Hacker News new | comments | ask | show | jobs | submit login
MI5 'secretly collected phone data' for decade (bbc.co.uk)
279 points by yexponential on Nov 6, 2015 | hide | past | web | favorite | 150 comments



* MI5.

* GCHQ/Tempora

* SIS

* GDS (Government Digital services)

* Anti-encryption laws being chased through the houses of parliment.

* It's illegal to not provide, when questioned, the encryption key of a device in your possession.

* ISP Logging.

I've wanted to be in tech all my life and I felt that british people have facilitated a lot of good things in the tech world- but I have never been so ashamed to carry my passport. This country is one that had great laws for librarians especially after world war 2 which aided in privacy of the people.

but now, we seem to have forgotten that once data is collected, it can be used to target and harm people in swathes- it can be used actively to destroy individual people- or even, in moderation, can cause people to self-censor (which carries it's own problems).

I'm a British citizen, I will not return to the UK while archaic laws and boneheaded policy makers are eroding the very fabric of computer culture. Looks like the next election is in 2020.


> It's illegal to not provide, when questioned, the encryption key of a device in your possession.

Whilst true that's not the whole picture. This law isn't actually as draconian as it sounds: the prosecutors must prove to a very high standard that you do actually know the key, and haven't really forgotten. For instance if you typed in the password the day before you were arrested, that's probably a good sign you know it. If you haven't used it for a year and claim you forgot it ... or if they can't actually prove you know the password at all ... then you don't go down for it (in theory).

Now perhaps you object to the general principle. But let me ask you what your proposed balance is? If you're against mass surveillance and bulk collection (like I am) then this leaves the question of how can governments investigate crimes? Should they be regulating technology at all? I'd really prefer not. "Tell us the password so we can investigate the contents of this device" is low tech and has very limited potential to be abused for social control because it doesn't scale. You can't use this law to do bulk surveillance. So in the end it seems like the lesser evil.


10 years ago, I would tell you I agree. Now, I think this sounds incredibly open to abuse. This is the cabal of governments that sends people to third world countries to waterboard them. Are they really trustworthy with this power? My answer, today, would be "no".

What ever happened to old fashioned law enforcement? Are the police really so lazy that they have to have your help. Somehow the US is able to function without getting rid of (yet) the right to remain silent in criminal court. Certainly, there must be enough non-encrypted evidence for most crimes of import that prosecution is possible.

And if prosecution is possible, then what is the need?


"But it may harm your defense if you do not mention when questioned something which you later rely on in court."...do u mind explaining to me (american) exactly what that means? like if the cops arrest me and ask where i was last night and I don't tell them i was having dinner with their chief's wife (and thus not murdering mine), does that mean i absolutely cannot use that fact as part of my defense if my lawyer decides during trial it might be a good idea?" and do u at least have the right to have a lawyer present when you're being questioned like this?


https://en.wikipedia.org/wiki/Right_to_silence_in_England_an... is a good summary. You can claim it later, although the jury are entitled to infer from your not mentioning it earlier that you've made it up since the initial questioning. It has to be related to factual matters which you're actually questioned about. You're entitled to shut up until you get your lawyer present for the police questioning, but at that point you have to have your story straight.

A longer discussion: http://www.publications.parliament.uk/pa/ld200304/ldjudgmt/j...


> like if the cops arrest me and ask where i was last night and I don't tell them i was having dinner with their chief's wife (and thus not murdering mine), does that mean i absolutely cannot use that fact as part of my defense if my lawyer decides during trial it might be a good idea?

The issue is that a prosecutor may use the omission of certain facts during your interrogation as a way to cast doubt on your intentions or character. It's a very common tactic.

>do u at least have the right to have a lawyer present when you're being questioned like this?

In the US? Always.


i was asking about britain


https://www.gov.uk/arrested-your-rights/legal-advice-at-the-... explains things quite well. IIRC you're obliged to identify yourself when questioned but don't have to give any other details. You then have the right to legal representation, a free independent lawyer is provided on request if you don't have one.

I don't think we have a complete right of silence without - for example - being found in contempt of court.


It won't result in contempt of court, but it will result in a direction to the jury that they're entitled to consider unsupported statements you've made in court (but not earlier) as false.


There is nothing to gain by telling the police anything. If it's beneficial to your case, tell your lawyer. Don't talk to police!

https://www.youtube.com/watch?v=6wXkI4t7nuc


The rules of evidence are different in the UK. Be careful giving US-specific advice to a world audience.


I am so sorry about that! I misread and thought it was US-specific.


great video but not sure this applies if you are in britain right?


Actually, part of the new bill allows this to all happen without judicial oversight or process if the case is "urgent" (aren't they all?), at the sole behest of the home secretary - with an ex-post-facto judicial review. They can indeed force you, and if you won't present, they can then hack you, detain you, do whatever they wish, essentially.


Currently "urgent" refers to situations where someone is in immediate risk of death or severe harm. This is unlikely to change - they don't have the staff to include more stuff.

I agree that it's a very worrying bill with several attacks on important civil liberties.


This is unlikely to change - they don't have the staff to include more stuff.

If we can expect anything, based on recent history, it is that surveillance techniques that previously required onerous human labor, will soon easily be done in automated fashion.


Indeed. Probably has something to do with the fact that they quietly (and not so quietly, in some cases) took an axe to the judiciary a few years back.

It could also be argued that if someone is a terror suspect, then there may be an immediate risk, but to know so they must have more access, so it is therefore urgent that they do. This is the kind of Kafkaesque circular logic I'm increasingly coming to expect from the state.


Oh, the urgency I'm talking about is children being raped by gangs of men. This is a much more common use of police intelligence needing urgent access to phone records than terrorism.

As you say, with terrorism there's not the immediate need and there's usually a bunch more information.


How is the inquiry into the Rotherham non-investigation going, anyway?


Why pick out that case?


IN that case the police didn't need any special surveillance powers. They were being approached by children who said "I am being repeatedly gang raped by men who have groomed me with money and drugs, and who are now selling me as a child prostitute"; and by sexual health clinics who were providing abortions and STI services to children; and by teachers; and by social workers.

Those police did nothing with that information.

It's a reasonable point: Why do they want these extra powers when they've failed to protect so many vulnerable children?


>For instance if you typed in the password the day before you were arrested, that's probably a good sign you know it. If you haven't used it for a year and claim you forgot it [you might get off]

That sounds incredibly draconian.


> This law isn't actually as draconian as it sounds: the prosecutors must prove to a very high standard that you do actually know the key, and haven't really forgotten.

Not really, no. If the prosecution can show that the defendant EVER had or knew the key, the burden is then on the defendant to prove that they do not currently have or know the key. That's the framework set up by RIPA. Proving you do not have or know something is quite difficult. If it has been 50 years since last use and you currently have advanced Alzheimer's, you should be in good shape. Otherwise, the argument that the dog ate your homework, um I mean the encryption key, is not likely to be taken seriously.


the prosecutors must prove to a very high standard that you do actually know the key, and haven't really forgotten. For instance if you typed in the password the day before you were arrested, that's probably a good sign you know it.

I've had a few occasions where, after 2+ months of using a password at least 5 times a day, I roll into work and just can't login. I still know the password I used when I was 9 and dialing into AOL, but my work password rotation policy is so strict I just don't have long term storage for them anymore. I mostly rely on muscle memory the current password too.

So, all that was to say I don't think that standard is "very high" at all.


Not to mention how badly stress can screw with memory.

If you're used to entering your password in a specific relaxed situation and now you're filled with dread every time you think about it, damn right you might not be able to remember it. That's just basic neurology.


Which is why we need to wash all that stress out of your head by holding it under water for arbitrary amounts of time...


Yes! There are times when my motor memory recalls the password just fine. But, if I specifically think about the password and can't consciously recall it, at that point the motor memory seems to reset and fails too.


It's sad if the only solution to (potentially) protect your privacy is to lie in court, pretending that you have forgotten your password. (which could be dangerous if they later find some way to prove that you know it)


> It's sad if the only solution to (potentially) protect your privacy is to lie in court

It's court, your entire life can be dragged over the coals if there is sufficient justification for it. Privacy is not an absolute, if I have compelling evidence you have abducted a child the facility should exist to (at the very least) search your home and possessions.


But should the facility exist to force one to testify against themselves?


Yes, why not? The only reason I see not to tell the truth is that you're guilty according to the law; that then only seems morally justified if the law is unjust, in which case you should challenge the law IMO.


I realize this only applies to the US, since we have the 5th amendment, but watch the video (as mentioned above) --

https://www.youtube.com/watch?v=6wXkI4t7nuc

There are very good reasons to have something like our 5th amendment that apply to people who are indeed not guilty according to the law. It's not about telling lies, it's about not providing truthful information that can be used against you in ways designed to make you look guilty even when you are not.

The founders of our country who made sure we had a 5th amendment knew the importance of this -- they didn't put it in there to protect the guilty.


Or you're protecting legal secrets that protects other people. Like secrets about where somebody who is stalked is, crypto keys to security systems, etc... Or hobbies of family members that the rest of the family really do not approve of. And so on... Sometimes it just isn't justified to demand access to such information and punish the person of anything is left out or covered up. Sometimes demanding that the person tells the truth is worse than not to.


> GDS (Government Digital services)

GDS build the .gov.uk websites, they're a software development house that are competent (unlike most other government IT initiatives, most of their developers are Ruby/Rails engineers).

Nothing sinister about them at all, the only reason I can see for them being here is that you're terribly misinformed.


That depends how sinister you think it is to have Google Analytics used on the websites where you fill in your tax return.

The people I see who defend gov.uk seem to always be people who never actually use the government websites other than for a few basic things like driving licence applications or passport renewal. It's easy to be impressed by fancy new css styles when you don't use the site. Actual users of the sites were pretty dismayed by the changes.

Firstly they removed massive amounts of good content from government websites. For example things relevant to bootstrapping a startup like example EULAs and example contracts. As far as I can tell the logic was that it's more economically stimulating to make everybody pay a lawyer hundreds of pounds to copy paste a copyrighted standard EULA or contract (they used a silly example about bees to try and cloud what was a major policy change about the amount of value the government online services would provide to citizens).

They also made it a lot harder to find a lot of the important content on the government websites. Old speeches, press releases and policy white papers etc used to be easy to find and have now mostly disappeared. Access to that kind of material is vital for people trying to hold government departments to account.

Secondly they are using lot of 'startup best practice'. Like installing Google Analytics everywhere. Is a tracking service that reports to a corporation based in a foreign country an appropriate thing to use on government websites where you apply for passports or fill in tax returns or 'anonymously' report sex crimes?

Thirdly the gov.uk project has extended itself to take over the online presence of what were previously independent agencies that were intended to be arms length from central government and not under direct political control. The web presence of organisations like Natural England has been combined back into the direct control of central government under gov.uk.


Hey, don't forget the wild profiteering WorldPay are engaging in - taking a slice of the entire damn country's tax revenue! Quite the gig.


Can you elaborate on that claim? WorldPay is taking a percent of tax revenue, for what reason?


I assume he's referring to https://www.gov.uk/government/news/new-online-payment-servic...

Of course that only applies to self-assessment bills paid through the online system. You can still post them a cheque if you like. The vast majority of tax is paid through business bank transfer for PAYE or VAT settlement.


Don't forget also that gov.uk is actually pointing at Fastly, a CDN, headquarted in San Francisco.


> Nothing sinister about them at all

Although they've made taxing a car a painless and efficient process. If that's not suspicious from a government agency I don't know what is.


Not only is there nothing sinister about them, one of the primary reasons devs join GDS is to play a small part in making the government better.


What exactly is your issue with GDS? I thought they just build tech infrastructure for public services with a more modern approach.


Yep, that's what they do. They do a good thing, and they do it well. I know a number of people in and around GDS, it's really, really, strange for me to see their name in that list.


