CryptoParty - 11 September 2017 - slides


@SpyBlog presented a short lightning talk at the CryptoParty held at JuJu's Bar & Stage, 15 Hanbury Street, E1 6QR London

As promised here is the slide deck:

Demonstration of Mobile Device WiFi Operational (In)Security.pptx



Unsurprisingly for the self confesses "I am not technical" former Home Secretary, Theresa May has used her Statement following the London Bridge
and Borough Market attacks, to renew her nonsense about alleged "Safe Spaces" for islamist extremism
on the Internet and at Home.

8 minutes video clip of Theresam May's statement:

PM statement following London terror attack: 4 June 2017

Last night, our country fell victim to a brutal terrorist attack once again. As a result I have just chaired a meeting of the government’s emergency committee and I want to update you with the latest information about the attack.

Shortly before 10:10 yesterday evening, the Metropolitan Police received reports that a white van had struck pedestrians on London Bridge. It continued to drive from London Bridge to Borough Market, where 3 terrorists left the van and attacked innocent and unarmed civilians with blades and knives.

All 3 were wearing what appeared to be explosive vests, but the police have established that this clothing was fake and worn only to spread panic and fear.

As so often in such serious situations, the police responded with great courage and great speed. Armed officers from the Metropolitan Police and the City of London Police arrived at Borough Market within moments, and shot and killed the 3 suspects. The terrorists were confronted and shot by armed officers within 8 minutes of the police receiving the first emergency call.

8 minutes is the length of Theresa May's statement. Ignore all the gun nuts who pretend that arming individual policemen would have killed the attackers any quicker.

Seven people have died as a result of the attack, in addition to the 3 suspects shot dead by the police. Forty-eight people are being treated in several hospitals across London. Many have life-threatening conditions.

On behalf of the people of London, and on behalf of the whole country, I want to thank and pay tribute to the professionalism and bravery of the police and the emergency services - and the courage of members of the public who defended themselves and others from the attackers. And our thoughts and prayers are with the victims and with their friends, families and loved ones.

This is, as we all know, the third terrorist attack Britain has experienced in the last 3 months. In March, a similar attack took place, just around the corner on Westminster Bridge. Two weeks ago, the Manchester Arena was attacked by a suicide bomber. And now London has been struck once more.

And at the same time, the security and intelligence agencies and police have disrupted 5 credible plots since the Westminster attack in March.

In terms of their planning and execution, the recent attacks are not connected. But we believe we are experiencing a new trend in the threat we face, as terrorism breeds terrorism, and perpetrators are inspired to attack not only on the basis of carefully-constructed plots after years of planning and training - and not even as lone attackers radicalised online - but by copying one another and often using the crudest of means of attack.

That must mean that the terrorist suspects have been identified between Commissioner of Police for the Metropolis Cressida Dick's statement earlier today that she
and Theresa May's statement, or is this just political licence with the facts ?

We cannot and must not pretend that things can continue as they are. Things need to change, and they need to change in 4 important ways.

First, while the recent attacks are not connected by common networks, they are connected in one important sense. They are bound together by the single, evil ideology of Islamist extremism that preaches hatred, sows division, and promotes sectarianism. It is an ideology that claims our Western values of freedom, democracy and human rights are incompatible with the religion of Islam. It is an ideology that is a perversion of Islam and a perversion of the truth.

Defeating this ideology is one of the great challenges of our time. But it cannot be defeated through military intervention alone. It will not be defeated through the maintenance of a permanent, defensive counter-terrorism operation, however skilful its leaders and practitioners. It will only be defeated when we turn people’s minds away from this violence - and make them understand that our values - pluralistic, British values - are superior to anything offered by the preachers and supporters of hate.

All very true, exactly what previous Prime Ministers e.g. Tony Blair have said time and time again

Second, we cannot allow this ideology the safe space it needs to breed. Yet that is precisely what the internet - and the big companies that provide internet-based services - provide. We need to work with allied, democratic governments to reach international agreements that regulate cyberspace to prevent the spread of extremism and terrorist planning. And we need to do everything we can at home to reduce the risks of extremism online.

We need Safe Spaces for Internet Free Speech and to do Digital Commerce, free from snooping by evil governments, corporations, criminals and terrorists.

Trying to clamp down on foreign internet companies providing End To End Encrypted services wil not stop terrorist extremists from recruiting or planning. It will destroy Freedom of Speech and the UK Digital Economy, which needs all the help it can get to survive the #Brexit disaster.

Is the UK Government really willing to hand over intelligence watchlists of terrorist sympathiser unconvicted *suspects* to foreign internet companies like FaceBook or Twitter so that they can pro-actively censor their social media ?

That seems unlikely.

Third, while we need to deprive the extremists of their safe spaces online, we must not forget about the safe spaces that continue to exist in the real world. Yes, that means taking military action to destroy ISIS in Iraq and Syria. But it also means taking action here at home. While we have made significant progress in recent years, there is - to be frank - far too much tolerance of extremism in our country.

So we need to become far more robust in identifying it and stamping it out - across the public sector and across society. That will require some difficult and often embarrassing conversations, but the whole of our country needs to come together to take on this extremism - and we need to live our lives not in a series of separated, segregated communities but as one truly United Kingdom.

Where exactly are these mythical "Safe Spaces" for islamist extremism in the Public Sector or in British Society ??

What precisely does she mean by "embarassing conversations", with whom ?

Fourth, we have a robust counter-terrorism strategy that has proved successful over many years. But as the nature of the threat we face becomes more complex, more fragmented, more hidden, especially online, the strategy needs to keep up. So in light of what we are learning about the changing threat, we need to review Britain’s counter-terrorism strategy to make sure the police and security services have all the powers they need.

We already have the most intrusive anti-terrorism legal powers in the world, including all encompassing Thought Crime laws, what more can they actually enforce properly ?

And if we need to increase the length of custodial sentences for terrorism-related offences, even apparently less serious offences, that is what we will do.

If there is little or no difference in the penalty for "serious" and "less serious" crimes, this will make it easier for terrorist recruiters to convert peripheral supporters into active terrorist atttackers - "in for a penny, in for a pound".

Again, this all sounds tediously familiar, just like previous Tory and labour governemts e.g. Tony Blair's ratcheting up of repressive terrorism laws.
Will the excerable Jeremy Corbyn and the current Labour control freaks also support this ?

Since the emergence of the threat from Islamist-inspired terrorism, our country has made significant progress in disrupting plots and protecting the public. But it is time to say enough is enough. Everybody needs to go about their lives as they normally would. Our society should continue to function in accordance with our values. But when it comes to taking on extremism and terrorism, things need to change.

As a mark of respect the 2 political parties have suspended our national campaigns for today. But violence can never be allowed to disrupt the democratic process. So those campaigns will resume in full tomorrow. And the general election will go ahead as planned on Thursday.

How is standing outside 10 Downing Street with maximum media coverage, announcing new policies, "suspending campaigning" ??

Few people will believe that this is a genuine mark of respect, it is more likely an excuse for the politicians (in all political parties)
to avoid embarassing questions about their failed / lack of coherent policies regarding terrorism.

Allowing the terrorists to disrupt the General Election in any way, is a victory for the the ideology that the Prime Minister so rightly condemned above.

As a country, our response must be as it has always been when we have been confronted by violence. We must come together, we must pull together, and united we will take on and defeat our enemies.

There is no question that the various Official Secrets Act(s) in the UK need urgent reform.

The venerable Law Commission has started off this process with a detailed Consultation.

Protection of Official Data Consultation
325 page (.pdf)

Duration of the consultation: We invite responses from 1 February 2017 to 3 April 2017.

Comments may be sent:
By email to
By post to Criminal Law Team, Law Commission, 1st Floor, Tower, 52 Queen Anne’s
Gate, London, SW1H 9AG.
Tel: 020 3334 3100 / Fax: 020 3334 0201
If you send your comments by post, it would be helpful if, whenever possible, you could also send them electronically (for example, on CD or by email to the above address, in any
commonly used format).

However, their Threat Modelling seems incomplete. We need to ask ourselves exactly what exactly are we are trying to protect and from whom ? Expanding the definitions
to cover terrorist organisations rather than the undefined Enemy countries is ok, but it does nothing about "lone wolf" terrorists or fanatics.

