
UK intelligence forced to reveal secret policy for mass surveillance - r0h1n
https://www.privacyinternational.org/press-releases/uk-intelligence-forced-to-reveal-secret-policy-for-mass-surveillance-of-residents
======
Nursie
The political silence on this issue is indeed deafening. As was the press
silence (other than the Guardian). The press in this country are far more
interested in reality tv, political infighting, fanning flames about
'immigrants' and what the royals are up to.

And I suspect it's because most of the public don't care either. There are
people who would like privacy, who think that GCHQ should be accountable and
then there are other people who are perfectly happy that someone is watching
everything, everywhere, because that makes them feel safe, and of course
_they_ aren't doing anything wrong, so why should they care?

And of course a large proportion of the population either aren't intelligent
enough or aren't interested enough to understand what's going on.

It makes me angry, but that's the world we live in.

~~~
peterlawest
I consider myself an educated, well-informed person, and I have no problem
whatsoever with government surveillance. Like anything, it can be abused, but
I don't think that outweighs the benefits.

I think it's sad that it makes you 'angry' that some people simply disagree
with you. We have a democracy, and obviously only a minority consider this to
be an issue of concern.

If you have a problem with it, stand for election.

~~~
duairc
> We have a democracy, and obviously only a minority consider this to be an
> issue of concern. > > If you have a problem with it, stand for election.

There must be a name for this kind of fallacy.

~~~
edanm
Is it really a fallacy?

Part of democracy is accepting that you don't necessarily agree with everyone
about everything, and you have to compromise.

~~~
ionised
When you have secret laws that protect secret proceedings or as we actually
have now, agencies that operate in a legal black hole and are completely
unaccountable then yes, the idea that this is somehow a democracy is comical.

~~~
grkvlt
No.

Just because one _part_ of an organisation does not have a particular
property, it does not negate that property for all other parts. The USA and UK
are, quite obviously, democracies. There are free and fair secret elections
for government in which anyone can vote, and anyone can stand for election as
a candidate. That makes them democracies, the behaviour of their secret
intelligence services is irrelevant.

I worry about the thought processes that must occur for people to think this;
or similar things, like conflating an instance of some law enforcement
department abusing its power with a totalitarian police state... I understand
hyperbole as a rhetorical device, but it isn't helpful when assumed as fact.

~~~
ionised
> There are free and fair secret elections.

Sorry, but I'm going to have to call bullshit on this one.

Lobbying and uncapped campaign donations are tantamount to legalised bribery.
The system is utterly corrupt.

Free they may be, but calling them fair is a gross misrepresentation in my
opinion.

> I worry about the thought processes that must occur for people to think
> this; or similar things, like conflating an instance of some law enforcement
> department abusing its power with a totalitarian police state.

We're not saying it's a police state. We're saying it is becoming one because
of the very tools that these agencies possess and abuse without
accountability.

As an example, you've basically had a man (a criminal) James Clapper lie
directly to congress knowingly and unabashedly. He's somehow still walking
around, free and lol'ing at the general public he so joyously likes to mislead
and scaremonger.

> I worry about the thought processes that must occur for people to think
> this; or similar things.

I honestly think the same of people who think that there is no problem here,
nothing to worry about or even that it's a good thing. I honestly can't wrap
my head around the immense wilfull ignorance some people seem to be
displaying.

It makes me sad, angry and disgusted all at once.

~~~
grkvlt
> We're not saying it's a police state. We're saying it is becoming one
> because of the very tools that these agencies possess and abuse without
> accountability

Right, this is my problem. I have no problem with _posession_ of these tools.
States possess much worse things, nuclear weapons spring to mind. And abuse of
these tools in an unaccountable fashion is wrong, 100% with you on that.
However it is _not_ clear to me that such abuses have occurred, or are
occurring in a systematic way. Are there any documented (to the extent
possible) cases of this? I didn't think even the Snowden documents showed
that. In fact, it looked like they were full of caveats about US and UK
citizen surveillance being a problematic area, and stated requirements for
legal reviews and checks in these cases?

------
digitalengineer
> The Government believes that, even when privacy violations happen, it is not
> an “active intrusion” because the analyst reading or listening to an
> individual’s communication will inevitably forget about it anyway.

unbelievable! What if they're building a searchable database of every user, so
as to have 'dirt' on someone when he 'becomes a threat' to their interests?
(Like becoming a spokesman against this sort of thing or whatever the
bureaucrats wantto do next year).

~~~
dan_bk
When I read such things ("...because the analyst reading or listening to an
individual’s communication will inevitably forget about it anyway."), it fills
me with deep hate against those people. How dare they take us for such idiots?

------
ZenPro
Disclaimer : I worked as an intelligence analyst.

1\. I am not in favour of widespread, unaccountable surveillance of UK
citizens.

2\. During my time we disrupted a number of exceptionally serious terrorist
operations.[1] [2] are public knowledge and there are a few others that are
not open source at this time.

3\. Neither I, nor any of my colleagues, were instructed to keep any files on
individuals to be used as political leverage or "for dirt" at a later stage.

That is really all I can add. I am not in favour of how far the needle has
swung but but anyone not involved in the Intelligence Community is just simply
fumbling around in the dark trying to say what _does_ and what _does not_
happen.

The threat from Qutbism Islamic Fundamentalism (Wahhabi/Salafist inspired
terrorism) is real and intelligence organisations work constantly to prevent
attacks.

If the threat warrants the level of perceived intrusion...I don't know. That
is difficult to judge. Each citizens attitude to risk is different.

The HN crowd are technologically-savvy, critical thinkers but our law
enforcement and intelligence agencies also have a mandate to protect the
elderly, the young and the incapacitated. Do you think my grandmother gives a
fuck about your outrage at having your email read?

All she cares about is that we don't return to the time of consistent bombing
on the streets that plagued the _troubles_.

In short; it's not all about you, your vote is worth exactly one other vote.

[1][http://www.telegraph.co.uk/news/uknews/terrorism-in-the-
uk/9...](http://www.telegraph.co.uk/news/uknews/terrorism-in-the-
uk/9994940/Jihadists-planned-to-attack-Luton-TA-base-using-remote-controlled-
car-packed-with-explosives.html)

[2][http://en.wikipedia.org/wiki/2007_plot_to_behead_a_British_M...](http://en.wikipedia.org/wiki/2007_plot_to_behead_a_British_Muslim_soldier)

~~~
Nursie
>> In short; it's not all about you, your vote is worth exactly one other
vote.

And how the hell am I supposed to know what I'm voting for?

This is the problem. There has been no discussion. There is no mandate from
the public at large, it's all secret programs, secret laws and secret trials.

It's sick, and it's not democratic.

~~~
grkvlt
> secret laws

Can you explain how a secret law could ever exist?

~~~
Nursie
Yes. A law could be a secret law if it was not created in a public way but was
still acted upon by the authorities as if it were any other law.

It's an easy concept.

If you don't think we have secret laws then that's a debate we can have, but
please don't pretend not to understand the idea. We have secret courts. We
have people unable to know the charges or evidence against them. We have press
gags on reporting what some court cases are about (let alone the evidence or
the defendents' identities), we have press gags on even reporting that some
cases exist! We have security services operating beyond any democratic legal
mandate based on political 'guidance'. These effectively make up a secret and
hidden system of law.

You obviously need to read more Kafka.

------
viraptor
> GCHQ is intercepting all communications - emails, text messages, and
> communications sent via “platforms” such as Facebook and Google – before
> determining whether they fall into the “internal” or “external” categories

This should raise some interesting questions about the methods used
considering all of that communication is going over TLS.

~~~
janthinidae
We all talk about using SSL everywhere protects people from NSA/GCHQ/... It
may prevent script kiddies to use Firesheep but as far as I understand if the
NSA/GCHQ has access to any key from any Root CA (which I highly assume) then
it doesn't matter at all to the NSA/GCHQ what kind of encryption we use as
they can do easily MITM attacks (anyone checking SHA1 from the certificates
from a reliable source, whatever this means?). The same is true that at
several companies I worked for, people had to install (or per automatic
software update) a fake certificate to allow the proxy to spy on all traffic.
In one case I tried to fight against it, but I was the only developer of the
80 developer which cared. Their reasoning was totally flawed (which I
demonstrated, e.g. that it protects against viruses, which it didn't, as the
proxy only checked the first few MiB) but despite that, it was signed by
management etc. Maybe I made I mistake in my reasoning and I hope someone
explains my why, but in my opinion SSL (despite the script kiddie example) is
broken as long as we have to trust companies which we shouldn't trust at all.

~~~
7952
Corporate IT departments tend to rely far too much on network level security
like this. But if the users machine is compromised in some way network
security is completely useless. Even if TLS was completely perfect there would
still be vulnerabilities in software that could be attacked on-mass.

~~~
frameworkHeavy
Quick tip: En masse, pronounced with an "awww". It's French.

------
BillFranklin
The head of GCHQ last year during an inquiry: "If I asked my employees to spy
on UK citizens they would walk out...they would quit their jobs"

\- Perhaps he should quit.

~~~
pling
I worked in the defense industry. The employees don't give a shit if the pay
cheque turns up. It doesn't matter if they're making guns, bombs or reading
people's emails. Someone told them it was good and they're getting paid so
screw it to ethics and morals.

------
csandreasen
The section regarding external communications starts on page 37. The same
document seems to contradict this article's premise:

(from p.41) "Despite the fact that some UK to UK communications may be
intercepted under section 8(4) warrants and that common uses of the internet
by persons in the British Islands, such as a Google search, a Facebook post,
or a "tweet" on Twitter, may entail the making of "external communications"
for the purposes of Chapter I of RIPA, the section 8(4) regime as a whole is
designed so as not to authorise the selection for examination of
communications of this nature, except in the tightly constrained circumstances
set out in section 16 of RIPA."

Disclaimer: IANA-(British)-L

~~~
justincormack
It goes on though to say that tweets are posted to a US platform, not an
individual, so they all count as external. Only email from one person to
another both in the UK is "internal" but they admit it will be collected
anyway, but say they can't look at it.

~~~
csandreasen
Well, yeah - with regards to it being an "external" communication, they say
that on p.37 (as I said in my post). The document starts talking about the
differences between internal and external communications on p.37 and how a
tweet that isn't directed to another British citizen is considered an external
communication because the server is in the US. They then continue by saying on
p.41 that even though that tweet is an external communication, they still
aren't authorized to intercept it unless it's "necessary" under section RIPA
5(6)(a) and the tweet also isn't authorized for "selection for examination"
unless it meets other criteria under RIPA section 16.

The article is focusing on the fact that the tweet is an external
communication and neglecting to mention that there are still additional
restrictions on collecting external communications. What Charles Farr is
saying in that document is a far cry from the article's wording: "By defining
the use of ‘platforms’ such as Facebook, Twitter and Google as ‘external
communications’, British residents are being deprived of the essential
safeguards that would otherwise be applied to their communications - simply
because they are using services that are based outside the UK."

(After skimming through RIPA, though, I will concede that UK laws can be very
obtuse. Section 16 gave me a headache - but that's an entirely different issue
than the external communication argument)

------
higherpurpose
> _The distinction between ‘internal’ and ‘external’ communications is
> crucial. Under the Regulation of Investigatory Powers Act (‘RIPA’), which
> regulates the surveillance powers of public bodies, ‘internal’
> communications may only be intercepted under a warrant which relates to a
> specific individual or address. These warrants should only be granted where
> there is some suspicion of unlawful activity. However, an individual’s
> ‘external communications’ may be intercepted indiscriminately, even where
> there are no grounds to suspect any wrongdoing._

This is another reason to force companies to hold local datacenters in major
countries...or, if they prefer, put everything under end-to-end encryption, so
it doesn't matter where they hold it.

Only these 2 options should be given to the companies, otherwise no
"foreigner" (in relation to where the data is kept) can trust them with their
data. They decide which is less costly, but I'm hoping they choose the latter.

------
jpgvm
There can be no secret laws in a democracy. Else it's not a damn democracy.

~~~
TeMPOraL
Since the secret laws are actually out there, what conclusion does this fact
support?

~~~
grkvlt
What 'secret laws' are you talking about? No such thing exists in the UK, at
least. Is there not a similar process for creating legislation publicly in the
USA?

~~~
jpgvm
Many countries have secret laws unfortunately. The US is especially bad
because they hide their secret laws behind a veil of "nation security" when
they clearly have no requirement to do so. They legalise these secret laws
through a secret court.. once again justified with "nation security". Mind
you, a secret court whose judges are appointed by the executive.

How are we meant to hold our elected representatives accountable when the
goings on of these secret courts are not even open to them? How can this
possibly be a democracy if we don't have the slightest say in what our
executive does in our name?

So no, we don't live in a democracy anymore. Long live congress and God bless
America.

~~~
grkvlt
I'm not sure that what you are talking about are things that are in the same
category as the rest of the laws of either the UK or the US. For some rule to
be classified as law, a bill must be passed by the legislative body of the
government and added to the statute books; this is a public process.

There are other things that a court can use when deciding the outcome of some
argument, perhaps the text of a contract or a set of rules that govern
national security proceedings. In the same sense that the rules under which an
employment or arbitration tribunal/panel operate under, these are not 'laws'.
You cannot be prosecuted for breaking them, and so on.

So, while there are these extra rules that govern national security matters,
and courts can decide on matters relating to these rules, with the entire
thing being secret, which seems right and proper since they govern classified
(or secret) matters.

------
ZenPro
I have just re-read this entire thread in its entirety and once again a
potentially valuable debate about the limits of police and intelligence
services have devolved into a stunningly naive rant centring around -

> The Islamic Terrorist threat is made up > The Government is a homogenous
> entity that cannot be trusted. It is definitely not a disparate group of
> people and organisations trying to make an effective and functioning
> society. It is _sinister_ > Intelligence services watch your children naked.
> Seriously - this is disturbingly dark. In nealty 10 years of service neither
> I or anyone I ever met in my employment ever saw a child naked. Honestly;
> that comment hints at real psychological problems. > Government oversight of
> communications travelling along copper wires is the same as pre-WW2 Nazi
> Germany > Assertions we live in a police state etc etc. Which is hilarious
> because I have been to actual police states and very few people assert
> online they live in a police state. You know, on account of that not being
> wise in an actual police state.

I could go on but this is beyond absurd.

Privacy concerns? Legitimate. Anything else? Hollywood-isation of actual
intelligence work. 99% of it is seriously boring and no one gives a fuck what
porn you watch. Bit busy trying to stop actual people getting killed.

------
SixSigma
I didn't steal that money because I already spent it.

~~~
tomp
I stole that money but I forgot that I stole it. Not a crime!

------
greggman
You might find this debate from Intelligence Squared interesting on this
topic.

[http://www.intelligencesquared.com/events/state-snooping-
is-...](http://www.intelligencesquared.com/events/state-snooping-is-a-price-
worth-paying-for-security/)

