epic
User
 Inregistrat: acum 17 ani
Postari: 1896
|
|
E interesant:
INTRODUCTION
TURNING THE SUPERHIGHWAY INTO A SNOOPER HIGHWAY
THE WAR AGAINST ENCRYPTION
THE NSA'S BACK DOOR INTO WINDOWS
THE KEY ESCROW ISSUE
THE REGULATION OF INVESTIGATIVE POWERS (RIP) BILL
FURTHER CONTACTS
INTRODUCTION
Intelligence agencies world-wide have become concerned that the technological revolution in electronic communications that has taken place in recent years, such as encryption, digital technology and the Internet, compromises their surveillance capabilities. Governments, law enforcement agencies and intelligence services have become increasingly concerned over the Internet, citing its use by criminals, terrorists and paedophiles to justify attempts to impose controls over it. However, these agencies have another agenda besides dealing with serious crime - controlling political dissent.
The Internet has been instrumental in allowing political activists and environmental campaigners to communicate and spread information rapidly, and to organise protests and rallies. For instance, the Internet played an important role in the temporary defeat of the proposals contained in the Multilateral Agreement on Investment (MAI) in 1999. It is activities such as these that have been targeted by the security services.
The Information Superhighway is a one-stop-shop for government spies. It is easy for the security agencies to extract vast amounts of sensitive information about peoples' day-to-day activities, and much of this data can be accessed without the requirement of a warrant.
The Internet's potential as a source of intelligence and its use for offensive purposes are discussed in a 1995 report prepared for the U.S. Department of Defense, entitled Strategic Assessment: The Internet: "Politically active groups using the Internet could be vulnerable to deceptive messages introduced by hostile persons or groups… The U.S. might be able to employ the Internet offensively to help achieve unconventional warfare objectives."
TURNING THE SUPERHIGHWAY INTO A SNOOPER HIGHWAY
In the UK, several intelligence agencies have the responsibility of gathering intelligence information under the pretext of protecting national security. The best known of these are MI6, which has parallel general intelligence responsibilities to the CIA, and the signals intelligence agency Government Communications Headquarters (GCHQ) located in Cheltenham.
A complex web of international arrangements and agreements bind the UK to the national security interests of the United States and other countries. In 1947, the five governments of the United States, the United Kingdom, Canada, Australia and New Zealand signed a National Security Pact known as the United Kingdom-United States (UKUSA) Agreement, with the intention of creating a common national security objective. These five nations carved up the world into five spheres of influence, and each country was assigned particular targets (Britain, for example, was responsible for intercepting the Chinese, through its Hong Kong listening post, while the US was given other responsibilities for its listening posts in Taiwan, Japan and Korea).
The French government runs a worldwide electronic intelligence system of its own ("Frenchelon" based at Domme in the Dordogne, which includes an eavesdropping station in New Caledonia in the Pacific.
The UKUSA Agreement standardized terminology, code words, intercept handling procedures, arrangements for cooperation, sharing of information, and access to facilities. It is generally understood to be the most secretive agreement in the Western world. The link of data and personnel means that operatives from, say, the New Zealand signals intelligence agency GCSD could work from Australia's Defence Signals Directorate in Canberra, to intercept local communications in Australia, and then pass on the contents to the Australian intelligence agencies, without either nation having to formally approve or disclose the interception.
The strongest alliance within the UKUSA relationship is the one between the US National Security Agency (NSA) and GCHQ. The NSA contributes several hundred million pounds each year to GCHQ to fund its main listening station at Menworth Hill (the largest electronic intelligence base in the world). In return, GCHQ provides full access to the NSA and its operatives in the UK. Sharing seats alongside the NSA operators are SIGINT (signals intelligence) specialists from GCHQ. The relationship between the two agencies is so intimate, that they could be considered to be one organization. The UK-US link-up ensures that US national security interests are instantly reflected in UK domestic policy.
It is no secret that the NSA conducts large scale unauthorized electronic surveillance on British citizens, and passes on the information to GCHQ. Such exchanges are not covered by law because GCHQ operatives work at the NSA's headquarters at Fort Meade in Maryland, and reciprocate the activity.