It is all very well getting rid of restrictive pre WW1 terms like "models, sketches, drawings" etc. but there is only 1 passing reference to the Internet and mention of Protection of of Official MetaData or anything to do with Cryptography.

Nor are there any proposals to deal with the vast problem of Over Classification of government data and documents.

Will whistleblowers or journalists investigating UK #Brexit trade negotiating positions now fall foul of the new proposed legislation ?

Over the years, Spy Blog has, unfortunately, had to criticise the MI5 Security Service website for an unprofessional lack of security, seemingly every time the web site design has been revamped by c.f.

Here we go again:

To quote MI5 's own "Cyber" section of their website:

Hostile actors

A wide range of hostile actors use cyber to target the UK. They include foreign states, criminals, "hacktivist" groups and terrorists. The resources and capabilities of such actors vary. Foreign states are generally equipped to conduct the most damaging cyber espionage and computer network attacks.

Hostile actors conducting cyber espionage can target the government, military, business and individuals.

There are 4 sections of the MI5 Security Service website:

  1. Corporate brochure, history, "what we do" , "what we don't do", some news e.g. recent terrorism case convictions, speeches by the Director General etc..

  2. The infamous Terrorism Threat Level, which has mutated over the years into seperate categories for mainland UK, Northern Ireland and "international" i.e. muslim extremist terrorism.
    N.B. there is no clear indication of what exactly the public is meant to do at each Threat Level. Should we "Be pure! Be vigilant! Behave!"
    or Keep Calm and Carry On" ?

  3. Job vacancy and Careers information for people thinking about joining Mi5 Security Service.

  4. A confidential National Security tip off web form

Whilst the first two sections are important for the public image and reputation of MI5, the last two (Careers and Tip Off form) are of intense interest to our enemies.

Even the https:// only website does use a Digital Certificate with good Transport Layer Security configuration,

N.B. In common with GCHQ and MI6 there is no DNS entry for i.e. without the "www."
This tends to confuse the dimmer "hackivists" who frequently claim that their "script kiddy" Denial of Service attacks have somehow magically succeeded in a "tango down" of a non-existent website URL.

Accessing the MI5 Security Service website may be illegal or dangerous if you are in e.g. the Middle East or Russia or China etc.
so, for obvious reasons, they claim to keep your communications with them confidential.

You may decide to use the increasingly popular Tor Browser to hide your originating IP address.

Why then does the MI5 website betray your web browser meta data to one and possibly two foreign companies based in the USA i.e. CloudFlare and Google reCaptcha ?

CloudFlare, whilst providing useful TLS and anti Denial of Service attack services, is under heavy criticism for forcing Tor users to fill in stupid Google reCapture puzzles #dontblocktorto proceed to a "protected" website.
This is a minor inconvenience for most people, but it is completely inappropriate for an intelligence agency website with sensitive recruitment and national security tip off form features.

Regardless of whether a visitor is using Tor or not, if they want to to contact MI5 with a national security related tip off, the Google reCaptcha is embedded in the the "secure" contact form!


i.e. there are image links which do not go to the local MI5 web server, or any web servers in the United Kingdom, but which are pulled from Google in California, USA
e.g. the Google reCaptcha refresh image (and all the street sign or river etc. reCapture image tiles)


This creates a web log entry or "Internet Connection Record" in the new Investigatory Powers Bill doublespeak, in a foreign country, regardless of whether you fill in the form or not.

If you are using e.g. Firefox without Tor and your IP address does not trigger Cloudflare, then you may be able to get to the non-Javascript MI5 web contact form

but most people will have been tricked into handing over their meta data to these US companies and therefore to the US government (on demand), instead of just
sharing it with MI5 the Security Service in the United Kingdom

The Home Office has "consulted" on "Reforming the powers of police staff and volunteers"

Here is Spy Blog's contribution to the consultation.

Apart from a very specific, rarely used scenario, involving intimate searches by police officers before medical personnel are available, Note how every single point has been ignored by the Home Office.

    Intrusive Powers missing from the list of core powers of Police Constables

"Proposed ‘core’ list of powers that would only be available to police officers, i.e. would not

be available for designation to staff or volunteers


7. The two most intrusive powers under RIPA, i.e.
a. Requesting a warrant to intercept communications; and
b. Acting as a Covert Human Intelligence Source (i.e. an undercover officer)."

There are two more intrusive powers under the Regulation of Investigatory Powers Act 2000 (RIPA) which must *not* be delegated to non-Constables:

RIPA Part II Access to Communications Data

RIPA Part III section 49 Notices demanding encryption keys or de-crypted plaintext material.

These intrusive powers are already too widely available to "any Constable" and should *only* be allowed to specialist IT trained teams of full Police Constables. It would be a disaster for public trust and confidence if these powers were to be delegated to staff and volunteers.

The Home Office's claims about Trust, Transparency and Accountability in the controversial "Snoopers'Charter" Draft Investigatory Powers Bill are worthless if these vast Police Powers under RIPA are farmed out to unaccountable Volunteers or commercially sub-contracted civilian Staff.

    Intimate Searches and Intimate Body Samples

Intimate Searches including Stripping and searches of intimate body orifices and the sometimes forced taking of blood or other Intimate Body Samples are not mentioned on this core list of Police Constable powers.

It must therefore be assumed that the Home Office is planning to to allow these extremely intrusive powers to be farmed out to non-Constables.

This must *not* happen - it is likely to literally cause a riot.

    Misconduct in Public Office must apply to Staff and Volunteers

Staff and Volunteers are not Police Officers or Officers of the Crown. Why should they simply face dismissal if they abuse Police Powers delegated to them, when a Police Constable doing exactly the same thing could face up to life in prison for Misconduct in Public Office ?

The offence of Misconduct in Public Office must be clearly and unambiguously extended to cover Staff and Volunteers who have been given Designated or Delegated Police Powers, in anticipation of when, not if, some of them abuse these powers.

    Too complicated to be transparent, therefore illegal.

The current system of discretionary powers is already opaque and obscure - the general public has no means of telling exactly what powers a PCSO etc. has in one area compared with a person wearing a similar uniform and having the same designation in an other Police Force Area.

There is no central, easily accessible (e.g. via the world wide web) authoritative, up to date list of which Discretionary Powers are currently in force in which Police Force.

I challenge anyone reading this to find such a list on the internal Home Office or Police Force intranets, within 30 minutes, let alone on their public facing websites.

It is obvious that costly delays on the street will result from the even more complicated mish mash of proposed Discretionary and Delegated Police Powers.

Designation / Delegations from more than one Chief Constable = confusion & red tape

Is, for example, a Escort Officer meant to get two seperate Designations, attend two different but equivalent training courses, from two neighbouring Police Forces before they can transfer arrestees across a Police Force boundary ?

What if the arrest is in Newcastle and the Police Station is in London ? Do they have to get rubber stamped by every Chief Constable along the route ?

Given the principles of natural justice and the legal precedents, it is likely that any such deliberately or negligently obscure system of police powers will be found to be illegal when, not if, cases are brought in the UK Supreme Court and the European Court of Human Rights and the European Court of Justice.

    National police powers for each role, clearly stated in primary legislation

It would be better if Chief Constables had no discretion to designate or delegate any powers.

Neither should the Home Secretary be able to add to complexity and obscurity with Order making powers.

The powers of Police Constables, Police Community Support officers, Investigation Officers and Escort officers should be clearly laid out in the text of primary legislation.

Since there is at least one Police or Justice etc. Act every single Parliament, there is plenty of opportunity to amend such powers in the light of practical experience.

All such powers should apply Nationally, across all Police Force boundaries, just like those of full Police Constables.


The Joint Committee on the Draft Investigatory Powers Bill, chaired by Lord Murphy of Torfaen, was appointed by the two Houses of Parliament in late November 2015 to consider the Draft Investigatory Powers Bill, which was presented to the two Houses on 4 November 2015. The Committee invites any interested individuals and organisations to submit evidence to this inquiry.

The Committee in particular will explore the key issues listed below in detail, and would welcome your views on any or all of the following questions. Please note that questions are not listed here in any particular order of importance.

Written evidence should arrive no later than 21 December 2015. Public hearings will be held in November and December 2015 and January 2016. The Committee has been asked to report to the Houses, with recommendations, in February 2016. The report will receive a response from the Government. The time available for the Committee’s inquiry is short, and its focus will be on the contents of the draft Bill rather than more general aspects of policy. The Committee will not consider as part of its inquiry the merits of individual cases which have been, or are now, subject to formal proceedings in courts or tribunals.

