There’s a fascinating interactive map of the world’s undersea communications cables here. It’s also a pretty good guesstimation guide as to where there are, or are likely to be, NSA or subordinate agencies’ (and other non-affiliated intelligence services’) field stations that funnel the data flowing through such cables through computer systems that analyse traffic and content data.
(via Gizmondo)
The BBC reports that the UK Home Office has been forced by the European Union to accept input from civil and digital rights groups over the revision of its Regulation of Investigatory Powers Act (RIPA) – I’ve posted lots on RIPA here in the past, so it’s worth doing a search of this site for some of the backstory.
The u-turn was apparently sparked by the EU’s report on the Phorm debacle (see also here) which, amongst other things concluded that the UK was in breach of the Privacy Directive for having no adequate complaints procedure or systems of legal redress for those who believe they have been subject to illicit surveillance. Amongst the little nuggets in this story is the fact that since its creation in 1986, the Interception Commissioner has upheld four complaints. Yes, four. 4.
The consultation has also been extended to the 17th of December, so get writing if you haven’t already made your views known. You can find the consultation document here (pdf).
One of the many promises made by the new Conservative-Liberal Democrat coalition government was that it would “end the storage of internet and e-mail records without good reason.” The obvious flaw in this promise is that all the protection provided was only good so long as the government was unable to invent a ‘good reason.’
Now it appears according to The Guardian newspaper, that such a ‘good reason’ has been defined in the Strategic Defence and Security Review, to keep all web site visits, e-mail and phone calls made in the UK. And it is an old reason: basically, everything should be kept in case the police or intelligence services might find it useful in the prevention of a ‘terror-related crime’. Note: not actually terrorism, but terror-related, which is rather more vague and not so clearly defined in law, even given that ‘terrorism’ is already very broadly defined in the relevant laws.
This is pretty much exactly what the last Labour government were planning to do anyway with the proposed Communications Bill. Oh, and dont’t forget that the cost of this has been estimated at around 2Bn GBP ($3.5Bn) in a country that just announced ‘unavoidable’ welfare cuts of 7Bn GBP… that’s the reality of the ‘age of austerity’ for you’. It shows what David Gill argued in his book Policing Politics (1994) that the intelligence service constitute a ‘secret state’ that persists beyond the superficial front of the government of the day.
There’s been a lot of controversy over this summer about the threats made to several large western mobile technology providers mainly by Asian and Middle-Eastern governments to ban their products and services unless they made it easier for their internal intelligence services and political police to access the accounts of users. The arguments actually started way back in 2008 in India, when the country’s Home Ministry demanded access to all communications made through Research in Motion’s (RIM) famous Blackberry smartphone, which was starting to spread rapidly in the country’s business community. Not much came of this beyond RIM agreeing in principle to the demand. Then over this summer, the issue flared up again, both in India and most strongly in the United Arab Emirates (UAE) and Saudi Arabia. RIM’s data servers were located outside the countries and the UAE’s Telecommunications Regulatory Authority (TRA) said that RIM was providing an illegal service which was “causing serious social, judicial and national security repercussions”. Both countries have notorious internal police and employ torture against political opponents.RIM initially defended its encrypted services and its commitment to the privacy of its users in a full statement issued at the beginning of August. However, they soon caved in when they realised that this could cause a cascade of bans across the Middle-East, India and beyond and promised to place a data server in both nations, and now India is once again increasing the pressure on RIM to do the same for its internal security services. So instead of a cascade of bans, we now have a massive increase in corporate-facilitated state surveillance. It’s Google and China all over again, but RIM put up even less of a fight.
However, a lot of people in these increasingly intrusive and often authoritarian regimes are not happy with the new accord between states and technology-providers, and this may yet prove more powerful than what states want. In Iran, Isa Saharkhiz, a leading dissident journalist and member of the anti-government Green Movement is suing another manufacturer, Nokia Siemens Networks, in a US court for providing the Iranian regime with the means to monitor its mobile networks. NSN have washed their hand of this, saying it isn’t their fault what the Iranian government does with the technology, and insist that they have to provide “a lawful interception capability”, comparing this to the United States and Europe, and claiming that standardisation of their devices means that “it is unrealistic to demand… that wireless communications systems based on global technology standards be sold without that capability.”
There is an interesting point buried in all of this, which is that the same backdoors built into western communications systems (and long before 9/11 came along too) are now being exploited by countries with even fewer scruples about using this information to unjustly imprison and torture political opponents. But the companies concerned still have moral choices to make, they have Corporate Social Responsibility (CSR) which is not simply a superficial agreement with anyone who shouts ‘security’ but a duty to their customers and to the human community. Whatever they say, they are making a conscious choice to make it easier for violent and oppressive regimes to operate. This cannot be shrugged off by blaming it on ‘standards’ (especially in an era of the supposed personal service and ‘mass customization’ of which the very same companies boast), and if they are going to claim adherence to ‘standards’, what about those most important standards of all, as stated clearly in the Universal Declaration of Human Rights, Article 12 of which states: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence,” and in Article 19: “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.”
