GCHQ has been hard at work in the last two days spinning against our revelations on Sunday that it is spending more than £1bn on monitoring and analysis equipment under a secret project called Mastering the Internet. Mastering the Internet has been underway for over a year and contracts worth hundreds of millions of pounds have …
Men In Black
Good to hear some calm common sense in the midst of all the headline grabbing bluster.
A huge difference between a capability to selectively monitor (within a regulatory system) an individual or location and wholesale eavesdropping / data archiving of all coms.
I'm fine with the idea that in extreme cases (bomb plot for example) a couple of men in black and a c++ guy (accountable to ministers who in turn are reviewed by the judiciary) can show up at anISP to install a capture for the duration of an investigation.
Any suggestion of comprehensive real time data monitoring, archiving or profiling is not ok.
No Development Necessary
Nor are they "developing" the technology... well, if it already exists they don't need to develop it, do they? They didn't say they weren't *deploying" the technology.
Always tell the truth and let everyone else mislead themselves (that's Sun Tzu for the media era... which I suppose would be Sun Tz.0 )
However, on the upside: I'm rather happier about Them doing the snooping than anyone else... they don't trust *anyone* and I've heard that it has been said that even those who have provided valuable int. are not guaranteed access to the info they were perfectly at liberty to scrutinise before they handed it over. You have as much chance of your dirty linen being hung out by Them as (random comparative) Silvio Berlusconi has of being elected Feminist of the Year.
(Unofficially, no one even mentions G***, it's considered politer to refer it as [redacted], preferably in hushed tones, even in secure environments... walls have ears)
GCHQ? Who's that?
IIRC, the place hasn't been called GCHQ for years (if it ever officially was) although I've forgotten the "correct" name for it.
Whilst their statement is almost certainly excruciatingly correct, the devil, as usual, is in the details: What exactly constitutes damage to the UK or its "economic interests"? As an example, leaving aside, for the moment, questions of the legality of the activity, does this include pirating of movies or music? As you so correctly point out, they are not aiming to monitor *everyone*, just *anyone*. whenever they want. And if they happen to latch on to something they deem interesting and within their (gargantuan and ill-defined) remit whilst searching for something else, why then, it behoves them to look at it, right?
GCHQ has, for years, been a master of finding every tiny chink in the legislation which governs its behaviour and exploiting them to do exactly what its "customers" want, often without anyone else knowing about it. This is possible because of the nature of the classifications it applies to most of what it does. You can bet your life that the various Commissioners etc who are supposed to oversee its operations aren't on the lists whose codewords are part of the classification of the most questionable documents and information. And will, therefore, never even get to know they exist.
Of course, the place does do useful work and, to be fair, finding the right balance between accountability (and lost laptops) and the secrecy required for operational usefulness is never going to be easy.
The clever/professional crooks/terrorists/etc will just (multiple) encrypt stuff & use proxies etc, thus leaving the spooks blind to what they're doing anyway.
Never believe anything until it's been officially denied.
Exchange Level DPI Boxes?
To the engineers its just the box with the Phorm Sticker on it..
Time well spent
Looks like it was a good idea to enable TLS on my Sendmail install over the weekend then :-)
What to do?
For those living in a cave the swedish PirateParty received 5.1% in the latest polls for the EC-election.
Unless we bomb them (Barrack, can we borrow some intercontinental missiles pretty please) the only option is to USE YOUR VOTE!
The old media and politicians nearly soiled themselves when the numbers were published and same could work for UK.
Why not give it a try?
Meanwhile Im moving to Ulan Bator or some place where a printer is an expensive door stop.
Privacy... what's that?
I wonder how far we are from needing permission to brush our teeth with toothpaste in the morning, after all, toothpaste tubes can be used to hold volatile chemicals that can threaten the UK and its citizens after all.... Go the Government! I feel soo safe now
The wrong argument
It is really splitting hairs as to if GCHQ is doing this or the govt is getting the ISPs to collect the information and pass on to whoever. The important fact is that Jacqui wants this information and the amount of oversight is less than clear.
Global Communications HQ ..... a Figment of Imagination and also AI Work in Ab Fab Progress....
"Just as our predecessors at Bletchley Park mastered the use of the first computers, today, partnering with industry, we need to master the use of internet technologies and skills that will enable us to keep one step ahead of the threats. This is what mastering the internet is about. GCHQ is not developing technology to enable the monitoring of all internet use and phone calls in Britain, or to target everyone in the UK. Similarly, GCHQ has no ambitions, expectations or plans for a database or databases to store centrally all communications data in Britain.
Because we rely upon maintaining an advantage over those that would damage UK interests, it is usually the case that we will not disclose information about our operations and methods."
Hmmmm ... do GCHQ not realise that " today, partnering with industry, we need to master the use of internet technologies and skills that will enable us to keep one step ahead of the threats" and " maintaining an advantage over those that would damage UK interests" requires at least "developing technology to enable the monitoring of all internet use and phone calls" or buying into those who they may perceive as having Advanced InterNetworking Mastery.
And don't anyone chirp in with some nonsense about there being no Funds for anyone worthy of dragging GCHQ to the ForeFront of IntelAIgent Global Leadership will Counter with Advice to Virtually Deposit Quantitatively Eased Credit to a MaJIC Working Current Account. ..... No Peanuts Allowed No Monkey Employed.
And such is the Perception Pimped that Anyone and Everyone posting here is a Possible Person of Interest and some may even be into Reverse Engineering of Honey Entrapment and BetaTesting of Quantum Communications for Control of SCADA Systems ...... and just Exactly what is Needed for Feeding to Virtual Leaderships ...... Covert Controllers
And in such Games as are being Played, does Real Virtual Inaction Signal the Opposite of Understanding Leaderships into Royal and Ancient Arts and Internet Mastery of Magical Mystery Turing AIdVenturing ........ and Kind Man's NeuReal Virtual Machine Frontier.
"We will watch all of the people some of the time and
some of the people all of the time but not all of the
people all of the time. So that's alright then."
@ Dave Harris
You said: ** IIRC, the place hasn't been called GCHQ for years (if it ever officially was) although I've forgotten the "correct" name for it. **
It is called GCHQ. The name "Government Communications Headquarters" (GCHQ) was officially adopted on 1 April 1946, ans is still called GCHQ now.
Maybe you are confused by the fact it houses other agencies as well, such as Signals Intelligence (SIGINT).
Anyway, as stated by others, GCHQ have not said they aren't deploying the technology, just that they aren't developing it. They don't need to reinvent the wheel, do they?
We are definitely heading towards a police state. Soon, it will be compulsory for all newborn babies to have a chip implanted in the skull, which can be tracked for life, and will be used to monitor conversations and actions :o\
So they installing DPI black box probes, or in tech speak - routers. Hmm.
Anyone heard / know about meaning-based computing? Its all the rage don't you know!
Just overwhelm GCHQ
We could just ensure that every email has a trigger word in it, like " bomb ", and mention that each morning I go out to my bin laden with the debris from last night's supper.
Eventually, either everyone would work for GCHQ to manage their workload, or the politicians would give up and bother about important
Anonymous, because they really ARE out to get me
Apply for the job!
Quite interesting, check out the streaming data analyst requirements for GCHQ
how is this new? Have none of you geeks heard of Echelon?
If he's a bot, it's almost impressive how on point he is.
Did I just call it a he?
"Lead Researcher – Stream Data Mining"
(GCHQ job advert, my capitals to show their *expansion* plans, not *maintain capability* as they claim).
"Lead Researcher – Stream Data Mining"
"In the MODERN world, there is always too much information to analyse.
This means that organisations must process data on-the-fly, constantly change focus and priority, quickly introduce new algorithms and analysis techniques and continuously operate in a dependable manner.
"At GCHQ, we are LEADERS in the EMERGING field of data stream mining – extracting knowledge from data as it streams past at very high rates. We use this data to establish situational awareness, analysing new information in the context of what we know already.
"The NEXT FEW YEARS are guaranteed to be an exciting time for stream processing technology… several new technologies (including new programming languages) are set to dramatically change the way LARGE VOLUMES of information are analysed.
"We are working with other agencies, academia and industry to demonstrate the benefits to our business.