Overarching/thematic questions:

 Are the powers sought necessary?
o Has the case been made, both for the new powers and for the restated and clarified existing powers?

 Are the powers sought legal?

o Are the powers compatible with the Human Rights Act and the ECHR? Is the requirement that they be exercised only when necessary and proportionate fully addressed? Are they sufficiently clear and accessible on the face of the draft Bill? Is the legal framework such that CSPs (especially those based abroad) will be persuaded to comply? Are concerns around accessing journalists’, legally privileged and MPs' communications sufficiently addressed?

 Are the powers sought workable and carefully defined?

o Are the technological definitions accurate and meaningful (e.g. content vs communications data, internet connection records etc.)? Does the draft Bill adequately explain the types of activity that could be undertaken under these powers? Is the wording of the powers sustainable in the light of rapidly evolving technologies and user behaviours? Overall is the Bill future-proofed as it stands?

 Are the powers sought sufficiently supervised?

o Is the authorisation process appropriate? Will the oversight bodies be able adequately to scrutinise their operation? What ability will Parliament and the public have to check and raise concerns about the use of these powers?

Specific questions:


 To what extent is it necessary for
(a) the security and intelligence services and
(b) law enforcement to have access to investigatory powers such as those contained in the Draft Investigatory Powers Bill?

 Are there any additional investigatory powers that security and intelligence services or law enforcement agencies should have which are not included in the draft Bill?

 Are the new offences proposed in the draft Bill necessary? Are the suggested punishments appropriate?


 Are there sufficient operational justifications for undertaking
(a) targeted and
(b) bulk interception?

 Are the proposed authorisation processes for such interception activities appropriate? Is the proposed process for authorising urgent warrants workable?

 Are the proposed safeguards sufficient for the secure retention of material obtained from interception?

 How well does the current process under Mutual Legal Assistance Treaties (MLATs) work for the acquisition of communications data? What will be the effect of the extra-territorial application of the provisions on communications data in the draft Bill?

Communications Data

 Are the definitions of content and communications data (including the distinction between 'entities' and 'events' sufficiently clear and practical for the purposes of accessing such data?

 Does the draft Bill allow the appropriate organisations, and people within those
organisations, access to communications data?

 Are there sufficient operational justifications for accessing communications data in bulk?

 Is the authorisation process for accessing communications data appropriate?

Data Retention

 Do the proposed authorisation regime and safeguards for bulk data retention meet the requirements set out in the CJEU Digital Rights Ireland and the Court of Appeal Davis judgments?

 Is accessing Internet Connection Records essential for the purposes of IP resolution and identifying of persons of interest? Are there alternative mechanisms? Are the proposed safeguards on accessing Internet Connection Records data appropriate?

 Are the requirements placed on service providers necessary and feasible?

Equipment Interference

 Should the security and intelligence services have access to powers to undertake
(a) targeted and
(b) bulk equipment interference? Should law enforcement also have access to such powers?

 Are the authorisation processes for such equipment interference activities appropriate?

 Are the safeguards for such activities sufficient?

Bulk Personal Data

 Is the use of bulk personal datasets by the security and intelligence services appropriate? Are the safeguards sufficient for the retention and access of potentially highly sensitive data?


 What are the advantages and disadvantages of the proposed creation of a single Judicial Commission to oversee the use of investigatory powers?

 Would the proposed Judicial Commission have sufficient powers, resources and independence to perform its role satisfactorily?

 Are the appointment and accountability arrangements for Judicial Commissioners appropriate?

 Are the new arrangements for the Investigatory Powers Tribunal including the possibility of appeal adequate or are further changes necessary?


Written evidence should be submitted online using the written submission form available at This page also provides guidance on submitting evidence.

If you have difficulty submitting evidence online, please contact the Committee staff by email to

or by telephoning 020 7219 8443. The deadline for written evidence is 21 December 2015.

Short submissions are preferred. A submission longer than six pages should include a onepage

Paragraphs should be numbered. All submissions made through the written submission form will be acknowledged automatically by email.

Evidence which is accepted by the Committee may be published online at any stage; when it is so published it becomes subject to parliamentary copyright and is protected by parliamentary privilege. Submissions which have been previously published will not be accepted as evidence. Once you have received acknowledgement that the evidence has been accepted you will receive a further email, and at this point you may publicise or publish your
evidence yourself. In doing so you must indicate that it was prepared for the Committee, and you should be aware that your publication or re-publication of your evidence may not be protected by parliamentary privilege.

Personal contact details will be removed from evidence before publication, but will be retained by the Committee Office and used for specific purposes relating to the Committee's work, for instance to seek additional information.

Persons who submit written evidence, and others, may be invited to give oral evidence. Oral evidence is usually given in public at Westminster and broadcast online; transcripts are also taken and published online. Persons invited to give oral evidence will be notified separately of the procedure to be followed and the topics likely to be discussed.

Substantive communications to the Committee about the inquiry should be addressed through the clerk of the Committee, whether or not they are intended to constitute formal evidence to the Committee.

This is a public call for evidence. Please bring it to the attention of other groups and individuals who may not have received a copy direct.

You may follow the progress of the inquiry at

UPDATE 26th November 2015:
The Chairman of the Draft Investigatory Powers Bill Joint Committee has been appointed: Lord Murphy of Torfaen. Paul Murphy was a Labour Minister for Northern Ireland (and Wales) and was the Chair of the Intelligence and Security Committee from 2005 to 2008, which failed to properly investigate the 7/7 2005 London bombings (required a second investigative report in 2009 with Kim Howells as Chair).

Draft Investigatory Powers Bill Joint Committee - membership

The target date for the scrutiny of this complicated 200 page Bill is set for 11th February 2016, which really is not enough time to do a thorough job, given the Christmas and New Year holidays.

Member Affiliation Notes

Victoria Atkins MP Conservative Barrister specialising in fraud, stood unsuccessfully in the Police and Crime Commissioner elections for Gloucestershire Constabulary
Suella Fernandes MP Conservative Barrister
Rt Hon David Hanson MP Labour Former Home Office Minister for Security, Counter-Terrorism, Crime and Policing
Stuart C McDonald MP SNP Former immigration lawyer
Dr Andrew Murrison MP Conservative Medical doctor and ex Royal Navy Surgeon-Commander
Matt Warman MP Conservative Former technology editor of Daily Telegraph
Baroness Browning Conservative Former Home Office Minister of State in the House of Lords
Lord Butler of Brockwell Crossbench Former member of Intelligence & Security Committee (did look at previous Draft Comms Data Bill) , former Cabinet Secretary
Bishop of Chester Bishops BA in Chemistry before becoming a cleric
Lord Hart of Chilton Labour Former planning solicitor & Special Advisor
Lord Henley Conservative Former Home Office Minister Crime Prevention and Anti-Social Behaviour Reduction
Lord Murphy of Torfaen Labour Chairman of this Committee,former Chair of Intelligence & Security Committee (which failed to properly investigate 7/7 2005 London bombings etc.)
Lord Strasburger Liberal Democrat Businessman, only member of previous Draft Communications Data Bill committee.

Note the preponderance of likely "gone native" politicians with "experience" of Policing and Intelligence agencies.

Who will be elected as Chair of this Joint Committee ? Lord Butler the supposedly Cross Bench former Cabinet Secretary ?

Only Lord Strasburger (Liberal Democrat) served on the previous Draft Communications Data Bill Joint Committee, although Lord Butler of Brockwell did scrutinise some of it as a then member of the Intelligence and Security Committee.

The Emergency Debate on the Wilson Doctrine on Monday 19th October 2015:

Commons Hansard 19 Oct 2015 : Column 694

Almost no MPs bothered to attend this Emergency Debate on the operation of the Wilson Doctrine.


