MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for terrorism' A Parliamentary report into the murder of off-duty British soldier Lee Rigby by Muslim extremists last year has pointed the finger of blame squarely at "the major US Communications Service Providers", saying that the only organisation which could have prevented the attack was one such internet-media giant. The new report was …
The alternative to that Gordon mate, is they'll try and do it anyway, because they're retarded and you've only got to look at some of this stuff that's been disclosed about how they're trawling online video games, like world of warcraft, so in a nut-shell our intelligence agency is sitting on it's arse, playing video games and as to all this it'll stop terrorism and pedophilia, that they're dolling out as an excuse for there behaviour, how does looking at people over there own device discorage pedophilia, surely the opposite is true (case in point: yahoo web cam spying).
This is exactly how the world got led into WWII with Hitler & Roosevelt.
It would make a refreshing change to actually hear of our intelligence services getting off there arse and not sitting on it relying on technology to solve all the problems for themselves, whilst they get a fat pay-check at the end of the month! What ever happened to people solving intelligence matters before computers came along? Instead they bugger the security standards for us all and feed us the same line himmler used with the SS.. "if you have nothing to hide you have nothing to fear!"
They are effectively saying let's use the tragic death of a soldier to monitor everybody online.
The key word here is EVERYBODY. Follow the money - with the information gained, think of the insider trading government wonks can get away with. Monitoring everyone online is a license to get rich.
Would what they are asking for even be legal under current UK law.
If they are suggesting that technology companies pro actively screen every conversation/post for potential illegal activity and then flag to the relevant local authorities would that not fall foul of RIPA?
Warrantless surveillance of everyone is what caused such a backlash recently these clowns need to stop requesting more powers and get on with their job of protecting the country instead of invading the privacy of every citizen.
Well there's a number of issues with the current mound of bullshit that the committee has just pinched out.
Firstly nobody believes for 1 minute that they've actually stopped even 1 terrorist attack using internet surveillance. They have prior form on being crap at what they do and lying about it afterwards.
Secondly, there's an extra-territoriality issue. A US web-co that acquiesces to a UK RIPA order without being served with a valid state or federal warrant will find itself in deep civil and possibly criminal do-do. So they won't do it. How is HMG to obtain the probable cause to ask for a warrant if it doesn't already have access to the content? Cor-blimey they'd have to get off their arses and find some actual intelligence with which to lead the investigation. Requires breaking a sweat and maybe chipping a nail, so we know that will never happen.....
Thirdly, supposing for a moment that HMG and the Fed's persuaded all UK and US providers supplying social pages, forums, message boards, relay chat, newsgroup and mail-list services to monitor *all* traffic at the level where the user location could be determined. And that they mandated that all traffic be in clear. And we managed to either pay the costs or got the ISP's to eat it. Can you conceive of how many stupid things are said/typed on the internet every fricking second that might look suspicious enough to require LEO attention? There aren't enough coppers on the planet to filter down that volume of false positives, even if your automated filtering was 99.9% accurate.
Lets's face it they already dropped tabs on one of these killers, presumably because they don't have the resources to keep live dossiers on the number of possible subjects thrown up by what they've got now.
Fourthly the terrorists will evolve into using crypto and/or artificial lexicons (codebooks) on a more frequent basis and in running there own VPN or message/relay services in non-US/UK jurisdictions.
BT will respond to this in the same way they would have responded to monitoring all phone calls - with a big fuck off. Can you imagine BT explaining to all its customers there are no longer 11.5Million hotspots for them to use cos they've had to cancel that facility as the cant tell who's using it?
And will they have to change 11.5 million routers?
I imagine it will be cheaper for BT to buy enough MP's votes against this one.
"Imagine if they had said the only people who could have prevented the murder were BT and than BT should in future listen in to all of our telephone calls."
Patience, citizen, patience.
We can't implement a freedom crime free society overnight.
I heard of a crime being planned in a pub. We obviously need to compel all landlords to record all conversations in all pubs and alert the authorities to any hint of wrong doing they hear (wrong doing will be defined after any event the government needs to shift blame for and will be applied retrospectively).
Strange that they didn't ask why we're happy to put people at risk by stirring up a hornets nest when we get involved in wars which are really nothing to do with us.
Due process and issue a warrant. Stop blaming someone who provides a social media service for not monitoring everyone and passing on anything suspicious to the appropriate government official, who can sit on it for a month before doing anything about it. If the message was posted as "public" GCHQ can see it anyway. If it was "private" then that is what it should be.....private, just like opening someone else's snail-mail
They knew these criminals, they had been alerted before they came back to uk. They picked them up and let them go.
If they did their job rather than rumaging our emails and spying on kids yahoo messenger webcams there would have been better outcome.
The authorities don't need more powers. The need to stop being distracted by face book, and do their job.
"The(y) need to stop being distracted by face book, and do their job."
Spot on. They need some more good old detective work, feet on the ground stuff. Yes it's more risky, but that's what spies' jobs are, right? Instead of requesting zillions for new data centres, intercept technologies and military hardware, how about spending some money on recruiting good agents, training them properly, paying them decently and making sure their families are taken care of if the worst should happen?
>The authorities don't need more powers. The need to stop being distracted by face book, and do their job.
Or - if they do their job, and shit still happens, we don't run around in circles looking for someone to blame.
The murderers are to blame. End of story.
"They knew these criminals, they had been alerted before they came back to uk. They picked them up and let them go."
So the British security services already knew about these guys and had them in custody, and let them go? And then the Brit spooks have the temerity to say "we could have saved that soldier if you just give us access to everything on Facebook, or force Facebook to crawl through everything their members are posting/sharing."?? SERIOUSLY, DID THAT HAPPEN??
This is just like the Boston Marathon bombers, where the elder Tsarnaev brother/bomber went to Chechnya, met with Chechen radicals, had this meeting reported to the U.S. by the Russians, came home and got interviewed by the FBI about what he was up to in Chechnya, and then was let go. And of course he went on to bomb the marathon with his little brother.
Now, I am not suggesting that we take people like the Rigby murderers or the Tsarnaev brothers off the streets if they can't be charged, but these are the very people who this huge surveillance apparatus should be looking at. If a guy raises all these flags, then get a warrant and look at what he is doing online or through email/Skype/whatever. Don't build this huge fuckin' sigint vacuum cleaner to suck up everyone's activity, and then drop the guys who actually might be doing something, and then complain that you need even more of everyone's communications because you failed to "keep your eye on the ball" that you knew was coming!!
If you read through my posting history, you will quickly figure out that I'm not a huge fan of government agencies in general. Frankly, crap like this is the reason why. Government agencies seem to possess a culture where mistakes like this are tolerated, so they keep happening. Frankly, sometimes I wonder if these agencies could find shit in an outhouse.
"If they did their job rather than rumaging our emails and spying on kids yahoo messenger webcams there would have been better outcome."
Just out of interest, what exactly does "doing their job" mean in this context? I don't mean to bring logic into this massive let's-have-a-go-at-the-security-services circlejerk of yours, but people seem to be constantly saying "do their job" a lot, without exactly entailing what that means. They arrested the guy, but didn't have enough evidence to charge him, so they let him go.
At this stage, one of three things can happen.
1) They detain him without charge while they go look for evidence, perhaps indefinitely. Doesn't look so good on a civil liberties front, and 'disappearing someone' seems somehow worse than trawling through Facebook messages.
2) They tail him everywhere he goes. Apart from the fact that it would be ruinously expensive to put 24-hour surveillance on every person MI-5 thinks is dodgy, again I think civil liberties people might not be happy with tens of thousands of policemen tailing (almost exclusively) Muslims.