Menworth Hill is reported to have 40,000 active telephone lines connected to it. Tapping phone lines has been carried out for decades, but the Internet gives the security agencies much greater potential for surveillance of countless individuals. For instance, New Zealand's highly automated ECHELON system, designed and co-ordinated by the NSA, is used to intercept e-mail, fax, telex and telephone communications worldwide. ECHELON uses systems that can even recognise the speech of targeted individuals.
European Union documents leaked to the German magazine Telepolis and to the London-based Foundation for Information Policy research, reveal plans drawn up by Western law enforcement agencies, known as ENFOPOL, for surveillance of all communications systems, including the Internet, mobile phones, faxes and pagers.
THE WAR AGAINST ENCRYPTION
The growing use of cheap, commercially available encryption systems to scramble data (which makes its interception difficult or impossible) on the Internet is seen as a major threat by the security services. In 1993, GCHQ convinced the Department of Trade and Industry (DTI) to oppose the strong A5 encryption system intended for the GSM mobile communications network. GCHQ also applied pressure on the Department of Health to ensure that the emerging National Health Data Network was not encrypted.
A 1996 report entitled Review of Policy Issues Relating to Encryption Technologies, written by Gerard Walsh, former Deputy Director-General of the Australian Security Intelligence Organisation (ASIO, Australia's equivalent to MI5), was suppressed by the Australian government, which later released a censored version. The uncensored copy proposed legal amendments to "permit the AFP (Australian Federal police), NCA (National Crime Authority) and ASIO to hack into a nominated computer system to secure access to that system, to alter proprietary software so that it performs additional functions to those specified by the manufacturer, and to allow the security services to install tracing or tracking devices which transmit data."
The NSA has fought the battle against encryption on two fronts. First, it has pioneered the introduction of a technology known as the 'Clipper Chip', which provides secure scrambling but which also gives spy agencies a 'back door' through which to read the scrambled data.
The Clipper Chip involves the development of an 'official' form of encryption built into a cenzurat size device that can be attached to telephones or computers. The unique algorithm, or code, generated by each device is registered with a government agency, along with the name and details of its user.
The 'key' to decode the encryption is split into two parts, each of which is held by a different agency (the National Institute for Standards and Technology, and the US Treasury). Only when the appropriate intercept authorization is presented, will the agencies release the components of the key. When the two halves are joined, the agency is able to decipher the code.
This is known as a 'twin escrow' system. It is not a perfect solution from the perspective of the security agencies, principally because it inhibits the ease of access that they formerly had. Nor is it a perfect solution from the perspective of users, who believe it is a weaker and less secure means of encrypting data. It is, nevertheless, being promoted as the compromise solution.
With its Clipper Chip plan, the US government has taken the first step to a compulsory official encryption registration scheme, ensuring that the Superhighway can be monitored with relative ease. In 1995, the Electronic Privacy Information Center, a public interest group in Washington DC, acquired FBI documents under the Freedom of Information Act, which outlined a two-stage plan for mandatory state-controlled encryption.
Secondly, under pressure from the FBI, the US Government introduced the Communications Assistance For Law Enforcement Act (CALEA or "digital telephony" law) in 1994, which requires all manufacturers of advanced digital technology and communications equipment to conform to standards that would ensure all communications lines are wiretap friendly. The act requires all telephone companies to make digital communications available to law enforcement officials in the same way that traditional voice transmissions are currently accessible, and to install increased surveillance capabilities into their networks.
Despite the fact that Congress intended CALEA to preserve, not expand, the surveillance powers of the FBI and other law enforcement agencies, the FBI has sought to use CALEA to require additional surveillance features, such as the capability to track the location of cellular phone users, and an increase in the amount of "call-identifying information" obtainable.
And in the UK, in January 1999, John Abbott, Director General of the National Criminal Intelligence Service (NCIS), declared: "The encryption issue is one of the most important issues currently facing law enforcement throughout the world... we are therefore asking the government to safeguard our existing powers by establishing a legal basis for access to the decryption keys where we already have access to material belonging to people strongly suspected of serious crime."