The MPs who did speak:

Chris Bryant (Rhondda) (Lab)
Mr Peter Bone (Wellingborough) (Con)
Mr David Davis (Haltemprice and Howden) (Con)
Lady Hermon (North Down) (Ind):
The Secretary of State for the Home Department (Mrs Theresa May)
Mr Kenneth Clarke (Rushcliffe) (Con)
Andrew Gwynne (Denton and Reddish) (Lab)
Tom Pursglove (Corby) (Con)
Mr Alistair Carmichael (Orkney and Shetland) (LD)
Mr David Winnick (Walsall North) (Lab)
Joanna Cherry (Edinburgh South West) (SNP)
Mark Field (Cities of London and Westminster) (Con)
Dr Andrew Murrison (South West Wiltshire) (Con)
Ms Margaret Ritchie (South Down) (SDLP)
Gavin Robinson (Belfast East) (DUP)
Caroline Lucas (Brighton, Pavilion) (Green)
Martin John Docherty (West Dunbartonshire) (SNP)

Will Her Majesty's Opposition hold the Government to account over this shoddy deception ? Or will the Corbynistas be overshadowed by the Scottish Nationalists ? Will the handful of Conservative MPs who seem to care about liberty and privacy and freedom have any effect on the Government ?


Chris Bryant, who lead this Emergency Debate, made a lot of sense in his analysis of the current Wilson Doctrine debacle, but the attitude of the rest of the Labour party, almost none of whom bothered to turn up, is still suspiciously unclear.

He rightly chided the Home Secretary for rushing through the Data retention and Investigatory powers Act in a single day, and hoped that the forthcoming Investigatory Powers Bill which might be able to ut the Wilson Doctrine or similar into law would not be similarly rushed through.

Andy Burnham (Lab) the Shadow Home Secretary turned up for a bit, and lurked next to Chris Bryant, but did not bother to speak

Where was the Deputy Leader Tom Watson (Lab), who is supposed to be a patron of the Open Rights Group and who did ask the Question which prompted Theresa May's "caveated statement" on the Wilson Doctrine earlier this year ? ?

Where were the Corbynistas ?

Dominic Grieve's contribution to the debate was restricted to promising that as Chair of the Intelligence and Security Committee, the Committee would consider MP and Constituency interception procedures along with other legally privileged lawyers and journalists etc.

Given the other things they must look into, it is unclear if they will contribute anything before the full Investigatory Powers Bill is set in motion early next year.

Peter Bone yet again asked the Home Secretary how many MPs have had their telephones intercepted since 1966. Her silence confirms that the number is clearly not zero, making a mockery of even the very narrow definition of the Wilson Doctrine which is now being spun by the Government.


David Davis correctly summed up the Wilson Doctrine is effectively dead:

"the doctrine is dead. Whether or not it is legally dead, it is in practice dead. It is dead in the eyes of the people--whistleblowers, campaigners and so on--who might come to us, and we have to do something to replace it."

He also mentioned the vital importance of metadata, which the Wilson Doctrine sneakily does not "protect".

Spy Blog would also like to see protection for Constituents, Campaigners, Journalists, Whistleblowers and other elected representatives all the other RIPA an non-IPA surveillance techniques included in the new Investigatory Powers Bill e.g. MetaData / Communications data / Traffic Data (RIPA 2000 Part II) , compelled access access to Encrypted Data (RIPA III), CHIS Covert Human Intelligence Sources (informers and infiltrators), bugging and tracking devices (Police Act 1997 Part III) etc.


The Scottish Nationalist Party outnumbered the Labour Party and emphasised the need for Scottish Parliament, Welsh Assembly, Northern Ireland Assembly and UK Members of the European Parliament to have their communications with constituents and whistleblowers etc. protected.


The 3 MPs from Northern Ireland pointed out what even Theresa May admitted was a "conundrum" - it is unclear with the shifting changes made in secret to the Intelligence Agencies Guidance, did the Wilson Doctrine apply or not apply to those "double dipping" Members of Parliament MPs who were also simultaneously Members of the Legislative Assembly (MLA) ?

Caroline Lucas of course was a party to the the Investigatory Powers Tribunal case and mentioned the point Spy Blog noticed that even though the Wilson Doctrine has no legal power, neither do the Draft Code of Practice (not yet presented to, let alone approved by Parliament) nor the internal Intelligence Agency Guidance.


The lack of interest in their constituents' privacy and liberties shown by the absent MPs does not bode well for the forthcoming Draft Investigatory Powers Bill.

The secretive Investigatory Powers Tribunal, which always seems to side with the Whitehall securocrats at the expense of ordinary, innocent people, has done it again with their judgment on the Wilson Doctrine

Spy Blog has always assumed that the deliberate vagueness and extreme brevity of any official Answers to Parliamentary Questions about the Wilson Doctrine, even as it has changed slightly over the years, meant that the public and Parliamentarians were being lied to by Downing Street regarding the confidentiality of the communications between Members of Parliament and their Constituents.


IPT/14/79/CH IPT/14/80/CH IPT/14/172/CH

Caroline Lucas MP, Baroness Jones of Moulsecoomb AM, George Galloway vs. the Security Service, SIS, GCHQ

The Tribunal heard and resolved issues relating to the status, meaning and effect of what has been called the Harold Wilson Doctrine, or the Wilson Doctrine, originating in the statement in the
House of Commons on 17 November 1966 by the Rt Hon Harold Wilson, the then Prime Minister. The Tribunal made declarations that the Wilson Doctrine applies only to targeted, and not
incidental, interception of Parliamentary communications, but that it has no legal effect, save that in practice the Security and Intelligence Agencies must comply with their own Guidance,
which has now been disclosed in the Judgment.

Full judgment (.pdf 25 pages)

10. There are relevant passages in the Codes, to which we are satisfied the Home Secretary was referring: the Interception of Communications Code of Practice pursuant to Section 71 of RIPA in force until this year ("the Code") does not make express reference to communications between parliamentarians and their constituents as being confidential, in that such communications are not listed among the examples given, but they are particularised in the new draft Code which has been de facto in operation since the beginning of this year, and complied with by the Security and Intelligence Agencies, although it has been the subject of consultation and has not yet been put before or approved by Parliament ("the Draft Code").

How can this possibly be compliant with Human Rights Act 1998 ECHR Article 8 Right to respect for private and family life "in accordance with law", when the supposed protections are still only a Draft Code of Practice which has not been approved by Parliament or are internal Intelligence Agency Guidance, which has no legal force at all ?


Liberty/Privacy provides, particularly having regard to the well-established proposition as to the reduced foreseeability required in the field of national security, a sufficient and adequate system for ECHR purposes, and one which does not require the Wilson Doctrine to underlie it. Unlike journalists' and lawyers' communications, there is no ECHR authority for enhanced protection for parliamentarians. There are very good reasons, as Sir Swinton Thomas pointed out, for parliamentarians not being treated differently from other citizens. The s.5 RIPA criteria and the approved interception regimes, including other statutory provisions for the respective Agencies, impose and signal a high threshold for interception. It is not necessary for this Tribunal to make new law. Moreover any attempt to do so would entail inventing a new code to define the types of communications covered and where lines are to be drawn. The Wilson Doctrine, as now enunciated and put into effect, highlights a need for caution and circumspection in respect of parliamentarians' communications. But such caution and circumspection will be called for in respect of many other types of confidential and sensitive private communications, which come to be considered under the interception regimes.

Answers to the preliminary issues

33. The Tribunal accordingly answers the preliminary issues attached to this judgment as follows:

i) The Wilson Doctrine does not apply to s.8(4) warrants at the stage of issue.

ii) It applies to targeted, but not incidental, interception of parliamentarians' communications both in respect of s.8(1) warrants at date of issue and in respect of s.8(4) warrants at the date of accessing/selecting such communications.

iii) The Wilson Doctrine does not operate so as to create a substantive legitimate expectation.

iv) The Wilson Doctrine has no legal effect, but in practice the Agencies must comply with the Draft Code and with their own Guidance.

v) The regime for the interception of parliamentarians' communications is in accordance with the law under Article 8(2) and prescribed by law under Article 10(2), in particular by reference to s.5(3) of RIPA.

34. MPs' communications with their constituents and others are protected, like those of every other person, by the statutory regime established by Part 1 of RIPA 2000. The critical control is the requirement for a Secretary of State's warrant, which can only be issued if the requirements of Section 5 are satisfied. That regime is sufficient to protect such communications and nothing further is required by the ECHR.

It would be truer to say that

"MPs'communications with their constituents and others are unprotected, like those of every other person"


"That regime is insufficient to protect such communications"

    What now, that the Wilson Doctrine is effectively dead ?

