UK mass digital surveillance regime ruled unlawful
Judges say snooper’s charter lacks adequate safeguards around accessing personal data
Alan Travis Home affairs editor
Appeal court judges have ruled the government’s mass digital surveillance regime unlawfulin a case brought by the Labour deputy leader, Tom Watson.
The judges said the appeal court did not need to rule on this point because it had already been referred to the European court of justice in a case which is due to be heard in February.
1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. [https://en.wikipedia.org/wiki/Article_8_of_the_European_Convention_on_Human_Rights]
Britain has passed the ‘most extreme surveillance law ever passed in a democracy’
But civil liberties groups have long criticized the bill, with some arguing that the law will let the UK government “document everything we do online”.
It’s no wonder, because it basically does.
The law will force internet providers to record every internet customer’s top-level web history in real-time for up to a year, which can be accessed by numerous government departments; force companies to decrypt data on demand — though the government has never been that clear on exactly how it forces foreign firms to do that that; and even disclose any new security features in products before they launch.
Despite the uproar, the government’s opposition failed to scrutinize any significant amendments and abstained from the final vote. Killock said recently that the opposition Labour party spent its time “simply failing to hold the government to account”.
The Snooper’s Charter passed into law this week – say goodbye to your privacy
This week a law was passed that silently rips privacy from the modern world. It’s called the Investigatory Powers Act.
The United Nations has passed a non-binding resolution condemning the disruption of Internet access as a human rights violation.
“Condemns unequivocally measures to intentionally prevent or disrupt access to or dissemination of information online in violation of international human rights law and calls on all States to refrain from and cease such measures.”
“This unanimous statement by the world’s highest human rights body should give governments pause before they order blocking, throttling, and other barriers to information.”
SNOWDEN and mass surveillance, IAN HISLOP, GCHQ
10 Dec. 2016 originally
SPYING ON US 12mar15
A major row between the political parties is brewing over demands by David Cameron and the intelligence services for even more surveillance powers in the wake of the terrorist atrocities in Paris last week.
David Cameron has promised new legislation so that terrorists no longer have “safe spaces” to communicate.
Pointing out that in the old days, intelligence agencies were able to open letters and eavesdrop on phone calls, the PM asked in a speech yesterday: “In our country, do we want to allow a means of communication between people which […] we cannot read?”
But today deputy PM Nick Clegg said such a response would be disproportionate and would “cross a line”.
The issue centres on the fact that technology is changing so fast that the laws on which security officials rely to give them access to communications are becoming obsolete almost as soon as they are written.
Here the Bureau explains why new legislation passed last summer is said to be already inadequate to keep Britons safe, what the government could do next and why the public debate must take account of GCHQ’s most realistic option – hacking.
What are the problems?
The Data Retention and Investigatory Powers Act (DRIPA) was only passed last summer, having been fast-tracked through Parliament.
The new law extended the reach of the Regulation of Investigatory Powers Act (RIPA) which gives authorities interception powers.
Under DRIPA telecoms companies can also be required to keep billing data – information on who contacts whom, when and for how long on mobile networks but not the content of these messages – for up to 12 months and allow security officials to access it on production of a warrant.
This “meta-data” held by the companies is helpful in identifying associates of known terrorists or criminals. Law enforcement and security officials can use evidence of contact between parties to justify directly surveilling individuals and accessing the content of their communications.
But the law is already said to be becoming obsolete.
There are three main reasons for this:
1) People aren’t calling each other over mobile networks as often as they used to
Terrorists and serious criminals, like the general public, are using the internet to communicate instead, speaking to each other via social media sites, instant messaging services – including those provided by online games – and chat rooms.
Billing data doesn’t capture these exchanges.
Intelligence agencies are increasingly finding that even when they have located the particular messages they want, the content is encrypted.
3) The data isn’t collected by UK telcos
Companies operating fixed line and mobile infrastructure such as BT and Vodafone may simply transport data to and from another company – such as Facebook or Twitter – to the customer with little or no data retained about the communication.
4) Some of the communications the spies want access to are held by service providers that are not based in the UK
Under DRIPA, interception warrants issued by UK authorities can be applied to overseas firms. As Liberty pointed out, the UK’s Home Secretary could serve Gmail with a warrant in California, requiring it to intercept all communications between subscribers in two specified countries or all communications leaving or entering the UK.
However many legal experts have questioned the validity of this extra-territorial effect, not least because the legislation could require companies to breach their own nation’s laws in complying with a UK warrant – a warrant whose existence they could not reveal without breaking UK law.
A recent Telegraph report quoted an anonymous security official complaining that these companies would not assist GCHQ enquires by passing on evidence about serious criminals unless there was an imminent threat of harm.
