March 2009 Archives

The Sunday Times has an article about the unspecified potential threat to the UK's telecomms cloud, and thereby to the UK's Critical National Infrastructure, posed by Chinese designed and manufactured equipment from http://www.huawei.com

From The Sunday Times
March 29, 2009

Spy chiefs fear secret cyber attack

Michael Smith

INTELLIGENCE chiefs have warned that China may have gained the capability to shut down Britain by crippling its telecoms and utilities.

They have told ministers of their fears that equipment installed by Huawei, the Chinese telecoms giant, in BT's new communications network could be used to halt critical services such as power, food and water supplies.

The warnings coincide with growing cyberwarfare attacks on Britain by foreign governments, particularly Russia and China.

A confidential document circulating in Whitehall says that while BT has taken steps to reduce the risk of attacks by hackers or organised crime, "we believe that the mitigating measures are not effective against deliberate attack by China".

It is understood that Alex Allan, chairman of the Joint Intelligence Committee (JIC), briefed members of the ministerial committee on national security about the threat from China at a top-secret Whitehall meeting in January.

According to Whitehall sources, the meeting, led by Jacqui Smith, the home secretary, heard that ministers had "not paid sufficient attention to the threat in the past", despite repeated warnings from the intelligence services. These included warnings from the security arm of GCHQ, which expressed concern because government departments, the intelligence services and the military will all use the new BT network.

A Whitehall report is understood to warn that, although there is at present a "low" risk of China exploiting its capability, "the impact would be very high".
[...]

What exactly is the risk or fear ?

Alleged Chinese "cyber attacks" involving email trojan horse software attachments etc. (many of which are likely to really originate in the USA or Russia etc.) is not the same issue as Chinese manufactured hardware at the heart of the UK's telecommunications infrastructure cloud.

Firstly, if UK Government or Critical National Infrastructure communications are not already being strongly encrypted, using UK Government approved cryptographic systems and equipment, end-to-end through the BT "telecomms cloud", then they should be, immediately.

The existing Cisco (United States) and Ericsson (Sweden) and other foreign equipment which makes up the bulk of BT's current network infrastructure is not immune to design or manufacturing or end user configuration errors, which allow remote attackers or automated computer malware to compromise the security of individual routers, switches, firewalls, load balancers, proxy servers, telephone exchanges, quality of service traffic shapers, fibre optic and 3GPP mobile phone equipment or end user devices etc.

BT has, in the past, has managed to deploy insecure versions of, say, their BT HomeHub broadband internet, WiFi and VoIP router to literally millions of customers ( a design from the French based multinational Alcatel/Thompson), and has usually fixed the problems, eventually.

The same is true for every other major Western telecomms and internet service provider company.

If the new BT 21st Century network is designed and rolled out properly, then breaking the monoculture of, using, for example, only Cisco equipment to handle a particular service or major Critical National Infrastructure client, by adding equivalent Huawei equipment into the mix, with its independently developed software and hardware designs, may actually increase the resilience and security of the network overall - "don't put all your eggs in one basket".

Obviously MI5, MI6 and GCHQ would have to make sure that the Huawei equipment used to connect British government or intelligence agency or other Critical National Infrastructure systems together is not a subtlety different version, from that actually used by the Chinese government itself, so that they are just as vulnerable or invulnerable, to accidental security vulnerabilities, which we may actually discover and exploit before they do.

This may require some actual human intelligence activity in mainland China i.e. intelligence gathering or spying, to obtain or get access to Chinese versions of the equipment being sold to us,in order to run cryptographic checksums on the software and hardware designs. (ideally not MD5, but something stronger).

Labour Prime Minister Gordon Brown's article in The Observer yesterday, managed to use the headline "war on terror", even though, only a few months ago, the consensus seemed to have been, that this phrase is actually counterproductive.

We are about to take the war against terror to a new level

Gordon Brown
The Observer, Sunday 22 March 2009

[...]

Tens of thousands of men and women throughout Britain - from security guards to store managers - have now been trained and equipped to deal with an incident and know what to watch for as people go about their daily business in crowded places such as stations, airports, shopping centres and sports grounds.

Home Secretary Jacqui Smith was also on the publicity spin offensive on Sunday,and she managed to claim that

Thousands getting terror training
Page last updated at 11:41 GMT, Sunday, 22 March 2009

[...]

Ms Smith told BBC One's Politics Show: "What we're completely clear about is that if we're going to address the threat from terrorism, we need to do that alongside the 60,000 people that we're now training up to respond to a terrorist threat, in everywhere from our shopping centres to our hotels.

Some of the media are claiming that means that some sort of "Home Guard" style "army" is being recruited and trained, but there does not seem to be any evidence of anything even as remotely well organised or well trained as even the fictional platoon in "Dad's Army" led by Captain Mainwaring in "Walmington-on-Sea".

What does exist is something called Project Argus, which is little different from "what to do in case of fire or flood etc.".training.

Project ARGUS is a National Counter Terrorism Security Office initiative, exploring ways to aid you in preventing, handling and recovering from a terrorist attack.

It achieves this by taking businesses through a simulated terrorist attack. The simulation identifies the measures to take for preventing, handling and recovering from a terrorist attack.

This simulation provides you with a unique opportunity to both learn from and contribute to valuable lessons helping to protect you, your business and your community, whether you are a national chain or a small business.

The event explores your options; what is likely to happen in the event of a terrorist attack; and what your priorities should be. Project Argus highlights the importance of being prepared and having the necessary plans in place to help safeguard your staff, customers and your company assets.

What can you expect?

Project Argus is a free event which takes you through, using a multi-media simulation, a terrorist attack. A series of questions and challenges are put to you, both individually and as a group. You will work in small syndicate groups with other local business representatives and develop your responses to the attack. The whole event including a coffee break will last three hours.

[our emphasis]

We assume that this means that Gordon Brown and Jacqui Smith's claims that "tens of thousands" or "60,000" people who have been, or will have been "trained " ( by some vague unspecified date in the future) really amount to being exposed to no more than three hours (including a coffee break) of multi-media presentation and group discussion.

Even "Dad's Army" was better trained than this !

The Home Office Home Office / ACPO funded unaccountable quango in charge of this, the National Counter Terrorism Security Office, does produce some Crowded Places advice brochures, with pretty photographs, supposedly tailored for different sectors where there are crowds of people e.g. Pubs and Clubs, Commercial premises etc.

These all have basically the same content, but the chapter on hostile reconnaissance makes this stupid claim in the brochure aimed at Visitor Attractions i.e. the main tourist attractions:

  • people taking pictures - filming - making notes - sketching of the security measures at attractions. Tourists should not necessarily be taken as such and should be treated sensitively, but with caution

{bold emphasis in the original}

The common chapter on hostile reconnaissance:, also mentions Operation Lightning:

The state of the UK Database State

|

The has commissioned the Foundation for Information Policy Research to produce a report on the current (dire) state of the UK Government's"Database State":.

JRRT / FIPR Database State (.pdf) report.

To make it easier for politicians and the mainstream media, the acadmeic and other expert authors have awarded a "traffic light status" to dozens of UK Government database systems:

Red means that a database is almost certainly illegal under human rights or data protection law and should be scrapped or substantially redesigned. The collection and sharing of sensitive personal data may be disproportionate, or done without our consent, or without a proper legal basis; or there may be other major privacy or operational problems. Most of these systems already have a high public profile.

The Report categorises 10 such systems with the red status.

Amber means that a database has significant problems, and may be unlawful. Depending on the circumstances, it may need to be shrunk, or split, or individuals may have to be given a right to opt out. An incoming government should order an independent assessment of each system to identify and prioritise necessary changes.

There are 29 such amber databases mentioned.

Green means that a database is broadly in line with the law. Its privacy intrusions (if any) have a proper legal basis and are proportionate and necessary in a democratic society. Some of these databases have operational problems, not least due to the recent cavalier attitude toward both privacy and operational security, but these could be fixed once transparency, accountability and proper risk management are restored.

So even the "green" status databases need to be substantially improved:

Of the 46 databases assessed in this report, only six are given a green light

It is extraordinary that the UK Government does itself not commission and make public such an independent report, at least annually..

How else are the politicians and civil servants and the public to know if the billions of pounds being spent annually is actually producing the intended benefits, and is not also creating dangerous side effects ? None of the supposed checks and balances like OGC Gateway Reviews, National Audit Commission resorts, the Information Commissioner's Office etc. have kept pace with the growth of the Database State, let alone ensuring that we get value for money, and that these systems do not actually make things worse than before, through centralised incompetence or corruption.

We are willing to bet that no Cabinet Minister even knows the names of all of the databases which his or her department has created or shares our private data with, let alone exactly what they all do, and whether or not they are really being run to the highest possible standards or not, as is always claimed..

