
MI5 'secretly collected phone data' for decade - yexponential
http://www.bbc.co.uk/news/uk-politics-34729139
======
dijit
* MI5.

* GCHQ/Tempora

* SIS

* GDS (Government Digital services)

* Anti-encryption laws being chased through the houses of parliment.

* It's illegal to not provide, when questioned, the encryption key of a device in your possession.

* ISP Logging. __

I 've wanted to be in tech all my life and I felt that british people have
facilitated a lot of good things in the tech world- but I have never been so
ashamed to carry my passport. This country is one that had great laws for
librarians especially after world war 2 which aided in privacy of the people.

but now, we seem to have forgotten that once data is collected, it can be used
to target and harm people in swathes- it can be used actively to destroy
individual people- or even, in moderation, can cause people to self-censor
(which carries it's own problems).

I'm a British citizen, I will not return to the UK while archaic laws and
boneheaded policy makers are eroding the very fabric of computer culture.
Looks like the next election is in 2020.

~~~
mike_hearn
_> It's illegal to not provide, when questioned, the encryption key of a
device in your possession._

Whilst true that's not the whole picture. This law isn't actually as draconian
as it sounds: the prosecutors must prove to a very high standard that you do
actually know the key, and haven't really forgotten. For instance if you typed
in the password the day before you were arrested, that's probably a good sign
you know it. If you haven't used it for a year and claim you forgot it ... or
if they can't actually prove you know the password at all ... then you don't
go down for it (in theory).

Now perhaps you object to the general principle. But let me ask you what your
proposed balance is? If you're against mass surveillance and bulk collection
(like I am) then this leaves the question of how can governments investigate
crimes? Should they be regulating technology at all? I'd really prefer not.
"Tell us the password so we can investigate the contents of this device" is
low tech and has very limited potential to be abused for social control
because it doesn't scale. You can't use this law to do bulk surveillance. So
in the end it seems like the lesser evil.

~~~
forgottenpass
_the prosecutors must prove to a very high standard that you do actually know
the key, and haven 't really forgotten. For instance if you typed in the
password the day before you were arrested, that's probably a good sign you
know it._

I've had a few occasions where, after 2+ months of using a password at least 5
times a day, I roll into work and just can't login. I still know the password
I used when I was 9 and dialing into AOL, but my work password rotation policy
is so strict I just don't have long term storage for them anymore. I mostly
rely on muscle memory the current password too.

So, all that was to say I don't think that standard is "very high" at all.

~~~
Freaky
Not to mention how badly stress can screw with memory.

If you're used to entering your password in a specific relaxed situation and
now you're filled with dread every time you think about it, damn right you
might not be able to remember it. That's just basic neurology.

~~~
nthcolumn
Which is why we need to wash all that stress out of your head by holding it
under water for arbitrary amounts of time...

------
mootothemax
The scary thing about web history logging is that it makes you question your
web habits, if not become actively paranoid.

For instance, the article quotes the head of MI5 regarding preventing the
bombing of the London Stock Exchange in 2010.

I wanted to know more about this, so Googled _London Stock Exchange Bomb_ ,
and clicked on a few stories, and wanting to find out a bit more about the
people involved, I then Googled their names and clicked on a few more links.

All this time, I had the thought at the back of my head: _will these searches
and clicks put me on a list somewhere?_

(for anyone who wants to be saved searching for these terms, here's a quick
overview: [http://www.telegraph.co.uk/news/uknews/terrorism-in-the-
uk/9...](http://www.telegraph.co.uk/news/uknews/terrorism-in-the-
uk/9072455/Terrorism-gang-jailed-for-plotting-to-blow-up-London-Stock-
Exchange.html))

It's _this_ feeling that I most dislike about it all; something, or someone,
somewhere _may be_ watching, and so now I'm questioning myself because some
discussion on some site has _potentially_ questionable keywords in its URL.

~~~
junto
Your CSRS just increased. CSRS = Citizen Subversive Risk Score.

A couple more internet searches like that and you'll be hauled into "the Cage"
for questioning, held without charge for 72 hours under the "Anti-Terrorism
and Subversives Act 2018" and released after a good beating.

Your credit score may or may not be affected. Employers may call upon your
CSRS score before employing you. Increases over 5% a year are grounds for
dismissal.

~~~
rmc
> _held without charge for 72 hours_

 _Today_ , if you're arrested in the UK under Terrorism charges you can be
held for up to 14 days.

[https://www.gov.uk/arrested-your-rights/how-long-you-can-
be-...](https://www.gov.uk/arrested-your-rights/how-long-you-can-be-held-in-
custody)

~~~
davb
And terrorism is such a broad term these days, especially with regards to
"cyber-terrorism".

------
zer0defex
I used to want to visit the UK, not so much anymore... when you find yourself
mulling over how best to protect yourself in the same way you'd prep for
attending something like defcon, it sort of loses its zeal.

Edit: wow, the downvotes are coming fast on this one, guess i found a nerve.
_needle_

~~~
cmdkeen
Seriously? Now you might be engaging in activities which mean you do need to
engage in Defcon levels of preparation, perhaps you work in intelligence,
perhaps you're a terrorist, or perhaps you're a journalist. But then you'd be
engaging in Defcon levels of preparation all the time, including heading to
any Western country. I suspect you're not and you're mistaking your desire for
privacy with thinking the UK is in any way interested in you.

This isn't a "nothing to hide, nothing to fear" argument I'm trying to be
realistic. The UK has a strong history of an independent judiciary standing up
to the state and of a government that has been legislating to increase
scrutiny and safeguards for decades. This whole programme may have been under
a "vague" law but it is covered under the law and the government is having a
debate on making it clearer what is happening. In trying to update old laws to
the modern age I think it is acceptable to discuss what the limits should be,
but also accept that old concepts of where the state can intercept
communications should change not just be written off as "oh well we can't do
that any more".

~~~
throwaway7767
Yes, seriously.

You don't need to believe that someone is actively looking at your
communications to be concerned about all your conversations being logged into
a database somewhere, for future reference.

We know now that the only chance we have to prevent our communications falling
into the mass surveillance dragnet is precisely to follow, as you say, "Defcon
levels of preparation all the time".

Despite what you say, your argument is exactly the trite old gripe about "if
you have nothing to hide, you have nothing to fear". Except maybe if you
decide in 15 years to run for political office on a platform to rein in the
intelligence services, you might. Then it might not be good for them to have
this huge haystack to search through to pass juicy bits to the tabloids. Look
into the FBI's handling of Martin Luther King for example.

~~~
cmdkeen
And yet again the UK is not the USA, MI5 is not the FBI, Spooks is not a
documentary.

The FBI's handling of MLK, and the general culture of fear of Hoover in the
political establishment, is an excellent example as it is all before any of
this technology. It isn't an argument against this, it is an argument for the
effective oversight and regulation of the intelligence services. The USA might
have some bizarre legal concepts in which the courts defer to the state when
"national security" gets played but I can assure you that is not the case
here. We've paid out settlements to the British Guantanamo detainees because
trying their lawsuits would have potentially exposed intelligence relating to
whether they were bad or not. NB nothing justified their treatment regardless
of who they were.

It has always been the case that the intelligence services have the capability
to destroy someone they don't like. If they don't have that then they're not
any good at their jobs. If you have a (rational) fear that they can that is an
argument for reigning in that service, not hobbling their ability to do the
things we do need them to do.

~~~
pjc50
_bizarre legal concepts in which the courts defer to the state when "national
security" gets played but I can assure you that is not the case here_

[https://en.wikipedia.org/wiki/Diplock_courts](https://en.wikipedia.org/wiki/Diplock_courts)

"…the Law should be used as just another weapon in the government’s arsenal,
and in this case it becomes little more than a propaganda cover for the
disposal of unwanted members of the public. For this to happen efficiently,
the activities of the legal services have to be tied into the war effort in as
discreet a way as possible.."

That was 1970, but if you think the UK security services have clean hands you
are seriously underinformed about Northern Ireland. More recently there's
Spycatcher, Zircon, Matrix-Churchill, police infiltrators in environmentalist
groups (
[https://en.wikipedia.org/wiki/Mark_Kennedy_%28police_officer...](https://en.wikipedia.org/wiki/Mark_Kennedy_%28police_officer%29)
), and so on.

Effective oversight of the intelligence services is really hard because it
can't be done in public, and it's easy enough for them to convince politicians
that it's all fine really.

------
junto
What's painfully not funny, is that the vast majority of the British public
won't see this as a problem, and won't see any need to do anything about it.

There is a reason why all the data and calls go through the BT Tower in
London, and why it is guarded like a fortress. All the taps are there.

[https://en.wikipedia.org/wiki/BT_Tower](https://en.wikipedia.org/wiki/BT_Tower)

~~~
coldtea
> _What 's painfully not funny, is that the vast majority of the British
> public won't see this as a problem, and won't see any need to do anything
> about it._

You mean the same public that accepts and sponsors a "royal" class in 2015?

~~~
hahainternet
> You mean the same public that accepts and sponsors a "royal" class in 2015?

We make money from the royals, does that change your opinion?