There is a 3 hour Emergency Debate in the House of Commons on the Wilson Doctrine from some time after 14:30, tomorrow Monday 19th October 2015.

Will Her Majesty's Opposition hold the Government to account over this shoddy deception ? Or will the Corbynistas be overshadowed by the Scottish Nationalists ? Will the handful of Conservative MPs who seem to care about liberty and privacy and freedom have any effect on the Government ?

At a guess the Government will pretend that the the still only Draft Code of Practice is somehow important, even though it is the "incidental interception" on a massive industrial scale by GCHQ and our 5 Eyes intelligence foreign agency partners which is the threat to the privacy of a Constituent's emails or mobile phone or landline phone or postal communications with their Member of Parliament.

How can an MP be trusted with any sensitive personal or legal or whistleblower information, from their Constituents, especially if it pertains to a complaint against or wrongdoing by a branch of the UK Government, when there is no legal protection for such communications at all ?

    OPSEC and COMSEC training for MPs etc.

The Open Rights Group has offered to help to train Members of Parliament (and other UK elected representatives not covered by the Wilson Doctrine in the Scottish Parliament, Welsh Assembly, Northern Ireland Assembly and the European Parliament) in the sort of secure digital communications techniques involving risk assessment, personal computers and smartphones etc. which journalists and political activists have had to resort to

These same techniques can be used to help to hide MPs' shady private and business lives, but that is a price worth paying for access to our democratically elected representatives, without UK or other Government snooping.

Spy Blog has some experience with organising and teaching at CryptoParty events in London and even started to organise one for MPs, Peers or their staff in the last Parliament, until it became obvious that MPs didn't care about such things, by rushing the badly scrutinised Data Retention and Investigatory Powers Act through in an unnecessary hurry.

Perhaps there will be more interest in such techniques by our elected representatives after this Wilson Doctrine debacle.

Unless and until Members of Parliament who criticise the Government over the Wilson Doctrine start to do things like using and publishing a PGP / GPG Public Encryption Key for their Constituency or Campaign business, nothing will change, and the public will become even more alienated from untrustworthy politicians and bureaucrats.

Police Oracle announced that Commissioner of the City of London Police Adrian Leppard has announced his retirement. Will this come in to effect before the Investigatory Powers Bill is scrutinised by Parliament in the autumn ?

City of London Police are supposed to be the UK National Policing lead for preventing economic crimes. They run two controversial private industry funded national units Police Intellectual Property Crime Unit (PIPCU) dealing with "intellectual property" and counterfeit goods and the
Dedicated Cheque and Plastic Crime Unit (DCPCU)

It is therefore very peculiar that Commissioner Adrian Leppard should put his name to this New York Times Op Ed article, attacking Apple and Google mobile phone handset encryption. How many billions of pounds of UK economic secrets are protected by such
encryption on mobile phones belonging to City of London financial industry workers ?

Commissioner Leppard should be collecting hard evidence of the numbers and types of of mobile phones his officers have actually seized as evidence and the numbers reported lost or stolen, with and without strong encryption enabled (N.B. only recent versions of Android can do this and the feature is not switched on by default)
so that he can inform the Investigatory Powers Bill scrutiny with some facts rather than cherry picked handwaving examples, which is the usual inadequate or deliberately deceitful Home Office and Police

Don't hold your breath though, as Commissioner Leppard is seemingly ignorant of some of the basics of today's internet protocols
UK Police: Enforcement won't work against a piracy

When Phone Encryption Blocks Justice


Cyrus Vance Jr. , clearly the main author of this article, is the son of the Washington political insider Cyrus Vance who is associated with several US Foreign Policy disasters such as the end of the Vietnam war and the Iran hostage crisis.

Like previous New York public prosecutors (these are political appointments), he may well be trying to stir up political support for a future political career, like Rudy Guiliani

In June, a father of six was shot dead on a Monday afternoon in Evanston, Ill., a suburb 10 miles north of Chicago. The Evanston police believe that the victim, Ray C. Owens, had also been robbed. There were no witnesses to his killing, and no surveillance footage either.

With a killer on the loose and few leads at their disposal, investigators in Cook County, which includes Evanston, were encouraged when they found two smartphones alongside the body of the deceased: an iPhone 6 running on Apple's iOS 8 operating system, and a Samsung Galaxy S6 Edge running on Google's Android operating system. Both devices were passcode protected.

An Illinois state judge issued a warrant ordering Apple and Google to unlock the phones and share with authorities any data therein that could potentially solve the murder. Apple and Google replied, in essence, that they could not -- because they did not know the user's passcode.

The homicide remains unsolved. The killer remains at large.

Until very recently, this situation would not have occurred.

Last September, Apple and Google, whose operating systems are used in 96 percent of smartphones worldwide, announced that they had re-engineered their software with "full-disk" encryption, and could no longer unlock their own products as a result.

According to Apple's website: "On devices running iOS 8.0 ... Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user's passcode, which Apple does not possess."

A Google spokeswoman said, "Keys are not stored off of the device, so they cannot be shared with law enforcement."

Now, on behalf of crime victims the world over, we are asking whether this encryption is truly worth the cost.

Not only is this strong encryption worth the cost, there should, in fact be much more of it, switched on by default.

Between October and June, 74 iPhones running the iOS 8 operating system could not be accessed by investigators for the Manhattan district attorney's office -- despite judicial warrants to search the devices. The investigations that were disrupted include the attempted murder of three individuals, the repeated sexual abuse of a child, a continuing sex trafficking ring and numerous assaults and robberies.

Criminal defendants have caught on. Recently, a suspect in a Manhattan felony, speaking on a recorded jailhouse call, noted that "Apple and Google came out with these softwares" that the police cannot easily unlock.

Apple, Google and other proponents of full-disk encryption have offered several rationales for this new encryption technology. They have portrayed the new policy as a response to the concerns raised by Edward J. Snowden about data collection by the National Security Agency. They say full-disk encryption makes devices generally more secure from cybercrime. And they assert that, if the companies had master encryption keys, then repressive governments could exploit the keys.

These reasons should not be accepted at face value. The new Apple encryption would not have prevented the N.S.A.'s mass collection of phone-call data or the interception of telecommunications, as revealed by Mr. Snowden. There is no evidence that it would address institutional data breaches or the use of malware. And we are not talking about violating civil liberties -- we are talking about the ability to unlock phones pursuant to lawful, transparent judicial orders.

The NSA is not the only threat to privacy and security, how would Vance & his co-signatories protect our privacy and financial information from criminals and terrorists and hostile foreign intelligence agencies who may steal or access such secrets held on mobile phone handsets ?

In the United States, Britain, France, Spain and other democratic societies, the legal system gives local law enforcement agencies access to places where criminals hide evidence, including their homes, car trunks, storage facilities, computers and digital networks.

Carved into the bedrock of each of these laws is a balance between the privacy rights of individuals and the public safety rights of their communities. For our investigators to conduct searches in any of our jurisdictions, a local judge or commissioner must decide whether good cause exists. None of our agencies engage in bulk data collection or other secretive practices. We engage in targeted requests for information, authorized after an impartial, judicial determination of good cause, in which both proportionality and necessity are tested.

Nonsense. There is is no independent judicial warrant involved in most UK mobile phone handset searches or seizures - these are self authorised by the UK police themsleves.

It is this workable balance that proscribes the operations of local law enforcement in our cities, and guides our residents in developing their expectations of privacy. But in the absence of laws that keep pace with technology, we have enabled two Silicon Valley technology companies to upset that balance fundamentally.

The Evanston case is just one example. In France, smartphone data was vital to the swift investigation of the Charlie Hebdo terrorist attacks in January, and the deadly attack on a gas facility at Saint-Quentin-Fallavier, near Lyon, in June. And on a daily basis, our agencies rely on evidence lawfully retrieved from smartphones to fight sex crimes, child abuse, cybercrime, robberies or homicides.

Note the weasel words "smartphone data" - this is not SmartPhone handset encrypted data held on the internal or external microSD card or in the local address book or locally saved SMS message which is what the rest of this article is talking about.

Over the air SmartPhone metadata may have been used in the hunt for the Charlie Hebdo murderers (who brazenly called TV news stations whilst on the run), but there are no reports of any mobile phone handset encryption being used at all.

The murderers had been under full telephone monitoring and intercept for months previously, with nothing to alert the authorities.

