Tag Archives: Snooper’s charter

Snooping On You Is OK; On Me, Not So Much

Apparently some British Members of Parliament (MPs) are not terribly happy today.  It came to light by way of some more leaked documents from Edward Snowden that GCHQ – the British equivalent of the CIA – has been reading the emails of Members of Parliament for years.

Given that Parliament is in the middle of debating a bill that is affectionately called the Snooper’s Charter (by those who don’t like it) that gives GCHQ even more power to snoop, it appears a bit disingenuous to complain about GCHQ snooping.

The best I can tell, they think it is OK to snoop on everyone else, just not them.

Here is the back story.

The UK government migrated to Office 365 in 2014, which means that all those documents and emails are stored in Microsoft data centers – in Ireland and the Netherlands.  Since they are no longer INSIDE Britain, GCHQ legally can suck up all that data on those underseas fibers leaving Britain and check out things.  The sender, recipient and subject is considered metadata, which has an even lower bar for snooping, so at least that data can be hoovered up.

According to ComputerWeekly, over 60% of the emails are routed internationally and EVERY ONE of those contained evidence of passing through computers connected to GCHQ.  If there really is evidence of GCHQ hoovering, those folks need to go back to spy school.  When NSA does that, there is no evidence left behind.

In addition, the emails are scanned for malware and spam by MessageLabs, which looks inside all the emails, so there is another place to get all the content.

GCHQ has, according to the Snowden documents, a program called Haruspex which allows them to scan emails on the basis of national security – exactly what the Snooper’s Charter aims to make even more invasive.

The NSA also reads those emails, too, based on ‘obligations’ it forces on Microsoft.

The Parliament’s IT dude, Rob Greig, told the IBTimes that “All Parliamentary emails are private and are strongly encrypted end-to-end whilst they are in our infrastructure”  I guess Rob needs to pay more attention to the news.  SSL, which is what he is calling encryption, was broken by the agencies years ago.

Some British MPs thought the “Wilson Doctrine”, an antique policy from the 1960s to stop people from listening in to MPs’ phone calls still applies.  They should also be reading the news.  Last year, the Investigatory Powers Tribunal said that the Wilson Doctrine was not “absolute”, meaning the spies were fine to ignore it.  In fact, they went so far as to say that it was never absolute.  So there!

Apparently, the Home Office, which has been pushing to get the Snoopers’ Charter passed through Parliament, has been getting some flack and is about to offer some amendments to the bill while defending the need for it.

In light of this revelation, they may need to make some more concessions – stay tuned.

Things get much more personal when it is my ox that gets gored.

Of course, all of this snooping is done without the approval of or even informing of Parliament – which makes them even more upset.  Maybe they now understand how the rest of the country feels.

Personally, I just call it karma.  And, as we know, karma can be a B**ch.

Stay tuned to see where this ends up.

Information for this post came from the IB Times.

 

Friday Shorts – Stingrays,

It’s Friday, so here is a collection of odds and ends –

  • Rep. Chaffetz (R-Utah) introduced a bill this week to require state and local law enforcement to follow the same rules the FBI started following recently.  As a result of the policy that the DoJ just released, DoJ agencies now have to get a warrant before deploying a Stingray cell phone interceptor.  The Stingray is kind of invasive – sweeping up all cell traffic, sometimes including text messages – within the radius of coverage.  Once the Stingray decides you are not it’s target, it will drop you – and maybe your call as well while collecting all of your traffic until it releases your phone.   The bill will also require law enforcement to stop being sleazy when going before a judge to get a warrant to use the Stingray – as reports have indicated they have been less than honest in the past.  In part, this is due to a desire by Harris, who makes the Stingray, to keep the system under the radar.  Of course, this bill still has to go through the legislative process, so who knows what or if anything will become law.
  • Mozilla released Firefox 42 this week.  Besides fixing a number of bugs, including some high severity ones, it adds a new privacy and anti-tracking feature.  The new feature, when the user invokes it, will actively block ads, analytics trackers and social media trackers that record the user’s behavior and report it to third parties.  It is adjustable on a site by site basis.
  • UK Home Secretary Theresa May confirmed that the UK government will seek to force all ISPs to store Internet access data for all users for a year.  While it won’t have to keep data at the page level, it will have to keep data at the site level.  Given things like TOR and VPNs, this is both invasive and meaningless as it will be easy to bypass.  While the bill does not ban end to end encryption as had been predicted, it does say that ISPs must take reasonable steps to provide data in response to warrants unencrypted – without defining reasonable.  It also codifys what GCHQ and other agencies have been doing for years – breaking in to user’s computers and phones – including ones in other countries like, say, the US.  The bill has been called the “Snooper’s Charter” by some.
  • Two of the largest employee background check firms have to pay consumers $10.5 million and pay the government a penalty of $2.5 million for selling inaccurate information about job applicants to employers.  The reports provide information such as criminal background records and information that is not legally allowed to be included in consumer reports.  Part of the problem is these firms run the checks based on first and last name and don’t have a method for resolving confusion between similar names.  Apparently 70% of the disputed criminal history complaints resulted in a change or correction – maybe after the people who’s criminal history was wrongly reported lost the job opportunity.
  • And finally, as Apple and the DoJ fight over unlocking an iPhone, the government is invoking the All Writs Act – a revolutionary war era law as the basis of their requiring Apple to unlock the phone.  The government is saying that since Apple doesn’t sell you the software, they are still the owner and therefore, the All Writs Act authorizes the court to issue All Writs necessary or appropriate to unlock it.  I am sure that the framers of the Constitution did not anticipate it being used to unlock an iPhone. In the past, courts have rubber stamped these requests to have manufacturers unlock phones.  This time Apple appears to have found a judge who is willing to question this.  If the judge sides with the government, then any software developer anywhere could be forced to help the government bypass encryption or help the government in other unspecified ways – for example, retrieving data created by any application.  Stay tuned.

 

Information on the Stingray bill came from Wired.

Information on the Firefox 42 came from SC Magazine.

Information on employee background check firms came from Credit.com.

Information on the All Writs Act came from JustSecurity.org.