A US Federal Court judge has ruled that the National Security Agency’s secret domestic wiretapping program of internal terrorist suspects, was illegal according to the New York Times. The activity violated the 1978 Foreign Intelligence Surveillance Act (FISA) which was put into place after the various inquiries into the activities of the FBI and NSA in the late 1960s and early 1970s. As I’ve said before, that’s hardly a surprise and don’t think this has got a whole lot to do with George W. Bush in particular. Intelligence services might claim to operate under laws but in reality their priorities are not bound by them.But there’s a kind of cycle of collective amnesia that goes on with these inquiries and rulings. This time, the NSA was basically doing almost exactly the same thing as in the earlier period. Some minor superficial changes will occur. People will forget about it. The NSA will carry on. Then in 20 years time, there will be something else that will reveal again the same kinds of activities. Cue collective shock again. And so on. It would take a lot more continual public oversight and openness for them to be held properly to account, and if they were, they’d be very different entities. But that’s not to say that they shouldn’t be held to account: the fact that most democratic nations have what amounts to a secret state within the state that may have very different priorities than the official government or the people should be profoundly worrying. Yet it seems to be such an enormous breach of the democratic ideal that it goes largely unnoticed.
From Chris Parsons:
“Christopher Soghoian, a PhD Candidate at Indiana University, has released the information on US wiretap/pen register information along with documents received through FOIA that are inquiring into the costs that telecommunications carriers demand for the two aforementioned services. He also has full recordings of sessions from (the closed door) ISS World: Intelligence Support Systems for Lawful Interception, Criminal Investigations and Intelligence Gathering. An executive summary of his draft thoughts are below, followed by a link to the full piece he’s written. He has made available his recordings and the responses to his FOIA requests to the public at large, all accessible at the link below.
Sprint Nextel provided law enforcement agencies with its customers’ (GPS) location information over 8 million times between September 2008 and October 2009. This massive disclosure of sensitive customer information was made possible due to the roll-out by Sprint of a new, special web portal for law enforcement officers.
The evidence documenting this surveillance program comes in the form of an audio recording of Sprint’s Manager of Electronic Surveillance, who described it during a panel discussion at awiretapping and interception industry conference, held in Washington DC in October of 2009.
It is unclear if Federal law enforcement agencies’ extensive collection of geolocation data should have been disclosed to Congress pursuant to a 1999 law that requires the publication of certain surveillance statistics — since the Department of Justice simply ignores the law, and has not provided the legally mandated reports to Congress since 2004.”
Like Canada, the UK is pushing forward with new plans to force telecommunications companies and ISPs to retain online data, despite opposition from both the industry and ordinary service users. The New Labour govenrment had delayed the plans from last year, faced with the strength of the opposition and launched a ‘consulation’. The consultation apparently still generated 40% opposition, which one would think was enough to tell them that something was wrong. But, as I said last year, “the collection of such traffic data will still go ahead… partly at least because the Americans want it; there is pressure on many countries for this kind of data collection and storage – see for example, the FRA law in Sweden. Networking these databases together with others is a major aim of the FBI’s secretive ‘Server in the Sky’ project.”
However, now the UK plans go further than many other countries’ schemes in this area, as they would cover not only traffic data but also a whole range of data which would not normally have been regarded as traditional communications like social networking activity and even internal online gaming data. This would seem to be in line with US programs that regard the behaviour of – let’t not forget, fantasy – game and virtual world avatars as somehow indicative of real-world tendencies and practices (e.g.: Projects VACE and Reynard), an extremely dubious assumption and one which extends the reach of the state into people’s fantasy and dream lives.
The BBC story mentions an estimated 2Bn GBP (around $3.5 CAN) cost for this – which will no doubt be passed on to service users – but given the immense problems posed by some of this data, I would reckon that this could a massive underestimate, especially if one takes into account the UK state’s history of appallingly-managed computerisation and database-building schemes. The original plans also would have allowed all agencies empowered under the Regulation of Investigatory Powers Act (RIPA) to make use of such data, and the RIPA consultation response from the UK government did contain some indications that some new agencies would be given powers of access, but I am still not sure whether the government will keep the list of agencies as long as it was in last year’s draft Communications Bill.
I’ve noted before that there seems to be a concerted push around the world by governments to introduce comprehensive new telecoms surveillance laws that force telecommunications and Internet Service Providers (ISPs) to record, store, and provide access to and/or share with state intelligence agencies, the traffic and/or communications data of their customers (in other words, users like us). What is noticeably here is that there is a particular logic that appears in the arguments of governments who are attempting to persuade their parliaments or people of the need for such laws. This logic that is firstly, circular and self-referential, in that it makes reference to the fact that other governments have passed such laws as if this in itself provides some compelling reason for the law to be passed in their own country. The second part of this is a king of competitive disadvantage arguments that flows from the first argument: if ‘we’ don’t have this law, then somehow we are falling behind in a never openly discussed intelligence-capability race that will hit national technological innovation too.