Throwing in lots of three letter acronyms will typically scare people by implying that there's something sinister going on.

Just wait till you learn of the French VDM...


> Just wait till you learn of the French VDM...

The doctor gave me a cream for it... cleared up nicely.


It's not that strange. Many people do not consider improving the efficiency with which the state can oppress its citizenry a good thing.

And to many libertarians, something as seemingly innocuous as tax collection or child protective services are oppressive.

Hence the hate.


So, you'd rather pay an inefficient government more taxes to oppress you inefficiently.

I look forward to hearing more of these libertarian ideas.


Google Analytics may be modern but that doesn't make it good (or legal) to install on government websites.


To be fair, they are actually very transparent about their use of Google Analytics [1][2], and anonymise some of the data [3]. That is not too bad keeping in mind they share a huge chunk of that data with the public [4][5].

[1] https://www.blog.gov.uk/cookies/#googleanalytics [2] https://insidegovuk.blog.gov.uk/2015/05/22/upgrading-to-univ... [3] https://assets.digital.cabinet-office.gov.uk/spotlight/javas... [4] https://www.gov.uk/performance/web-traffic [5] https://www.gov.uk/performance/about


Being transparent doesn't make it right. It (and the fact they use and advocate the use of Gmail in government) worries me. They're the people's government and that implies they're there on behalf of the people, to serve the people. That sentiment doesn't exist at GDS. They believe they're right about everything they do, are recalcitrant and take criticism very badly.

They are good at web pages though.


why? not all sites need the full adbobe / ensigten tools set and its costs.

For a lot of sites GTM and GA is quiet good enough


> This country is one that had great laws for librarians especially after world war 2 which aided in privacy of the people.

Great laws for librarians?


Librarians are protected from any investigation and library records are kept from the government.

You cannot investigate at any point, someones library history.


I think he's referring to the public library and museums act of 1964, which enshrined in law:

* The right to shush people without prejudice

* The right to bear cardigans


There is a big difference between mass surveillance, and a system of mandatory logging by private companies with warrant based access to individual's records for security officials.

A sensible compromise would be to accept a regime where the security services could read all the internet communications of particular individuals, or compel that individual to reveal decryption keys, subject to a warrant from a judge sitting in a public court who has decided there is reasonable grounds for suspicion.

Sadly, the proposed bill appears to still give too much power to the executive branch of government.


Such a regime isn't reliably possible. A backdoor for an individual is a backdoor for a nation.


What are the alternatives, and how much can you trust these alternatives?


I can't speak for the OP, but the Nordic countries seem to be pretty progressive in this aspect. I'd gladly relocate to a country that doesn't have this invasiveness (hint hint, 20 odd years in software and devops, hook me up).

The chilling effect is bad enough, but having agencies that sit outside of the light of public/democratic scrutiny is a foul thing.

How much you can trust the alternatives? That's a trickier question.


Norwegian secret services for decades conducted illegal political surveillance going far beyond "just" phone taps.

I personally knew people who were regularly harassed because of membership in legal political organizations.

One was the newspaper editor of the newspaper "Friheten" ("Liberty"), linked to the communist party, who told me how he for years was now and against stopped by officers from the police surveillance service (POT; now PST) who would make a point out of commenting on conversations that he and his wife had face to face in his home to prove they were listening in. There was no legal basis for the surveillance - POT had legal powers to initiate surveillance in cases where there were legitimate surveillance needs, but this surveillance never went through proper channels because they knew full well it wouldn't have been approved.

Another was a trade union rep whose commute to work had him walking past the Soviet embassy, which was the only reason he could think of for why he was tailed to and from work every day for years. They didn't try to hide it - making it obvious was part of their regular harassment.

(To be clear, while most of this surveillance was directed at left wing groups, the most likely instigator was the Norwegian social democrats in the 50's and 60's, not the right wing - the social democrats were if anything more worried about the groups to their left than they were about the conservatives at the time)

This was rolled up in the mid 90's, and during the parliamentary investigation it was revealed that one of the committee members - a socialist MP - was under illegal surveillance by POT while he was investigating them...

POT was "rebranded" the Police Security Service (PST), and we were assured it won't happen again, but the oversight is a total joke. Last year one of the largest papers revealed extensive amounts of illegal IMSI catchers in Oslo, for example, and it's all just petered out. The various agencies insisted it was nothing to worry about awfully quickly for someone who also denied having anything to do with it - if they had nothing to do with it, presumably they'd have been all over figuring out what was going on; their fast denials only makes sense if they denied because they knew exactly who and why.

Norway has also figured in Snowden documents as providing significant intelligence to the NSA.

Sweden has the infamous "FRA law", a signals intelligence law that makes every signal that passes the Swedish border free game for Swedish military intelligence. Which is pretty nasty when you consider that the host interchange points that a lot of European internet traffic travels through.

So don't assume you can escape this, because we can't. The only option is to find ways to fight back.


Thanks for sharing this, it was really informative. I agree, we have to find ways to fight back and stand up against this stuff at home. Telling yourself that you can just retreat to the Nordic countries (like they're some kind of utopia - give me a break) just leads to a false sense of security and increased complacency.


Thanks, whipped down thoroughly, I must have had my wires crossed with other policies I liked. If this gets through anyway, I seem to have been rate limited.


Direct replies within a conversation are soft-rate limited to discourage heated replies. The "reply" button is hidden for a time, but can be bypassed (oddly) by clicking the "x minutes ago" button and replying directly.

It's an open secret that I don't believe is against the rules, though if somebody knows better, you're invited to chime in.


Not against the rules; it's just a speed bump. We should probably have more of those.


Some more information can be found here: https://en.wikipedia.org/wiki/Lund_Report


Wow! Thank you so much for sharing this. There really is nowhere that is safe, is there?

Your last statement is absolutely correct -- time to fight back!


Currently I like the way Germany is going. They've been down the surveillance state rabbithole before (with the Stasi) and learnt how fucked up it is when the Government has that much power. It seems unlikely they'd repeat history.

It would be nice to see at least one country in the Eurozone use freedom of information as a selling point to come work there. I imagine there are many who work in IT in the UK who would move there out of principle.


Sadly, GEMA is a stranglehold on internet freedom over there.

> I like the way Germany is going

Germany recently planned (or passed?) a law requiring mandatory data retention, that's Germany going the wrong way IMO.

edit: I've just researched it and realized the mass uproar lead to the data retention being cancelled. And I found a nice list of other European countries who don't have data retention (Cyprus, Czech Republic, Germany, Greece, and Romania), nice.


Iceland is probably the most promising.

Very tough to live and and work in though for a non-native speaker.


Alternatively we're a country which has led the way in terms of governing the activities of our intelligence services through legislation. Something which even other European countries (France specifically) are still taking the stance that they can effectively do whatever they like. We've had some very illiberal laws I'll concede, from all political parties but I'd hardly write off the direction as travel as being so authoritarian as to be ashamed of my country or to live abroad.

Things like the encryption key law make sense to me, you can still mount a defence of why you may not have the key but far too often the debate around encryption is geeks making a "haha I've found a way to hack the law" case, which the courts, everywhere, have always taken a very hard line on. Personally I'm sympathetic to the argument that follows from it being a modern day safe and you're being asked, legally, to open it.

If you define the "very fabric of computer culture" as some form of anarchic society in which consequences to the fabric of the real world are ignored in favour of some broad principle then fair enough. But I'd far rather have a discussion about how as technology matures and becomes adopted by the masses we need to discuss how it fits into our existing legal and societal structures. Having rational debates about why something is or is not over-reach compared to say the government's previous ability to inspect all mail that left the country is a valid discussion.

The web history one is an interesting one, especially in terms of "the police". Oversight of the police has increased in the UK to massive proportions, I doubt there any other nation has the same degree of oversight in the world. It isn't perfect and at times poorly drafted laws get over-used, but on the other hand it is updating a capability to the 21st century. One example that is used, and as a former volunteer police officer one I've experience before - missing persons. Previously if you were reported missing I would have gone and looked through your diary, your mail, spoken to friends and family etc to build up a picture of where you might be, who you had spoken to etc. Now you'll find a laptop and be stuffed. Perhaps you took your mobile with you - this isn't a TV show, I can't just go "where is phone X" and get an immediate response. If we find your body in suspicious circumstances, then we'll start dumping phone data, or if you're a child and missing, but otherwise it's most aimless driving around looking. Fortunately the vast majority of missing people are repeat customers and turn up eventually, but I'd far rather loosen the ability for communications data to be used in those instances. But then of course the internet erupts as "the police can track your phone and view your web history without a warrant"...


Oversight of the police has increased in the UK to massive proportions

http://new.spectator.co.uk/2015/03/the-shocking-truth-about-...

https://en.wikipedia.org/wiki/Operation_Elveden

Elveden is particularly important here; in an environment where journalists are weaponising private information for smear articles with no real public interest justification, any information the police can easily get at may be leaked by bribed police.

UK trust in the police is still generally pretty high, but the War On Terror erodes trust everywhere it touches.


British citizen here.

Completely agreed.

Currently researching jobs and residency procedures in other countries.


And the leader of the Opposition is a Marxist as near as damn it. They have a great tradition of human freedom and anti-snooping or perhaps not.


The scary thing about web history logging is that it makes you question your web habits, if not become actively paranoid.

For instance, the article quotes the head of MI5 regarding preventing the bombing of the London Stock Exchange in 2010.

I wanted to know more about this, so Googled London Stock Exchange Bomb, and clicked on a few stories, and wanting to find out a bit more about the people involved, I then Googled their names and clicked on a few more links.

All this time, I had the thought at the back of my head: will these searches and clicks put me on a list somewhere?

(for anyone who wants to be saved searching for these terms, here's a quick overview: http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/9...)

It's this feeling that I most dislike about it all; something, or someone, somewhere may be watching, and so now I'm questioning myself because some discussion on some site has potentially questionable keywords in its URL.


How many of us have paused during conversation in the past four-and-a-half years, suddenly aware that we might be eavesdropped on? Probably it was a phone conversation, although maybe it was an e-mail or instant-message exchange or a conversation in a public place. Maybe the topic was terrorism, or politics, or Islam. We stop suddenly, momentarily afraid that our words might be taken out of context, then we laugh at our paranoia and go on. But our demeanor has changed, and our words are subtly altered.

This is the loss of freedom we face when our privacy is taken from us. This is life in former East Germany, or life in Saddam Hussein’s Iraq. And it’s our future as we allow an ever-intrusive eye into our personal, private lives.

— Bruce Schneier, The Eternal Value of Privacy, Wired, 05.18.06

http://archive.wired.com/politics/security/commentary/securi...


Whenever anybody trivializes surveillance or says it's "just a small amount of logging", they need to be reminded that mass surveillance has already done significant damage in the form of this chilling effect. Even more worrying are the reporters who have discussed the impact the chilling effect has had on their ability to function as a proper journalist.

> potentially questionable keywords

Keywords aren't even the problem; the inferences - legitimate or not - that can be found with modern data analysis techniques and machine learning practically guarantee we will see people being wrongly accused or otherwise affected. This much data is an endless arena for the human tendency to interpret[1] data until they see whatever they want to see. If search a bunch of web histories looking for problems, you will find something.

Oh and this problem is why some of us have a strong reaction against any kind of tracking, especially ad networks. Facebook/Google/etc are just as worrying, and accessing their data simply requires a national security letter (or UK equivalent).

[1] https://en.wikipedia.org/wiki/Apophenia


Your CSRS just increased. CSRS = Citizen Subversive Risk Score.

A couple more internet searches like that and you'll be hauled into "the Cage" for questioning, held without charge for 72 hours under the "Anti-Terrorism and Subversives Act 2018" and released after a good beating.

Your credit score may or may not be affected. Employers may call upon your CSRS score before employing you. Increases over 5% a year are grounds for dismissal.


