Home Secretary Jacqui Smith isn't known in these pages for the clarity of her pronouncements on technology. And yesterday, as she confirmed the government's plan to proceed with the Interception Modernisation Programme (IMP), she limited herself to the spin of building a universal communications surveillance apparatus. The …
Can a cow produce bullshit?
Oh, yes she can. More of the wacky wonder's fertiliser over here.
Er, there is just one thing I might mention (well, say four)
for all the "ooh, just encrypt it through a VPN", and "SSL will surely save us all" crew, just four letters :
G C H Q
A potted history (off the top of my head, so probably not the most accurate) :
Just pre WW2, the Government Code And Cipher School (GCCS) was established from bits of other disparate code breaking teams that were lying around the place, their mission, should they choose to accept it, to break any and all ciphers with which they were presented. During WW2 GCCS was moved to Bletchley Park, where they successfully built on Polish cryptanalysis of the Enigma cipher machine and automated it's breaking using machines, invented a whole parcel of computing machinery to break other complex manual and machine ciphers, most notably pretty much inventing the digital computer in the form of Colossus to automate wheel breaking of the (then) fiendishly complicated Lorenz machine cipher, and broke literally thousands of other enemy ciphers, including some of the Japanese machine ciphers.
Subsequently renamed GCHQ and moved into new headquarters in Cheltenham, they continued to be responsible for breaking codes and ciphers, as well as inventing new ones.
That's their job. That's what they do, and they are demonstrably excellent at it.
Now they have supercomputers, lots and lots of supercomputers. Don't count on them not being able to read you SSLd traffic or PGPd email.
Also, don't forget that no matter how much encryption you throw at a problem, your traffic data (ip addys, etc) are still in the clear, and that no matter how many spurious web spiders you throw out, you still only need one site of interest to show up in a trawl to become a _person_ of interest, at which point your obviously suspicious web activity logs will make sure you _stay_ a person of interest. That's the truly scary Big Brother part, any attempt to game the system that can be detected will suggest that you have something hide and mark you out for further attention, so best behave nicely, and let auntie Jacqui see what you're up to, or she'll want to know why.
Oh, and Echelon, not a conspiracy theory, a real system, part of UKUSA. Read about it here : http://jya.com/stoa-atpc.htm section 4.4 "National & International Communications Interceptions Networks". That's a European Parliament report, so no tin foil required. Echelon is a poster child for mission creep in comms interception systems, since the US used it to spy on foreign commercial outfits to the benefit of their own national industries.
Method in the madness
Found this working on a USB key I found in a taxi, labelled TOP SECRET MEGA UBER DATABASE DEV TEST SYSTEM
Luckily there's only test data in the tables so no real security breach to report
use orwellian_live_devsys -- ha ha this is so easy to do its money for old rope
select terrorist.name, terrorist.address, terrorist.location, * -- we can charge these mugs £28Bn for it and £20Bn PA maintenance
where terrorist.name is not in ('jackie smith',gordon brown','osama bin laden') -- gotta keep the bosses onside but you can remove the first 2 items when item 3 says so
order by skin_colour, religion, ethnicity desc -- this is current standard do not alter EVER
Mines the one with the GPS tag/camera/mic combo in the hoodie
Unless they dedicated a LOT of time for traffic analysis, won't you just be able to go through multiple proxies? The busier the better. This seems like a bit of an expensive joke aimed at uninformed politicians. Lets face it, they're going to be putting CPU time into people called Muhammad, not Robert.
Oh and switch off Ad-Block- the more crap they have to wade through the longer it takes for them to get to the Foot Fetish porn and blackmail you into working for MI5.
Paris because Jacqui really should have read the numbers more closely.
@By The Other Steve
So,all fine and well. GCHQ can tackle PGPd and steg'd comms. My analysis says they wouldn't have a chance if a small percentage of all comms were crypto'd. They just don't have the power (captain) - otherwise they'd have had the computational power to have solved the whole stable fusion power conundrum; or at least the current financial crisis.