Leaked documents have recently revealed that the impetus behind some of these developments has been an organisation founded in 1993 by the FBI, known as the International Law Enforcement Telecommunications Seminar (ILETS), consisting of police and security agency representatives from some 20 countries. ILETS was secretly set up by the FBI after Congress twice refused to extend its telephone tapping powers for digital networks and has been pursuing the FBI's objectives on an international scale, to ensure new digital telecommunication systems do not hinder surveillance capabilities, and requiring the installation of monitoring capacity in these systems for national security/law enforcement purposes.
Acting in secret and without parliamentary knowledge or government supervision, the FBI through ILETS has, since 1993, steered government and communications policy across the world. For instance, in the Netherlands, the Dutch security service BVD admitted in July 2000 that it had been collecting e-mails sent abroad by companies. In The Hague, new laws have allowed the Justice Ministry to tap into e-mail and subscriber records, scan messages and mobile phone calls and track users' movements. The Australian government has passed laws allowing security agents to secretly attack and modify computers to obtain information. Many other governments, under the direction of ILETS, have similar schemes in the pipeline.
In 1999 it was revealed that ILETS had plans to compel Internet Service Providers (ISPs) all over the world to install secret interception "black box recorders" (similar to the new FBI internet tapping system code-named "Carnivore" from which the intelligence agencies can intercept Internet traffic, including e-mails.
Carnivore, developed at the FBI's headquarters in Quantico, Virginia, is so named because it finds the "meat" in vast quantities of data. It is capable of scanning millions of e-mails each second and is able to give the security services access to all of an ISP's customer's digital communications. The system is either able to download whole sets of traffic or what is called a "pen register" - a list of people/sites contacted from whom information is received. An early version, called "telemetering" was used by British Telecom in the UK from the 1970s onwards.
THE NSA'S BACK DOOR INTO WINDOWS
Microsoft's Windows security interface, called CryptAPI, has a "backdoor" which enables the NSA to load software into your PC, and use it to steal or alter data. The technicalities of this security hole have been known for some time. What is new is apparent proof that it was created deliberately to help the NSA.
The strength of encryption security is determined by the length of the encryption key, measured in bits; the longer the key, the safer the security. In Windows, certain numbers of bits are constant and known to the National Security Agency. This effectively turns a key of apparently "safe" length into one the NSA can crack. This feature has been found in Windows 95 Release 2, Windows 98 and all versions of Windows NT.
The existence of a constant string of bits in the CryptoAPI key mechanism has been known for some time; security experts considered it a mistake or bad design within Windows. However analysis of the recently released Service Pack 5 for Windows NT shows that it is deliberate.
In all previous versions of Windows the security key was prefixed with a constant string of numbers but there was no indication of what these numbers meant. This is because Microsoft removes all debugging symbols that describe the meaning of numbers, prior to releasing the software. However in Service Pack 5, Microsoft forgot to remove the debugging symbols, which revealed the internal name Microsoft programmers used to refer to this important set of numbers: "NSAKEY".
Microsoft denies that the key is known to the NSA, and claims that the key is labelled as "NSAKEY" because it ensures compliance with crypto-export laws, which are written and reviewed by the NSA.
Whatever the case, Windows does ship outside the USA with weakened security anyway, due to the US crypto-export laws. The above information shows technical experts how to return exported Windows to a higher security state; so ironically, this could actually help the security conscious. It is not serious criminals or terrorists whom the spies are most effective at snooping on, but the ordinary citizen.
THE KEY ESCROW ISSUE
In the UK, the police have been attempting to reach an agreement with ISPs that would allow them access to information about e-mail content and use. Under Section 28 (3) of the Data Protection Act 1984, the police may request from ISPs any type of information, including details of subscribers, traffic and content.
Access to e-mail is covered by both the Interception of Communications Act 1985 (which requires a warrant signed by the Home Secretary) and the Police and Criminal Evidence Act 1984 (which requires a warrant or order signed by a Crown Court Judge).
The Police and Criminal Evidence Act 1984 (PACE) provides the police with powers of search and seizure, but encryption means they may be unable to read the content of computer files they have seized.
In their 1998 consultation paper on encryption and electronic commerce, the government proposed the establishment of a voluntary key escrow system on the Internet, in which a user's private encryption key used to protect data in transit is held by a third party or "Trusted Third Party" (TTP). When appropriately authorised, a TTP would be required to hand over a key to law enforcement agencies, thereby allowing them access to encrypted data. Suggested third parties include British Telecom, banks and other agencies.
The rationale behind key escrow is that it permits law enforcement agencies access to communications suspected of concealing criminal activities. But the voluntary escrow system will have little effect on the control of illicit activities on the Internet. There are many ways by which criminals can circumvent the law without fear of detection or prosecution. Software providing inherently stronger encryption is already in widespread use on the Internet, for business and for personal use, and the details of how to write this software from scratch are readily available in any bookshop. This is sufficient for any competent programmer to independently implement their own version.
It is extremely unlikely that the government's proposals would encourage criminals to switch to commercial software that deliberately leaks their private keys to a third party. As an old Net proverb has it: if you outlaw encryption, only outlaws will use encryption.
In fact the implementation of a key escrow system may, by weakening Internet security for those who adopt it, actively increase criminal activity in the UK. Key escrow provides numerous opportunities for criminal activity that would otherwise be impossible: When keys are maintained in centralized databases, such repositories represent very tempting targets for criminals. Any successful infiltration could provide access to large numbers of keys which could unlock large amounts of data without detection.
In 1997, a group of leading cryptographers and computer scientists released a report which examined the risks of government-designed key recovery systems. This concluded: "The deployment of key recovery systems designed to facilitate surreptitious government access to encrypted data and communications introduces substantial risks and costs ...[they] will result in substantial sacrifices in security and greatly increased costs to the end-user."
The use of a key escrow system with its inherent weaknesses could cause substantial damage to the emerging electronic commerce business of the UK. E-commerce is expected to become increasingly important to the UK economy, but to be successful, those using it must have confidence in secure encryption.
For these reasons, key escrow has caused horror in the UK's e-commerce industry. For instance, Jim Curry of London-based AGENCY.com (the biggest Web design agency in the world), stated: "I am appalled by the lack of security key escrow displays. I am now actively advising all my e-commerce clients (to date including Prudential Corporation, Virgin Direct, Hodder & Stoughton, The Economist, EMAP Finance, Zurich Reinsurance, International Risk Management Magazine & Reinsurance Review Magazine) in the strongest possible terms that they should postpone indefinitely all plans for e-commerce if key escrow is implemented, as this scheme represents unacceptable and uninsurable levels of risk both to themselves and to their clients."
While in opposition, the Labour Party objected to key escrow systems, but now in power, the Labour government has significantly changed its approach, with the Department of Trade and Industry (DTI) taking a leading role in the calls for key escrow. The DTI paper Secure Electronic Commerce Statement of April 1998, stated: "We intend to introduce legislation to licence those bodies providing encryption services", and: "The government intends to introduce legislation to enable law enforcement agencies to obtain a warrant for lawful access to information necessary to decrypt the content of communications or stored data (in effect the encryption key)."
A DTI paper in March 1999 indicated that law enforcement agencies needed to be able to decrypt communications without the knowledge of the individual.
Although encryption policy formally lies within the jurisdiction of the DTI, the British government is heavily under the influence of US intelligence. Between 1993 and 1998, the United States conducted sustained diplomatic activity to persuade EU nations and the OECD to adopt their "key recovery" system. The US government insisted that the purpose of the initiative was to assist law enforcement agencies, but documents obtained under the Freedom of Information Act indicate that the policy was led exclusively by the NSA - in other words, its primary purpose was not defeating crime but spying on ordinary citizens.
THE REGULATION OF INVESTIGATORY POWERS BILL
On February 9th 1999, the Home Secretary introduced the "Regulation of Investigatory Powers Bill" (RIP) to replace the 1985 Interception of Communications Act. This dealt primarily with the interception by state agencies of phone-calls, e-mails and faxes. The title of the RIP Bill is deliberately misleading, with its emphasis on the "Regulation" rather than on the extensive new powers of surveillance being legitimised.
During the previous Autumn, the DTI struck out the whole of Part 3 from its Electronic Communications Bill, following advice that its proposal of mass surveillance online was in breach of the Human Rights Act. Now the same legislation has been introduced with the RIP Bill.