What can be done about it?
1) Get heavy with the tech companies
Media reports have suggested Whatsapp, Snapcat and Apple’s iMessage, which offer an encrypted instant messaging services could be banned from the UK.
Companies that offer encrypted email services could also be banned or required to hand over their encryption “keys”, either to the security services or to network operators.
Operators could then be required by law to decrypt the data.
As Privacy International points out, proposals to outlaw encrypted communications “not only threaten the very rights they’re said to be designed to protect, but begin from a fundamentally flawed premise – that such measures are even possible.”
It added: “The UK simply can not command foreign manufacturers and providers of services such as Whatsapp to modify their services to accommodate the desires of British spies.”
Any attempted move in this direction would antagonise some very powerful opponents – Google, for example, which recently proposed that websites that do not encrypt their traffic be marked as “insecure” by default.
The company is a major advocate for “end-to-end encryption“, which encrypts data leaving a user’s browser until it is decrypted by the recipient. The tech giant has previously publicly announced support for anti-surveillance campaigners.
In 2010 the Indian government threatened to ban Blackberry for refusing to allow the country’s security officials access to its messages. The dispute ran for several years before ending in a compromise, with the company agreeing to allow more limited access – to meta-data – than had originally been requested.
A battle between the UK and Google or Apple would be a different matter altogether.
2) Revival of the “Snoopers’ Charter”
The Conservatives are pushing for a revival of the Communications Data draft Bill, known as the “Snoopers’ Charter”, which was abandoned in 2013 after opposition from the Liberal Democrats.
This would have required all internet service providers to retain, for 12 months, in a common format data on their customers’ communications via the internet as well as via the mobile networks.
Data stored would include visits to websites and social media activities.
These databases could then be searched by a Government data-mining device called a “request filter”.
As well as major concerns about the threat to privacy this would entail, it is questionable whether the national security benefits would justify the expense of building and maintaining the data storage centers necessary to retain this huge amount of information, particularly if the encryption problem has not been solved.
Companies that have no commercial imperative to collect the information would have to be compensated if they were compelled to do so. The bill could run into hundreds of millions of pounds given the volume and complexity of data involved.
The third prong in the intelligence agencies’ communications surveillance trident is its ability to break encryption by hacking.
GCHQ’s capabilities in this and any other regard are never discussed officially as a matter of policy.
But without understanding this capability – and how, if at all, it is constrained by the law – it is difficult to know just how hampered the security services are.
Documents leaked in 2013 by National Security Agency (NSA) whistleblower Edward Snowden revealed that US and UK intelligence agencies have been pouring their efforts into cracking encryption codes for many years.
A Guardian report that year quoted a 2010 NSA presentation as stating that “for the past decade, NSA has led an aggressive, multipronged effort to break widely used internet encryption technologies.”
A more recent report in German newspaper Der Spiegel based on a set of Snowden files dated 2012 showed that the NSA considered monitoring Facebook chat “a minor task”. On the other hand a protocol called Off-the-Record (OTR) for encrypting instant messaging seemed to be causing the NSA major problems.
Facebook has improved its security since 2012 but it’s likely that intelligence agencies’ hacking powers have improved in tandem.
GCHQ hacking may also explain why the government wants companies to store data that is currently unreadable due to encryption.
As yet another Snowden file says: “Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
Once an encrypted system has been hacked into, intelligence agencies can re-examine stored data to find information that was previously hidden – a powerful motive for retaining data.
The Snowden documents also revealed that NSA and its “Five Eyes” partners including the UK had adopted covert measures to ensure control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”.
Through covert partnerships with internet service providers and tech companies, the agencies had also inserted secret vulnerabilities known as backdoors into commercial encryption software.
“These design changes make the systems in question exploitable … to the consumer and other adversaries, however, the systems’ security remains intact,” one document says.
Since this was made public, the companies concerned may have become less willing to enter into these collaborations.
Related story: Thatcher and Blair Cabinet Secretary: Intelligence committee has “helped” public by confirming GCHQ’s internet tap “Tempora” powers
UNDERCOVER POLICING ATROCITIES:
ANDY COLES – #sackandycoles #spycops + JANET ALDER + UNDERCOVER COPS: “The Women Activists Who Fell In Love With Police Spies And Are Still Waiting For Justice” VIDEO
ROGER PEARCE aka THORLEY #spycops + UNDERCOVER COPS: An inquiry just revealed how far the British state will go in its secret war on citizens + OVER 1000 POLICE HAVE CRIMINAL RECORDS + “True Spies” VIDEO
TRUE SPIES – full series – VIDEO+
Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. For more information please visit: