Privacy advocates insist that strong encryption is not only vital for the operation of the internet but also to protect individuals from pervasive state surveillance as revealed by NSA contractor-turned whisteblower Edward Snowden , and that any mandatory backdoors would weaken protection for everyone."While no practical encryption mechanism is perfect in its design and implementation, decryption appears to be less and less feasible for law enforcement purposes," it notes, and warns that government ordered backdoors into encryption are likely to fail to have the required impact"Criminals can easily circumvent such weakened mechanisms and make use of the existing knowledge on cryptography to develop or buy their own solutions without backdoors or key escrow.""The good news is that the information needs to be unencrypted at some point to be useful to the criminals," they say -- which means instead of focusing on encryption police can also consider undercover operations and infiltration into criminal groups, or "getting access to the communication devices beyond the point of encryption, for instance by means of live forensics on seized devices or by lawful interception on those devices while still used by suspects".However, there is no doubt that malevolent parties use the same techniques to conceal their criminal activities and identities."When circumvention is not possible yet access to encrypted information is imperative for security and justice, then feasible solutions to decryption without weakening the protective mechanisms must be offered, both in legislation and through continuous technical evolution," they say.But it's almost certainly a more realistic and effective way forward than trying to legislate backdoors which just won't work even if the statement doesn't rule out legislation entirely .
The UK government has agreed to an independent review of so called bulk collection — aka mass surveillance — powers in proposed new surveillance legislation, one of the most controversial elements of the Investigatory Powers bill which is currently before parliament.A further provision relating to state hacking capabilities set out in a Code of Practice associated with the draft bill notes that communications service providers may be required to maintain a technical capability to enable their users data to be intercepted — including having user data harvested in bulk — a scenario that human rights group Privacy International described to TechCrunch as the worst form of backdoor .Burnham said substantial changes were needed before the party would consider supporting the bill.Liberty for example, which is challenging the legality of bulk collection/mass interception in the European Court of Human Rights, criticized the earlier report for offering only six Agency case studies as justification for bulk collection — arguing that this vague and limited information was not substantial enough to assess security outcomes had other more targeted surveillance methods been used.Since his prior report, multiple parliamentary committees have scrutinized the draft bill and been critical of its overly broad powers, a lack of clarity and not enough privacy safeguards.Update: Burnham s spokesman has now confirmed the review will not include ISCs but only focus on capabilities badged as bulk in the bill.
A ship from the French company Alseamar is on the way to the place in the Mediterranean where an Airbus A320 from Egyptair crashed a week ago. Alseamar said to use an acoustic localization system consisting of interception systems, likely passive sonars, which hangs from the ship. It is however uncertain whether the sonars can hear the signals of the black box. The boxes are believed namely located at 3000 meters, and according to marine observers may need to send down the eavesdropping equipment at 2000 meters depth to be able to perceive signals. The plane should have quickly lost altitude and swung during their nightly flight. Investigators are working against the clock because the signals emitted by the black boxes silenced after 30 days.
The Lorenz teleprinter that was purchased by the National Museum of Computing and confirmed as one of the machines used to send coded messages between Adolf Hitler and his generals.Less than 80 years later, for a thrifty saleswoman in Essex, the telegram machine was little more than a dusty antique languishing in the garden shed that could fetch just £9.50 on eBay.After finding the component on the online auction site, and receiving a long-term loan of the Lorenz SZ42 cipher machine from the Norwegian Armed Forces Museum in Oslo, the museum is now looking for the final parts to restore the encoder back to working order.I think it was described as a telegram machine, but we recognised it as a Lorenz teleprinter, Whetter said.Together with the Lorenz SZ42 cipher machine from Norway, the teleprinter almost completes the museum s set of encryption, interception and decryption equipment, which will allow them to tell from beginning to end the tale of how the allies broke Germany s secret codes.Solving the problem also led to the creation of Colossus, the world s first programmable computer, which Tommy Flowers, a Post Office engineer, invented to work out the wheel positions on the Lorenz encryption machine and speed up the process of decrypting messages from weeks to hours.
The Joint Committee on Human Rights has struck a conciliatory note on the proposed Investigatory Powers Bill IP Bill in a new report, claiming that bulk data collection is not incompatible with the right to privacy.The committee, chaired by former acting Labour leader Harriet Harman, welcomed the introduction of a formal bill as a "significant step forward in human rights terms" as it would provide a clear legal basis for the powers that are already used.The IP Bill, sometimes labelled with the derogatory term 'Snoopers Charter', is intended to provide the UK Government with new abilities to legally conduct surveillance on citizens, including tracking online activity.The Government claims that the new powers will help it prevent terrorist attacks.Theresa May recently agreed to a review on the proposed bill, which will be led by the government's reviewer of anti-terrorism legislation, David Anderson.Overall the Bill has attracted significant criticism, including from the Intelligence and Security Committee, particularly over a lack of clarity in the definitions included in the text.
Another parliamentary committee that has been scrutinizing UK surveillance legislation currently before parliament says changes are needed to remove concerns the Investigatory Powers Bill would afford state security agencies powers that are too broad.However the Human Rights Committee is generally less critical of the controversial bill than the security-cleared Intelligence and Security Committee, concluding that the controversial bulk powers the government is seeking to enshrine in law are not, in and of themselves, incompatible with European Human Rights law — at least not if certain legal bases are properly established, and checks and balances built in.On the current state of the ECHR case-law, we do not consider the bulk powers in the Bill to be inherently incompatible with the right to respect for private life, but capable of being justified if they have a sufficiently clear legal basis, are shown to be necessary, and are proportionate in that they are accompanied by adequate safeguards against arbitrariness, it writes.Update: Responding to the report in a statement provided to TechCrunch, digital rights group Privacy International welcomed the committee s assessment of thematic warrants as too broad but added that the general view that bulk collection is not inherently incompatible with privacy rights is out of step with recent decisions from the ECHR .The Committee s remarks that bulk collection is not inherently incompatible with the right to privacy based on existing case law, is like a sand castle built at low tide.And the upcoming cases involving UK human rights organisations will change the nature of case law in Europe.
The Joint Committee on Human Rights has had its say on the proposed IP Bill that would have ISPs keep track of the Daily Mail pages we occasionally open in incognito mode, suggesting that the government's proposed rules are too wide and that the need for a judicial review before opening up someone's internet history could possibly be circumvented.The actual paper PDF says: "...the power to make modifications to warrants for targeted interception, without judicial approval, is so wide as to give rise to real concern that the requirement of judicial authorisation can be circumvented, thereby undermining that important safeguard against arbitrariness," also warning that the "broadly drafted" current terms might make it too easy for authorities to put in bulk requests by being deliberately vague with their search queries.They human rights people are also worried that proper grown-up journalists may be threatened by the Bill's ability to provide enough data to out sources, adding: "We recommend that the Bill should provide the same level of protection for journalists sources as currently exists in relation to search and seizure under the Police and Criminal Evidence Act 1984, including an on notice hearing before a Judicial Commissioner, unless that would prejudice the investigation," meaning no ISP could be forced to reveal where the video of Hulk Hogan came from.PHRC PDF via The Inquirer Want more updates from Gizmodo UK?Make sure to check out our @GizmodoUK Twitter feed, and our Facebook page.
Hoping to keep industrial control systems out of reach of hackers by keeping them air-gapped is a hopeless mission that s bound for failure, according to the inventor of the technology.Faizel Lakhani, a pioneer of SCADA technology, told El Reg that air-gapping such systems would be a quixotic endeavour, at best.20 years ago, Faizel Lakhani used a PDP-11 and created the first SCADA system for the electric utility company, Ontario Hydro.However the incredible success of TCP/IP internet networking protocols over the last 15 year or so has swept all before it, including SCADA systems.El Reg spoke to Lakhani, who is president and COO of lawful interception technology firm SS8, to accompany the firm s launch of a breach detection technology, targeted at enterprises instead of its traditional carrier and government customer base.Even as more traffic on enterprise networks is encrypted SS8 s approach can still provide crucial insights, according to Lakhani.
A highly revealing exchange of letters from 2004 has been published by Privacy International PI before Monday s parliamentary debate on the investigatory powers bill, sometimes called the snooper s charter.The snooper s charter is backThe campaign group argues that the letters demonstrate the relationship between government agencies and the independent organisation that is supposed to oversee and regulate their activities has been too cosy .Thomas wrote back the following month, expressing reservations about such clandestine authorisation.The letter continued: The only practical difference between the two sets of provisions is if Ripa were used, a new notice would need to be issued every month … involving a fresh consideration of the necessity and proportionality issues.This discussion, between lawyers for MI5 and GCHQ and the interception of communications commissioner, is also an illuminating example of how oversight can go wrong when it lacks sufficient transparency, resources and advocates for the individuals whose privacy may be violated.Indeed, the commissioner even agrees with GCHQ and MI5 that collecting our communications data from service providers would not be an interference with our privacy – a position that would likely come as a surprise to most of us and is in direct conflict with recent court decisions.
Something to bear in mind as Snoopers' Charter loomsIPB Letters between GCHQ and an official overseeing the spy agency shed new light on how Blighty's eavesdroppers interpret laws to suit their surveillance efforts.Although the letters date from 2004, they show how the agency is willing to bend the rules – a fact that is highly relevant right now as Parliament mulls a new law granting fresh powers to UK spies.The memos revealed this week were sent between Sir Swinton Thomas, the then-Interception of Communications Commissioner, and the intelligence services.GCHQ argue this is preferable to using RIPA, since it means an elected politician makes the decision to authorize an investigation rather than a civil service official, and for one other reason:"The only practical difference between the two sets of provisions is if Chapter II of RIPA were used, a new notice would need to be issued every month ... involving a fresh consideration of the necessity and proportionality issues.So, under the powers in the 1984 Act, GCHQ can neatly sidestep troublesome routine oversight of its powers and operations.An IOCCO spokesman said, in a canned statement: "We readily gave permission for a series of 12-year old correspondence between Home Office lawyers and a former Interception of Communications Commissioner from 2004 to be disclosed in open as part of proceedings currently before the Investigatory Powers Tribunal IPT .
Why advertise with usIn an official capacity, Thomas held a key oversight role however, according to campaigning organisation Privacy International, the letters clearly show the "government's troubling history of over-reaching in order to expand its surveillance powers while minimising safeguards."The Home Office official said: "The only practical difference between the two sets of provisions is if Ripa were used, a new notice would need to be issued every month ... involving a fresh consideration of the necessity and proportionality issues.This would not be the case under section 94 of the Telecommunications Act .""Communications data is an increasingly important tool in GCHQ, especially in the fight against global terrorism and serious crime," the agency asserted.Caroline Wilson Palow, PI's general counsel, said: "This discussion, between lawyers for MI5 and GCHQ and the interception of communications commissioner, is also an illuminating example of how oversight can go wrong when it lacks sufficient transparency, resources and advocates for the individuals whose privacy may be violated."The information scooped up includes NHS records, driver license information, passport records and financial information.
The release has been timed to coincide with the UK government s move to update surveillance legislation and enshrine bulk collection powers at the heart of the security state.The classified MI5 briefing document, which is a draft version dated February 2010, provides details of the UK domestic intelligence agency s so-called Digint program digital intelligence , and notes that the agency s efforts to collect and exploit data from UK web users digital footprints have grown significantly over the last few years .Spy agencies drowning in data has been a warning refrain sounded for multiple years on both sides of the pond.And yet the UK government continues to seek to greatly expand the volume of data available to state agencies via the IP bill — including, for example, a requirement that ISPs log the web activity of all users for a full year, as well as provisions for thematic warrants to authorize the interception of the communications of multiple people, and for bulk equipment interference to sanction the mass hacking of devices by the state.Both of the killers were on the radar of intelligence agencies prior to the murder, and an ISC report subsequently detailed a series of agency failures although it did not point the full finger of blame at the intelligence agencies — concluding instead that only Facebook could have prevented the killing by sharing more data with the security agencies .*NTAC, the National Technical Assistance Center, was a Home Office agency established for data decryption and analysis, whose responsibilities have since been folded into GCHQFeatured Image: Profit Image/Shutterstock
Image caption The government is seeking a mandate for the collection of more dataSpy officials allegedly voiced concerns back in 2010 that so much data was being collected by the UK security services, they risked overlooking useful intelligence.It was allegedly prepared by British spy agency officials to brief the government's Cabinet Office and Treasury Department about the UK's surveillance capabilities.Those capabilities are currently due to be updated via the controversial Investigatory Powers Bill, which is now at the report stage in Parliament.Critics of the bill said the alleged leaked document showed mass surveillance was not the answer."Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee.The Home Office did not respond to requests for comment.
Let us spy on you or we'll choke off civil liberties, says ex foreign secLord HagueInfosec 2016 Lord Hague has predicted that Western societies will enact laws and regulations against unbreakable encryption – while conceding that the technology has always existed.The former UK foreign secretary, who is also a historian and author of a biography of Prime Minister William Pitt the Younger, told delegates at the Infosec trade show that a book-based cypher written by an 18th century politician remains unbroken.Unless we know the book it s based on, or can find example of the same code being used in other messages, then it will remain unbroken, he said.The senior politician, who signed interception warrants authorising the operations of GCHQ for four years while foreign secretary, said that businesses are becoming more vulnerable as they become more efficient through greater use of technology.Attacks of this type – often targeted against military contractors and aerospace firms – have historically been blamed on China, an accusation the country routinely denies.Defensive capabilities are limited without an offensive capability to detect deter or prevent attack, he said during his keynote presentation at the Infosec trade trade in London on Wednesday.
BlackBerry insiders have spoken out about police interception requestsBlackBerry insiders have claimed the firm routinely accepts data interception requests from police forces around the world, while expressing surprise that so many criminals still use its smartphones with the belief they are invulnerable to snooping.An investigation by CBC News analysed the activities of BlackBerry's Public Safety Operations team - which handles legal interception warrants on behalf of the firm - and found an overly 'enthusiastic' approach to combating crime.Why advertise with usOne source, who spoke on condition of anonymity, told CBC the team is "helping law enforcement kick ass."The insider added: "Narco trafficking, human trafficking, money laundering, kidnapping, crime against children, knowing you are stopping those things, how do you not love doing something like that?"One document, being disclosed for the first time, revealed additional insight into how the smartphone maker – which still counts the US government as a major customer – handles data requests.We have long been clear in our stance that tech companies as good corporate citizens should comply with reasonable lawful access requests."
Nobody wants to see Yaya Toure become an invincible Incredible Hulk of a player, especially when in real-life he now often just shuffles around the centre circle like he s half-heartedly trying to keep some goats away from his picnic.Power up your shot and then tap the shoot button again at the end and you ll deliver either a downward header or a low, driven shot – two techniques that any coach worth his boots will tell you can be devastatingly effective.As well as better control over the trajectory and pace of your dead-ball deliveries tap to loft it, hold to ping it , you can now switch to controlling a receiving player before the corner is taken, attempt to lose your marker and hit B when you re ready for the corner-taker to put the ball in.Keepers now also have their own version of the driven pass activated by holding R1 , allowing you to launch flatter kicks and throws to your teammates in an attempt to get an attacking move in motion as quickly as possible and catch your opponent off guard.Saying that, pass weight is noticeably much lower, so even fairly short passes need plenty of beans to reach their man without interception, and the driven passes played by holding R1 seem a little less rocket-powered.The makers have been trying to develop the physical side of the game for a while now and they ve never quite managed to weave it right into the way the game plays and make it feel as integral as passing or sprinting, but there were moments during our time with FIFA 17 that felt like it was getting there.
A Home Office document has disclosed the expansive hacking powers the legislature would grant the GCHQ.The document also justified the use of bulk personal datasets BPD by outlining several case studies that showcased how intelligence agencies succeeding in deterring, identifying and analysing security threats."The Bill provides that bulk interception and bulk equipment interference warrants may only be issued where the main purpose of the activity is to acquire intelligence relating to individuals outside the UK."In some cases the UK can work with overseas partners but more often the individuals of intelligence interest are located in failed states, or where the UK has a limited or no physical presence.Lib Dems are of the opinion that the bill incorporates powers that are injudicious and excessive.Despite renaming it as 'internet connection records', that is exactly what it requires communications service providers to do."
Yandex, a Russian search engine, said legislation would cause an "excessive limitation of the rights of the companies and users."The Telegraph quotes Andrei Soldatov, an expert on the Russian security services, as saying that it would be "technically impossible to implement the eavesdropping measures."The maximum sentence for this is seven years of imprisonment.Russia already has thoroughgoing surveillance operations in place, including SORM.Wikipedia says of her: "She gained fame as the author and co-author of multiple controversial, very unpopular and very low-quality laws, including the toughening of responsibility for violation of the rules of holding rallies, tightening immigration, criminal libel, and registration requirements for 'foreign agents' for non-profit organisations with foreign funding."Two of the harshest measures proposed in the original draft of the new law—the ability to revoke convicted criminals' Russian citizenship and their right to travel abroad—were dropped at the last moment.
Oh, yes, Biz Department asked to use 1984 warrantsAn oversight body has revealed that secretaries of state for the Home Office and the Foreign and Commonwealth Office have issued at least 23 secret orders to telecommunications companies on national security grounds since 2001.The review reveals that there are 23 ongoing "directions" issued under section 94 that fall within the scope of IOCCO s oversight.Other uses of the power were not investigated, although in a letter to IOCCO, the Prime Minister confirmed that other section 94 "directions" had been issued by the Department for Business, Innovation and Skills, although he stated that the oversight body would not be given the right to oversee these because they were in the process of being reviewed and would possibly be rescinded".The remaining eight, from MI5, MI6, both alongside GCHQ, or the NCA, relate to the provision of services in emergencies, for civil contingency purposes or to help the agencies in safeguarding the security of their personnel and operations.Although it is unconfirmed, among these orders is likely one relating to the phone call interception programme PRESTON, as revealed by The Register last year.
US corporations are shifting EU citizens' data into a jurisdiction whose lawmakers would be revolted by Brussels' notions of exposing State powers to the light of independent oversight bodies.Thus, when rogue sysadmin Edward Snowden made the activities of the NSA's PRISM programme Planning tool for Resource Integration, Synchronization, and Management known, it actually fell to Max Schrems to make a legal complaint about Facebook facilitating these extralegal abuses at least under the EU's definitions of legality .The US, of course, delivered a written assurance that mass surveillance of EU citizens would not take place in the United States, but its definition of mass surveillance is likely to be strongly contested, and the Ombudsman almost certainly will not have investigatory powers as per the UK's Interception of Communications Commissioner's Office to ensure compliance.Amendments were made to the draft, and last Monday the Article 31 Committee, made up of representatives from member states and also founded through an article of the Data Protection Directive, made its own amendments.In a statement issued then by Vice-President Andreas Ansip and Commissioner Vera Jourová, the Privacy Shield agreement was set to "ensure a high level of protection for individuals and legal certainty for business."Writing on the matter, Privacy International's legal officer Tomaso Falchetta stated that: "Given the flawed premises trying to fix data protection deficit in the US by means of the Obama Administration's assurances – as opposed to meaningful legislative reform – it is not surprising that the new Privacy Shield, at least as it appears in the leaked version, remains full of holes and offers limited protections."