Home Secretary Jack Straw stated: "None of the law enforcement activities specified in the Bill are new. Covert surveillance by police and other law enforcement officers is as old as policing itself; so too is the use of informants, agents and undercover officers." Thus, at a stroke, he sought to legitimise all the current covert practices of the law enforcement agencies which were previously unregulated and in most cases illegal.
And there are a host of new surveillance powers in the Bill, which have not been put out to consultation or scrutiny but simply added to the proposed legislation. For instance, according to the Home Office, the Bill will enable the law enforcement agencies to conduct systematic targeting of an individual over a period of time in order "to obtain a picture of his life, activities and his associates."
Article 21.4 of the Bill says that where it "appears" to the (potentially thousands) of "designated" people in public authorities that a "postal or telecommunications operator is or may be" (emphasis added) in possession of communications data (such as a decryption key), a written "notice" can be served on them to obtain and disclose this to the authorities, whether it is "old" data or new data.
And two new offences are proposed:
1) An offence of failure to comply with the terms of a written notice without reasonable excuse. Article 11 sets out penalties for failure to cooperate: up to two years or an unlimited fine (or both) on indictment. The problem is that if the person doesn't actually have a requested decryption key, it is up to them to prove that to the authorities. If they deleted it, or never had it in the first place, the burden of guilt lies on them. If the authorities decide that they may have stashed the key on a floppy disc buried in their garden or somewhere else, a jail term can be imposed. Thus, the RIP Bill sets an alarming legal precedent; how can an individual prove to a court that they don't have something?
2) An offence of "tipping off" an individual about the existence of an authorisation allowing state agencies access to an encryption key. Article 18 provides draconian sentences for people who reveal the existence of an interception warrant or communication data revealed by the surveillance (this information is to be kept "secret" for all time). It provides for up to five years in prison or an unlimited fine (or both) on conviction. Furthermore, Article 16 says that no reference or assertion may be made in any legal proceedings to the existence of an interception warrant. Article 17 allows exceptions for the prosecution and a judge to be shown the evidence - but not the defence.
The government's claims that the new proposals "do not extend the intrusive surveillance powers of the law enforcement, security and intelligence agencies" are ludicrous. No such offence of "tipping off" exists in a corresponding case not involving encryption. And the Bill gives no restriction on how long a decryption key can be kept by the authorities. No other government in the world places such a wide demand on access to keys. A Commons Select Committee report in May 1999 was highly critical of the government's proposals, particularly on key escrow.
Article 4 of the RIP Bill makes "lawful" the interception of communications without a warrant, in line with the EU draft Convention on Mutual Assistance in Criminal Matters. It allows the interception of communications of a person in another country through telecommunications systems based in the UK. No limits are placed on the use made of the intercepted material, i.e. it does not have to be used for the grounds on which the interception was requested.
Article 5.1.3 sets out the criteria for issuing warrants for the interception of telecommunications and postal services:
a) "in the interests of national security".
b) "for the purpose of preventing or detecting serious crime".
c) "for the purpose of safeguarding the economic well-being of the UK".
d) for international mutual assistance agreements.
The concept of "national security" is, as usual, not defined and is subject to the changing perceptions of governments, ministers and officials. Hidden at the back of the Bill in section 71(2) and (3) is the definition of "serious crime", which includes: Conduct by a large number of persons in pursuit of a common purpose. This catch-all clause could easily be used against political groups and activists and/or demonstrations. Such a definition of "serious crime" could even be taken to include the act of voting at a general election!
The Bill also authorises "the conduct and use of covert human intelligence sources", whose activities may include "inducing, asking and assisting" a source. What the term "inducing" means is not set out, and the "covert" source is exempted from civil liability for "incidental" conduct (Article 26.2.a). "Conduct" can also be authorised for outside the UK.
Amongst the serious consequences of the RIP Bill are the following:
ISPs AS WIRETAPPERS
Internet Service Providers (ISPs) are now classified as "public telecommunication systems" - as are mobile telephone providers, Net gateways, news servers, and (potentially) operators of Web applications like Hotmail. This provides a new set of burdens on even the smallest ISP.
