The Globe and Mail is reporting today that researchers based at the University of Toronto’s Munk Centre for International Studies, along with two private internet security consultancies, SecDev and the Shadowserver Foundation, have uncovered a worldwide network of automated intrusion programs (or botnet) based in China. The report called Shadows in the Cloud describes how over 1300 infected computers containing information related to all kinds of material from the Dalai Lama, the Indian government and US security were linked back to Chinese sources. The authors include Greg Walton who wrote the excellent early report on China’s ‘Golden Shield’ Internet surveillance and censorship system a few years ago. It can’t be said for certain that this was a Chinese state operation: as with the attacks on Estonia from Russian sources back in 2007, suspicions just as much centre on ‘patriotic hackers’, who are just doing this out of a sense of outrage at opposition to their country’s leadership. And no doubt, this is far from the only nationally-oriented botnet system.
Surveillance and Ethical Investment
An interesting case today. Associated Press is reporting that Sweden’s major pension fund has decided to drop the company, Elbit Systems, from its investment portfolio on the grounds that it provides surveillance equipment to the separation barrier that cuts through the Occupied Territories of the West Bank. The find has an ethical policy and as the European Union considers the barrier to be in violation of international law, it seems they had little moral choice but to drop it. Interestingly the Israeli government has complained on behalf of this private company, which of course just serves to highlight still further the close links between the state and security firms and arms manufacturers in Israel. I am not sure that it’s particularly ethical for any national pension fund to be propping up another nation’s security policies, let alone a policy that is so controversial not to say overtly illegal. But beyond this Elbit is a major arms company that would, I thought, in any case have been off-limits for a fund with ‘ethics’ – see: Neve Gordon’s report on The Political Economy of Israel’s Homeland Security produced for The New Transparency collaborative research initiative here at the Surveillance Studies Centre at Queen’s.
Federal judge rules against NSA
A US Federal Court judge has ruled that the National Security Agency’s secret domestic wiretapping program of internal terrorist suspects, was illegal according to the New York Times. The activity violated the 1978 Foreign Intelligence Surveillance Act (FISA) which was put into place after the various inquiries into the activities of the FBI and NSA in the late 1960s and early 1970s. As I’ve said before, that’s hardly a surprise and don’t think this has got a whole lot to do with George W. Bush in particular. Intelligence services might claim to operate under laws but in reality their priorities are not bound by them.But there’s a kind of cycle of collective amnesia that goes on with these inquiries and rulings. This time, the NSA was basically doing almost exactly the same thing as in the earlier period. Some minor superficial changes will occur. People will forget about it. The NSA will carry on. Then in 20 years time, there will be something else that will reveal again the same kinds of activities. Cue collective shock again. And so on. It would take a lot more continual public oversight and openness for them to be held properly to account, and if they were, they’d be very different entities. But that’s not to say that they shouldn’t be held to account: the fact that most democratic nations have what amounts to a secret state within the state that may have very different priorities than the official government or the people should be profoundly worrying. Yet it seems to be such an enormous breach of the democratic ideal that it goes largely unnoticed.
India’s Biometric Census
A while back I was wondering how India was going to enrol 1.2 Billion people in its planned national Biometric ID card scheme. Well, I should have guessed that the answer was that it would combine it with a national census. This is apparently exactly what is going to happen, according to the BBC. The next Indian national census will be the first one not just to count and classify individuals with written answers, but will also take biometric details. These will then form the basis for the new ID database, with its 16-digit unique identifying number. And the process has already started – the only thing I can think of that will cause it significant problems is not any civil liberties opposition but rather the ongoing revolutionary movements often called ‘Maoist’ but really a lot of different loosely affiliated rural-based organisations…
No need to fear a database society?