> held without charge for 72 hours

Today, if you're arrested in the UK under Terrorism charges you can be held for up to 14 days.

https://www.gov.uk/arrested-your-rights/how-long-you-can-be-...


And terrorism is such a broad term these days, especially with regards to "cyber-terrorism".


You mean like Sesame Credit in China? You may jest, but if they aren't already secretly doing this, it would be of little surprise if they decide that what China are doing is a Good Idea, and adopt it.

http://www.ft.com/cms/s/0/d412385a-6e54-11e5-8171-ba1968cf79...


The stupid thing about web history logging is that it is not web history logging at all. It is internet connection logging. The analogy made by Teresa may that it is an "itemised phone bill for the 21st century" shows a complete lack of understanding of the difference between circuit switched networks (e.g the PSTN phone network) and a packet switched network (e.g the internet).

Far as I understand it, the current draft will require ISPs to log all IP connections made, and some other metadata from the packets.

This will be a potentially huge amount of data that ISPs will have to store for 12 months, and it will largely be useless data; as by the time this is enshrined in law and ISPs have this implemented, we will be a lot further down the path that we are currently headed with regards to increasing use of HTTPS and HTTP/2.

All you will be able to gain from this information is ip addresses & hostnames connected to. URLs and other information are all transmitted inside the encrypted session.

Aside from this, terrorists, nefarious types, and increasingly; any technically competent, law abiding citizen with a reasonable desire for privacy will use VPNs, TOR, etc, making it even more pointless.


But if you read the articles recently published on this in the past week or so, they go on to state that in certain circumstances the content or web page detail would be investigable. So this means it is still "full take" to put it in Snowden terms. They are not just storing meta data, they are storing everything and only allowing the meta data to be "freely" searched.

And Theresa May's analogy with itemised phone bills is completely ridiculous. Web domain logging is not the same.

[edited] added 2nd para.


You might be browsing though TOR or a VPN but if you ever dare log into your account, you will be identified. There could be spying from outside or inside, or keys compromised. So you can read, but you cannot use your accounts on any site, or make perfect isolation of the anonymous account and never log into it from your real IP. This feels more like trying to maintain perfect hygiene than hacking. People will be sloppy and a single mistake can unravel a previously anonymous activity. The whole process will be much more difficult and people would not be disposed to do all that work, thinking that they will be OK without it. Because the level of discipline necessary for real anonymity is huge, I think we need to focus on that problem.

I envision a modified browser that has a registry of all your private information and enforces it's protection from the web browsing activity. You will not be able to send over the net your name, email, nickname, identifying cookies, your IP will be hidden, basically it will be like a nanny protecting you from sending any identifying information over the lines. That would be a place where people will be anonymous, but, again, you can't contact anyone you know or use any account that you have used from your real IP in the past, so it will be a different kind of browsing experience.


Agreed, and this is probably by design. It's all a part of social control, or attempted social control. It's the threat of constant surveillance that will contribute to keeping people under control. Personally, I remain skeptical that Govt agencies can do a fraction of what they are claiming to be able to do - anyone who has worked with the various joys ofindustrial sized databases will know how difficult it is to maintain and query the really big ones - but the possibility of the threat remains. I forget the movie that the line is from but: "you don't actually need a big gun - just tell 'em you have one".


Welcome to the surveillance state in your head: http://www.theamericanconservative.com/articles/the-surveill...


I used to want to visit the UK, not so much anymore... when you find yourself mulling over how best to protect yourself in the same way you'd prep for attending something like defcon, it sort of loses its zeal.

Edit: wow, the downvotes are coming fast on this one, guess i found a nerve. needle


It won't matter if you visit the UK. The UK law extends the rights of surveillance world-wide,

These laws comes in handy at times. As part of the "five eyes" spy agrement, UK and US are intentionally spying on one another's citizens and sharing the collected information with each other in order to circumvent restrictive domestic regulations on spying.

https://en.wikipedia.org/wiki/Five_Eyes


It is a legitimate, practical concern whether visiting somewhere will increase your risk of attacks on your devices and data. I was struck by a New York Times article from 2012, before organized governmental hacking was the topic of the day, setting out some of the precautions that people took.

http://www.nytimes.com/2012/02/11/technology/electronic-secu...

This was particularly focused on hacking by China (something we in English-speaking countries had learned to hate and fear over the years), and I found it sad to learn that the same precautions can be appropriate for visiting liberal democracies.


Seems to be a pretty common theme going on now, at least among the five eyes and any beholden countries.

The one thing that makes me (grimace) laugh is that with this level of surveillance, they seem to be either a) incredibly incompetent because of all the corruption, paedophilia and so on that seems to go unpunished/uncaught, or b) a tool used by people higher up the chain for other purposes.


Probably because the data is only used for intelligence / contra intelligence purposes and quiet rightly the plod (Police) are not allowed to go on fishing expeditions.


Well the <sarcasm>good news</end sarcasm> is that the new laws being proposed in the UK will give the data to the police as well. Given the record of abuse of such data it won't be long before they are dragnetting the database.


That's the worrying issue then the Police and the Home Secratery are not getting on at the moment - I can see the lords putting some amendments down to kill off general access by the plod.


Well the current laws passed in Australia mean a large array of government departments can see our metadata.

That aside, we know the intelligence gathered has been used for parallel construction... perhaps just selectively I guess.


Dragnet surveillance data must be used selectively: you don't want to use it against your "confidential informants", after all. That would ruin their testimony in later cases, and give previously convicted "perps" grounds for appeal.


As a Brit, it's weird because unless you're one of a few kinds of activist or visit Northern Ireland, it's pretty much invisible and a largely theoretical threat compared to, say, regular malware or driveby hackers. It's a lot like refusing to go to the US because the risk of being shot by the police is far higher there: statistically true, but as a white tourist it's very unlikely to be a problem.

The other weird thing is about how the war on terrorism is being carried out as invisibly as possible, including what it might claim as "victories": actual convictions of people for terrorist offences. They're not being paraded around in the papers.

The concern lies at the political level: are the security services being deployed against Corbyn? After all the PM did call him a "threat to national security".