ISPs do not, as a rule, monitor their own users. Section 12 (1) of the Bill obliges them to install new equipment so that law enforcement officials can spy on their customers.
Section 11 (4) of the RIP Bill makes its requirements binding on:
(a) a person who provides a postal service,
(b) a person who provides a public telecommunications service
(c) a person not falling within paragraph b) who has control of the whole or any part of a telecommunications system located wholly or partly in the United Kingdom - this could mean anyone with a telephone. Technically, anyone with a phone could get two years in prison for refusing to tap it themselves.
The Home Office quietly released the "Smith Report" on the Thursday before Easter 2000, hoping that no-one would notice that their own consultants have put a £30 million price tag on tapping the Internet. The Smith Group's 72-page report, entitled "Technical and Cost Issues Associated With Interception of Communications at Certain Communication Service Providers" identifies three schemes for intercepting traffic on the Internet. Their "active scheme" just intercepts e-mail at an ISP's server; their "semi-active" and "passive" schemes are two ways of intercepting all of an individual's traffic, email, web browsing, voice-over-IP etc.
The consultants recommended that all ISPs should have to deploy the e-mail interception scheme (the lowest level of capability) with their detailed estimates of the costs working out as:
large ISP £113,300 in the first year and £44,700 per annum thereafter
small ISP £ 44,700 in the first year and £19,400 per annum thereafter
The costs are split about half-and-half between the Government and industry, but with an estimated 400 ISPs in the UK, this works out to a substantial £17 million in the first year.
The report also expects the largest ISPs to provide the capability to intercept all Internet traffic. The estimated cost for a "passive" interception at a single large ISP works out at £1,384,000 for the first year, with the ISP having to find the larger part of this.
The consultant's intermediate cost "semi-active" scheme involves routing all traffic to be intercepted away from the main network so that it passes a special interception point. The report is written on the basis that a single such place can be used. For a typical large ISP spread over five sites, this scheme has a first year cost of £436,000.
One report by a group including the London School of Economics claims the new surveillance burdens on companies will run to over £46bn over five years including the estimated cost of lost Internet business. The report was dismissed by the Home Secretery Jack Straw.
Following widespread protests from businesses that burgeoning e-commerce will leave Britain because of the crippling costs of installing and maintaining the new surveillance equipment, the government anounced in July 2000 that it would hand business £20m to covert the cost of installing "black-box recorders".
PERMANENT SECRECY
The Home Secretary has the right to demand the immediate placing of specific devices to monitor ISP traffic, with no guarantee that this monitoring will ever be made public. Employees of ISPs are compelled to keep secret any surveillance they conduct on their customers in perpetuity.
If the government wants access to the data on your computer's hard drive, they must inform you of their intentions with a warrant served on your doorstep. If, however, they want access to your Mac's iDisk (a service provided by Apple which consists of a online storage facility for temporary files), you will remain ignorant of their surveillance, forever. If you are the victim of an illegitimate surveillance warrant, you have no way of ascertaining its existence. No-one can discover that they have been tapped, no matter how long ago or how innocent they proved to be.
The authorities can order people to keep the disclosure of their decryption key a secret. If they tell anyone at all, they could be imprisoned for up to five years for "tipping off". If they go to court to demand a judicial review of the order to disclose, they'll be liable to an extended prison sentence because telling the judge is illegal!
There is a tame Tribunal to hear complaints and cover them up, but no-one is entitled to legal representation at it. The Tribunal, along the lines of the existing ones covering interception and the security services, has powers to hear evidence without the complainant being present and to suppress any evidence which it declares would endanger the "public interest" etc. The Tribunals have never found in favour of a complainant.
MASS SURVEILLANCE
One of the most objectionable aspects of the Bill is that it will allow a wide group of politicians and officials to authorise themselves to collect communications data (for instance, about the Web sites you visit, who you have been e-mailing, which newsgroups you visit), rather than on the current basis of requiring a court order.
There is no warrant system for traffic data. Anyone of a high enough rank (the rank being decided by the Home Secretary) may obtain this data, with little oversight. Any government department, or any police officer, can require this information. Effectively, your every movement online can be monitored.