Even this Report did not have the time or the money to examine several massive UK Government databases or database sharing of personal and sensitive personal data, some of which may have national security implications e.g.

  • the DWP Longitudinal Study (which links the 24 year tax history , names,addresses etc. from HMRC with the DWP's own benefits and pensions etc.data),,and which has been used to produce Geographical Information System maps,pf all of the racial and ethnic minority people and their home addresses. This is for the laudable purpose of checking whether or not the DWP's unemployment polices are discriminating against these people or not,but the side effect is to have created an automatic "ethnic cleansing" / racial discrimination / genocide infrastructure tool, if that data were to be abused in the future.

  • the Ministry of Defence's TAFMIS (Training Administration and Financial Management Information System)database, including over a 1.7 million names and addresses of past ad current military personnel and / or their families, an unencrypted version of which was on a laptop computer which wasstolen from the back of a parked car. - see MoD statement confirms loss of the 1.7million record TAFMIS recruitment database, yet again

  • the London Congestion Charge, London Lowe Emission Zone Oyster Travel Card and Transport for London's CCTV cameras data all being handed over "in real time, in bulk", in secret to the Metropoiltan Police Counter -terrorism Command, for dodgy "database trawling" of innocent people's "travel patterns", all made exempt from scrutiny or prosecution by the information Commissioner, die to the Certificate of ecemption,signed by Home Secretary Jacqui Smith, which cripples the Data Protection Act with respect to this mass surveillance snooping. - see London ANPR mass surveillance snooping - Chief Surveillance Commissioner Sir Christopher Rose refused to get involved

Although the Report mentions data sharing with other European Union countries,it does not delve into what gets shared with ,say,the US Government, e.g. the SWIFT international financial banking transfer transaction data or the airline Passenger Name Record booking data (which also goes to other EU countries).

We are not wholly convinced by the Report's estimate that the National Fingerprint Database IDENT1 should be given a "green" status, rather than "amber", since we do not actually believe that

But fingerprints are an accepted part of criminal justice record-keeping and (unlike with DNA) the fingerprints of acquitted people are deleted. We rate the IDENT1 system itself as Privacy impact: green.

The ECHR judgment in the Marper case, also specifically mentions fingerprints as well as human tissue samples and DNA profiles of innocent people not being deleted when they should have been.

The Office of Government Commerce, an Agency of Her Majesty's Treasury, has finally publish the two Stage Zero Gateway Reviews of the ID Cards programme

It has taken- 1510 days i.e. 4 years 1 month 18 days after the initial Freedom of Information Act request, which should, according to the law, and the principle of "open government" and public transparency, have taken no more than "20 working days".

The OGC has spent at least £120,000 on legal fees alone, and probably a similar amount of public money again has been spent by the Information Commissioner's Office and the Information Tribunal.

See the OGC FOIA disclosure page.

Here are the two documents, which were kept so secret, that the OGC initially refused to let even the Information Commissioner have copies of them.

Here are the documents which caused the Government to invoke the Bill of Rights 1689 against the Information Tribunal's first decision to support the Information Commissioner''s decision to permit full disclosure.

Both the information Tribunals decided to redact or censor the names of the Assessors doing the Gateway Reviews,and the names of the people who were interviewed about the project.

Here is some early commentary and analysis:

Spy Blog might be persuaded to publish a detailed analysis later, but here are some quick thoughts:

  1. 2003 report - traffic light status RED

  2. No adequate attempts to quantify "Costs, benefits and value for money"

  3. Papiere Bitte !


    "The Police felt that the absence of any obligation to carry or produce identity cards would substantially remove the administrative savings and some of the other advantages that


  4. Identity Cards would offer."

  5. 2004 report - traffic light status AMBER

  6. The name "Helen Edwards" appears underacted, but technically she was not interviewed as part of this Gateway Review, but moved in to the Senior Responsible Officer role immediately afterwards, according to the report.

  7. It is ridiculous that the Name of the Permanent Secreatry to the Home Office at the timeof these Gateway Reviews i.e. Sir John Gieve KCB, has been redacted or censored

  8. "Biometrics. There is general agreement that there should be a second biometric
    as well as the photograph (or digital photograph). On the assumption that DNA
    would be too expensive, however, should it be fingerprints or irises (or both)?
    How scalable are the two technologies? And what are the cost implications? "

    So only the cost prevented DNA from being touted as a biometric identifier on this mass surveillance centralised database, there was no objection on privacy, moral, ethical or religious grounds.

  9. Note the Job Titles / Departments:of the redacted Names of those interviewed. Apart from the Home Office central staff and their agencies, there was Staffordshire Police (ACPO - Association of Chief Police Officers) , APACS (Association for Payment Clearing Services) , DVLA (Driver Vehicle Licensing Agency), ODPM (Office of the Deputy Prime Minister), DWP (Department for Work and Pensions), Inland revenue (before it became part of Her Majesty's Revenue and Customs), Office for National Statistics, FCO (Foreign & Commonwealth Office), Dft (Department for Transport). The 2003 report also had the Treasury Solicitors, Fujitsu Consulting (formerly ICL, one of the main Government IT suppliers,but not experts in biometrics or smart cards) and an Independent Consultant of some sort.

  10. Nobody from GCHQ / CESG, the people whose job it is to make sure that Government computers and communications are secure against attack or negligence.

  11. No Biometrics or Computer Security companies or organisations appear to have been asked their opinion of the "risks", in either 2003 or 2004.

  12. No consultation with wider Private Sector Business e.g. travel and transport.
    APACS does not represent anything but the Clearing Banks / Credit card processors. i.e.not even all of the Financial Services sector like mortgage lenders or the insurance industry. There does not even seem to have been any input from the Department of Trade and Industry or from the Deprtment for Health, , in spite of the the claim that the "Entitlement Cards" were to be used to prevent illegal employment or use of the National Health Service.

  13. No consultation with Civil Liberties Groups

  14. No Consultation with the Public about the chosen ID Card scheme (one of many possible ones)

  15. There is nothing in these two reports that could not have been published to help to inform the public the Parliamentary debates and scrutiny of the first attempt at the Identity Cards Act in 2005.

This blog posting about the experience of a former Tor exit node server operator in the UK, is worrying:

Passion and Dalliance blog: Why you need balls of steel to operate a Tor exit node

I became interested in Tor in the spring of 2007 after reading about the situation in Burma and felt that I would like to do something, anything, to help. As a geek and lover of the internet it seemed the best thing I could do was to run Tor as an exit node to allow those under jurisdictions that censor the internet free access to the information they need. I had a lot of unused bandwidth and it seemed like a philanthropic use of it to donate that to Tor.

[...]

I totally believe in Tor. I think it is a magnificent force for the circumvention of internet censorship but there is a problem.

I was visited by the police in November 2008 because my ip address had turned up in the server logs of a site offering, or perhaps trading in (I was not told the details of the offence) indecent images of children. The date of the offence was about one month after I started the server so it looks as though the site in question had been under surveillance for more than a year.

It was what is known as a 'dawn raid' and, amazingly enough, my children were still asleep when it occured. Thank God.

I explained to the officers, who we had heard threatening to break the door down before we let them in, about Tor but they had never heard of it. My wife says she thinks they were about to arrest me before that. I was not arrested. I was told not to touch the computer and it was placed, considerately, in a black plastic bag and taken away for forensic examination.

I was OK at first. I knew that somebody had gone through my server to access that material and that I was not guilty of any offence but as the weeks wore on it started to get to me.
I was overwhelmed by horror to be implicated in such a thing. I was desperately worried about my family. One of the officers had told my wife that Social Services would be informed as a matter of course and there was a possibility that my children would be taken into care.

The low point came about two weeks after the visit by the police when I totalled my car. I was distracted, stressed and unable to accurately assess the road conditions. I ploughed into a hedgerow at speed, destroying the car which we had just bought, but, luckily, walked out of it with only bruised ribs.

I didn't have the money to hire a lawyer so I just sat the thing out. From time to time the police called with an estimate of when the investigation would be finished but none of that meant very much because those dates came and passed with no resolution.

Eventually, four months after the visit, I picked up a voice message from the police inviting me to call back. When I called I was told that no evidence had been retrieved and the machine would be returned to me.

I think, in retrospect, I was desperately naive to run a Tor exit server on a home computer but I didn't believe that an ip address in a server log would be enough evidence to warrant seizing equipment.

My wife, God bless her, was absolutely marvellous throughout the whole thing and never doubted me.

I have read with interest about the need to make Tor faster and that that largely depends on having more nodes but there is no way I can contemplate offering my ip address as a service to internet anonymity any more.