3) They gather more evidence. This evidence is likely to be electronic rather than physical, as we are only talking about a couple of guys who want to kill someone, not a major terrorist plot. And apparently the good evidence was on Facebook. As the article states, Facebook does not consider itself compelled to respect the UK warrant system, and as many people on here seem to think the UK government and security services should not be allowed access to these things at all without a warrant, which Facebook ignores, so this seems tough.
So, please tell me anyone, how exactly could the security services "just do their job" in this case without infringing on civil liberties? It's one thing to say that the security services shouldn't have broad access to this sort of material, but you then cannot tell them to just "do their job" afterwards, if there is no way for them to gather electronic evidence.
The report points the finger at an "internet company." What a great conclusion for MI5.
The suspect wasn't under investigation at the time but he was before the attack and they did manage to find this conversation after the fact.
Why not name the company or at least publish the transcript ?
My bet is neither exits and they obviously though pointing the finger was too risky in that the truth would come, showing the report for what it truly is, a cover up.
Okay so the TERRist has a hotmail account and the government can now see everything. BUT the suspected terrorists post nothing of the kind to each other using their hotmail. Instead they use a peer to peer instant messaging client that uses public/private keys to encrypt their direct communication with each other.
<sarcasm>
So obviously now that they can chat in secret it must obviously be large corporations fault.
</sarcasm>
1. ISP can't see a thing other then source/destination. Can somewhat but not completely be hidden by TOR
2. There is no large corporation to blame as they are not using server-side services. Nothing to trawl through.
3. Unless they have broken TLS/SSL keypairs some how then they cannot view the contents of the data unless they get hold of each of the private keys from the individuals.
4. It does not require very much knowledge to use encrypted chat clients. Just a few internet searches to see what programs + features are available and that is it.
I am all for nailing these terrorist rats to a wall but simply passing the blame just goes to show how little they care and simply want a nation of blanket monitoring. The government needs to take responsibility for their own inaction.
- SA
No need for peer 2 peer, run it through facebook or Google Chat but use a client that adds a layer of crypto (so all FB/G see is base64 encoded ciphertext).
I already do exactly that routinely when discussing anything I wouldnt be happy publishing on the nightly news :)
SSL/TLS was more meant as a general term even though many implementations are known to be useless. I should have replaced it simply with keypair encryption of some sorts. Regardless with very little effort, anyone can do completely encrypted communications directly to each other which simply overrides whatever MI6 have said. It is not the fault of big providers but the lack of action on the governments part.
- SA
Like the pubs and bars of Europe in 1900. Say the wrong thing ("effin' government, hang them all") and you'll be spending some time awaiting trial...
The prosecution will be dropped of course. The process is the punishment.
Yes, it is interesting that they said it... The assault on free speech continues... never let a good tragedy go to waste...
> "However, this company does not appear to regard itself as under any obligation to ensure that its systems identify such exchanges, or to take action or notify the authorities when its communications services appear to be used by terrorists."
So, if I post on Farcebook, "gonna kill a soldier", FB are expected to check if I'm on a government watchlist? I could be talking about a video game, so looking for keywords is a really stupid way to do it. (Echelon, ANFO, jihad,...)
> " none of the major US Communications Service Providers (CSPs) regard themselves as compelled to comply with UK warrants ..."
Damn right they shouldn't, unless they have a UK branch. But I expect if they passed the suspects name to the NSA, the info would soon be handed over.
The whole Fusilier Rigby tragedy has been warped by the Government and security services to advance their own agenda, while denying any responsibility. Whether or not you regard the killers as terrorists, terrorists have won.
"However, this company does not appear to regard itself as under any obligation to ensure that its systems identify such exchanges, or to take action or notify the authorities when its communications services appear to be used by terrorists."
To my mind the issue (aside from jurisdictional issues) is that they're now complaining about behaviour that the Government created. Unless things have change, my understanding is that so long as these companies DON'T actively monitor what's being done on their services then they're safe from responsibility, just as long as they act when notified of an issue. If on the other hand they do ANY monitoring and for instance censor certain posts, then they lose that protection and are deemed responsible for what's written on their systems.