The media often seem oblivious to what seems obvious, and hence the story on the CTV news site today with reference to Canada’s currently proposed communications law that would allow the Canadian Security and Intelligence Service (CSIS) warrantless access to such the data from Internet and telecoms providers. They consider it to be ‘unexpected’ that the parliamentary Security Intelligence Review Committee has come out in support of the bill. Looking at the reasons why though, they are exactly what one would expect if one has been following the debates around the world and contain exactly the logics I have outlined. The story notes that the committee “points out that governments in the United States and Europe have already passed laws requiring co-operation between security agencies and online service providers” (without, incidentally, pointing out that these remain enormously controversial, or that other governments have abandoned some of their attempts) and later that “intelligence technology… requires continued access to new talent and innovative research.” However they won’t go into details as it is a “very sensitive matter.”
And absent from this debate as usual is the fact that this is not just a question of ‘national security’ if you set up these systems, you feed the US National Security Agency too. Canadian intelligence is still bound by agreements made after WW2, particularly the CANUSA agreement on Signals Intelligence (SIGINT), later incorporated into the UKUSA structure. And as we all know, right now, the USA does not always have the same strategic interests as Canada (the issue of arctic sovereignty is just one example). If this bill is passed, it’s a license for US spies, not just Canadian ones.
Back in the UK, the Sunday newspaper, The News of the World, known largely for its obsession with minor celebrity scandal has been itself the subject of rather more serious investigations, following revelations that it has paid out over £1 Million (around $1.4 M US) to people whose phones it secretly tapped in its search for dirt. Proprietor, Aussie, Rupert Murdoch, is known to satirical magazine, Private Eye, as the ‘Dirty Digger’, and given this showing, he seems to be earning his nickname.
The Guardian editorial highlights this as another threat to privacy, but there’s much more here. Murdoch is one of the most powerful men in the world and his company, News International, covers far more than just Britain – they recently bought the Wall Street Journal, for example. His more ‘serious’ newspaper, The Times of London (for whom, I should declare, I have written a piece once) was very vocal in the past in attacking the recently-retired Information Commissioner, Richard Thomas, first over his comments on ‘sleepwalking into a surveillance society’ and then later on his attempts to bring newspapers under the same regulatory regime over privacy as other organisations.
At the time, it was hard to know what the agenda was; but clearly it was more than the supposedly ‘honourable’ position of acting to protect journalistic independence and the rights of their sources. Now, I think, we can start to understand a little more about the view The Times advocated – perhaps it was simply trying to deflect public investigation into the illegal, underhand and privacy-invasive surveillance practices of other parts of the News International empire.
We should indeed be worried by this, not just because of the activities themselves, but because of the attempts to manipulate public policy and undermine the authority of one of the few people who was interested in, and capable of, attacking abuses of surveillance by the media by an increasingly powerful global private company.
So, does News International own newspapers in your country? Do you know what they get up to? Someone needs to dig the dirt…
News from various sources has revealed that the United State, the European Union and the United Kingdom are all preparing to invest further large sums in advanced biometrics and surveillance research.
According to an anonymous message to Slashdot, in the USA, Department of Justice requisitions for the coming year show “$233.9 million in funding for an ‘Advanced Electronic Surveillance’ project, and $97.6 million to establish the ‘Biometric Technology Center.'” The former is largely to deal with the problems of intercepting Voice-over-Internet Protocol (VoIP) communications – like Skype. The latter is what Slashdot calls a “vast database of personal data including fingerprints, iris scans and DNA which the FBI calls the Next Generation Identification” for the FBI. In other words, the architecture of the proposed ‘Server in the Sky’ system, which The Guardian revealed last year – for some notes on this and other systems under development, see here.
Meanwhile Owen Bowcott in The Guardian today has a story which puts together various bits and pieces from the EU’s FP7 Security theme research budget and UK security investment. In the UK, there is to be £15 million spent on updating UK biometric security for embassies, and more interestingly other unspecified ‘surveillance’ purposes, and in addition, rolling out of facial recognition systems to more UK airports. As we know, the controlled environments of airports where people are required to look at cameras, are one of the few place where this technology works properly.
This provides a rather tenuous link to the headline of the Guardian story which is an EU-funded study into brain-scanning (yet again) called Humabio (Human Monitoring and Authentication using Biodynamic Indicators and Behaviourial Analysis). There are lots of these about, and one of them may work sooner or later, but it is worth pointing out that people have been putting out ‘we will soon have brain scanning’ stories since the 1980s and like, nuclear fusion, it always seems to be 5 or 10 years in the future. Brain-scanning seems to be the technology of the future… always has been, always will be?
ubisurv 