It was very frightening for me to be implicated in a serious crime.

As a parent of very young children I have an extensive network of friends and contacts in my neighbourhood who also have children. As we know the subject of paedophilia is not one that can be debated with any rationality at all in the UK. It is surrounded by hysteria. I was terrified that people would find out that my computer had been taken because of that - 'no smoke without fire'.

I don't know what can be done about any of this. To my mind running an exit node is extremely high risk. I think Tor is important but I don't have any ideas about how to support it at the moment.

Why are there are still any untrained Policemen in the UK, who are being allowed to conduct internet crime related investigations, without having first learned about open proxy servers, Tor and other techniques ?

They need to be disciplined and retrained, and their senior managers need to be named and shamed, as they are an unacceptable risk to innocent members of the public, and the real criminals must be running rings around them.

Surely if major UK ISP's are now only offering a censored CleanFeed system, then there is no excuse for the Police to harass their customers in this way ?

Julian Assange, investigative editor of the whistleblower leak publishing website WikiLeakS.org, rightly bemoans the decline in paid investigative journalists - he says that there are as few as 40 such journalists working for newspapers in the USA these days. He is wrong, however, to dismiss bloggers as never doing any original investigative research.

Here in the UK, there are a couple of recent examples which disprove that generalisation.

Tim Ireland at Bloggerheads has been delving into the murky world of The Sun newspaper, and the extremely dubious claims and threats of self proclaimed anti-terrorism spy Glen Jenvey, who tries to infiltrate alleged Islamic extremist online forums, as an informer and agent provocateur, thereby probably ruining any real police or intelligence agency investigations into them. Glen Jenvey appears to be way out of his depth on the internet, when pitted against a relentless professional expert like Tim.

Unity at Ministry of Truth and at Liberal Conspiracy has been investigating the so called "telephone voice stress lie detection" system which has been sold to insurance companies and local councils, and to the Department for Work and Pensions, headed by the arrogant NuLabour politician James Purnell. Like all such biometric systems, it seems to suffer from vast numbers of False Positives and pseudo-scientific marketing hype. It will not surprise many people, that it is Crapita that seem to be taking lots of public money for this ineffective "magic technological fix" to social problems, so beloved by this Labour government.

The consequences of the DWP using dodgy "telephone voice stress lie detection" systems, even if its lie detection rates are little better than random, is inconvenient and annoying, but it is not that serious for the innocent individuals involved, or for society as a whole.

However, the Ministry of Justice now appears to be embarking on a potentially disastrous pilot trial of Polygraph testing of convicted Sex Offenders, presumably so that they can be kicked out of (expensive) prison, as early as possible and back "into the community".

Statutory Instruments 2009 No. 619

The Polygraph Rules 2009

Made 10th March 2009

Laid before Parliament 12th March 2009

Coming into force 8th April 2009

The Secretary of State, in exercise of the power conferred by section 29(6) of the Offender Management Act 2007(1), makes the following Rules:

Polygraph evidence is not acceptable in UK or European Courts of law, because of its lack of an objective scientific basis, but somehow, the Ministry of Justice is conducting a live social engineering trial in the East and West Midlands, involving convicted sex offenders, after they have passed a Polygraph Test.

The potential danger to the public of Polygraph Test False Positives and False Negatives, when used to help to decide whether to release a convicted Sex Offender from prison, should be obvious.

The Offender Management Act 2007 Part 3 which allows the use of Polygraph tests for Probation (not just applicable to Sex Offenders, by the way), actually specifically forbids the use of any statement, or any physiological test results obtained during a Polygraph test, from being used as criminal evidence in a Court of law against the person being tested.

According to the accompanying Explanatory Notes:

The purpose of these Rules is to govern the conduct of polygraph tests during a pilot of polygraph testing of certain sex offenders who have been released from prison on licence. The pilot will run for three years from 8th April 2009 in nine police areas in the East and West Midlands.

This idea seems to have been imported from the more lunatic parts of the US criminal justice bureaucracy, since the only acceptable Qualifications for "polygraph operators" are from the American Polygraph Association.

The fact that Polygraph "Lie Detector" Tests are not a reliable indicator of future criminal behavior, seems to have escaped Jack Straw and his Ministry of Justice minions.

  • Which, presumably American, company has successfully lobbied for Polygraph testing to creep into the United Kingdom ?

  • Which company has been awarded the Polygraph Testing contact ?

  • How much will this "3 year pilot" cost ?

  • Which are the unlucky "nine police areas in the East and West Midlands." ?

  • Why are such "Lie Detectors" not first used on Politicians and Spin Doctors, before being inflicted on the rest of the population ?

The contract of advertising agency Miles Calcraft Briginshaw Duffy with the Metropolitan Police Service expires at the end of March.

They are being replaced by Gordon Brown's favourite ad agency Abbott Mead Vickers BBDO, who gave him "Design services" during his Labour party leadership non-election "coronation" campaign.

ABV BBDO have also been awarded the lucrative Home Office ID Cards propaganda account.

Presumably Miles Calcraft Briginshaw Duffy are at least partly to blame for the current Metropolitan Police Service anti-terrorism advertising campaign launched today.

This campaign includes this false and misleading poster, which claims a non existent link between public CCTV and protection against terrorist bombs:

"A bomb won't go off here because weeks before a shopper reported someone studying the CCTV cameras"

street_chemicals_cctv_450.jpg

There is no evidence that any Islamic extremist or Irish terrorists or Animal Rights extremists or neo-Nazi extremists, who have exploded, or tried to explode bombs, or set off incendiary devices, have been deterred from doing so by the presence of CCTV cameras. Some may have been tracked down partially through the help of CCTV footage, after their attacks or attempted attacks, but that is not what this poster is implying.

There is no evidence that any of them who have actually had access to any explosives, have ever been caught in the act of "terrorist reconnaissance" of CCTV cameras, neither by members of the public (which is what this poster misleadingly claims), nor by regular Police street patrols, nor even by any covert surveillance of known suspects.

Since you do not need any equipment to check out where public CCTV cameras are, just your eyes and your memory, it is unlikely that any real terrorism or criminal reconnaissance of CCTV camera systems will ever be detected in the way that this poster implies.

This poster is just Climate of Fear propaganda, and it will no doubt be used to justify the harassment of photographers taking photos, perfectly legally in public places, which have been infested with CCTV spy cameras, something for which there is plenty of evidence for.

See Matt Wardman's Official Harassment of Photographers in the UK: I have a Little List

We are reporting this misleading poster to the Advertising Standards Authority, and urge you all to do the same.

UPDATE:

David Mery rightly points out that this re-run of previous Climate of Fear campaigns is likely to lead to lots of False Positive denunciations of innocent people

Police calls for a climate of fear

Considering how bad trained police officers are at spotting terrorists, asking untrained people to attempt to do the same will end up creating more suspicion of anyone behaving a bit differently. This will obviously target those who have different customs and those who are afflicted by some illness, fuelling further discrimination. These campaigns also focus on common objects, recently photographers have been particularly targeted. Looking at our environment, be it buildings or CCTV surrounding us, - hostile reconnaissance as it is called by the police - is a cause for arrest but so far has not been a cause for any conviction.

UPDATE: 25th March 2009

The Advertising Standards Authority has decided to pass on the complaint about this poster to the Independent Advertising Standards Council for their consideration,

If you search for news articles about the European Union Data Retention Directive 2006/24/EC, you will, unfortunately find several articles, even from the computer and telecommunications technical press, which claim that the new mandatory requirement to store Communications Traffic Data logfiles for 12 months came into force yesterday, something which is not strictly accurate in the United Kingdom.

This Mandatory Data Retention is regardless of whether an Internet Service Provider or Telecommunications Company has any business need for this data any more , and which would therefore have been destroyed or anonymised under the Principles of Data Protection under the Data Protection Act. This data is not data identified as being useful for a particular targeted criminal investigation, but is mass surveillance snooping on the vast majority of the 450 million innocent people in the European Union.

The first part of this EU Directive, regarding landline telephones and mobile phones has already been in force in the UK since October 2007.

Remember that none of the "serious crime" or"terrorism" cases which were trotted out in support of this Data Retention policy actually involved any investigations which needed out of data communications traffic data as old as 12 months. The Soham murders investigation and the tracking of the July 2005 failed terrorist bomber who fled from London to Italy, all used current, Communications Traffic Data no more than a few days old or even in "real time", which would not yet have been deleted by the telcos in the normal course of their business anyway.