Peter Bradwell of Demos raises some interesting points in his summary of their new report on people’s attitudes to state databases in the UK, but he also sets up a straw man, and as I am one of the people implicated, I object to this. He argues that there are many positive sides to databases (of course!) and contrasts this with the former Information Commissioner’s statement on ‘sleepwalking into a surveillance society’ as ‘fear-based’. However, the reaction of the ICO was to commission a report in 2006, which I coordinated, to examine the concept of the ‘surveillance society’. This was pretty balanced and stressed the positive aspects of surveillance as much as the negative, indeed it did exactly the kind of assessment that Demos claims it’s doing here. So it’s rather ironic that the author is trying to stop people being afraid of the word ‘database’ yet still promoting the idea that ‘surveillance’ is automatically a bad thing to be feared! However, I would urge rather less optimism. We’re currently writing an update to our 2006 report and it’s pretty clear that in most areas, the UK has gone further, faster, than even we anticipated.
The basic argument of Demos appears to be that if all of this was under some kind of accountable control, then perhaps one might have grounds for optimism. But that’s true of just about almost anything and it’s a rather big ‘if’. What are the developments in the direction of accountability that they have seen which give rise for optimism? There are none in the piece, and the report itself is about what people think about state databases. That is very interesting from a political point of view, but unfortunately doesn’t tell us much about what is actually happening or likely to happen, only what people believe about it. Of actual examples of increasing accountability recently, I can only think of the state’s retreat on RIPA, but that wasn’t particularly profound, and the only other serious changes have come when the British government’s hand has been forced by European Court decisions (on the National DNA Database, for example)… can Demos help me out here with more than just the fact that people don’t think it’s that bad? I will have to read the full report and get back to you…
UK Government to Increase Postal Surveillance
For a long time now, the Royal Mail has been a service that prided itself on confidentiality. Historian, David Vincent, noted in his 1998 book, The Culture of Secrecy in Britain 1832-1998, that one of the first major scandals over surveillance in the modern era was the 1844 scandal when an Italian exile, Joseph Mazzini, who was resident in London, discovered that the British government were secretly opening his mail. The prompted discussion in the House of Commons and outrage that such low ‘foreign’ practices were taking place in Britain.
In reality, of course the mail of targets of intelligence services is opened and read regularly, but in law in the UK, if mail is going to be opened – and this can only be done by HM Revenue & Customs (HMRC) – the recipient has to be notified and present when it is done. Indeed, it’s been one of the characteristic complaints about many different states’ recent attempts to extend so-called ‘lawful access’ provisions to electronic mail and Internet sites by requiring ISPs to retain traffic data and provide it to the state upon request, that this goes far beyond what has ever been done with mail, except in totalitarian societies like the former East Germany, whose Stasi were notorious for opening letters either secretly or in many cases, quite openly.
So, the UK has now, it seems, decided to redress the balance. It will not of course, hold back on the lawful access provisions regarding electronic communications in the Telecommunications Bill. No, of course not. Instead, according to the Guardian this weekend, it is planning what they had probably hoped would be a quiet little amendment to the Postal Services Act, removing any requirement to notify people when their mail is to be opened. I am sure there will be the usual ‘safeguards’ and ‘codes of conduct’, in other words, the voluntary provisions which hae characterised recent British government’s pathetic and limited attempts to provide for privacy and other civil rights. But essentially, this is the end of any generalised assumption of confidentiality of the mail in Britain. It runs contrary to the European Convention on Human Rights (and therefore the UK Human Rights Act too). Every time you think there is no way the government could get any more repressive and get away with it, they do – will it be different this time?
Google does the right thing, but…
Google is, as I type this, closing down its Chinese site as the first stage of its withdrawal of service from mainland China, in response to numerous attacks on the company’s computers from hackers allegedly connected to the Chinese state and ongoing demands to provide a censored service with which they felt they could not comply. The company claims that Chinese users will still be able to use Google, only through the special Hong Kong website, http://www.google.com.hk, which for historical reasons falls outside the Chinese state’s Internet control regime. Whether this will mean that the site will actually be accessible to Chinese Net users is debateable. Some say they cannot access it already. There are also numerous ‘fake Google’ sites that have sprung up to try to make some fast cash out of the situation.