Even if they did - how *does* it get around the problem of doing your sensitive comms via neighbourhood cracked wifi?? Can't profile input that's not traceable to you ,my friend.
Joined up thought police
This is what New Labour thinks about humans:
1) Humans are robots that are programmed through interactions with society.
2) It is the duty of the State to make sure that citizens are given 'good' programming and protected from 'bad' programming.
Given these two beliefs, it's easy to reverse engineer Blair, Brown et al's policies on justice. How do we know what programming people have inside their heads? Monitor their on-line activity and keep track of who they interact with. How do we prevent people receiving 'bad programming'? Make sure easily impressionable people have no access to dangerous ideas / people.
Now, it seems quite likely that humans are deterministic entities that can be manipulated quite easily by the State. However, this does not give our leaders Carte Blanche to f*ck with our minds, and there are several important reasons for this. The first is that humans are not born with 'a clean slate' as is believed by Socialists and Neoconservatives. The genes we are born with mean that different behavioural manipulation tactics will have different effects on different people. Some humans are quite happy to live with the idea that 'if you have nothing to hide, you have nothing to fear', but others are incapable of tolerating this principle at a genetic level, and no amount of reprogramming can change this.
Secondly, Governments are notoriously bad at understanding the principles behind human behaviour. Most MPs are not even science grads and so live in a theoretical rather than an empirical reality. They have no concept of double-blind trials and the like, so there's no point expecting them to be able to deal with the latest ideas on evolutionary psychology or neuroscience. Think of your IT illiterate boss boss trying to install Windows on his work PC and you're about right for the ability of our politicians setting policy that will effectively indoctrinate people into being universally good citizens.
Thirdly, 'human rights' legislation exist to protect citizens from the State. The complete lack of respect Labour has towards human rights shows how little perspective they have on their own activities. Other governments may have been fallible... but not this one! In the US, the Constitution serves as a reasonable means of protecting citizens from barmy political ideologies, but Brown and his cronies don't seem to understand the philosophical importance of this (despite Brown being a student of politics!).
Fourth, any government has a duty to be representative of ALL its citizens, not just the ones who vote for it. Blair and Brown are true believers in the idea that the popular vote gives them a mandate to do whatever they want. What they ignore is the fact that most British governments are elected by a minority of the electorate, and so it is pretty impossible for any British government to ever have a true universal mandate. Policies that strongly offend the political ideals of a significant proportion of the population are necessarily unrepresentative of the wishes of the population, and should only be pursued in times of crisis. Imposing ID cards when a large percentage of the British people are against them is effectively the action of a state under Martial Law.
Finally, and most importantly, the illusion of free will is immeasurably valuable to human society. It may be that free will is simply along for the ride whilst the subconscious does all the decision making, but the experience of having free will exists non-the-less. A government that explicitly treats humans as things to be manipulated threatens this illusion and so undermines the spiritual well-being of its people. Sometimes, doing the right thing is actually doing the wrong thing, and for many millions of British people, protecting the belief that we are in control of our own lives (irrespective of whether this belief is justified or not) is just as important as protecting children from paedophiles or buses full of commuters from terrorists.
It may be the case that life is short, nasty and brutal, that we have no free will, that many evil acts go undetected and unpunished, and that New Labour style justice may make the world a safer place. But it should always be remembered that both Hitler and Stalin believed they could create Utopian societies and look what happened to their people. The difference between monkeys and humans comes from our human values, not our ability to use tools or language. Sometimes protecting 'good' humans from 'bad' humans runs contrary to protecting humanity as a concept. This is why history has so many martyrs; for better or for worse, placing our freedom above our personal well-being is what makes human beings human.
I only wish the election would come sooner, this Government are an absolute disaster on all fronts :-(
A fiendish idea
Could be fiendish, could be not-thought-through-because-I'm-an-idiot but...