It turns out the wives of the murderers had been in contact with each other hundreds of times, but the murderers themselves had stuck to face to face meetings.

Full-disk encryption significantly limits our capacity to investigate these crimes and severely undermines our efficiency in the fight against terrorism. Why should we permit criminal activity to thrive in a medium unavailable to law enforcement? To investigate these cases without smartphone data is to proceed with one hand tied behind our backs.

Nonsense. None of the Mobile Phone network generated calling pattern or physical location metadata is affected by "full disk encryption" - none of it is actually stored on the SmartPhone handset anyway. This is all accessible to law enforcement with a judicial warrant, or, in the UK, without one at all.

The new encryption policies of Apple and Google have made it harder to protect people from crime. We support the privacy rights of individuals. But in the absence of cooperation from Apple and Google, regulators and lawmakers in our nations must now find an appropriate balance between the marginal benefits of full-disk encryption and the need for local law enforcement to solve and prosecute crimes. The safety of our communities depends on it.

Cyrus R. Vance Jr. is the Manhattan district attorney. François Molins is the Paris chief prosecutor. Adrian Leppard is the commissioner of the City of London Police. Javier Zaragoza is the chief prosecutor of the High Court of Spain.

About this blog

This United Kingdom based blog attempts to draw public attention to, and comments on, some of the current trends in ever cheaper and more widespread surveillance technology being deployed to satisfy the rapacious demand by state and corporate bureaucracies and criminals for your private details, and the technological ignorance of our politicians and civil servants who frame our legal systems.

The hope is that you the readers, will help to insist that strong safeguards for the privacy of the individual are implemented, especially in these times of increased alert over possible terrorist or criminal activity. If the systems which should help to protect us can be easily abused to supress our freedoms, then the terrorists will have won.

We know that there are decent, honest, trustworthy individual politicians, civil servants, law enforcement, intelligence agency personnel and broadcast, print and internet journalists etc., who often feel powerless or trapped in the system. They need the assistance of external, detailed, informed, public scrutiny to help them to resist deliberate or unthinking policies, which erode our freedoms and liberties.

Email & PGP Contact

Please feel free to email your views about this blog, or news about the issues it tries to comment on.


Our PGP public encryption key is available for those correspondents who wish to send us news or information in confidence, and also for those of you who value your privacy, even if you have got nothing to hide.

We wiil use this verifiable public key (the ID is available on several keyservers, twitter etc.) to establish initial contact with whistleblowers and other confidential sources, but will then try to establish other secure, anonymous communications channels, as appropriate.

Current PGP Key ID: 0xE6CB99199E7393AF which will expire on 30th August 2018.

You can download a free copy of the PGP encryption software from
(available for most of the common computer operating systems, and also in various Open Source versions like GPG)

We look forward to the day when UK Government Legislation, Press Releases and Emails etc. are Digitally Signed so that we can be assured that they are not fakes. Trusting that the digitally signed content makes any sense, is another matter entirely.

Hints and Tips for Whistleblowers and Political Dissidents

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link:

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)


Watching Them, Watching Us

London 2600

Our UK Freedom of Information Act request tracking blog - ethical and technical discussion about the project for anonymous mass leaking of documents etc.

Privacy and Security

Privacy International
United Kingdom Privacy Profile (2011)

Cryptome - censored or leaked government documents etc.

Identity Project report by the London School of Economics
Surveillance & Society the fully peer-reviewed transdisciplinary online surveillance studies journal

Statewatch - monitoring the state and civil liberties in the European Union

The Policy Laundering Project - attempts by Governments to pretend their repressive surveillance systems, have to be introduced to comply with international agreements, which they themselves have pushed for in the first place

International Campaign Against Mass Surveillance

ARCH Action Rights for Children in Education - worried about the planned Children's Bill Database, Connexions Card, fingerprinting of children, CCTV spy cameras in schools etc.

Foundation for Information Policy Research
UK Crypto - UK Cryptography Policy Discussion Group email list

Technical Advisory Board on internet and telecomms interception under RIPA

European Digital Rights

Open Rights Group - a UK version of the Electronic Frontier Foundation, a clearinghouse to raise digital rights and civil liberties issues with the media and to influence Governments.

Digital Rights Ireland - legal case against mandatory EU Comms Data Retention etc.

Blindside - "What’s going to go wrong in our e-enabled world? " blog and wiki and Quarterly Report will supposedly be read by the Cabinet Office Central Sponsor for Information Assurance. Whether the rest of the Government bureaucracy and the Politicians actually listen to the CSIA, is another matter.

Biometrics in schools - 'A concerned parent who doesn't want her children to live in "1984" type society.'

Human Rights

Liberty Human Rights campaigners

British Institute of Human Rights
Amnesty International

Prevent Genocide International

asboconcern - campaign for reform of Anti-Social Behavior Orders

Front Line Defenders - Irish charity - Defenders of Human Rights Defenders

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

Reporters without Borders internet section - news of internet related censorship and repression of journalists, bloggers and dissidents etc.

Judicial Links

British and Irish Legal Information Institute - publishes the full text of major case Judgments

Her Majesty's Courts Service - publishes forthcoming High Court etc. cases (but only in the next few days !)

House of Lords - The Law Lords are currently the supreme court in the UK - will be moved to the new Supreme Court in October 2009.

Information Tribunal - deals with appeals under FOIA, DPA both for and against the Information Commissioner

Investigatory Powers Tribunal - deals with complaints about interception and snooping under RIPA - has almost never ruled in favour of a complainant.

Parliamentary Opposition

The incompetent yet authoritarian Labour party have not apologised for their time in Government. They are still not providing any proper Opposition to the current Conservative - Liberal Democrat coalition government, on any freedom or civil liberties or privacy or surveillance issues.

UK Government

Home Office - "Not fit for purpose. It is inadequate in terms of its scope, it is inadequate in terms of its information technology, leadership, management systems and processes" - Home Secretary John Reid. 23rd May 2006. Not quite the fount of all evil legislation in the UK, but close.

No. 10 Downing Street Prime Minister's Official Spindoctors

Public Bills before Parliament

United Kingdom Parliament
Home Affairs Committee of the House of Commons.

House of Commons "Question Book"

UK Statute Law Database - is the official revised edition of the primary legislation of the United Kingdom made available online, but it is not yet up to date.

FaxYourMP - identify and then fax your Member of Parliament
WriteToThem - identify and then contact your Local Councillors, members of devolved assemblies, Member of Parliament, Members of the European Parliament etc.
They Work For You - House of Commons Hansard made more accessible ? UK Members of the European Parliament

Read The Bills Act - USA proposal to force politicians to actually read the legislation that they are voting for, something which is badly needed in the UK Parliament.

Bichard Inquiry delving into criminal records and "soft intelligence" policies highlighted by the Soham murders. (taken offline by the Home Office)

ACPO - Association of Chief Police Officers - England, Wales and Northern Ireland
ACPOS Association of Chief Police Officers in Scotland

Online Media

Boing Boing

Need To Know [now defunct]

The Register

NewsNow Encryption and Security aggregate news feed
KableNet - UK Government IT project news - UK eGovernment and public sector IT news
eGov Monitor

Ideal Government - debate about UK eGovernment

NIR and ID cards

Stand - email and fax campaign on ID Cards etc. [Now defunct]. The people who supported have gone on to set up other online tools like The Government's contemptuous dismissal of over 5,000 individual responses via the website to the Home Office public consultation on Entitlement Cards is one of the factors which later led directly to the formation of the the NO2ID Campaign who have been marshalling cross party opposition to Labour's dreadful National Identity Register compulsory centralised national biometric database and ID Card plans, at the expense of simpler, cheaper, less repressive, more effective, nore secure and more privacy friendly alternative identity schemes.

NO2ID - opposition to the Home Office's Compulsory Biometric ID Card
NO2ID bulletin board discussion forum

Home Office Identity Cards website
No compulsory national Identity Cards (ID Cards) BBC iCan campaign site
UK ID Cards blog
NO2ID press clippings blog
CASNIC - Campaign to STOP the National Identity Card.
Defy-ID active meetings and protests in Glasgow - New Alliance's ID Cards page - total rejection of any UK ID Card

International Civil Aviation Organisation - Machine Readable Travel Documents standards for Biometric Passports etc.
Anti National ID Japan - controversial and insecure Jukinet National ID registry in Japan
UK Biometrics Working Group run by CESG/GCHQ experts etc. the UK Government on Biometrics issues feasability
Citizen Information Project feasability study population register plans by the Treasury and Office of National Statistics - comments and links to each paragraph of the Home Office's "Strategic Action Plan for the National Identity Scheme".

