online, but it is not yet up to date.

UK Commissioners

UK Commissioners some of whom are meant to protect your privacy and investigate abuses by the bureaucrats.

UK Intelligence Agencies

Intelligence and Security Committee - the supposedly independent Parliamentary watchdog which issues an annual, heavily censored Report every year or so. Currently chaired by the Conservative Sir Malcolm Rifkind. Why should either the intelligence agencies or the public trust this committee, when the untrustworthy ex-Labour Minister Hazel Blears is a member ?

Anti-terrorism hotline - links removed in protest at the Climate of Fear propaganda posters

MI5 Security Service
MI5 Security Service - links to encrypted reporting form removed in protest at the Climate of Fear propaganda posters

syf_logo_120.gif Secure Your Ferliliser logo
Secure Your Fertiliser - advice on ammonium nitrate and urea fertiliser security

cpni_logo_150.gif Centre for the Protection of National Infrastructure
Centre for the Protection of National Infrastructure - "CPNI provides expert advice to the critical national infrastructure on physical, personnel and information security, to protect against terrorism and other threats."

SIS MI6 careers_logo_sis.gif
Secret Intelligence Service (MI6) recruitment.

gchq_logo.gif
Government Communications Headquarters GCHQ

logo-nca.gif
National Crime Agency - the replacement for the Serious Organised Crime Agency

da_notice_system_150.gif
Defence Advisory (DA) Notice system - voluntary self censorship by the established UK press and broadcast media regarding defence and intelligence topics via the Defence, Press and Broadcasting Advisory Committee.

Foreign Spies / Intelliegence Agencies in the UK

It is not just the UK government which tries to snoop on British companies, organisations and individuals, the rest of the world is constantly trying to do the same, regardless of the mixed efforts of our own UK Intelligence Agencies who are paid to supposedly protect us from them.

For no good reason, the Foreign and Commonwealth Office only keeps the current version of the London Diplomatic List of accredited Diplomats (including some Foreign Intelligence Agency operatives) online.

Presumably every mainstream media organisation, intelligence agency, serious organised crime or terrorist gang keeps historical copies, so here are some older versions of the London Diplomatic List, for the benefit of web search engine queries, for those people who do not want their visits to appear in the FCO web server logfiles or those whose censored internet feeds block access to UK Government websites.

Campaign Button Links

Watching Them, Watching Us - UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond
Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution - Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open_Rights_Group.png
Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

Icelanders_are_NOT_Terrorists_logo_150.jpg
Icelanders are NOT terrorists ! - despite Gordon Brown and Alistair Darling's use of anti-terrorism legislation to seize the assets of Icelandic banks.

nocctv.gif
No CCTV - The Campaign Against CCTV

phnat-logo-black-on-white_150.jpg

I'm a Photographer Not a Terrorist !

power2010_132.png

Power 2010 cross party, political reform campaign

Cracking_the_Black_Box_black_150.jpg

Cracking the Black Box - "aims to expose technology that is being used in inappropriate ways. We hope to bring together the insights of experts and whistleblowers to shine a light into the dark recesses of systems that are responsible for causing many of the privacy problems faced by millions of people."

surveillance_72.jpg

Open Rights Group - Petition against the renewal of the Interception Modernisation Programme

wblogocrop_150.jpg

WhistleblowersUK.org - Fighting for justice for whistleblowers