What if everyone, as a signature on every email they send, everywhere around the world, puts in any sub-set of a generic block of words like: Kill Bush, C4, Assasinate Jacqui Smith, plot, Parliament, Death to Disney!, pr0n - (whoops, sorry, how did that get in there?), etc, including loads of words in arabic and pashtu and what have you, lots of "Allah will grant us victory over the decadent donkeys of the West", blah. If someone could cobble together a huge long list of words likely to get GCHQ's attention and then we all use a decent smattering of them in every email we send, all de day long, every damn day.
As we're all being treated like criminals anyway, may as well act like them right?
And try sifting through that flood ye fokkers!
Won't take "No" for an answer
Obviously she has never heard of democratic processes.
It's the KGB uniform coat.
crypto / offshore servers won't work
...to keep traffic out of this system.
As "As pointed out in the last paragraph, encryption is easy to set up and difficult to crack. Surely that renders the black box capabilities useless for all but the dumbest criminals?"
No. See http://en.wikipedia.org/wiki/Traffic_analysis
A lot of posters seem to have (deliberately?) misunderstood the fairly fundamental point that the plan (the public plan, anyway) isn't that the thing will automatically spit out names and addresses of suspects ad nihilo. It will be primed, as in the article's example, by good old fashioned human intelligence. ("Hello, the spooks? It's Bradford Agricultural Chemicals here, we've had an order you might be interested in...") The point of the thing would be to be able to pull that loose thread and extract an entire network from the haystack of other communications.
Gravy days ...
As the governments de facto stance is that we're all suspects - it's no surprise that they're throwing this kind of crap at us. I'm waiting for the day that VPN systems need to be licensed and the keys shared with (or even provided by) the government.
The good news for IT contractors is that - as providing secure communications for terrorist networks is going to require a bit more thought - Al Quaeda will now have to pay a much higher rate. In spite of the credit crunch .. the gravy days are back again.
Anyway .. better go .. can see blue flashing lights and just had a knock at the door.
What bomb threats?
Apart from the London bombing, all other attempts at suicide bombing in the UK have been remarkably inept. The "ricin plot" did not have a nanogramme of ricin, which would have been quite harmless if it had been made and deployed in the ways intended. The attempted car bombs could not have detonated; the "liquid explosive" could not have been made in the way that was described.
Yet English law is such that someone could be convicted on a conspiracy charge if the "explosive material" were to be anhydrous protium hydroxide.
ha - that's another 108 post thread the bastards are going to have to go over with a fine tooth comb - see you all in UberJail Britain.
damn it, when will governments learn that the way for a free society is small government with a light touch led by intelligent perceptive people not some washed up corrupt school teacher looking for a job at EDS. I'm Irish in Eire but I know that this database will also be watchin me aswell
Mines the coat with the PIRA on the back as no doubt thats what SiS has me tagged as already
They should call it the "Database of Terror"
Well done government, youve put fear into the lives of ordinary citizens. They should therefore rename the database to the "Database of Terror"! or better yet simply "Al Qaeda"
Epic democracy fail?
Just think, if old Gordon had actually held an election after he was handed office by Tony, none of this would be happening...
A Jihadi speaks
(I'm not a Jihadi, of course - just want to waste a few minutes of someone's time at GCHQ)
I'm just adding my voice to the legions who are sick of this repressive and reactionary autocratic government and, particularly, its rebarbative Home Secretard.
There are some clever bastards in MI6 - and, doubtless, some complete wankers - and some equally clever people in the coms industry. Unfortunately, politicians are virtually all gullible morons.
Anyway, monitoring IP traffic won't work. I do all my terrorist planning the traditional way - messages handwritten in invisible ink and left in hollow trees, a technique I learnt at Cambridge University back in the days when I was a communist before joining the IRA and ETA.
Paris because she has a far greater intellectual grasp than Jacqui Smith - and far nicer tits.
Data, or information?
362436 is data
36-24-26 is information.
In the past, interception of communications was a highly skilled job, depending on scarce human resources, and there was a strong incentive to direct those resources against significant targets.
Some twenty years ago, BBS systems, working together in networks such as Fidonet, could provide the semi-hidden equivalent of Internet email. But there was nothing to stop a PC in an office in Cheltenham appearing to be a Fidonet node on a telephone line in Glasgow.