Like many other EU countries, the UK cried off from implementing the Internet aspects of the Directive for a further 18 months, which, based on the date on which the original Directive was passed, crudely puts the start data for the new scheme as the 15th March 2009 i.e.yesterday, a Sunday. - see the Official Journal of the European Union:

DIRECTIVE 2006/24/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (.pdf)

However, the new Regulations do not appear to come into force in the UK for another 3 weeks, i.e. Monday 6th April 2009 - why the delay ? They have had at least 18 months to prepare for this date:

See the Draft Statutory Instrument, which will presumably be rubber stamped, without debate and without amendment, by being "laid" before the House of Commons and the House of Lords, sometime soon.

The Data Retention (EC Directive) Regulations 2009

Made

Coming into force 6th April 2009

[...]

The BBC TV program Click, which showcases new technologies, especially internet related ones, has broadcast an interesting half an hour special today (available for the next 7 days via the online BBC iPlayer).

They investigated the world of Botnets, of thousands of trojan horse malware infected, mostly home PCs running Windows, connected via broadband internet connections, which are used to send most of the world's spam email and also for Distributed Denial of Service attacks.and blackmail against e-commerce websites or online security companies and political opponents etc..

It seems that the BBC Click team managed, after a bit of hanging around certain internet discussion forums, and some (presumably encrypted) instant messenger chat, to purchase or rent a botnet of over 21,000 malware infected computers around the world. This involved transferring a couple of thousand pounds to via a wire transfer in a shop, to an anonymous third party company, probably in somewhere like the former Soviet Union, to the criminal who sold it to them, and who provided a slick, professional, control panel interface. to control the botnet.

The programme proceeded to demonstrate how this could be used to send thousands of spam email messages and to bring a medium sized website (belonging to one of the security company advising the programme) offline through sheer weight of numbers . It seems that this website became unusable after only 60 broadband connections were aimed at it,out of the bitnet of over 21,000 machines.

This botnet was said to be relatively cheap, as it was mostly infecting computers in less developed countries, which have less juicy online financial information on them to be snooped on. However their video clips showing the geographical extent of the botnet did show a few computers in the United Kingdom and in the United States of America.

BBC_botnet_300.jpg.

BBC Click - Cyber crime risk exposed

At the end of their demonstration, the BBC changed the desktop wallpaper on the botnet infected computers to a warning message from the BBC, and instructed the botnet trojan software to delete itself.

All in all an admirable bit of investigative journalism, for which, of course,they have been criticised by some people, claiming that they have broken every single section of the United Kingdom Computer Misuse Act 1990, including the new amendments which came into force in October 2008, which try to cover "dual use" software tools, and denial of service attacks. They could also have broken the computer misuse laws of all of the other countries involved, including the very harsh ones in Thailand.or Pakistan etc.

See The Register: BBC zombie caper slammed by security pros

Presumably the BBC had their lawyers check into this before engaging in this activity, and their defence seems to be that of an obvious lack of criminal intent.

It would be an utter scandal if the British Police were to bother to investigate such alleged breaches of the CMA by the BBC, when they have been such utter failures in protecting us from these sorts of international botnets and the criminals who exploit them.

Any lack of a prosecution here in the UK, would be consistent with the Crown Prosecution Services abrogation of British sovereignty in the case of accused hacker Gary McKinnon, who is facing extradition to the USA, who also allegedly left a couple of notes on a few computer desktops pointing out the useless computer security of the US Military systems he managed to access. However, he certainly did not leave a warning graphic on over 21,000 machines, like the BBC have done.

Neither the old National Hi-Tech Crime Unit, nor the Serious Organised Crime Agency nor the new Police Central e-crime Unit (PCeU) have been any use at all in protecting us from botnets, or in catching and extraditing, prosecuting and punishing the mostly foreign based criminals who create and run run these botnets.

Incredibly, the Keynote Opening Address of next month's annual Infosec Europe IT Security conference and trade show at Earl's Court (26th -30th April 2009), will be given by disgraced former Home Secretary David Blunkett, who will supposedly advising us on such topics - we can hardly wait !

Back in August last year, we were puzzled by the National Risk Register, which supposedly reflects the Government's strategic planning underpinning our national security.

See: Has the National Risk Register been politically censored ?

This National Risk Register seemed to magically reduce the risk of nuclear war to zero, and decided that the risk of pandemic flu was at least as likely as that of severe weather. It did not foresee the meltdown of the banking system on its risk "horizon".

Now, almost a year after he announced it, Gordon Brown has appointed a team of experts to his National Security Forum. We wondered at the time if this would follow the United States National Security Council of advisors to the President, which has been in operation since 1947, and which has a substantial staff and budget, and a roster of hundreds of experts.

9 Mar 2009 : Column 3WS

Prime Minister
National Security Forum

The Prime Minister (Mr. Gordon Brown): On 19 March 2008, I informed the House about the United Kingdom's first National Security Strategy. In that statement I announced my intention to form a National Security Forum. I can now inform the House about the Forum, its objectives and its membership.

The list below, does not include any experts on pandemic diseases e.g. avian flu, or biotechnology and genetic engineering, or financial markets, or cyber security.

There are world class British experts available, in all of these missing areas of expertise, which present a much greater threat to our national security than Islamic, or Irish terrorism etc.

Jack Straw, the Secretary of State for (In)Justice, appears to Governing Through Weekend Newspaper Briefings, again, with the news that the controversial Clause 152 of the Coroners and Justice Bill, which could have effectively destroyed the Data Protection Act, is to be dropped from the Bill.

The Daily Telegraph / Sunday Telegraph appears to be the Chosen Weekend Newspaper, for this round of media spin, backed up by The Observer.

Neither of these reports are given much prominence, and other newspapers and the broadcast media are ignoring this story.

Note that the Ministry of Justice official website makes no mention of this weekend "announcement", and, of, course, there has been no Ministerial Statement made in Parliament.

Spy Blog will not celebrate until it is confirmed that Clause 152 has actually been removed entirely, and that nothing similar is proposed in its place.

Government abandons data-sharing scheme

The Government has been forced into an embarrassing U-turn over plans to share vast amounts of private data about individuals.

By David Barrett, Home Affairs Correspondent
Last Updated: 11:13PM GMT 07 Mar 2009

Jack Straw, the Justice Secretary, is to shelve proposals which critics said would have led to patients' confidential medical records being passed to third parties.

A spokesman for Mr Straw said the "strength of feeling" against the plans had persuaded him to rethink.

The proposals will be dropped entirely from the Coroners and Justice Bill, and a new attempt will be made to reach a consensus on introducing a scaled-back version at an unspecified stage in the future.

"He has looked at it and he now wants to withdraw the clauses. We have asked Cabinet colleagues to agree to this," said Mr Straw's spokesman.

"Jack recognised the strength of feeling and he recognised that the clause was drafted in a way that was too wide, and so needed to be looked at again.

"He understood that this issue had touched a nerve for a lot of people, and he understood why."

[...]

The Guardian / Observer has also tagged along a little later:

Straw bows to pressure over data sharing

* Gaby Hinsliff and Jamie Doward
* The Observer, Sunday 8 March 2009

Jack Straw last night scrapped controversial government proposals that could have allowed patients' medical and DNA records to be shared with police, foreign governments and other bodies.

In a victory for civil liberties campaigners, the justice secretary bowed to public pressure over the data-sharing provisions in the forthcoming coroners' bill, which would have allowed public bodies to exchange data without the knowledge or consent of individuals involved. Doctors and the Bar Council had joined privacy campaigners in warning of the potential risks to public trust.

The move will be seen as an olive branch to Labour MPs concerned about what they see as the erosion of civil liberties, and will raise eyebrows at Westminster where Straw is viewed as a potential future leadership contender.


The Intelligence and Security Committee of Parliament (ISC) is an increasingly useless way for the Government to pretend to provide independent scrutiny of the secret intelligence agencies. The ISC's highly censored Annual report, sometimes provide a few tantalising glimpses of what these agencies are wasting our public money on, without providing any hard evidence of any actual successes, and with no indication of value for public money.

Having delayed publication of this censored report for over 3 months, the Government also gets to timetable the "debate" in the Commons about this Report, probably in another 6 months or so, judging by previous years.

The mainstream media have cherry picked the section on the failure of the SCOPE computer project, but have not bothered to look any deeper into the worrying projected increase in the size and intrusiveness of the Surveillance / Snooper / Secret Police State which this Report hints at, involving the general expansion of all of the intelligence agencies, and projects such as the Intelligence Exploitation programme, the IQ Programme, the Interception Modernisation Programme and the Communications Data Bill.

These all seem to be an expansion of snooping and data trawling through large numbers of innocent people's data, in pursuit of mythical "terrorist patterns", without any evidence that such snooping can possibly work technically, and without any effective error correction mechanisms and procedures, to investigate individual abuses, and to purge the records, provide financial compensation and issue a public apology to the inevitable victims False Positive matches.

