
Tech firms anti-terrorism efforts criticised in Rigby report - SandB0x
http://www.bbc.co.uk/news/technology-30191218
======
Silhouette
This report just seems like a whitewash to try to blame an Internet company
with no legal and (arguably) no ethical duty to monitor communications over
its network for the collective repeated failings of the security services.

According to various reports in the serious media today, the security services
had these two in their sights _seven times_ before the attack. Some commenters
also seem to be suggesting that surveillance was undermined, possibly as late
as the day before the attack, by numerous procedural errors by those security
services, though I haven't yet seen a specific citation of anywhere the ISC
report itself states this.

In any case, why do we still pretend that it is plausible to monitor
everything said on-line, correctly identify every genuine threat needle in the
hyperbole haystack, and anticipate and prevent every small-scale, isolated
violent attack by bad people?

While I would never make light of the loss to Lee Rigby and his family and
friends, objectively this appears to have been an isolated incident with a
single victim, given coverage out of all proportion by the media because
someone said "terrorism". There were hundreds of murders in the UK last year,
and I doubt the others were any less tragic for those affected, but we don't
see David Cameron, Theresa May and Malcolm Rifkind calling for draconian state
surveillance powers to avoid repeats of all the other killings.

~~~
yimbosmeen
You hold a very minority opinion. Personally I don't see a problem with this
kind of monitoring, AND I would go further...

\- There are many many young people on facebook. Every year a percentage of
these innocents decide to kill themselves. I think facebook have a MORAL
OBLIGATION to monitor all language used in facebook posts in order to
ascertain potential suicide threats - which should then be reported to the
appropriate authorities.

\- Every year thousands of people die of hear attacks brought about by years
of unhealthy living. It is facebooks MORAL RESPONSIBILITY to monitor the word
density of posts, giving extra weight to words like 'pie', 'cake' and
'spachumnauzer' \- These perpetrators should be reported to the relevant NHS
department for immediate medically induced coma therapy[1]

\- EVERY, SINGLE, YEAR, millions of illegal immigrants done come over to our
country illegally, in order to steal our benefits. Facebooks continued lack of
action in monitoring facebook photos for suspicious foreign looking persons in
a job type role consists of MORAL CONSTIPATION on the part of Facebook. All
foreign-ish photos should be vetted by the appropriate vets.

[1] study after study show people in comas are at a significantly lessenered
risk of dying of heart attacks - I don't have the links right now, but believe
me, they do!

------
higherpurpose
> “The ISC is spinning the facts in an attempt to condemn US technology
> companies for not spying on their customers,” said Eric King, deputy
> director of Privacy International, the UK-based right to privacy charity.
> “Law enforcement should have powers to intercept and acquire communications
> when necessary, but deputising private companies to do it for them is not
> the right answer.

> “It is not appropriate for internet services — who handle some of our most
> private and sensitive correspondence — to be snooping through that data for
> the police, anymore than it would be for the postman to snoop through
> peoples' letters.”

[http://www.independent.co.uk/life-style/gadgets-and-
tech/new...](http://www.independent.co.uk/life-style/gadgets-and-
tech/news/lee-rigby-report-spins-facts-to-create-justification-for-spying-
says-privacy-group-9882717.html)

I know BBC _tries_ to remain neutral, but why is it that almost always when we
see a post like this, that serves as a platform for UK government's
propaganda, it seems to come from BBC?

~~~
ZoFreX
The BBC doesn't try to be neutral, it tries to be "balanced", which in their
view means giving equal time and weighting to both sides of an issue. It's
lunacy.

~~~
northernmonkey
What would you do differently given the authority?

~~~
TillE
Do journalism. Find the facts. Anyone can simply transcribe statements from
"both sides"; that is not a useful service.

------
anon1385
Cameron is planing to make encryption illegal:

>Cameron, still speaking in the Commons, says he does not believe it is
acceptable that there should be internet communications that authorities are
not permitted to intercept. The government should legislate on this, he adds.

[http://www.theguardian.com/uk-news/live/2014/nov/25/lee-
rigb...](http://www.theguardian.com/uk-news/live/2014/nov/25/lee-rigby-
woolwich-inquiry-report-published-live-coverage)

~~~
AlyssaRowan
Honestly, I'm rather angry. An innocent man hacked to death in the street, and
the murder is being used by politicians to openly further the goals of the
security services, who may have _actually recruited_ the murderer. Cynical
fucking _bastards_.

Authorities can in practice _permit_ themselves to do anything they damn well
want, I'm not under any illusions otherwise. But I want to do everything I can
to try to make sure that neither they nor anyone else are _able_ to perform
mass surveillance - because I know damned well there is now no other way of
stopping such grossly horrendous violations of everyone's inalienable rights
to privacy. They lie routinely; they have no oversight, no accountability, no
limits, no apologies, no truths, and absolutely no hope of reform inside a
system that is not even prepared to acknowledge what it is doing is wrong, let
alone stop it.

Talk is cheap, but I will state now that _no_ legislation of any kind will
stop me trying to develop, publish, advocate and deploy strong encryption and
anti-surveillance techniques everywhere that I can: places where such
techniques are illegal are uniformly the places that need it most. Maybe
trying to bring a little more 'civil liberty through complex mathematics' is
all I can do: but it's _something_.

~~~
badgersandjam
Unfortunately we live in an age of idiocy where anyone will sell their soul
for a smaller fee and less privacy. There's no winning against that so you
have to deal with this from the inside of the enemy via "legitimate sabotage"

a) get into hiring positions in the government and hire the stupidest, least
qualified and incompetent people you can get then quit and leave the projects
in the shit.

b) spend money galore so it cant be used on anything else

c) leak insider information on the sly.

d) use the tools you built against the people who paid for them.

e) manipulate and shame other staff out of positions of power.

f) play people off against each other and create new rivalry which consumes
all money and time.

I worked for the defence industry. This is how to break it.

------
Havvy
"Furthermore, it highlights that the companies' embrace of complex encryption
techniques is making it even harder for GCHQ to spot potential threats in the
"204 million email messages, 100,000 tweets and a million Facebook posts" sent
every minute."

You mean just like it is hard to spot potential threats in physical mouth to
ear communications?

Why is it okay to look at internet data for threats but not okay to put
listening devices on every person? Seems like it's the same flow of data
coming in either way.

------
davb
By that line of reasoning, coffee shops should start employing security staff
at each table, listening for patrons plotting terrorist attacks, schools
should ensure each classroom has adequate staff to interecept notes between
students to look out for signs of radicalisation, and companies should place
cameras and microphones throughout their premises to monitor for any
dissenting behaviour. Monitor everything. Record everything. Just in case.

~~~
hahainternet
> By that line of reasoning, coffee shops should start employing security
> staff at each table, listening for patrons plotting terrorist attacks

If an employee at a coffee shop overheard patrons at a table detailing a
terrorist plot. What exactly do you think would happen right now?

I mean, I'm all for thought experiments, but you haven't carried out step 1.

~~~
sp332
I don't know what you mean by "step 1", but coffee shop employees do not
routinely monitor all conversations just in case there's something illegal
going on.

~~~
dreamfactory2
you haven't seen PSAs urging the public to look out for and report unattended
packages and suspicious behaviour?

~~~
sp332
Only in airports. Oh and last time I was in Boston, the subway had that
message playing at intervals. Up here in New Hampshire we mind our own
business - or at least pretend to ;)

------
shawabawa3
Great, another terrorist attack used to justify restricting freedom and
privacy

The report seems surprised that Facebook failed to hand the guy over to the
authorities because he said he wanted to kill a soldier online. They'd be
reporting half the teenagers in the world if they were forced to do so

~~~
msantos
> Great, another terrorist attack used to justify restricting freedom and
> privacy

The way things stand, I agree that there's currently a big rush in the UK to
approve wider snooping laws

> The report seems surprised that Facebook failed to hand the guy over to the
> authorities because he said he wanted to kill a soldier online.

Facebook had already taken down several of his accounts because they were
deemed offensive and used to spread terror stuff (videos/hate speech). The ISC
report says Facebook took the content offline and didn't forward the matter to
the authorities.

~~~
hahainternet
> The way things stand, I agree that there's currently a big rush in the UK to
> approve wider snooping laws

These laws have been fully rejected once and will not pass in the current
government. What the heck news are you even reading if you don't know this?

------
DarkCow
> Facebook is the internet company that could have passed on information about
> Adebowale but failed to do so, the Telegraph has learnt.

> The ISC describes the internet firm’s policy of not policing its own website
> as “unacceptable” and accuses the firm of “providing a safe haven for
> terrorists”.

[http://www.telegraph.co.uk/news/uknews/terrorism-in-the-
uk/1...](http://www.telegraph.co.uk/news/uknews/terrorism-in-the-
uk/11252116/Lee-Rigby-report-live.html)

------
omh
The full report[1] has a number of interesting details about how the UK
intelligence agencies monitor people. The "DIFFICULTIES ACCESSING
COMMUNICATIONS CONTENT" section, from p139, mentions things like how GCHQ
monitors backbone traffic.

It's clear that if the UK have evidence of someone breaking the law then there
are options available. What they're complaining about are suspects who are
just being monitored as "suspicious".