MI5 have a very long, and proud, history of distinguishing between political enmity and "subversive" activity. The history of "entryism" during the Cold War is well documented, and MI5 have declassified information about what they did and did not do. Basically they helped protect the Labour party from infiltration from Communist sympathising individuals who wanted to overthrow Parliamentary democracy. They did not spy on merely left wing individuals.

We're in an age of leaks, and there have been whistleblowers from the UK intelligence services. If MI5 were asked to spy on Corbyn you'd probably hear about it in the resignation letter of the head of the service...

Personally I do think Corbyn is a threat to national security. Not in a sense which he is aiming to destroy the state or country, but that his naive and inconsistent world view would embolden our enemies and be more likely to cause conflict. His views are one which he is entitled to have without state surveillance, he's entitled to stand for public office and entitled to be brutalised by his political opponents for his previous positions, especially on foreign policy.


> Personally I do think Corbyn is a threat to national security... his naive and inconsistent world view would embolden our enemies and be more likely to cause conflict.

I agree with most of your comment, but this one point made me spit my tea all over my screen.

15 years after Tony Blair's 'sexed up' dodgy dossier pushed us into joining the US in the rediculous 'Gulf War 2', which (predictably) resulted in a huge power vacuum in the region, world-wide radicalisation, and further conflict (with no end in sight), it's a little funny that someone outside the usual 'war hawk' template gets accused of being a threat.

Sure, he wants to get rid of Trident, the nuclear missile system that relies so heavily on US guidance infrastructure that the UK physically cannot fire it without US approval. Since it's not independent it has zero tactical value and exists solely as a way of subsidising the US nuclear stockpile while fluffing up our own feathers like a giant mind-numbingly-expensive peacock.


"the UK phsyically cannot fire it without US approval"

I've never seen any evidence supporting that view - we certainly couldn't maintain it for very long without US help but the whole idea of the UK deterrence fleet at the moment is that they have no dependencies on anyone to carry out a launch - for the obvious reason that in most attack scenarios there wouldn't be anyone in the UK left to contact.


I agree. The Permissive Action Link(PAL), a remote security device for nuclear weapons, was typically used when the state is non-nuclear, yet is a member of NATO. They are secured and deployed by USAF members. But the UK is not one of these states. In fact, you can find evidence that they do not use the PAL on their own weapons, so most likely they do not have them deployed on any of the NATO nuclear weapons stationed in the UK.

https://en.wikipedia.org/wiki/Nuclear_weapons_and_the_United...


"The UK Trident system is highly dependent, and for some purposes completely dependent, on the larger US system."

http://www.publications.parliament.uk/pa/cm200506/cmselect/c...


I don't see anything in that says that a UK sub needs US input to launch - in the worst case they don't need any input to launch (they don't have PALs).

Of course, there are dependencies on US systems for lots of things and if the US withdrew support for our Tridents systems we probably couldn't operate them for very long (months - probably, years probably not).

Is it completely "independent" - of course not - it's a US system and there are very few scenarios where the US and UK wouldn't co-ordinate an attack. But does the UK need "permission" to launch - not as far as I know.


The US can withhold targeting data prior to launch, or switch off guidance after launch.

That is all stated as fact in the Parliamentary report. Not sure which part you disagree with.

Sure, you might be able to sneak a launch and hope they don't detect it, but that's a little farcical for a £100bn defence programme I would've thought.


That's appears to be evidence given to a select committee - so it's one person's view.

AFAIK subs don't use GPS underwater - and missile subs spend most of their missions underwater. The missiles themselves use inertial (hence the dependency of knowing the launch point) and star-sighting:

"GPS has been used on some test flights but is assumed not to be available for a real mission."

https://en.wikipedia.org/wiki/Trident_%28missile%29

I'd be very surprised if the sub don't go to see with at least some target data - kinds of defeats the purpose of the entire system which is set up to give UK Trident sub commanders a surprising amount of leeway:

https://en.wikipedia.org/wiki/Letters_of_last_resort

[Edit: For the record - I am rather passionately anti-Trident and would strongly prefer the UK didn't have them].


"The Future of the British bomb", John Ainslie

http://www.swordofdamocles.org/pdf/future.pdf


Of vague relevance, former undercover police officer Pete Francis says he saw files on Tony Benn, Ken Livingstone, Dennis Skinner, Joan Ruddock, Peter Hain, Diane Abbott, Bernie Grant, Harriet Harman, Jack Straw and Jeremy Corbyn. He says he personally spied on Jeremy Corbyn. That's Special Branch not MI5 and not contemporary, but still.

Btw I don't think your comment should be downvoted, I don't see anything it shouldn't be OK to say in it.


distinguishing between political enmity and "subversive" activity

Lots of people would disagree as to whether this distinction was in the right place, especially as "communist infiltrator" is still being thrown around as an accusation decades after the fall of the Soviet Union. While there are a few of the hard left that are a serious handicap to anyone around them (e.g. Tommy Sheridan, George Galloway), they're not especially dangerous.

I fully expect to hear eventually (after decades have gone by) that Corbyn is being spied on. After all, look at Peter Hain: http://news.bbc.co.uk/onthisday/low/dates/stories/may/22/new...

"In 2001, secret government documents published under the 30-Year Rule revealed that Peter Hain - then a Minister for Europe in a Labour government - had been under surveillance in 1970.

Harold Wilson's government had even considered charging him with seditious conspiracy for threatening to disrupt the proposed cricket tour."

Anti-apartheit campaigner and friend of convicted terrorist Nelson Mandela: does he go in the 'political opponent' or 'subversive' box?

"Threat to national security" is a very specific phrase which people should be careful of throwing around, since it's used to legitimise all kinds of action against people.


Well said there where well documented entryist attempts on trade unions.

Its a pity that any nuanced discussions get voted down.