But there’s more to this of course. Google has been widely reported to have opened its doors to the US National Security Agency (NSA) in order, they say, to solve the hacking issue, but the NSA only get involved in matters of US national security – if Google is essentially saying it is effectively beholden to US intelligence policy and interests, I am not sure that this is a whole lot better than bowing to China. You can be sure as well, that once invited in, the NSA will insinuate themselves into the company. Having a proper official backdoor into Google would make things a lot easier for the NSA, especially in populating its shiny new data warehouse in Utah…
Support Peter Watts
I’ve been snowed under teaching recently and haven’t been posting much. One thing has really got my goat though and I think it needs wider attention. Those of you who read boingboing will already know, but the SF author, Peter Watts (who wrote the excellent novel of really alien contact, Blindsight) has been convicted of obstructing US border guards and could spend up to two years in prison. This is despite the fact that the border guards lied about the whole incident (they claimed he had tried to choke an officer, when in fact they were assaulting him, a fact admitted in court). He basically got convicted for challenged the guards and getting out of his car to ask what was going on. As Cory Doctorow comments on BoingBoing, this is not about security, this is not about safety, and it is not even about crime as we would recognise it, it is about authority and the massive increase in humourless abuse that has increased so much in recent years, particularly on the US border*. Peter Watts was convicted essentially of not responding fast enough and questioning commands. He’s now posted more on his own blog, including some comments from some of the jury, who couldn’t quite believe the outcome…
Anyone who thinks ‘nothing to hide, nothing to fear’ or truly believes that it couldn’t happen to you, read this a be concerned. Show your support for Peter too. Write to your congressmen if you are in the USA, or Members of Parliament in Canada, write to Ministers and Secretaries of State. Make a fuss. Write to Peter too and tell him you support him.
*And sure, there’s a context, but it seems to me that the post-9/11 situation is used as an excuse by rather too many guards to exercise a petty brutality on anyone who does not conform to their perception of normality. That critical point where liberty comes up against security is just as much about interpersonal encounters like this as it is about grand policy.
UK Parliamentary Committee rejects Government DNA proposals
The House of Commons Home Affairs Select Committee has rejected a key part of the UK government’s new plans for the National DNA Database (NDNAD). The plans came in response to the ruling by the European Court that the NDNAD was being operated contrary to human rights law by keeping the profiles of innocent people indefinitely. The database has been filled largely through the provisions of a very vague and wide-ranging provision that allowed the police to take DNA from anyone arrested for an indictable offence, and to keep it even if they were never even charged (let alone charged and not convicted). The result had been that long-standing prejudices within the police had meant a bias in the databases against young black men, and a rapidly expanding set of profiles of children and the entirely innocent.The NDNAD had also been attacked by the HUman Genetics Commission (the government’s own watchdog) which recommended multiple reforms.
One of the main parts of the government’s response to the European Court ruling was that DNA should be retained for 6 years – the committee has recommended that this be halved to 3 years (we are still talking about the DNA of innocent people here…), and that there should be some proper national system for deciding who gets deleted entirely (at the moment it is at the discretion of Chief Constables of local police forces!). Of course all of these leaves the wider question of fairness and rights undebated. There are only two properly just ways to run a database of this sort. One would be to include only the DNA of those convicted of a crime or suspected in an ongoing investigation. The other would be to include everyone (as the UAE has decided to do). At the moment, the NDNAD is, like most things in Britain, an unaccountable mess of law, customary practice and happenstance that pleases no-one and is also remarkably ineffective for the money and effort put into it. This will only improve slightly even if the select committee’s recommendations are accepted.
Mapping drone strikes
Via Boingboing, an analysis and map of US UAV drone strikes on the tribal regions of Pakistan from 2004. Some good stuff from NewAmerica. What is particularly interested, if not unpredictable, is the way that weaponized UAVs have in the course of just a few years become a ‘normal’ part of the US war machine, with deaths from drone strikes possibly doubling from 2008-9. We can’t be sure of the exact numbers.
ubisurv 