De-Materialised ID - "The voluntary alternative to material ID cards, A Proposal by David Moss of Business Consultancy Services Ltd (BCSL)" - well researched analysis of the current Home Office scheme, and a potentially viable alternative.

Surveillance Infrastructures

National Roads Telecommunications Services project - infrastruture for various mass surveillance systems, CCTV, ANPR, PMMR imaging etc.

CameraWatch - independent UK CCTV industry lobby group - like us, they also want more regulation of CCTV surveillance systems.

Every Step You Take a documentary about CCTV surveillance in the Uk by Austrian film maker Nino Leitner.

Transport for London an attempt at a technological panopticon - London Congestion Charge, London Low-Emission Zone, Automatic Number Plate Recognition cameras, tens of thousands of CCTV cameras on buses, thousands of CCTV cameras on London Underground, realtime road traffic CCTV, Iyster smart cards - all handed over to the Metropolitan Police for "national security" purposes, in real time, in bulk, without any public accountibility, for secret data mining, exempt from even the usual weak protections of the Data Protection Act 1998.

RFID Links

RFID tag privacy concerns - our own original article updated with photos

NoTags - campaign against individual item RFID tags
Position Statement on the Use of RFID on Consumer Products has been endorsed by a large number of privacy and human rights organisations.
RFID Privacy Happenings at MIT
Surpriv: RFID Surveillance and Privacy
RFID Scanner blog
RFID Gazette
The Sorting Door Project blog - where we sometimes crosspost RFID articles

Genetic Links

DNA Profiles - analysis by Paul Nutteing
GeneWatch UK monitors genetic privacy and other issues
Postnote February 2006 Number 258 - National DNA Database (.pdf) - Parliamentary Office of Science and Technology

The National DNA Database Annual Report 2004/5 (.pdf) - published by the NDNAD Board and ACPO.

Eeclaim Your DNA from Britain's National DNA Database - model letters and advice on how to have your DNA samples and profiles removed from the National DNA Database,in spite of all of the nureacratic obstacles which try to prevent this, even if you are innocent.

Miscellanous Links

Michael Field - Pacific Island news - no longer a paradise - John Gilmore versus USA internal flight passports and passenger profiling etc.

The BUPA Seven - whistleblowers badly let down by the system.

Tax Credit Overpayment - the near suicidal despair inflicted on poor, vulnerable people by the then Chancellor Gordon Brown's disasterous Inland Revenue IT system.

Fassit UK - resources and help for those abused by the Social Services Childrens Care bureaucracy

Former Spies

MI6 v Tomlinson - Richard Tomlinson - still being harassed by his former employer MI6

Martin Ingram, Welcome To The Dark Side - former British Army Intelligence operative in Northern Ireland.

Operation Billiards - Mitrokhin or Oshchenko ? Michael John Smith - seeking to overturn his Official Secrets Act conviction in the GEC case.

The Dirty Secrets of MI5 & MI6 - Tony Holland, Michael John Smith and John Symond - stories and chronologies.

Naked Spygirl - Olivia Frank

Blog Links blog - Comments on IT security and Privacy or the lack thereof.
Rat's Blog -The Reverend Rat writes about London street life and technology
Duncan Drury - wired adventures in Tanzania & London
Dr. K's blog - Hacker, Author, Musician, Philosopher

David Mery - falsely arrested on the London Tube - you could be next.

James Hammerton
White Rose - a thorn in the side of Big Brother
Big Blunkett
Into The Machine - formerly "David Blunkett is an Arse" by Charlie Williams and Scribe
infinite ideas machine - Phil Booth
Louise Ferguson - City of Bits
Chris Lightfoot
Oblomovka - Danny O'Brien

Liberty Central

dropsafe - Alec Muffett
The Identity Corner - Stefan Brands
Kim Cameron - Microsoft's Identity Architect
Schneier on Security - Bruce Schneier
Politics of Privacy Blog - Andreas Busch
solarider blog

Richard Allan - former Liberal Democrat MP for Sheffield Hallam
Boris Johnson Conservative MP for Henley
Craig Murray - former UK Ambassador to Uzbekistan, "outsourced torture" whistleblower

Howard Rheingold - SmartMobs
Global Guerrillas - John Robb
Roland Piquepaille's Technology Trends

Vmyths - debunking computer security hype

Nick Leaton - Random Ramblings
The Periscope - Companion weblog to journalist network.
The Practical Nomad Blog Edward Hasbrouck on Privacy and Travel
Policeman's Blog
World Weary Detective

Martin Stabe
B2fxxx - Ray Corrigan
Matt Sellers
Grits for Breakfast - Scott Henson in Texas
The Green Ribbon - Tom Griffin
Guido Fawkes blog - Parliamentary plots, rumours and conspiracy.
The Last Ditch - Tom Paine
The (e)State of Tim - Tim Hicks
Ilkley Against CCTV
Tim Worstall
Bill's Comment Page - Bill Cameron
The Society of Qualified Archivists
The Streeb-Greebling Diaries - Bob Mottram

Your Right To Know - Heather Brooke - Freedom off Information campaigning journalist

Ministry of Truth _ Unity's V for Vendetta styled blog.

Bloggerheads - Tim Ireland

W. David Stephenson blogs on homeland security et al.
EUrophobia - Nosemonkey

Blogzilla - Ian Brown

BlairWatch - Chronicling the demise of the New Labour Project

dreamfish - Robert Longstaff

Informaticopia - Rod Ward


The Musings of Harry

Chicken Yoghurt - Justin McKeating

The Red Tape Chronicles - Bob Sullivan MSNBC

Campaign Against the Legislative and Regulatory Reform Bill

Stop the Legislative and Regulatory Reform Bill

Rob Wilton's esoterica

panGloss - Innovation, Technology and the Law

Arch Rights - Action on Rights for Children blog

Database Masterclass - frequently asked questions and answers about the several centralised national databases of children in the UK.


Moving On

Steve Moxon blog - former Home Office whistleblower and author.

Al-Muhajabah's Sundries - anglophile blog

Architectures of Control in Design - Dan Lockton

rabenhorst - Kai Billen (mostly in German)

Nearly Perfect Privacy - Tiffany and Morpheus

Iain Dale's Diary - a popular Conservative political blog

Brit Watch - Public Surveillance in the UK - Web - Email - Databases - CCTV - Telephony - RFID - Banking - DNA

BLOGDIAL - smart mobile phone forensics, information security, computer security and digital forensics by a couple of Australian researchers

Ralph Bendrath

Financial Cryptography - Ian Grigg et al.

UK Liberty - A blog on issues relating to liberty in the UK

Big Brother State - "a small act of resistance" to the "sustained and systematic attack on our personal freedom, privacy and legal system"

HosReport - "Crisis. Conspiraciones. Enigmas. Conflictos. Espionaje." - Carlos Eduardo Hos (in Spanish)

"Give 'em hell Pike!" - Frank Fisher

Corruption-free Anguilla - Good Governance and Corruption in Public Office Issues in the British Overseas Territory of Anguilla in the West Indies - Don Mitchell CBE QC

geeklawyer - intellectual property, civil liberties and the legal system

PJC Journal - I am not a number, I am a free Man - The Prisoner

Charlie's Diary - Charlie Stross

The Caucus House - blog of the Chicago International Model United Nations

Famous for 15 Megapixels

Postman Patel

The 4th Bomb: Tavistock Sq Daniel's 7:7 Revelations - Daniel Obachike

OurKingdom - part of OpenDemocracy - " will discuss Britain’s nations, institutions, constitution, administration, liberties, justice, peoples and media and their principles, identity and character"

Beau Bo D'Or blog by an increasingly famous digital political cartoonist.

Between Both Worlds - "Thoughts & Ideas that Reflect the Concerns of Our Conscious Evolution" - Kingsley Dennis

Bloggerheads: The Alisher Usmanov Affair - the rich Uzbek businessman and his shyster lawyers Schillings really made a huge counterproductive error in trying to censor the blogs of Tim Ireland, of all people.