"As a Lead Researcher for this special project in our Communications Research & Development Team, you will have responsibility for a range of technical research tasks, working closely with an industry partner.
"We are looking for someone who can take the initiative, identify and seize new opportunities and who has a track record in successful delivery of complex tasks, as well as evidence of innovative ideas."
Not only are they implementing it against Parliaments wishes, they can't even be honest about it.
Vote of thanks
I propose a vote of thanks to amanfromMars for single-handedly tying up all of Their analysis capacity thus allowing the rest of us to stay under the radar.
I vote that we should now post all our communications through a new 'amanfromMars' filter ;) let GCHQ try to deep packet inspect and decipher that, should keep em busy for weeks :)
quote: "all our activities are proportionate to the threats against which we seek to guard.."
just a couple of questions regarding the above quote, to make sure i understand this correctly:
- exactly what threats? terrorists? what else besides that non-existent enemy?
- whom exactly is under threat from within the populace? the people? or the government?
oh, and we've all seen what the government call 'proportionate'....
More data mining GCHQ job search
"...This is a highly creative and leading-edge technical environment which perfectly balances commercial imperatives with academic quality research. The type of work we do includes....Data mining...High-Speed Internet Processing....Natural Language Processing....Network Exploration...Mobile Technology...Special Research Projects ...."
You don't need natural language processing for targeted searches because a person reads the data. So it's not targeted, it's done on bulk data, and it must be content rather than address fields which don't need natural language processing.
Doing a search on Google [data mining gchq site:glosjobs.co.uk] shows some very interesting cached jobs that are now deleted.
"Using data-mining techniques, you'll HELP US FIND MEANINGFUL PATTERNS and ... Servants who meet the above criteria and are looking to transfer into GCHQ. ...
www.glosjobs.co.uk/jobs_files/profileplus_details_display.asp?VD_ID=174923 - "
i.e. they're doing mass capture then doing pattern analysis, this is ECHELON by another name.
Or a wider search for [gchq site:glosjobs.co.uk]
"GCHQ Engineering produces systems that enable our intelligence analysts to ... GCHQ in Cheltenham is home to one of Europe's MOST POWERFUL COMPUTERS and"
So they have some heavy hardware to do it.
Job VD_ID=174660, "Natural Language Processing Network Exploration Hardware Data Mining ..."
Again, hardware data mining by Natural language.
Sounds like more well meaning idiots who can't see the bigger jigsaw from their little part.
Boy was that spin
All these sweeping terms:
All internet use.
Everyone in the UK.
Yeah so you miss one out and you're speaking the truth, just going to about what 99.99% of the people.
And hackers, what are they? Couldn't they just go protect from people trying to access machines or data in an unauthorised manner, oh that would be GCScriptKiddies themselves now?
Thank You Job Ad AC
I want to thank AC @ 13:49 GMT and 14:21 GMT for posting those job adverts. I do hope the media (El Reg at least) press GCHQ, the Home Office, etc, on these.
The Reality is...
... GCHQ (or whatever they are called) wouldn't actively monitor all internet traffic. Rather their supercomputers would be automatically analysing everything going across the network, like the NSA, flagging things of interest for analysts to look at. If they're looking for the same things the NSA are then it could mean something like a brief phone call of a few seconds- it could be a terrorist making a pre-arranged signal or someone quickly realizing it's a wrong number (I've certainly done it). Keywords could also be picked out of e-mails and internet searches. It might possibly bring some people of interest to attention, but it's possible they'd be a lot of false positives as well. Maybe I'm wrong but I believe that's the sort of system they want to set-up. Basically they would be going on a giant 24-hour a day, 365 days a year fishing expedition while still claiming that they are not actually listening in to everyone (because the computerss are 'listening', not people). Even if this were off-the-mark I still find it deeply contemptuous of the democratic processes of this country. Work has allegedly been going on this system since 2007; it has only just come up for public consultation and has yet to be debated in Parliament. I think the government/security services want it to be a fait accompli. Basically they've spent all this money which would a horrendous waste if it never went live. In the end I don't think the Tories or any other party would do anything about it. I think it is in the public's hands to act on our own initiative to protect our privacy. What I don't know. It would be nice if people started coming up with ways to hide or obscure our internet usage.
