back to article New GCHQ spymaster: US tech giants are 'command and control networks for TERROR'

The new head of Britain's equivalent to the NSA – Government Communications Headquarters (GCHQ) – has used his first day on the job to lambaste US technology companies for daring to improve the security of their products. "However much they may dislike it, they have become the command and control networks of choice for …

Silver badge

'He opined that Google and Apple were "in denial" if they thought the decision to turn on full-device encryption by default wouldn't help terrorists plan future attacks."'

He, on the other hand, is in denial if he thinks serious terrorists didn't already turn on encryption in their devices, since the option to do so is already there. This just means you can't easily snoop on Innocent Joe's data.

The new approach isn't so much "on by default" as "on by spooks'-fault."

15
0

No, I do not want or condone ANY more spying...

AT ALL

8
0

Those that sow the wind, reap the whirlwind

If GCHQ and NSA hadn't conducted illegal activity and spied on every aspect of our lives without our consent and had then been found out, I suspect the public and the technology companies would be a lot more willing to cooperate. Until there is public accountability and proper due process for the access to our personal information I do not trust any government agency with my security. For all we know ISIS are THEIR creation?!???

9
1
Silver badge

Re: Those that sow the wind, reap the whirlwind

ISIS is the result of endless invasions and interventions by the West over the years. Even the existence and layout of the countries in that area was created by the Western Powers after the First World War. They were deliberately set up to be unworkable, for the advantage of the West.

4
1
Silver badge

"We have to kill animals, otherwise they'll die"

What next? Will GCHQ put pressure on the banks to ban all forms of cash because terrorists can buy things with it and not be traced?

Load. Of. Shit.

9
1
Anonymous Coward

Re: "We have to kill animals, otherwise they'll die" (Don't Laugh)

It's coming, just you wait. The various banking and credit "oligarchies " that really rule the world will tell their minions that cash is dangerous and it will just disapear.

0
0

If anyone from signals intelligence is reading this....

...the consensus, so far, is for you lot to fuck off........any chance?

11
1
Silver badge
Mushroom

I have no issues.....

on the following condition's:

The below all agree to have ALL emails, phone conversations and financial transactions publicly available for us to check they are not <insert scare of the week> .

GCHQ Staff

MP's

MP's Staff

MI5 Staff

MI6 Staff

SIS Staff.

Thank you.

Still waiting for the FU Icon...

15
1
Silver badge

Re: I have no issues.....

If you think MPs have much influence on government policy, you are ignorant of these matters. Replace them on your list with: all Permanent Secretaries, the top four cabinet ministers (PM, Home Sec, Foreign Sec, Chancellor).

0
0

Haha, the guy is insane, the reason the tech companies are encrypting everything is because their customers demand it, they are a commercial company if they didn't think their customers cared then they wouldn't do it. His suggestion that internet users would welcome some surveillance is simply not backed up by the outrage people show towards it and the fact that these commercial organisations see that their customers want full encryption.

5
0
Ru'

Spooks spy on all comms.

People find out, and are justifiably upset.

Eventually "some sort" of encryption/security is added to normal comms.

Spooks publicly freak out about it, in order to build the people's trust back up.

Spooks spy on all comms.

Using WhatsApp to organise terror attacks? Yeah, that seems like a good, secure idea...

3
0

"He opined that Google and Apple were "in denial" if they thought the decision to turn on full-device encryption by default wouldn't help terrorists plan future attacks."

We rely on companies such as Google and Apple to do their utmost to insure our devices and data are safe and secure from potential potential threats. We don't pay them to provide us with unsecured devices and its crazy to think someone could criticize them for doing their best to maintain their customers security and privacy. Id stop buying their devices if they took GCHQs convenience over my customer requirements.

3
0
Facepalm

Put a cold nose up HIS arse!

the GCHQ boss told FT that internet users would welcome a little surveillance

Right. A little surveillance. Bucko, that's about as welcome as his cold nose peering up my arse while I'm bonking the missus. What the hell are you Brits feedin' yer ruling class bureaucrats to make 'em so ridiculously paranoid and fearful? Their nannies was floggin' their little gizmos with every diaper change?

5
1
Silver badge

Re: Put a cold nose up HIS arse!

internet users would welcome a little surveillance

I think they are probably right. But they can already do "a little" surveillance, and to do more they just need court orders.

We welcome them looking after us. We do not welcome them abusing their powers, scooping up all traffic regardless of who they are looking at, what the data is etc.

Targeted surveillance is fine. The dragnet they have been operating is not, and it is certainly not "a little" surveillance.

2
0
Silver badge

Re: Put a cold nose up HIS arse!

@Gray

We in Britain have been exposed to threats for centuries. York v. Lancaster, catholics v. Elizabeth I, the gunpowder plot (5-Nov-1605), Irish terrorism, German espionage, Russian espionage. Then today we have middle east fanatics, and other espionage possibly Chinese though they deny it of course.

So we expect the government to take active measures to protect the state itself plus at least a few of the people.

1
2
Bronze badge

Re: "at least a few of the people".