MI5 is not Hovers FBI an organization so dodgy that the CIA in the 1960's where concerned! (this is from classified CIA documents)


Oops I meant declassified docs


I'm intrigued here, since I can't personally empathize with your viewpoint. What makes state security services monitoring communications (pretty much like all countries) outweigh the desire to visit another country, experience it's culture, sights etc? For me, this would always outweigh anything else, other than actual physical safety - I'm deliberately not taking my dream holiday to travel Egypt, and have been for years now. (FYI, UK citizen, in case anyone feels it's relevant)


Maybe he's zer0defex is equally torn on the margin between Britain and country x.


But that's the thing. We're always attending something like Defcon ;) Surveillance is ubiquitous.


Yup.

As a British citizen I wouldn't recommend that anyone visit here.

I wouldn't personally wish to visit the US since its hyper-nationalist, gung-ho, war-fervour has been in full swing, coupled with the potential ass-raping at airport security by the TSA.

Even less so since the NSA/GCHQ stuff has come to light.


> I used to want to visit the UK

I used to want to move to London. Now I know I won't.


Seriously? Now you might be engaging in activities which mean you do need to engage in Defcon levels of preparation, perhaps you work in intelligence, perhaps you're a terrorist, or perhaps you're a journalist. But then you'd be engaging in Defcon levels of preparation all the time, including heading to any Western country. I suspect you're not and you're mistaking your desire for privacy with thinking the UK is in any way interested in you.

This isn't a "nothing to hide, nothing to fear" argument I'm trying to be realistic. The UK has a strong history of an independent judiciary standing up to the state and of a government that has been legislating to increase scrutiny and safeguards for decades. This whole programme may have been under a "vague" law but it is covered under the law and the government is having a debate on making it clearer what is happening. In trying to update old laws to the modern age I think it is acceptable to discuss what the limits should be, but also accept that old concepts of where the state can intercept communications should change not just be written off as "oh well we can't do that any more".


Yes, seriously.

You don't need to believe that someone is actively looking at your communications to be concerned about all your conversations being logged into a database somewhere, for future reference.

We know now that the only chance we have to prevent our communications falling into the mass surveillance dragnet is precisely to follow, as you say, "Defcon levels of preparation all the time".

Despite what you say, your argument is exactly the trite old gripe about "if you have nothing to hide, you have nothing to fear". Except maybe if you decide in 15 years to run for political office on a platform to rein in the intelligence services, you might. Then it might not be good for them to have this huge haystack to search through to pass juicy bits to the tabloids. Look into the FBI's handling of Martin Luther King for example.


And yet again the UK is not the USA, MI5 is not the FBI, Spooks is not a documentary.

The FBI's handling of MLK, and the general culture of fear of Hoover in the political establishment, is an excellent example as it is all before any of this technology. It isn't an argument against this, it is an argument for the effective oversight and regulation of the intelligence services. The USA might have some bizarre legal concepts in which the courts defer to the state when "national security" gets played but I can assure you that is not the case here. We've paid out settlements to the British Guantanamo detainees because trying their lawsuits would have potentially exposed intelligence relating to whether they were bad or not. NB nothing justified their treatment regardless of who they were.

It has always been the case that the intelligence services have the capability to destroy someone they don't like. If they don't have that then they're not any good at their jobs. If you have a (rational) fear that they can that is an argument for reigning in that service, not hobbling their ability to do the things we do need them to do.


bizarre legal concepts in which the courts defer to the state when "national security" gets played but I can assure you that is not the case here

https://en.wikipedia.org/wiki/Diplock_courts

"…the Law should be used as just another weapon in the government’s arsenal, and in this case it becomes little more than a propaganda cover for the disposal of unwanted members of the public. For this to happen efficiently, the activities of the legal services have to be tied into the war effort in as discreet a way as possible.."

That was 1970, but if you think the UK security services have clean hands you are seriously underinformed about Northern Ireland. More recently there's Spycatcher, Zircon, Matrix-Churchill, police infiltrators in environmentalist groups ( https://en.wikipedia.org/wiki/Mark_Kennedy_%28police_officer... ), and so on.

Effective oversight of the intelligence services is really hard because it can't be done in public, and it's easy enough for them to convince politicians that it's all fine really.


Or maybe she is a private citizen with an unusual sexual kink that she does not want her mother/boss/customers to know about. The UK government will not be able to keep all the data they are slurping up secure and it will end up in (more) criminal hands than GCHQ/the police.

> you're mistaking your desire for privacy with thinking the UK is in any way interested in you.

Why does the UK maintain a file on her then? And why on me? And why on you? If they are not interested why bother to store the data?

Your second paragraph is inaccurate in almost every respect.


> The UK has a strong history of an independent judiciary standing up to the state and of a government that has been legislating to increase scrutiny and safeguards for decades.

Do you honestly believe this?


What's painfully not funny, is that the vast majority of the British public won't see this as a problem, and won't see any need to do anything about it.

There is a reason why all the data and calls go through the BT Tower in London, and why it is guarded like a fortress. All the taps are there.

https://en.wikipedia.org/wiki/BT_Tower


>What's painfully not funny, is that the vast majority of the British public won't see this as a problem, and won't see any need to do anything about it.

You mean the same public that accepts and sponsors a "royal" class in 2015?


> You mean the same public that accepts and sponsors a "royal" class in 2015?

We make money from the royals, does that change your opinion?


Pimps make money from prostitutes, doesn't make it moral. If you support having a royalty, great, that's certainly your right. If you are against the concept in principle then deciding it's okay since we make money from them seems wrong.


Regardless of anything relating to the royals, it is not Queen Elizabeth who is instituting this, it is the democratically elected.

Please don't bring in our royals as if they're somehow the reason of anything. There is a symbiotic relationship in regards to the royal family that you have to understand, the people who hate them are jealous- yet would probably not like the spotlight they have. They do bring in a net gain to the country, they are educated enough in certain scenarios to represent us quite well.

I don't take exception to them, but if the public /did/ then government could restrict the funding to Her Majesty. (Which has happened a lot before and has constituted the closure of many of her castles.)


>the people who hate them are jealous

You say it like it's a bad thing -- that those jealous should be ashamed of themselves or something, when it's the other way around.