Many years ago I used to work at the Cheltenham branch of Dixons, where GCHQ bought shedloads of Amstrad PCs. The great thing about it was that since they could not return them when faulty because of the data held on them, we never got the grief all other users gave us!
They eventually found other sources of reliable PC kit, but for a while I rode the gravy train as they became experts at keeping their hardware working...
When phoning, the receptionist would only ever answer by asking what extension you wanted and all deliveries were made to a Room Number, anticipated by the guards at the entrance gate.
Paris because we'd all love to know what room she's staying in while visiting the UK.
The difference between now and then
At Bletchley park they used to crack the encryption used by the enemy. A jolly good job they made of Enigma too. If we really have that many "enemies within" that we need this mass surveillance, I suggest we start asking the government what they are doing that annoys so many people so much.
I don't have a problem with warranted interceptions. How hard can it be to tap someone's ppp stream coming in over ADSL at the ISP? You don't need massive data slurping. Of course, any serious threat to national security will be using proper ipsec vpns which GCHQ will fail to decode anyway. So they'll be left with monitoring either incompetents who aren't much of a threat or the general populace. Now that looks fishy. I'd like some hard numbers on "convictions gained for (attempted/conspiracy) murder" where the cinching data came from this sort of activity and could not be gained in another manner.
Governments - until they consistently look as though they are on my side, I don't trust them.
The Reality is....
"Rather their supercomputers would be automatically analysing everything going across the network, like the NSA, flagging things of interest for analysts to look at."
The reality is that there are 60 million people in the UK, and only a few potential terrorist. Say 2e-7 of the population and the ones that are most likely to be terrorists would do their discussions outside the UK sphere of data.
So the most likely outcome is a lot of false accusations a lot of disadvantaged innocent people, a lot of suppression of speech and a damage to the UK far beyond any benefit.
Far far far beyond any benefit.
You can see their understanding of this problem, in the comments they made. They are there for 'national security', they have a very very narrow role in 'serious crimes' that was added by Brown, they have no role in 'the economic well being' or broader 'law enforcement' (if they did it would be a warrantless searches for the police which could never be accepted). So because they're saying this, you can see them try to expand their role.
I mostly agree with the rest of your comments, the Tories will do nothing to fix Britain because as soon as they clip ACPO or GCHQ etc. Cheney/Jacqui figures will scream 'making Britain less safe' and they'll back down like the lightweights they are.
Seriously, they will do so much damage to Britain in the guise of 'protecting', and it's all well meaning but ultimately very very destructive.
It's OK they won't be storing all communications.
"Similarly, GCHQ has no ambitions, expectations or plans for a database or databases to store all communications data in Britain."
... oh wait, that's not what they said.
"Similarly, GCHQ has no ambitions, expectations or plans for a database or databases to store centrally all communications data in Britain."
Don't worry about me, GCHQ spies: I'm not planning to blow up a bus on a Thursday.
International Mutual Snooping?
Occasionally, I see it said that different countries mutually snoop on each other's citizens, so as to get around domestic laws protecting citizens from their own (but not each other's) governments.
"GCHQ is not developing technology to enable the monitoring of all internet use and phone calls in Britain, or to target everyone in the UK."
If, instead, it's to monitor all foreign traffic that passes through the UK, and if, say, various other countries are doing likewise, the end results would be much the same - we're all getting spied and snooped on, monitored, logged and so on, anyway. With international co-operation in the fight against terrorism, extremism (non-mainstream politics), organised crime, etc (everything else), it means that GCHQ's MTI project might be even more sinister, partly because it's not directly targetted at UK citizens.
Compare it with Jacqui Smith's recent "climbdown" regarding IMP. Rather than have a single, central database run by the State, she wants ISPs to build and run distributed databases instead. The feeble excuse of privacy concerns obviously doesn't stand up for even a second, but it does show how she regards us, the masses. She'll spin as a climbdown something that's no better, and possibly worse.
Joining up the dots, why wouldn't MTI (or some other GCHQ project) be part of some grand international collaboration to get around domestic privacy laws and the like?
Maybe that sounds a bit tinfoil hat, but how much stuff these days sounded tinfoil hat ten or fifteen years ago? Imagine in 1994 if someone claimed that, in 2009, the UK government would be pressing ahead with plans to log details of all phone calls, emails, web browsing, etc. Wouldn't that have sounded tinfoil hat? And again with taking photos in public places, seeking details of police officers, etc, etc.
If MTI isn't for snooping on UK citizens, then who is it for snooping on? And what's the bigger picture that really fits into?
What's in a name?
@Dave Harris: GCHQ definitely is called GCHQ. Maybe you were thinking of CESG, the InfoSec branch, which used to be the only bit of GCHQ that the government would admit existed.
@Register: It's not the "Doughnut", it's the "D'OHnut". Get it right.
To borrow a quote from Firefly
"The government is a body of people, usually notably, ungoverned."
I can't say I'm particularly surprised at the steps being taken to erode our civil liberties. It's a dangerous path for the government to be taking us down, one that assumes everyone is guilty until proven innocent. But then, it also seems to be that no matter which government we have, it's always the same kind of story. This kind of thing has been going on for a very long time, and frankly the argument that if we're not being monitored we'll all be exploded by the latest big bad bomb threat is getting flimsy. So, I'm forced to wonder, just why does the government have such an interest in monitoring us anyway?
Not that I really care why, so long as they don't. Certainly the fact that MP's are claiming so much of tax payer's money for a 'second home allowance' during a period of economic decline gives me little hope for the integrity of the political system, so the fact that the home secretary (and I use that title with as much scorn I can muster, she acts more like a crazy old mother of two housewife constantly breathing down her children's necks) is just so keen to keep a close eye on our activity is frankly disturbing, just what does she want the data for?
“but it's possible they'd be a lot of false positives as well.“
Unless you believe that a *very* substantial portion of the UK population are terrorist suspects that "possible" should read "near certain" The US national Science Foundation concluded this find-a-terrorist-through-their-comms-pattern idea is *highly* suspect. It was Claud Shannon who pointed out all information is a subset of noise. But then we have seen a Govt. Minister talking of "something leading to something else" and therefor we should ban sexually suggestive drawings of children because of this. So maybe they are not that bothered about little things like evidence.
"Maybe I'm wrong but I believe that's the sort of system they want to set-up. "
You have fallen for the deliberate mixing of 2 different things. Let me seperate them. Interception Improvement *is* exactly about listening in on people's conversations and reading the *contents* of their emails, texts, instant messages etc. It's UK specific and should (given what it is) come under RIPA. IE specific warrants for specific people. NB HMG has had such ability since the GPO days. And yes that is what the computers are likely to be doing.
The wholesale collection of call records (who from, who to, header lines, time, date, duration) is the EU Data Retention Directive. Note it was introduced by the UK when it had the presidency. So watch out for the "The EU made us do it" line. IIRC the Directive states this info is for National Security purposes only. And I think analysis of the data is forbidden as well on privacy grounds.
Some numbers for you to think about. The Interception Commissioner's annual report said last year there were about 500k requests for call records (which could not include internet pages then, but will soon if not already) a year. IIRC he did not break out how many were for actual phone taps. The head of MI5 in a speech to newspaper editors said there are c4k terrorist suspects in the UK. That's 1 in 15000.
So how much of the UK's telephone and IP infrastructure's back capcity *should* be set aside (or can be pre-empted by the government on demand)?
So how many simultaneous telephone conversations should GCHQ be able to monitor? With enough capacity (money) it could monitor everyone.
It might help you to know that an intelligence sharing agreement exists between the UK,USA, Canada, Australia and (IIRC) New Zealand. IIRC it dates from sometime in the late 40s or early 50s. It may be a cold ware era document but AFAIK it is still in effect. Remember it is already known to Reg readers that they will *not* be storing all call records themselves, it will be on demand at the service providers.
If they are going to do this...
and now everyone knows about it. Doesn't it rather defeat the object? I think this is all a blind. What are they really upto?
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- 14 antivirus apps found to have security problems
- Feature Scotland's BIG question: Will independence cost me my broadband?
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- FTC to mobile carriers: If you could stop text scammers being jerks that'd be just great