Yet again, the ISC fails to scrutinise either the Serious Organised Crime Agency, or the various "domestic extremism" Police units set up by the unaccountable Association of Chief Police Officers, or any military Special Forces covert surveillance and reconnaissance units.

There is also no investigation of the revolving door whereby retired intelligence agency or police counter terrorism specialists join Private Military Contractor and Security / Mercenary companies.


ISC Annual Report 2007-08
[PDF 658KB, 58 pages]

The Government's Response to the ISC Report, is, as usual, even less informative than the Report itself:

Government Response to the ISC Annual Report 2007-08 [PDF 298KB, 8 pages]

Some Spy Blog notes and questions on the ISC report:

Would you like to be able to check on whether your Member of Parliament actually has a home in your Parliamentary constituency or not ?

Would you like to be able to work out which of their several homes, paid for out of public funds, is their main one, or whether they are "doing a Jacqui Smith" and claiming extra money for a more expensive London property, pretending that it is their main residence ?

Surely this information might influence whether you believe a Parliamentary candidate's claims to be a "local" or not ?

In future, you will be denied this basic information, which has been available for many years, without causing any "security" problems, following Monday's disgraceful vote in the Commons, if it is not overturned.

Members of Parliament have sneaked in an amendment, without any debate to the Political Parties and Elections Bill right at the end of the Report Stage, and just before the Bill was rubber stamped by the Commons for the Third Reading.

2 Mar 2009 : Column 678

[...]

New Clause 23

Candidate At Parliamentary Election May Withhold Home Address From Publication

'(1) Schedule 1 to the 1983 Act (parliamentary elections rules) is amended as follows.

(2) In rule 6 (nomination of candidates)--

(a) sub-paragraph (b) of paragraph (2) is omitted;

(b) after paragraph (3) there is inserted--

"(4) The nomination paper must be accompanied by a form (in this Schedule referred to as the "home address form") which states the candidate's--

(a) full names, and

(b) home address in full.

Provision in paragraph (1) above about delivery of the nomination paper applies also to the home address form.

(5) The home address form--

(a) may contain a statement made and signed by the candidate that he requires the home address not to be made public; and

(b) if it does so, must state the constituency within which that address is situated (or, if that address is outside the United Kingdom, the country within which it is situated)."

(3) In rule 11 (right to attend nomination)--

(a) in paragraph (3), after "nomination paper" there is inserted "and associated home address form";

(b) after paragraph (4) there is inserted--

"(5) The returning officer shall not permit a home address form to be inspected otherwise than in accordance with this rule, or for some other purpose authorised by law."

(4) In rule 12 (validity of nomination papers), in paragraph (1)--

(a) after "consent to it" there is inserted "and the home address form";

(b) after sub-paragraph (a) there is inserted--

"(aa) the returning officer decides that the home address form does not comply with rule 6(4); or".

(5) In rule 14 (publication of statement of persons nominated), after paragraph (3) there is inserted--

"(3A) In relation to a nominated person in whose case the home address form (or, if the person is nominated by more than one nomination paper, any of the home address forms) contains--

(a) the statement mentioned in rule 6(5)(a), and

(b) the information mentioned in rule 6(5)(b),

the reference in paragraph (2) to the person's address shall be read as a reference to the information mentioned in rule 6(5)(b)."

(6) After paragraph (4) of that rule there is inserted--

"(4A) Where--

(a) two or more of the names shown on the statement are the same or so similar as to be likely to cause confusion,

(b) paragraph (3A) applies in relation to each of the persons in question, and

(c) the information mentioned in rule 6(5)(b) is the same for each of them,

the returning officer may cause any of their particulars to be shown on the statement with such amendments or additions as the officer thinks appropriate in order to reduce the likelihood of confusion.

(4B) Where it is practicable to do so before the publication of the statement, the returning officer shall consult any person whose particulars are to be amended or added to under paragraph (4A).

(4C) The returning officer must give notice in writing to any person whose particulars are amended or added to under paragraph (4A).

(4D) Anything done by a returning officer in pursuance of paragraph (4A) must not be questioned in any proceedings other than proceedings on an election petition.

(4E) A returning officer must have regard to any guidance issued by the Electoral Commission for the purposes of paragraph (4A)."

(7) Before rule 54 there is inserted--

"Destruction of home address forms

53A The returning officer shall destroy each candidate's home address form--

(a) on the next working day following the 21st day after the officer has returned the name of the member elected; or

(b) if an election petition questioning the election or return is presented before that day, on the next working day following the conclusion of proceedings on the petition or on appeal from such proceedings."'.--(Dr. Julian Lewis.)

Brought up.

Question put, That the clause be added to the Bill.

The House proceeded to a Division.

Mr. Heath: On a point of order, Madam Deputy Speaker. I wonder whether there is any precedent for taking a Division on a completely undebated new clause, which falls in a later group that we have not yet reached, which is in the hands of Back Benchers from an opposition party and which has not even been moved. Is there a precedent for that?

Madam Deputy Speaker: I have made a decision, and given my ruling and the reasons why this vote has been taken. I have nothing further to add.

The House having divided: Ayes 235, Noes 176.
Division No. 45] [9.2 pm
[...]

Question accordingly agreed to.

New clause 23 added to the Bill.

The (Labour) Deputy Speaker Silvia Heal now seems to be just as bad as the (Labour) Speaker Michael Martin, and she just dismissed any objections or Points of Order.

Madam Deputy Speaker: The Chair does not give reasons for a decision that has been made. I have made a ruling, and that is the end of the matter.

What an utter insult to the Electorate and the General Public !

The vote was not strictly according to party lines, with both Conservative and Labour backbench MPs voting for this clause 23 The Liberal Democrats seem to have mostly voted against this sneaky measure (apart from Lembit Opik) , along with most , but not all Labour Government Ministers, and some Labour backbenchers. The Conservative frontbench mostly seems to have abstained (apart from Liam Fox who voted for this measure") ,, and most (if not all) of the Welsh and Scottish Nationalist Parties and the Northern Irish parties.

See the Public Whip website for a breakdown of which MPs voted or abstained:

Point of Order -- New Clause 23 -- Candidate at parliamentary election may withhold home address from publication -- 2 Mar 2009 at 21:00

There must have been some secret backroom political deal, for this to have been sneaked through like this, without any debate at all.

This vote has further eroded public trust in Members of Parliament,

We fear that the House of Lords will chicken out of being seen to be interfering with something to do with the mechanics of the House of Commons, if they reject this Clause 23, but they really should be a constitutional check on the Members of the Commons granting themselves secret powers and privileges, to the detriment of political openness, financial transparency and democracy.

Are we returning to 18th Century "Rotten Boroughs", where the Member of Parliament collects the money and political power from a constituency, but does not bother to live there ?

At the next General Election or By Election, every candidate should be asked what exactly they are trying to hide if they attempt make use of this new Clause 23, if it remains in the Bill until passed into law.

Is it worth compiling a web search engine accessible list of all Members of Parliaments home addresses , now, before the next election ?

Saturday's Convention on Modern Liberty seems to have been a success, judging by the number of attendees, both in London (over a thousand) and at the web streaming video linked satellite events held in Glasgow, Belfast. Manchester, Birmingham, Cardiff, Bristol and Cambridge.

There were lots of influential or famous people to meet and talk to. Spy Blog got to exchange a few words with Henry Porter and Antony Barnett, the co-directors, and with David Davis MP (Conservative), Chris Huhne MP (Liberal Democrat), Kate Hoey MP (Labour).

It is always a bit curious to see "people off of the telly" walking around like normal people or actually on speakers panels e.g. pop stars like Neil Tennant, Brian Eno, Billy Bragg, and Feargal Sharkey, politicians like Lord Goldsmith, activist campaigners like Peter Tatchell and Tony Bunyan and Cory Doctorow etc.

Spy Blog made face to face contact with some journalists, e.g. from BBC Radio and The Guardian, with whom we have been in electronic correspondence with,

We met many of our friends and activists in organisations like the NO2ID Campaign, the Open Rights Group, from ARCH - Action on Rights for Children and the Foundation for Information Policy Research FIPR, as well as formidable individual campaigners and investigative journalists and bloggers like Heather Brooke , David Mery, Duncan Campbell, Sunny Hundal and Bill Thompson

Hopefully we also made mutually useful new contacts with Spinwatch and mySociety.org

Hopefully all of these organisations will have attracted new members, some more financial donations and the chance to extend their spheres of influence.

The best speeches were probably those of Lord Bingham, the retired Lord Chief Justice, Philip Pullman, the best selling children's author (whose excellent piece Malevolent voices that despise our freedoms in The Times has now magically re-appeared on their website after it had mysteriously been removed) and by David Davis MP at the end of the day.