Democracy is all about people being jealous of royalty (kings, feuds, pharaohs) having all the power, land, free food and honors, for just being "born" special, and putting and end to that charade.


> Democracy is all about people being jealous of royalty (kings, feuds, pharaohs) having all the power, land, free food and honors, for just being "born" special, and putting and end to that charade.

I'm curious, are you saying that with a straight face? Because there's no way you can look at capitalism / US politics and believe that it's any different.


The US Republic is a farce of democratic processes for sure, but they at least did that to themselves. They were given a choice.

If they fucked it up and created the plutocracy they did, fine. That was their mistake to make.

We still have an unelected upper house of parliament that actually has power, as well as our unelected, divinely appointed monarch.

We were never given the choice of fucking up our own republic. We should have been by now.


My point wasn't to glorify capitalism/US politics (besides I'm not American). It was to put feudalism in perspective.

That said, modern government/economy is unfair too, but at least those on top get their power from something tangible (money) as opposed to some bloodline and most people are not exactly serfs.


Not in the least.

First, because making money isn't a final justification for everything, and especially keeping an antiquated and anti-democratic institution around.

Second, because a country can still make money showing off palaces, changes of the guards, its royal past and the like without maintaining a royal class. Heck, maybe even more money, e.g. by expropriating their castles and estates as state property and making them into luxury hotels and such.

In fact this whole "we're making money off of them" only counts their annual expenses, and balances it by some touristy influx and purchases (that it also assumes would go totally amiss without the royals). That ignores all the land property they occupy which amounts to tens of billions -- (£7.3 billion for the Crown Estate alone), and which could be state property in a democracy.

Finally, there all these "blue blooded" that get a "royal pathway" to politics in the House of Lords and such -- further pushing their agendas and interests into the whole of politics...


According to whom?

The figures usually provided show a lot of income from Crown land, which belongs to the state. Or, they put a big figure on tourism -- which would probably be even bigger if tourists could pay to have a look inside the palaces and castles.


The Crown Estate net profit for the Treasury is around £250m a year - which is pocket money in the national budget.

15% of the profit goes back to the monarch.

Incidentally, the Queen still "advises" the Prime Minister in weekly meetings.


Money is irrelevant.

They are symbolic of the obscene luxury, wealth, power and elitism that comes from the absurd and archaic concepts of hereditary privilege and 'divine right'.

Sod the money, we'll make do without it. Just get rid of them.

The fact we still have a queen tells us we’re no more sophisticated than bees.


It's not guarded like a fortress. Unless you're including fortresses that allow the public in regularly.

It's guarded like a very noticeable landmark in London for the same reason that most targets are guarded - because of bomb threats. As they had a bomb explode in the BT tower, it's not an unreasonable thing to do.

Oh, and not all calls and data go through there. I think they still get a fair chunk of microwave comms but that's a very small proportion. If the taps are really there then GCHQ are mostly tapping BBC broadcasts.


You're right. It is a public face.

The real hub is Telehouse: https://en.wikipedia.org/wiki/Telehouse_Europe

and

https://en.wikipedia.org/wiki/Mastering_the_Internet

As I understand it, this is just Project Tempora being officially acknowledged, post-Snowden. The cat is already out of the bag anyway.

The best way to announce such a shitty program officially is in another bag full of shit. That's why May has done this now.

http://www.theguardian.com/uk/2013/jun/21/gchq-mastering-the...


The tyranny of the majority. If you can control what they watch on tele, you can basically control what they think.


Panem et Circenses (bread and circuses).

As long as the average voter in this country has a job, x-factor, can visit the pub on a sunday afternoon and get away on holiday once a year nothing is going to change.


The British public are largely misinformed and misled by fear, uncertainty and doubt by demagogue politicians and biased media.

Plus since the 1980's or so the people seem to have been conditioned into a very self-serving and xenophobic bunch.


really? I know electronic miniaturization is an amazing thing, but is this big enough for all data and calls to be tapped from?


See my comment above about Telehouse London


The blatant contempt they have for their people is astounding.

> The draft bill's measures include:

> Allowing the security services to hack into phones and computers around the world in the interests of national security

> A new criminal offence of "knowingly or recklessly obtaining communications data from a telecommunications operator without lawful authority", carrying a prison sentence of up to two years

In the same breath they threaten prison sentences for doing exactly what they state they're doing.

> The Wilson doctrine - preventing surveillance of Parliamentarians' communications - to be written into law

Come on guys, now you're just taking the piss


preventing surveillance of Parliamentarians' communications

.. except when authorised by the PM. Who recently called the leader of the opposition a threat to national security.


The creepiest implication with this is if you get the wrong person in power at the right time, they might be able to keep their party or interests in power for an atypically long time, given access to these new tools. We all know that keeping one political interest in control for any extended period of time is never good.


That ... would be what MI5 is for. My objections only begin when law enforcement start getting access to spook grade data (which means I'd object to them sharing with the NSA, who're clearly rather permeable to law enforcement currently).


That's because unfortunately the FBI have a dual role - the FBI and Secret Service should have been merged/split into the traditional policing roles and into the roles performed in the by MI5


Many British people (including myself) would disagree with your assessment of the role of MI5. Personally, I don't think they are there to carry out mass surveillance.


How would you say identify associates, handlers, spotters or more bombers after the 7/7 bomb attacks?


I am British, you twit.


Tadaa ... . The surprising fact for me is when I was talking with mostly programmer located in USA in Reddit (I am not from us), they didn't even care about NSA/etc agency collect their data. They act in a way I thought they think their data belongs to NSA. that really got me to thinking. This is my right as human being to have privacy.


Real world events make for such an awful James Bond spoiler.

http://www.wired.com/2015/11/spectre-james-bond-video-review...


NO worries it'll all be legal soon. If there are any senior ex-Statsi left alive they will be looking at the UK spying systems and wishing they had had this level of access.


They secretly collected phone data for a decade and nothing untoward seems to have happened! Sounds like the powers that be are reasonably responsible after all.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: