Sophos Cloud Optix
A cluster of top political figures in the UK, including several former Home Secretaries, has issued a public letter insisting on the revival of the so-called “snoopers’ charter” – legislation to give British police and intelligence services more access to personal data.
In a stirring display of bad timing, the letter, co-signed by big names from both sides of the political divide and sent to the Times newspaper, aims to break opposition to the bill from the Liberal Democrats.
The proposed £1.8 billion “Communications Data Bill“, promising massive-scale harvesting of web and phone data, has always been controversial. It was pushed onto the back burner in April when Lib Dem leader Nick Clegg came out against it.
But it seems that, despite the current heavily anti-snooping mood, some people are not ready to let it lie.
A lot of these guys are getting on a bit – their job titles mostly include a “former”, several reports refer to them as “senior” and even “grandees” – so maybe they have an excuse for not keeping up with current events. They’re probably spending a lot of time pottering around the garden, playing bingo or watching Quincy.
They seem not to have even noticed the massive, non-stop political and social hurricane surrounding the so-(mis-)called “PRISM” leak rumpus, dominating all headlines for the last week or so.
For the moment we’ll ignore the justification they give for their demands; they reference the horrific attack in London a few weeks ago, whose perpetrators were well known to MI5. This seems to indicate, if anything, that UK spies already have more information than they can possibly process and act upon, but that’s by the by.
If there’s anything the whole PRISM circus shows, it’s that intelligence services are really bad at privacy. The NSA, famously the most top-secret of secret organisations, is actually not able to keep its own top-secret secrets especially secret.
In essence, they hired a temp (OK, “consultant”, I’ve never been clear on where one stops and the other starts), and let him, what? Dump a load of highly-classified documents to a personal USB stick or a CD? Or send stuff out to his personal Gmail account?
C’mon guys, where was the data security?
We’re not talking about beefy armed guards running high-tech body-scanners over everyone leaving the secure facility in the back of a fake launderette, or beagles that can sniff a microdot at 20 paces. This should be covered by basic data handling policies, DLP and maybe a bit of device control.
And this is their OWN secrets. How much less careful are they with other people’s?
I try to be fairly careful with my personal data, not obsessively so but taking reasonable precautions. What’s the point of making the effort though?
Clearly, the cops and the secret agent men are going to compile a detailed and comprehensive dossier on everything they can find out about me, then just pop the data on a laptop or USB stick (unencrypted, of course), and leave it lying around the nearest train/taxi/rail station/airport/nightclub. Or better yet, simply put the whole database on eBay because the hard drives seem a bit old.
So, no thanks. Until “the man” proves he can look after it better, I’d rather not give him any more data than he already has. For the first time in a while, I agree with Nick.
Image of UK face courtesy of Shutterstock.
No, no, no! When will they get it?
The perps involved in the London attack were known extremists, they knew these guys hung around with banned Islamist groups yet they CHOSE to leave them be.
More surveillance would not have altered that decision. It would just have confirmed what they already knew, that these guys were members of banned groups.
After Prism the government should clear off wanting more rights. I'm more likely statistically to die in my car than by a terrorist, I don't need or want their protection from this so called "threat".
“We should do everything possible to avoid …” (such as mass CCTV, communications surveillance, 90 day detention)
I get tired of the lazy response of some politicians and commentators after any outrage.
“We should do everything possible to prevent terrorism”. Everything possible? Well an internal security service that would put East Germany and the old Soviet Union to shame would be a start.
Do I fear an incredibly small chance of being involved in a terrorist outrage, or the virtual certainty that my privacy is compromised? What could be done with the additional money they propose should be spent on “beefing up our security”? Spend that amount on say improving weekend care in NHS hospitals and you will save very very many more lives and with more certainty.
The people who signed this letter are the type of people who supported the proposals for 90 day pre-charge detention. It gives the country a bad name.
I "love" how politicians try to prevent things they can't even define clearly.They don't seem to understand that the only way to prevent terrorism is to prevent terrorists.Which is "difficult" when you don't know who they are.
If you keep the masses fearful of some unknown enemy you can control them better. See 1984 by George Orwell.
"In a stirring display of bad timing.." says it all. When the recent revelations about NSA's spying on millions of citizens has anyone who's moderately conscious saying, "Who protects us from the 'protectors'?", it's difficult to comprehend how these politicians can even suggest, "We're The Government™. Give us more power!"
Their very cluelessness in raising the issue — especially at this time — suggests that they have neither the judgment nor the wisdom to use more power than they already have responsibly.
It would probably be outsourced anyway… Capita, is my guess.
it is yet more excuses to pry into innocent peoples business. These terrorists were already KNOWN to the authorities. By that premise, it seems that the authorities FAILED IN THEIR DUTY TO ACT BEFORE THEY ATTACKED. So if they were already known, then and still attacked, then no amount of snooping would have prevented that attack.~
I would not trust any politician, or people in authority looking into the affairs of innocent peoples lives. So what happens if there is whole scale snooping and a terrorist attack still occurs? What then. Those politicians shouting about wanting this should retire gracefully..
Exactly. So, to be better able to track the known terrorists you flood the field with irrelevant data about non-terrorists! That’s so clever. I guess they have never heard of the concept of hiding in plain sight!
Wow! An excellent article and eight comments in a row from people that get it. Cool!
The biggest take-away I've had from the whole PRISM/Snooping/Surveillance affair so far is how utterly disheartening it is that so many people don't seem to care about their own privacy or understand why they should defend it. And that — obviously — is why the various governents in the so-called free world are able to infringe on such individual rights so effectively before being called out on it.
These programs are by the very nature international in scope, so when a government snoops on all the data they can possibly reach, there should be outrage from the international community, not just the country in question.
One of the most effective arguments the US Government made was, "Oh those surveillance programs? They're just to target foreigners. Don't worry about it." It's scary how that's an okay argument to so many Americans, but it's even more scary that the rest of the world isn't more outraged.
A great article. Well written. Thank you!
“This should be covered by basic data handling policies, DLP and maybe a bit of device control.”
don’t be too sure that security is that simple. when you consider the fact that even unauthorised people another continent away still manage to get root access to systems or access to sensitive data, there’s only so much you can do to keep a determined admin (remember: they’re the guys who introduce/enforce many policies anyway) from finally figuring out how to get around the barriers.
even without social engineering, forensic/anti-forensic tools, anti-sec software, s/he still has so much control over computer systems in the network from assigning permissions and access control, to log file access and so many other things, that, to try and manage all such administrators–and think you’ll be successful–in a system as large as the nsa’s, let alone the whole ic, using basic techniques, is silly.
what they’re trying to do at the moment, though, is a good first step: cut the no. of admins (or people with a high level of access) by 90%
(though i don’t support what they’re doing)