The Bill gives the security services a mandate to monitor all incoming and outgoing international communications, without regard to who it's from or to, merely under the control of a vaguely defined general permission from the Home Secretary. As long as the Home Secretary signs a certificate saying he (or she) is sure this is a matter of national security, the authorities can monitor who they want, with almost no legal oversight. Virtually all UK domestic law includes exemptions for national security.
The government says that the RIP Bill is necessary to defend against serious criminal acts. They claim that without it, drug barons, child pornographers and terrorists will use encryption to evade the law. In fact this Bill guarantees that they will do so. If you encrypt all your data, and refuse to hand over the key, you can be punished to a maximum of two years. This makes it worthwhile for serious criminals to do so.
Campaigners for civil liberties are horrified by the proposals, declaring it a clear breach of human rights. Malcolm Hutty, Director of the Campaign Against Censorship of the Internet (CACIB), warned: "The Home Office wants to spy on nearly the whole population. These proposals go beyond legitimate police needs and extend to a capacity for mass automated surveillance. This cannot be tolerated by any free society."
The government's proposals unacceptably erodes the civil liberties of British citizens: Unfair offences, reversal of burden of proof, defences that are logically impossible to prove, a wholly inadequate complaints procedure with no appeals, unnecessarily broad powers, the potential to force people to incriminate themselves - the list goes on. It is not the perpetrators of crime who will suffer under these draconian new powers, but innocent parties who are in receipt of communications from miscreants. This is why such sober organisations as British Telecom, Hewlett Packard and Microsoft have publicly criticised the Bill at each stage of its development.
Unlike previous attempts by the government, where they conducted some sort of consultation with the Internet community, New Labour has indicated that it considers RIP a "fast track" Bill, with a minimum of oversight required. (Ironically, the Home Office states this is to enact it in time for the European Convention on Human Rights, which the government plans to ratify on October 4th 2000).
"The true danger is when liberty is nibbled away, for expedience, and by parts."
- EDMUND BURKE
UPDATE 1: RIP GETS ROYAL ASSENT
The Regulation of Investigatory Powers Act received Royal Assent on 28th July 2000. While much of the public debate on the RIP Bill had centred on the important provisions in Part III on encryption, little attention was paid to Parts I (interception of telephones and mail) and II (covert surveillance, including "induced" informants) - the latter legitimising previously unlawful practices.
On Part III encryption, Lord Bassam, Home Office Minister, made an illuminating admission in response to questions by Andrew Phillips, Liberal Democrat MP, that GCHQ would gain new powers. Previously, GCHQ was only authorised, by ministerial warrant, to intercept domestic communications if there was a suspicion of terrorist activities. Lord Bassam admitted GCHQ, MI5 and MI6 can now lawfully intercept internal communications, even when a warrant specifies only external ones. Referring specifically to e-mails and mobile phones he said: "it is not possible to intercept the external communications without intercepting internal ones as well."
Previously, the police, Special Branch, MI5 and MI6 were meant to get warrants for the interception of telecommunications - but they are now capable of simply "breaking" into any ISP at will and downloading all the relevant material in just a couple of minutes.
During the final debate in the House of Commons, Charles Clarke, Home Office Minister, admitted that the government did not realise when it drew up the Bill how many agencies would be allowed to carry out "directed surveillance" (Article 28) or make use of "covert human intelligence sources" (Article 29). The Act distinguishes between "intrusive surveillance" and directed surveillance" with the former involving the presence of informers or listening/recording devices actually in the premises/home. "Directed surveillance" involves putting a tracking device in a vehicle, or surveillance such as microphones or video cameras carried out by a device not actually in the vehicles or premises/home. "Covert human intelligence" includes undercover police/Special Branch officers or informants ("induced" or voluntary).