But even if they'd wanted to ask e.g. Yahoo to monitor the suspects, I can't
see how that would have operated. Obviously UK ISPs can identify and monitor
specific people (or at least their home/mobile internet). But remote services
can't tie things back to an individual[2].

Really they seem to be suggesting that anyone running a large internet service
proactively monitor everything for "terrorism" and notify the relevant
international authorities when this happens. From the report:

 _We note that several of the companies ascribed their failure to review
suspicious content to the volume of material on their systems. Whilst there
may be practical difficulties involved, the companies should accept they have
a responsibility to notify the relevant authorities when an automatic trigger
indicating terrorism is activated and allow the authorities, whether US or UK,
to take the next step. We further note that several of the companies
attributed the lack of monitoring to the need to protect their users’ privacy.
However, where there is a possibility that a terrorist atrocity is being
planned, that argument should not be allowed to prevail._

I find it hard to believe that anyone technical is suggesting this!

The MPs on the committee might not understand how impractical it is but what
about the people from GCHQ who were suggesting this? Either they seriously
think this is a good ide, or they're just trying to get more ammunition for
increased monitoring powers within the UK.

[1] [https://b1cba9b3-a-5e6631fd-s-
sites.googlegroups.com/a/indep...](https://b1cba9b3-a-5e6631fd-s-
sites.googlegroups.com/a/independent.gov.uk/isc/files/20141125_ISC_Woolwich_Report%28website%29.pdf?attachauth=ANoY7cq6KIdy5014o5lXRc58Fk12qvGJutA-2NNk39lGLC7CTJgyEUU6UnuCdQvNzlcKkljlfWOnd-5CSQQSmXunk3Jf6D5OxlzwawR1njGi7BvtGUBTtosSdClA08uOcWb9FH2JK5YS9tNC1IBnxjvO35NkvAml42JBBuX0YrdsqcY-8MJKu6xj95EMuYHxynatt8CDVjyWNHR6qKlwl_50xjtBRHjyFtK8t3KXJtkhjiNUj1wOpkV_m_KNvmJjqxIxIPr8NvWk&attredirects=0)

[2] I suppose they could use the IP address, if GCHQ did the cross referencing
for changing NAT etc. But that would be impractical for some ISPs where the IP
changes regularly.

~~~
Silhouette
_[2] I suppose they could use the IP address, if GCHQ did the cross
referencing for changing NAT etc. But that would be impractical for some ISPs
where the IP changes regularly._

Don't worry, they've got that one covered:

[http://www.ispreview.co.uk/index.php/2014/11/uk-counter-
terr...](http://www.ispreview.co.uk/index.php/2014/11/uk-counter-terrorism-
security-bill-mean-isps.html)

~~~
omh
It's not clear what those proposals really mean. But even if Vodafone were
sending a constant stream of IP->subscriber mappings to GCHQ then GCHQ would
have to send them on to Facebook/Google/Yahoo etc. in close to real time in
order to get what they're after.

------
r721
Here is the report itself (200 pages):

[https://www.scribd.com/doc/248153458/25th-
November-2014-ISC-...](https://www.scribd.com/doc/248153458/25th-
November-2014-ISC-Woolwich-Report)

~~~
Torgo
I uploaded a downloadable PDF copy here:
[https://pdf.yt/d/iJ8ykm6h4Q6jRfHc](https://pdf.yt/d/iJ8ykm6h4Q6jRfHc)

source:
[http://www.parliament.uk/business/news/2014/november/stateme...](http://www.parliament.uk/business/news/2014/november/statement-
on-the-murder-of-lee-rigby-25-november-2014/)

------
smtddr
Please, as if the ISC could deal with the insane amount of false alarms it
would get.

This[1] would happen multiple times a day because nobody can tell the
different between a joke & a real threat... except teenagers and people who
"get it".

1\. [http://www.cbsnews.com/news/long-island-high-school-
student-...](http://www.cbsnews.com/news/long-island-high-school-
student-17-threatened-to-blow-up-school-arrested-by-police/)

~~~
sp332
Well when you put it that way, it would be pretty entertaining! Maybe FB
should just filter ISC workers and their families and report to them
everything that might be construed as a threat.

------
dreamfactory2
If the security services are seriously suggesting that Facebook should be
doing their job for them it doesn't speak too highly of any special
competencies and clearances of the security services themselves. If they think
this kind of thing can and should be done by the IT industry they have just
made the argument for outsourcing themselves to India. Not spectacularly
intelligent.

------
coldcode
Until we actively have thought reading, you can't know what people mean when
they say or write something unless you investigate every potential reference
to something terroristy. No one has enough money or manpower to do that.

------
mcguire
I seem to recall reading about various covert operations using advertising in
the International Herald Tribune and their "command-and-control network".
Anyone think the BBC would want to publish criticisms of journalism?