With rules like that (which the government put in place) why would any provider act any differently? There's zero incentive for them to do a little proactive monitoring or censoring etc. There's no legal mechanism for taking a best effort approach and being let off if you miss something (which realistically is bound to happen regardless of how hard they tried). Far easier in terms of both cost and legal liability to do nothing at all.
The "significant" messages were only seen after the crime had been committed; but assuming the Security Services (I'll abbreviate to SS from now) had access to *ALL OF THE INTERWEBS* what would have happened? Here are the options:
1) These criminals were the only people on earth muttering about "killing a soldier", so they're easily spotted online and the SS saves the day!
OR
2) There are thousands of similar threats made all the time, but most of these are idle bluster, so the SS doesn't have the manpower to follow them all up and the result for the unfortunate victim is the same as if we had never relinquished our right to privacy.
OR
3) Same as 2) and the criminals realise they need to communicate secretly, so they migrate away from the mainstream services, or even not bother advertising their plans online at all?
Which scenario is most likely?
Or 2a) it also picks up the millions of people saying things like:
"Hey Sam, fancy playing some CounterStrike tonight? I'm going to play as a terrorist because I want to kill lots of soldiers tonight lol"
(or 3b the terrorists just make sure they include the words "game" or "play" in their communications)
@phuzz
Exactly my point; unless there is a new tag in HTML 6 like <explicit_real_threat> then it's going to be impossible to pick up the "real terrorist" threats from the innocent "I'm blowing off steam" posts.
(Feel free to argue if "explicit_real_threat" should be implemented in CSS, but mind your manners or we'll be in Gitmo before you can say "orange onesie")
Feel free to argue if "explicit_real_threat" should be implemented in CSS
Neither HTML (organization) nor CSS (presentation). It's clearly part of that Semantic Web thingy Sir Tim is always going on about. So it should be done with RDF.
I suggest <rdf:Statement rdf:sense="literal" rdf:threat="terrorism">I'm gonna do something bad</rdf:Statement>. MI5 should feel free to propose that to the W3C.
and miss the most salient point: "none of the major US Communications Service Providers (CSPs) regard themselves as compelled to comply with UK warrants"
This isn't campaigning for mass surveillance, it's a legitimate concern that suspected criminals under investigation will have their court issued warrants ignored by US firms.
Which isnt entirely unreasonable. They're not under the jurisdiction of the UK courts after all.
We all cry foul when some numpty US judge assumes his jurisdiction extends into other countries, can't see a logical reason for what the SS are suggesting being any different. Plenty of emotional arguments, sure, but very little logic.
Even if they all caved an answered every warrant, all the terrorists have to do is switch to communicating through a SILC server, or even just use Facebook chat, but with an OTR client and suddenly the SiS can't see anything, again.
The status quo will likely be maintained, whether or not our privacy gets invaded (again) on a massive scale
I'm afraid Lewis Page has deliberately misled and really played to the commentard orchestra in this place. Look at his part:
"So there you have it. In the view of the ISC - and evidently, the view of the British spooks - US internet companies are under an obligation of some kind to monitor their users for evidence that they are about to commit acts of terrorism. At the moment, indeed, in the view of the British spook community, such firms are a "safe haven for terrorists".
The interpretation that the ISC and spy agencies are under an obligation to monitor their users is entirely Lewis Page's. The report report simply notes that they don't feel themselves under any obligation, and what the consequences could be (it even carefully notes that they're unintended)
Lewis then goes on to say:
"The British intelligence community also believes that the Prime Minister should "prioritise this issue"
Thus suggesting that "this issue" refers to the monitoring of users. In fact, in the report, it refers to warrants not being complied with by US companies.
Well done Lewis. The swivel-eyed commentards here will love you.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