For both Articles 28 and 29, the following agencies, Ministries and bodies under them can authorise surveillance:
Any police force
National Criminal Intelligence Service
National Crime Squad
Serious Fraud Office
Any of the intelligence agencies (GCHG, MI5 and MI6)
Any of Her Majesty's Forces
Commissioners of Customs and Excise
Commissioners of Inland Revenue
Ministry of Agriculture, Fisheries and Food
Ministry of Defence
Department of the Environment, Transport and the Regions
Department of Health
Home Office
Department of Social Security
Department of Trade and Industry
National Assembly for Wales
Any local authority
Environment Agency
Financial Services Authority
Food Standards Authority
Intervention Board for Agricultural Produce
Personal Investment Authority
The Post Office
The agencies which are also able to authorise the use of "covert" sources are:
The Health and Safety Executive
A Health Authority
A Special Health Authority
A NHS Trust
Royal Pharmaceutical Society
The unparalleled and authoritarian demands being made by the security services was revealed by a Confidential Report dated 21st August 2000, prepared by the Deputy Director of the UK National Criminal Intelligence Service (NCIS) for submission to the Home Office, which was leaked to the Observer newspaper. It called for all forms of communications (phone calls, mobile phone calls, faxes, websites and internet traffic) to be recorded by telephone companies (Communications Service Providers, CSPs) and Internet Service Providers (ISPs), archived and held for at least seven years for the agencies to access at will without any form of further authorisation. The report said: "a number of leading UK CPSs and ISPs have neen consulted on the proposals put forward in this paper. The CSPs involved include British Telecommunications PLC, BT Cellnet, NTL/Cable and Wireless, Vodafone, One 2 One and Orange PCS."
The report went on to state that Belgium, Italy, the Netherlands, Germany and the USA "have taken steps towards a statutory framework" for similar initiatives. This follows long-running discussions in the EU and G8 High-Tec crime sub-group and the G8 Justice and Interior Ministers meetings (G8 is comprised of USA, France, UK, Germany, Italy, Japan, Canada and Russia, plus an EU delegation). At the G8 Conference in Paris in May 2000 the Italian delegation said that its government and telecommunications industry were setting up "a national communications data warehouse to store data from ISPs."
The report said that over the past 12 months, the Metropolitan Police Force's "Single Point of Contact" (SPOC) had acquired 63,590 subscriber details and 4,256 billing accounts. Shortly afterwards, the Home Office announced £37 million funding for the integration of all police computer systems and £25 million to set up a "cybercrime" unit of 46 officers.
To effect the surveillance of digital telecommunications, the Government Technical Assistance Centre (GTAC) has been set up in MI5's headquarters at Thames House, Millbank, London SWI. Its primary purpose is to crack encryption codes used for private e-mails or for the protection of files on personal computers. The £25 million cost of building GTAC includes the installation of ultra-fast super-computers, of the type used to crack Soviet codes and other special military targets, and experts from GCHQ are seconded to the Centre. The Centre uses "Dictionaries" which hold thousands of target names, addresses and keywords to select messages of interest from the mass of data downloaded, while discarding the majority of communications.
An interesting point is that the total telecommunications interception warrants issued in the United States in 1998 was only 1,329 - whereas in the UK it was 1,903 (excluding Northern Ireland).
UPDATE 2: POLICE GET SWEEPING ACCESS TO NET DATA
January 2002: As part of the British government's response to the September 11th terrorist attacks on America, it was revealed that sweeping proposals to give law enforcement agencies access to the communications records of every UK telephone and internet user would not be restricted to anti-terrorist investigations, despite assurances to the contrary.
Home Office officials involved in implementing a code of practice with Internet Service Providers confirmed that there were no plans to limit access to cases involving national security. This directly contradicted what appeared to be an assurance by david Blunkett, the home secretary, to soothe the fears of civil liberties campaigners about the privacy implications of blanket data protection.
According to the Foundation for Information Policy Research, an independent internet think-tank, the data collected by the security agencies would provide "a complete map of an individual's life." It includes details of email addresses they have communicated with, which ISPs they use, when they used them and which sites they visited while online.
Simon Hughes, the Liberal Democrat home affairs spokesman, said: "We understand the argument for data retention for specific purposes under terror legislation for the period of an emergency. [But] there is a different argument, with much less justification, for general powers from now, in theory, until eternity."
_______________________________________
:< 4 8 15 16 23 42 *execute*
TOATA LUMEA ESTE INVITATA PE NOUL FORUM!
|
|
good....