Matt Wardman political blog analysis

Henry Porter on Liberty - a leading mainstream media commentator and opinion former who is doing more than most to help preserve our freedom and liberty.

HMRC is shite - "dedicated to the taxpayers of Britain, and the employees of the HMRC, who have to endure the monumental shambles that is Her Majesty's Revenue and Customs (HMRC)."

Head of Legal - Carl Gardner a former legal advisor to the Government

The Landed Underclass - Voice of the Banana Republic of Great Britain

Henrik Alexandersson - Swedish blogger threatened with censorship by the Försvarets Radioanstalt (FRA), the Swedish National Defence Radio Establishement, their equivalent of the UK GCHQ or the US NSA.

World's First Fascist Democracy - blog with link to a Google map - "This map is an attempt to take a UK wide, geographical view, of both the public and the personal effect of State sponsored fear and distrust as seen through the twisted technological lens of petty officials and would be bureaucrats nationwide."

Blogoir - Charles Crawford - former UK Ambassodor to Poland etc.

No CCTV - The Campaign against CCTV

Barcode Nation - keeping two eyes on the database state.

Lords of the Blog - group blog by half a dozen or so Peers sitting in the House of Lords.

notes from the ubiquitous surveillance society - blog by Dr. David Murakami Wood, editor of the online academic journal Surveillance and Society

Justin Wylie's political blog

Panopticon blog - by Timothy Pitt-Payne and Anya Proops. Timothy Pitt-Payne is probably the leading legal expert on the UK's Freedom of Information Act law, often appearing on behlaf of the Information Commissioner's Office at the Information Tribunal.

Armed and Dangerous - Sex, software, politics, and firearms. Life’s simple pleasures… - by Open Source Software advocate Eric S. Raymond.

Georgetown Security Law Brief - group blog by the Georgetown Law Center on National Security and the Law , at Georgtown University, Washington D.C, USA.

Big Brother Watch - well connected with the mainstream media, this is a campaign blog by the TaxPayersAlliance, which thankfully does not seem to have spawned Yet Another Campaign Organisation as many Civil Liberties groups had feared.

Spy on Moseley - "Sparkbrook, Springfield, Washwood Heath and Bordesley Green. An MI5 Intelligence-gathering operation to spy on Muslim communities in Birmingham is taking liberties in every sense" - about 150 ANPR CCTV cameras funded by Home Office via the secretive Terrorism and Allied Matters (TAM) section of ACPO.

FitWatch blog - keeps an eye on the activities of some of the controversial Police Forward Intelligence Teams, who supposedly only target "known troublemakers" for photo and video surveillance, at otherwise legal, peaceful protests and demonstrations.

Other Links

Spam Huntress - The Norwegian Spam Huntress - Ann Elisabeth

Fuel Crisis Blog - Petrol over £1 per litre ! Protest !
Mayor of London Blog
London Olympics 2012 - NO !!!!

Cool Britannia


Free Gary McKinnon - UK citizen facing extradition to the USA for "hacking" over 90 US Military computer systems.

Parliament Protest - information and discussion on peaceful resistance to the arbitrary curtailment of freedom of assembly and freedom of speech, in the excessive Serious Organised Crime and Police Act 2005 Designated Area around Parliament Square in London.

Brian Burnell's British / US nuclear weapons history at

Syndicate this site (XML):

Follow Spy Blog on Twitter

For those of you who find it convenient, there is now a Twitter feed to alert you to new Spy Blog postings.

Please bear in mind the many recent, serious security vulnerabilities which have compromised the Twitter infrastructure and many user accounts, and Twitter's inevitable plans to make money out of you somehow, probably by selling your Communications Traffic Data to commercial and government interests. (same window)

Recent Comments

  • wtwu: NetIDMe seems to be in process of being wound up read more
  • wtwu: The House of Lords have approved the Regulations, without a read more
  • wtwu: Data Retention and Investigatory Powers Bill Government Note on the read more
  • wtwu: The former Customs Officer and the others involved in dealing read more
  • wtwu: BBC reports the password was $ur4ht4ub4h8 When Hussain was read more
  • wtwu: "only" an extra 4 months in prison for failing to read more
  • wtwu: Although not confirmed as part of the Wilson Doctrine per read more
  • wtwu: For now (just before Christmas 2013) it appears that the read more
  • wtwu: As expected, the ISC did not give the intelligence agency read more
  • wtwu: N.B. the Intelligence & Security Committee is now legally consituted read more


Monthly Archives

September 2017

Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30

UK Legislation

The United Kingdom suffers from tens of thousands of pages of complicated criminal laws, and thousands of new, often unenforceable criminal offences, which have been created as a "Pretend to be Seen to Be Doing Something" response to tabloid media hype and hysteria, and political social engineering dogmas. These overbroad, catch-all laws, which remove the scope for any judicial appeals process, have been rubber stamped, often without being read, let alone properly understood, by Members of Parliament.

The text of many of these Acts of Parliament are now online, but it is still too difficult for most people, including the police and criminal justice system, to work out the cumulative effect of all the amendments, even for the most serious offences involving national security or terrorism or serious crime.

Many MPs do not seem to bother to even to actually read the details of the legislation which they vote to inflict on us.

UK Legislation Links

UK Statute Law Database - is the official revised edition of the primary legislation of the United Kingdom made available online, but it is not yet up to date.

UK Commissioners

UK Commissioners some of whom are meant to protect your privacy and investigate abuses by the bureaucrats.

UK Intelligence Agencies

Intelligence and Security Committee - the supposedly independent Parliamentary watchdog which issues an annual, heavily censored Report every year or so. Currently chaired by the Conservative Sir Malcolm Rifkind. Why should either the intelligence agencies or the public trust this committee, when the untrustworthy ex-Labour Minister Hazel Blears is a member ?

Anti-terrorism hotline - links removed in protest at the Climate of Fear propaganda posters

MI5 Security Service
MI5 Security Service - links to encrypted reporting form removed in protest at the Climate of Fear propaganda posters

syf_logo_120.gif Secure Your Ferliliser logo
Secure Your Fertiliser - advice on ammonium nitrate and urea fertiliser security

cpni_logo_150.gif Centre for the Protection of National Infrastructure
Centre for the Protection of National Infrastructure - "CPNI provides expert advice to the critical national infrastructure on physical, personnel and information security, to protect against terrorism and other threats."

SIS MI6 careers_logo_sis.gif
Secret Intelligence Service (MI6) recruitment.

Government Communications Headquarters GCHQ

National Crime Agency - the replacement for the Serious Organised Crime Agency

Defence Advisory (DA) Notice system - voluntary self censorship by the established UK press and broadcast media regarding defence and intelligence topics via the Defence, Press and Broadcasting Advisory Committee.

Foreign Spies / Intelliegence Agencies in the UK

It is not just the UK government which tries to snoop on British companies, organisations and individuals, the rest of the world is constantly trying to do the same, regardless of the mixed efforts of our own UK Intelligence Agencies who are paid to supposedly protect us from them.

For no good reason, the Foreign and Commonwealth Office only keeps the current version of the London Diplomatic List of accredited Diplomats (including some Foreign Intelligence Agency operatives) online.

Presumably every mainstream media organisation, intelligence agency, serious organised crime or terrorist gang keeps historical copies, so here are some older versions of the London Diplomatic List, for the benefit of web search engine queries, for those people who do not want their visits to appear in the FCO web server logfiles or those whose censored internet feeds block access to UK Government websites.

Campaign Button Links

Watching Them, Watching Us - UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond
Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution - Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

Amnesty International's campaign

BlogSafer - wiki with multilingual guides to anonymous blogging

NGO in a box - Security Edition privacy and security software tools

Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

Icelanders are NOT terrorists ! - despite Gordon Brown and Alistair Darling's use of anti-terrorism legislation to seize the assets of Icelandic banks.

No CCTV - The Campaign Against CCTV


I'm a Photographer Not a Terrorist !


Power 2010 cross party, political reform campaign


Cracking the Black Box - "aims to expose technology that is being used in inappropriate ways. We hope to bring together the insights of experts and whistleblowers to shine a light into the dark recesses of systems that are responsible for causing many of the privacy problems faced by millions of people."


Open Rights Group - Petition against the renewal of the Interception Modernisation Programme

wblogocrop_150.jpg - Fighting for justice for whistleblowers