It still needed some human skill.
We now have the ability to collect huge amounts of data automatically. Turning that data into useful information, if you don't know where to look, is essentially an Artificial Intelligence problem.
Our Masters and Overlords don't understand the difference between data and information.
Crypto / Offshore servers can work
Modern crypto systems assume your adversary has vast processing power - think of a computer the size of a grain of sand that can check a key in the time it takes light to cross it. Then imagine a cluster of them the size of a planet. That's the kind of power needed to brute force current crypto. Yes there could be short cuts - but it's unlikely that GCHQ knows about them and the rest of the world's mathematicians and cryptographers don't. Quantum computers could change this, but crypto can be designed with them in mind. Only certain algorithms can benefit from the quantum approach.
Traffic analysis is powerful, but not always. Sometimes all it will tell you is that I use a particular webmail service (that's free, and based outside of Europe/USA).
What if I use steganography and broadcast my messages... in say... comments on The Register?
What if my access into the network is not traceable to me?
As No2ID are against 'the database state' as well as the more specific ID card system, I imagine so. Pop on down to your local group and get this stupid system stopped before any money is wasted on it.
No no no!
Where is the voice of sanity? This is not the beginning of the end, it is not even the end of the beginning. We *must* fight them in the chatrooms, in their facebooks. We shall never surrender our convictions - or yours - to the lily livered liberal do gooders such as Reichkanzler wotsisname. The terrorist stupid enough to try and blow up a plane with a shoe is surely bright enough to send his world domination MS Project file in the clear - and we must be ready when he does!
The situation is extremely extreme and we must not hesitate to go quite a long way beyond their extreme if we are to prevail, in extremis. The uberdatabase is not only necessary (though I cannot tell you why for security reasons, I must keep the details under my rather jaunty imperial hat) - it is only by good fortune that our precious liberties have not already been wiped out by the careless jihadi - it is overdue!!! It's COMINT or COMMIE - which are you?
Thank you very much for listening,
Ah! Here's comes the nice lady with the sweets...
PS It will also help us identify the (minority of otherwise law abiding) witches who are intent on casting nasty spells.
The lights dim in London..
Seriously, it is obvious that someone HAS done the math on this, otherwise they wouldn't quote a price. But the amount of STORAGE and PROCESSING for this is absolutely ridiculous. Without quoting details, I know that one telco's call data records for one year are about 12 Terabytes of raw data - knowing their marketshare I would estimate over 100 Terabytes per year including landline, mobile, and texts in the UK.
But that doesn't even come CLOSE to the data volumes for clickstream data on IP-based networks, which can be up to an order of magnitude larger easily. So...anyone for at least a petabyte of raw data?
Now storing that much data isn't a real challenge. But working with it in unstructured ways (i.e., data mining, non-indexed queries, etc.) IS a challenge, at least if you want it to run acceptably fast. Which is typically what you will want to do with it in this sort of application.
But the real fun comes if they DO get it to work - those of us that have seen this type of data know that you can use it to build all KINDS of analytic models, like age , gender, social contact patterns, etc. You can in fact start building a detailed profile of all of the citizens via that route, IF you had access to all comms records. And while Google and Doubleclick might do that now to target advertising, this takes on an entirely new dimension when it is a government doing it...because what do THEY want to target? With a database like this, the answer becomes ANYTHING THEY WANT.
The black helicopter, and posted anon, for obvious reasons...
Secret telephone calls
No need for VoIP: just use random public phone boxen. Sucks to your expensive silo.
100,000 people die every year of smoking related illness.
3000 die in car accidents. 4000 in domestic accidents. 800 get murdered.
No one died last year from terror attacks. Even being generous with the stats, terorism currently kills as many as 5 people a year on average.
Harold Shipman killed 200 people on his own.
Conclusion? If you're worried about the sactity of life, there are probably more effective ways to spend £12Bn.
And don't lose sleep at night worrying about terrorism.