~~~
RabidSquirrel
Pimps make money from prostitutes, doesn't make it moral. If you support
having a royalty, great, that's certainly your right. If you are against the
concept in principle then deciding it's okay since we make money from them
seems wrong.

~~~
dijit
Regardless of anything relating to the royals, it is not Queen Elizabeth who
is instituting this, it is the democratically elected.

Please don't bring in our royals as if they're somehow the reason of anything.
There is a symbiotic relationship in regards to the royal family that you have
to understand, the people who hate them are jealous- yet would probably not
like the spotlight they have. They do bring in a net gain to the country, they
are educated enough in certain scenarios to represent us quite well.

I don't take exception to them, but if the public /did/ then government could
restrict the funding to Her Majesty. (Which has happened a lot before and has
constituted the closure of many of her castles.)

~~~
coldtea
> _the people who hate them are jealous_

You say it like it's a bad thing -- that those jealous should be ashamed of
themselves or something, when it's the other way around.

Democracy is all about people being jealous of royalty (kings, feuds,
pharaohs) having all the power, land, free food and honors, for just being
"born" special, and putting and end to that charade.

~~~
hahainternet
> Democracy is all about people being jealous of royalty (kings, feuds,
> pharaohs) having all the power, land, free food and honors, for just being
> "born" special, and putting and end to that charade.

I'm curious, are you saying that with a straight face? Because there's no way
you can look at capitalism / US politics and believe that it's any different.

~~~
ionised
The US Republic is a farce of democratic processes for sure, but they at least
did that to themselves. They were given a choice.

If they fucked it up and created the plutocracy they did, fine. That was their
mistake to make.

We still have an unelected upper house of parliament _that actually has power_
, as well as our unelected, divinely appointed monarch.

We were never given the choice of fucking up our own republic. We should have
been by now.

------
SturgeonsLaw
The blatant contempt they have for their people is astounding.

> The draft bill's measures include:

> Allowing the security services to hack into phones and computers around the
> world in the interests of national security

> A new criminal offence of "knowingly or recklessly obtaining communications
> data from a telecommunications operator without lawful authority", carrying
> a prison sentence of up to two years

In the same breath they threaten prison sentences for doing exactly what they
state they're doing.

> The Wilson doctrine - preventing surveillance of Parliamentarians'
> communications - to be written into law

Come on guys, now you're just taking the piss

~~~
pjc50
_preventing surveillance of Parliamentarians ' communications_

.. except when authorised by the PM. Who recently called the leader of the
opposition a threat to national security.

~~~
SFLemonade
The creepiest implication with this is if you get the wrong person in power at
the right time, they might be able to keep their party or interests in power
for an atypically long time, given access to these new tools. We all know that
keeping one political interest in control for any extended period of time is
never good.

------
mst
That ... would be what MI5 is for. My objections only begin when law
enforcement start getting access to spook grade data (which means I'd object
to them sharing with the NSA, who're clearly rather permeable to law
enforcement currently).

~~~
agd
Many British people (including myself) would disagree with your assessment of
the role of MI5. Personally, I don't think they are there to carry out mass
surveillance.

~~~
walshemj
How would you say identify associates, handlers, spotters or more bombers
after the 7/7 bomb attacks?

------
0xFFC
Tadaa ... . The surprising fact for me is when I was talking with mostly
programmer located in USA in Reddit (I am not from us), they didn't even care
about NSA/etc agency collect their data. They act in a way I thought they
think their data belongs to NSA. that really got me to thinking. This is my
right as human being to have privacy.

------
mildweed
Real world events make for such an awful James Bond spoiler.

[http://www.wired.com/2015/11/spectre-james-bond-video-
review...](http://www.wired.com/2015/11/spectre-james-bond-video-review/)

------
JupiterMoon
NO worries it'll all be legal soon. If there are any senior ex-Statsi left
alive they will be looking at the UK spying systems and wishing they had had
this level of access.

------
tome
They secretly collected phone data for a decade _and nothing untoward seems to
have happened!_ Sounds like the powers that be are reasonably responsible
after all.