The most politically significant speech, was probably that of the Conservative Shadow Justice spokesman Dominic Grieve MP QC, who again stated in public, the Conservative party's commitment to scrapping the Identity Card scheme and to repealing (an as yet unclear) list of repressive Labour legislation, almost immediately, if and when the Conservatives form the next Government.

Presumably there should be a lot of common ground with the Liberal Democrats, who also want to repeal lots of repressive legislation as well, - see our previous blog posting on Liberal Democrats Freedom Bill 2009

There are transcripts and videos of many of these speeches (with some more to come) , already available on the Convention on Modern Liberty website.

The NO2ID Campaign was instrumental in organising or helping to organise these satellite events, as well as providing many of the stewards at the London event.

So now that the Convention is over, what exactly are you going to do to save your own liberty and that of your family and friends, which is indivisible from that of any other humans caught up in the Kafkaesque bureaucracy of the Police / Nanny / Surveillance / Database State which the current Labour government has been inflicting on us all ?

Phil Booth, the National Coordinator of the NO2ID Campaign made this plea to the to everyone in the country via The Guardian, and directly to the audience of over a thousand people in London:

152 must go

A clause in the new coroners and justice bill will allow the sharing of your personal information. Write to your MP now

* Phil Booth
* guardian.co.uk, Saturday 28 February 2009 13.58 GMT

About this blog

This United Kingdom based blog attempts to draw public attention to, and comments on, some of the current trends in ever cheaper and more widespread surveillance technology being deployed to satisfy the rapacious demand by state and corporate bureaucracies and criminals for your private details, and the technological ignorance of our politicians and civil servants who frame our legal systems.

The hope is that you the readers, will help to insist that strong safeguards for the privacy of the individual are implemented, especially in these times of increased alert over possible terrorist or criminal activity. If the systems which should help to protect us can be easily abused to supress our freedoms, then the terrorists will have won.

We know that there are decent, honest, trustworthy individual politicians, civil servants, law enforcement, intelligence agency personnel and broadcast, print and internet journalists etc., who often feel powerless or trapped in the system. They need the assistance of external, detailed, informed, public scrutiny to help them to resist deliberate or unthinking policies, which erode our freedoms and liberties.

Email & PGP Contact

Please feel free to email your views about this blog, or news about the issues it tries to comment on.

blog@spy[dot]org[dot]uk

Our PGP public encryption key is available for those correspondents who wish to send us news or information in confidence, and also for those of you who value your privacy, even if you have got nothing to hide.

We offer this verifiable GPG / PGP public key (the ID is available on several keyservers, twitter etc.) as one possible method to establish initial contact with whistleblowers and other confidential sources, if it suits their Threat Model or Risk Appetite, but will then try to establish other secure, anonymous communications channels e.g. encrypted Signal Messenger via burner devices,or face to face meetings, postal mail or dead drops etc. as appropriate.

Current PGP Key ID: 0x1DBD6A9F0FACAD30 which will expire on 29th August 2021.

pgp-now.gif
You can download a free copy of the PGP encryption software from www.pgpi.org
(available for most of the common computer operating systems, and also in various Open Source versions like GPG)

We look forward to the day when UK Government Legislation, Press Releases and Emails etc. are Digitally Signed so that we can be assured that they are not fakes. Trusting that the digitally signed content makes any sense, is another matter entirely.

Hints and Tips for Whistleblowers and Political Dissidents

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

Links

Watching Them, Watching Us

London 2600

Our UK Freedom of Information Act request tracking blog

WikiLeak.org - ethical and technical discussion about the WikiLeaks.org project for anonymous mass leaking of documents etc.

Privacy and Security

Privacy International
United Kingdom Privacy Profile (2011)

Cryptome - censored or leaked government documents etc.

Identity Project report by the London School of Economics
Surveillance & Society the fully peer-reviewed transdisciplinary online surveillance studies journal

Statewatch - monitoring the state and civil liberties in the European Union

The Policy Laundering Project - attempts by Governments to pretend their repressive surveillance systems, have to be introduced to comply with international agreements, which they themselves have pushed for in the first place

International Campaign Against Mass Surveillance

ARCH Action Rights for Children in Education - worried about the planned Children's Bill Database, Connexions Card, fingerprinting of children, CCTV spy cameras in schools etc.

Foundation for Information Policy Research
UK Crypto - UK Cryptography Policy Discussion Group email list

Technical Advisory Board on internet and telecomms interception under RIPA

European Digital Rights

Open Rights Group - a UK version of the Electronic Frontier Foundation, a clearinghouse to raise digital rights and civil liberties issues with the media and to influence Governments.

Digital Rights Ireland - legal case against mandatory EU Comms Data Retention etc.

Blindside - "What’s going to go wrong in our e-enabled world? " blog and wiki and Quarterly Report will supposedly be read by the Cabinet Office Central Sponsor for Information Assurance. Whether the rest of the Government bureaucracy and the Politicians actually listen to the CSIA, is another matter.

Biometrics in schools - 'A concerned parent who doesn't want her children to live in "1984" type society.'

Human Rights

Liberty Human Rights campaigners

British Institute of Human Rights
Amnesty International
Justice

Prevent Genocide International

asboconcern - campaign for reform of Anti-Social Behavior Orders

Front Line Defenders - Irish charity - Defenders of Human Rights Defenders

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

Reporters without Borders internet section - news of internet related censorship and repression of journalists, bloggers and dissidents etc.

Judicial Links

British and Irish Legal Information Institute - publishes the full text of major case Judgments

Her Majesty's Courts Service - publishes forthcoming High Court etc. cases (but only in the next few days !)

House of Lords - The Law Lords are currently the supreme court in the UK - will be moved to the new Supreme Court in October 2009.

Information Tribunal - deals with appeals under FOIA, DPA both for and against the Information Commissioner

Investigatory Powers Tribunal - deals with complaints about interception and snooping under RIPA - has almost never ruled in favour of a complainant.

Parliamentary Opposition

The incompetent yet authoritarian Labour party have not apologised for their time in Government. They are still not providing any proper Opposition to the current Conservative - Liberal Democrat coalition government, on any freedom or civil liberties or privacy or surveillance issues.

UK Government

Home Office - "Not fit for purpose. It is inadequate in terms of its scope, it is inadequate in terms of its information technology, leadership, management systems and processes" - Home Secretary John Reid. 23rd May 2006. Not quite the fount of all evil legislation in the UK, but close.

No. 10 Downing Street Prime Minister's Official Spindoctors

Public Bills before Parliament

United Kingdom Parliament
Home Affairs Committee of the House of Commons.

House of Commons "Question Book"

UK Statute Law Database - is the official revised edition of the primary legislation of the United Kingdom made available online, but it is not yet up to date.

FaxYourMP - identify and then fax your Member of Parliament
WriteToThem - identify and then contact your Local Councillors, members of devolved assemblies, Member of Parliament, Members of the European Parliament etc.
They Work For You - House of Commons Hansard made more accessible ? UK Members of the European Parliament

Read The Bills Act - USA proposal to force politicians to actually read the legislation that they are voting for, something which is badly needed in the UK Parliament.

Bichard Inquiry delving into criminal records and "soft intelligence" policies highlighted by the Soham murders. (taken offline by the Home Office)

ACPO - Association of Chief Police Officers - England, Wales and Northern Ireland
ACPOS Association of Chief Police Officers in Scotland

Online Media

Boing Boing

Need To Know [now defunct]

The Register

NewsNow Encryption and Security aggregate news feed
KableNet - UK Government IT project news
PublicTechnology.net - UK eGovernment and public sector IT news
eGov Monitor

Ideal Government - debate about UK eGovernment

NIR and ID cards

Stand - email and fax campaign on ID Cards etc. [Now defunct]. The people who supported stand.org.uk have gone on to set up other online tools like WriteToThem.com. The Government's contemptuous dismissal of over 5,000 individual responses via the stand.org website to the Home Office public consultation on Entitlement Cards is one of the factors which later led directly to the formation of the the NO2ID Campaign who have been marshalling cross party opposition to Labour's dreadful National Identity Register compulsory centralised national biometric database and ID Card plans, at the expense of simpler, cheaper, less repressive, more effective, nore secure and more privacy friendly alternative identity schemes.

NO2ID - opposition to the Home Office's Compulsory Biometric ID Card
NO2ID bulletin board discussion forum

Home Office Identity Cards website
No compulsory national Identity Cards (ID Cards) BBC iCan campaign site
UK ID Cards blog
NO2ID press clippings blog
CASNIC - Campaign to STOP the National Identity Card.
Defy-ID active meetings and protests in Glasgow
www.idcards-uk.info - New Alliance's ID Cards page
irefuse.org - total rejection of any UK ID Card

International Civil Aviation Organisation - Machine Readable Travel Documents standards for Biometric Passports etc.
Anti National ID Japan - controversial and insecure Jukinet National ID registry in Japan
UK Biometrics Working Group run by CESG/GCHQ experts etc. the UK Government on Biometrics issues feasability
Citizen Information Project feasability study population register plans by the Treasury and Office of National Statistics

CommentOnThis.com - comments and links to each paragraph of the Home Office's "Strategic Action Plan for the National Identity Scheme".

De-Materialised ID - "The voluntary alternative to material ID cards, A Proposal by David Moss of Business Consultancy Services Ltd (BCSL)" - well researched analysis of the current Home Office scheme, and a potentially viable alternative.

Surveillance Infrastructures

National Roads Telecommunications Services project - infrastruture for various mass surveillance systems, CCTV, ANPR, PMMR imaging etc.

CameraWatch - independent UK CCTV industry lobby group - like us, they also want more regulation of CCTV surveillance systems.

Every Step You Take a documentary about CCTV surveillance in the Uk by Austrian film maker Nino Leitner.

Transport for London an attempt at a technological panopticon - London Congestion Charge, London Low-Emission Zone, Automatic Number Plate Recognition cameras, tens of thousands of CCTV cameras on buses, thousands of CCTV cameras on London Underground, realtime road traffic CCTV, Iyster smart cards - all handed over to the Metropolitan Police for "national security" purposes, in real time, in bulk, without any public accountibility, for secret data mining, exempt from even the usual weak protections of the Data Protection Act 1998.

RFID Links

RFID tag privacy concerns - our own original article updated with photos

NoTags - campaign against individual item RFID tags
Position Statement on the Use of RFID on Consumer Products has been endorsed by a large number of privacy and human rights organisations.
RFID Privacy Happenings at MIT
Surpriv: RFID Surveillance and Privacy
RFID Scanner blog
RFID Gazette
The Sorting Door Project

RFIDBuzz.com blog - where we sometimes crosspost RFID articles

Genetic Links

DNA Profiles - analysis by Paul Nutteing
GeneWatch UK monitors genetic privacy and other issues
Postnote February 2006 Number 258 - National DNA Database (.pdf) - Parliamentary Office of Science and Technology

The National DNA Database Annual Report 2004/5 (.pdf) - published by the NDNAD Board and ACPO.

Eeclaim Your DNA from Britain's National DNA Database - model letters and advice on how to have your DNA samples and profiles removed from the National DNA Database,in spite of all of the nureacratic obstacles which try to prevent this, even if you are innocent.

Miscellanous Links

Michael Field - Pacific Island news - no longer a paradise
freetotravel.org - John Gilmore versus USA internal flight passports and passenger profiling etc.

The BUPA Seven - whistleblowers badly let down by the system.

Tax Credit Overpayment - the near suicidal despair inflicted on poor, vulnerable people by the then Chancellor Gordon Brown's disasterous Inland Revenue IT system.

Fassit UK - resources and help for those abused by the Social Services Childrens Care bureaucracy

Former Spies

MI6 v Tomlinson - Richard Tomlinson - still being harassed by his former employer MI6

Martin Ingram, Welcome To The Dark Side - former British Army Intelligence operative in Northern Ireland.

Operation Billiards - Mitrokhin or Oshchenko ? Michael John Smith - seeking to overturn his Official Secrets Act conviction in the GEC case.

The Dirty Secrets of MI5 & MI6 - Tony Holland, Michael John Smith and John Symond - stories and chronologies.

Naked Spygirl - Olivia Frank

Blog Links

e-nsecure.net blog - Comments on IT security and Privacy or the lack thereof.
Rat's Blog -The Reverend Rat writes about London street life and technology
Duncan Drury - wired adventures in Tanzania & London
Dr. K's blog - Hacker, Author, Musician, Philosopher

David Mery - falsely arrested on the London Tube - you could be next.

James Hammerton
White Rose - a thorn in the side of Big Brother
Big Blunkett
Into The Machine - formerly "David Blunkett is an Arse" by Charlie Williams and Scribe
infinite ideas machine - Phil Booth
Louise Ferguson - City of Bits
Chris Lightfoot
Oblomovka - Danny O'Brien

Liberty Central

dropsafe - Alec Muffett
The Identity Corner - Stefan Brands
Kim Cameron - Microsoft's Identity Architect
Schneier on Security - Bruce Schneier
Politics of Privacy Blog - Andreas Busch
solarider blog

Richard Allan - former Liberal Democrat MP for Sheffield Hallam
Boris Johnson Conservative MP for Henley
Craig Murray - former UK Ambassador to Uzbekistan, "outsourced torture" whistleblower

Howard Rheingold - SmartMobs
Global Guerrillas - John Robb
Roland Piquepaille's Technology Trends

Vmyths - debunking computer security hype

Nick Leaton - Random Ramblings
The Periscope - Companion weblog to Euro-correspondent.com journalist network.
The Practical Nomad Blog Edward Hasbrouck on Privacy and Travel
Policeman's Blog
World Weary Detective

Martin Stabe
Longrider
B2fxxx - Ray Corrigan
Matt Sellers
Grits for Breakfast - Scott Henson in Texas
The Green Ribbon - Tom Griffin
Guido Fawkes blog - Parliamentary plots, rumours and conspiracy.
The Last Ditch - Tom Paine
Murky.org
The (e)State of Tim - Tim Hicks
Ilkley Against CCTV
Tim Worstall
Bill's Comment Page - Bill Cameron
The Society of Qualified Archivists
The Streeb-Greebling Diaries - Bob Mottram

Your Right To Know - Heather Brooke - Freedom off Information campaigning journalist

Ministry of Truth _ Unity's V for Vendetta styled blog.

Bloggerheads - Tim Ireland

W. David Stephenson blogs on homeland security et al.
EUrophobia - Nosemonkey

Blogzilla - Ian Brown

BlairWatch - Chronicling the demise of the New Labour Project

dreamfish - Robert Longstaff

Informaticopia - Rod Ward

War-on-Freedom

The Musings of Harry

Chicken Yoghurt - Justin McKeating

The Red Tape Chronicles - Bob Sullivan MSNBC

Campaign Against the Legislative and Regulatory Reform Bill

Stop the Legislative and Regulatory Reform Bill

Rob Wilton's esoterica

panGloss - Innovation, Technology and the Law

Arch Rights - Action on Rights for Children blog

Database Masterclass - frequently asked questions and answers about the several centralised national databases of children in the UK.

Shaphan

Moving On

Steve Moxon blog - former Home Office whistleblower and author.

Al-Muhajabah's Sundries - anglophile blog

Architectures of Control in Design - Dan Lockton

rabenhorst - Kai Billen (mostly in German)

Nearly Perfect Privacy - Tiffany and Morpheus

Iain Dale's Diary - a popular Conservative political blog

Brit Watch - Public Surveillance in the UK - Web - Email - Databases - CCTV - Telephony - RFID - Banking - DNA

BLOGDIAL

MySecured.com - smart mobile phone forensics, information security, computer security and digital forensics by a couple of Australian researchers

Ralph Bendrath

Financial Cryptography - Ian Grigg et al.

UK Liberty - A blog on issues relating to liberty in the UK

Big Brother State - "a small act of resistance" to the "sustained and systematic attack on our personal freedom, privacy and legal system"

HosReport - "Crisis. Conspiraciones. Enigmas. Conflictos. Espionaje." - Carlos Eduardo Hos (in Spanish)

"Give 'em hell Pike!" - Frank Fisher

Corruption-free Anguilla - Good Governance and Corruption in Public Office Issues in the British Overseas Territory of Anguilla in the West Indies - Don Mitchell CBE QC

geeklawyer - intellectual property, civil liberties and the legal system

PJC Journal - I am not a number, I am a free Man - The Prisoner

Charlie's Diary - Charlie Stross

The Caucus House - blog of the Chicago International Model United Nations

Famous for 15 Megapixels

Postman Patel

The 4th Bomb: Tavistock Sq Daniel's 7:7 Revelations - Daniel Obachike

OurKingdom - part of OpenDemocracy - " will discuss Britain’s nations, institutions, constitution, administration, liberties, justice, peoples and media and their principles, identity and character"

Beau Bo D'Or blog by an increasingly famous digital political cartoonist.

Between Both Worlds - "Thoughts & Ideas that Reflect the Concerns of Our Conscious Evolution" - Kingsley Dennis

Bloggerheads: The Alisher Usmanov Affair - the rich Uzbek businessman and his shyster lawyers Schillings really made a huge counterproductive error in trying to censor the blogs of Tim Ireland, of all people.

Matt Wardman political blog analysis

Henry Porter on Liberty - a leading mainstream media commentator and opinion former who is doing more than most to help preserve our freedom and liberty.

HMRC is shite - "dedicated to the taxpayers of Britain, and the employees of the HMRC, who have to endure the monumental shambles that is Her Majesty's Revenue and Customs (HMRC)."

Head of Legal - Carl Gardner a former legal advisor to the Government

The Landed Underclass - Voice of the Banana Republic of Great Britain

Henrik Alexandersson - Swedish blogger threatened with censorship by the Försvarets Radioanstalt (FRA), the Swedish National Defence Radio Establishement, their equivalent of the UK GCHQ or the US NSA.

World's First Fascist Democracy - blog with link to a Google map - "This map is an attempt to take a UK wide, geographical view, of both the public and the personal effect of State sponsored fear and distrust as seen through the twisted technological lens of petty officials and would be bureaucrats nationwide."

Blogoir - Charles Crawford - former UK Ambassodor to Poland etc.

No CCTV - The Campaign against CCTV

Barcode Nation - keeping two eyes on the database state.

Lords of the Blog - group blog by half a dozen or so Peers sitting in the House of Lords.

notes from the ubiquitous surveillance society - blog by Dr. David Murakami Wood, editor of the online academic journal Surveillance and Society

Justin Wylie's political blog

Panopticon blog - by Timothy Pitt-Payne and Anya Proops. Timothy Pitt-Payne is probably the leading legal expert on the UK's Freedom of Information Act law, often appearing on behlaf of the Information Commissioner's Office at the Information Tribunal.

Armed and Dangerous - Sex, software, politics, and firearms. Life’s simple pleasures… - by Open Source Software advocate Eric S. Raymond.

Georgetown Security Law Brief - group blog by the Georgetown Law Center on National Security and the Law , at Georgtown University, Washington D.C, USA.

Big Brother Watch - well connected with the mainstream media, this is a campaign blog by the TaxPayersAlliance, which thankfully does not seem to have spawned Yet Another Campaign Organisation as many Civil Liberties groups had feared.

Spy on Moseley - "Sparkbrook, Springfield, Washwood Heath and Bordesley Green. An MI5 Intelligence-gathering operation to spy on Muslim communities in Birmingham is taking liberties in every sense" - about 150 ANPR CCTV cameras funded by Home Office via the secretive Terrorism and Allied Matters (TAM) section of ACPO.

FitWatch blog - keeps an eye on the activities of some of the controversial Police Forward Intelligence Teams, who supposedly only target "known troublemakers" for photo and video surveillance, at otherwise legal, peaceful protests and demonstrations.

Other Links

Spam Huntress - The Norwegian Spam Huntress - Ann Elisabeth

Fuel Crisis Blog - Petrol over £1 per litre ! Protest !
Mayor of London Blog
London Olympics 2012 - NO !!!!

Cool Britannia

NuLabour

Free Gary McKinnon - UK citizen facing extradition to the USA for "hacking" over 90 US Military computer systems.

Parliament Protest - information and discussion on peaceful resistance to the arbitrary curtailment of freedom of assembly and freedom of speech, in the excessive Serious Organised Crime and Police Act 2005 Designated Area around Parliament Square in London.

Brian Burnell's British / US nuclear weapons history at http://nuclear-weapons.info

Syndicate this site (XML):

Follow Spy Blog on Twitter

For those of you who find it convenient, there is now a Twitter feed to alert you to new Spy Blog postings.

https://twitter.com/SpyBlog

Please bear in mind the many recent, serious security vulnerabilities which have compromised the Twitter infrastructure and many user accounts, and Twitter's inevitable plans to make money out of you somehow, probably by selling your Communications Traffic Data to commercial and government interests.

https://twitter.com/SpyBlog (same window)

Recent Comments

  • wtwu: NetIDMe seems to be in process of being wound up read more
  • wtwu: The House of Lords have approved the Regulations, without a read more
  • wtwu: Data Retention and Investigatory Powers Bill Government Note on the read more
  • wtwu: The former Customs Officer and the others involved in dealing read more
  • wtwu: BBC reports the password was $ur4ht4ub4h8 http://www.bbc.co.uk/news/uk-25745989 When Hussain was read more
  • wtwu: "only" an extra 4 months in prison for failing to read more
  • wtwu: Although not confirmed as part of the Wilson Doctrine per read more
  • wtwu: For now (just before Christmas 2013) it appears that the read more
  • wtwu: As expected, the ISC did not give the intelligence agency read more
  • wtwu: N.B. the Intelligence & Security Committee is now legally consituted read more

Categories

Monthly Archives

August 2020

Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          

UK Legislation

The United Kingdom suffers from tens of thousands of pages of complicated criminal laws, and thousands of new, often unenforceable criminal offences, which have been created as a "Pretend to be Seen to Be Doing Something" response to tabloid media hype and hysteria, and political social engineering dogmas. These overbroad, catch-all laws, which remove the scope for any judicial appeals process, have been rubber stamped, often without being read, let alone properly understood, by Members of Parliament.

The text of many of these Acts of Parliament are now online, but it is still too difficult for most people, including the police and criminal justice system, to work out the cumulative effect of all the amendments, even for the most serious offences involving national security or terrorism or serious crime.

Many MPs do not seem to bother to even to actually read the details of the legislation which they vote to inflict on us.

UK Legislation Links

UK Statute Law Database - is the official revised edition of the primary legislation of the United Kingdom made available online, but it is not yet up to date.

UK Commissioners

UK Commissioners some of whom are meant to protect your privacy and investigate abuses by the bureaucrats.

UK Intelligence Agencies

Intelligence and Security Committee - the supposedly independent Parliamentary watchdog which issues an annual, heavily censored Report every year or so. Currently chaired by the Conservative Sir Malcolm Rifkind. Why should either the intelligence agencies or the public trust this committee, when the untrustworthy ex-Labour Minister Hazel Blears is a member ?

Anti-terrorism hotline - links removed in protest at the Climate of Fear propaganda posters

MI5 Security Service
MI5 Security Service - links to encrypted reporting form removed in protest at the Climate of Fear propaganda posters

syf_logo_120.gif Secure Your Ferliliser logo
Secure Your Fertiliser - advice on ammonium nitrate and urea fertiliser security

cpni_logo_150.gif Centre for the Protection of National Infrastructure
Centre for the Protection of National Infrastructure - "CPNI provides expert advice to the critical national infrastructure on physical, personnel and information security, to protect against terrorism and other threats."

SIS MI6 careers_logo_sis.gif
Secret Intelligence Service (MI6) recruitment.

gchq_logo.gif
Government Communications Headquarters GCHQ

logo-nca.gif
National Crime Agency - the replacement for the Serious Organised Crime Agency

da_notice_system_150.gif
Defence Advisory (DA) Notice system - voluntary self censorship by the established UK press and broadcast media regarding defence and intelligence topics via the Defence, Press and Broadcasting Advisory Committee.

Foreign Spies / Intelliegence Agencies in the UK

It is not just the UK government which tries to snoop on British companies, organisations and individuals, the rest of the world is constantly trying to do the same, regardless of the mixed efforts of our own UK Intelligence Agencies who are paid to supposedly protect us from them.

For no good reason, the Foreign and Commonwealth Office only keeps the current version of the London Diplomatic List of accredited Diplomats (including some Foreign Intelligence Agency operatives) online.

Presumably every mainstream media organisation, intelligence agency, serious organised crime or terrorist gang keeps historical copies, so here are some older versions of the London Diplomatic List, for the benefit of web search engine queries, for those people who do not want their visits to appear in the FCO web server logfiles or those whose censored internet feeds block access to UK Government websites.

Campaign Button Links

Watching Them, Watching Us - UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond
Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution - Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open_Rights_Group.png
Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

Icelanders_are_NOT_Terrorists_logo_150.jpg
Icelanders are NOT terrorists ! - despite Gordon Brown and Alistair Darling's use of anti-terrorism legislation to seize the assets of Icelandic banks.

nocctv.gif
No CCTV - The Campaign Against CCTV

phnat-logo-black-on-white_150.jpg

I'm a Photographer Not a Terrorist !

power2010_132.png

Power 2010 cross party, political reform campaign

Cracking_the_Black_Box_black_150.jpg

Cracking the Black Box - "aims to expose technology that is being used in inappropriate ways. We hope to bring together the insights of experts and whistleblowers to shine a light into the dark recesses of systems that are responsible for causing many of the privacy problems faced by millions of people."

surveillance_72.jpg

Open Rights Group - Petition against the renewal of the Interception Modernisation Programme

wblogocrop_150.jpg

WhistleblowersUK.org - Fighting for justice for whistleblowers