We expect the state to look after the interests of the whole of the people. That means democracy and respect for the law. It does not mean unfettered liberty for officers of the state who already have very wide powers.

We have all seen believable evidence of bad govenance of the security services, all that is required is believable evidence of good govenance.

It is simply not good enough for the Head Prefect of GCHQ to say that his chaps would rather walk than than be involved in mass surveillance. They are involved in mass surveilance and any thought that the mass surveillance data could not be misused because some GCHQ staffer would feel squeamish is laughable.

0
0

"GCHQ and its sister agencies, MI5 and the Secret Intelligence Service, cannot tackle these challenges at scale without greater support from the private sector, including the largest US technology companies which dominate the web. (...) However much they may dislike it, they have become the command-and-control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us."

I have some modest questions about the claims of our superiors.

What's wrong with calling the police?

Why complicate the solution: "GCHQ and its sister agencies, including, MI5 and the Secret Intelligence Service"?

Why refer to the pluralities of "challenges at scale", when the rest of the world understands them to be as a single concept, "mass surveillance"?

Why are the "rest of us" outweighed by "terrorists and criminals"?

Why criticise society's ability to transform? Is the alternative, not called Stasis !

1
1
Vic
Silver badge

Is the alternative, not called Stasis !

I have a nasty suspicion it's called Stasi...

Vic.

1
0
Silver badge

"would be comfortable with a better and more sustainable relationship between the [intelligence] agencies and the tech companies"

"Bend Over"

1
1
WTF?

Wrong job

He is better on stand-up comedy!

2
0
Anonymous Coward

Good to know that without Facebook we could illegally occupy countries without fear of reprisals.

4
0

FOR YOUR THIGHS ONLY

I wonder what kind of porn the lads from GCHQ like to watch....bet they like 'Hot Triangulation Action'?

0
0
Silver badge

Calling NHS techies

It would be interesting to know if or to what extent there are plans to integrate medical records from the NHS Care Data programme into the spooks' databanks. As background information this would presumably be quite valuable to them.

In fact such central collation of personal data and snooping would do more harm than good, and not only because of the loss of public confidence. It would present a huge risk if such data were to become available for blackmail, coercion and spear fishing.

If any NHS contractors have inside knowledge of this, or plans to redeploy a version of the Child Database, or development of Deloite's RYOGENS programme for predictive policing of potential troublemakers, then I believe El Reg is among others who have set up facilities for secure and anonymous communication.

1
0
Anonymous Coward

Big surprise that now that the NSA backdoor AKA heartbleed has come to light they want people to avoid encryption. Lets wash over the fact that GCHQ knew about this hole in the security that underpins our whole financial sector for years and failed to warn anyone because it made their life easier.

Not to mention routing UK traffic out of the country to avoid laws which deliberately limit what they can snoop on.

He says all this is required to protect us from criminals and terrorists and yet GCHQ have become both criminals and terrorists.

Instead of blaming new technology how about he starts operating within the laws that the British people have set for him to operate under.

7
0
Silver badge

yet GCHQ have become both criminals and terrorists

I would agree that the security services are terrorists. All their statements are worded to cause maximum fear in the general population, and to use that fear to progress their own agenda. This definitely counts as terrorism in my eyes. I would say that they have done more to promote terror than any terrorist group, in this country.

As for criminal, I believe that they (mostly) operate within the law, by however fine a margin. Those laws are unjust, and their actions would be illegal if anyone else did them, but not for them.

I don't know enough about it (and I doubt anyone outside the organisations themselves does) to be certain they haven't broken any laws, though.

7
1
Anonymous Coward

Within the laws..

@AC "Instead of blaming new technology how about he starts operating within the laws that the British people have set for him to operate under."

Oh but that we had such power! The laws are set by the people enforcing them, which is why there are weasel words so they can be selectively enforced. We could send Section 12 notices under the Data Protection Act to GCHQ and expect that to remove us from the bulk processing. I'd instead expect it to trigger rule 5b if such an exemption isn't already in place.

http://www.legislation.gov.uk/ukpga/1998/29/section/12

0
0

try speaking to victims of surveillance regimes

Maybe he should have a chat with my iraqi colleague about the trade-offs between a surveillance state and an open democracy with free speech. Good points: never any crime and you could leave your front door open. Bad points: you can't do anything the state doesn't like, like his cousin going missing overnight and turning up 5 years later having been beaten and interrogated nearly all that time. He'd been arrested in secret for attending a friend's party with left-leaning guests.

Guess it comes to down to whether you want to risk your house being robbed, being the victim of violent crime or even being blown up by extremists... or to be monitored indefinitely and possibly disappear one night for saying the wrong the wrong thing. I know which I would rather.

8
0
Anonymous Coward

Same old same old...

This is what you'd expect him to say, surely?

But it's interesting that the spooks are squealing almost in proportion to the rapidly-increasing number of access requests being made to internet companies. So it looks very much as if the increased attention to security is forcing them to go through the proper channels at last.

That they obviously don't like doing this tells us all we need to know about whether they should have more surveillance powers.

5
0

Not really thinking things through.

As one or two commentators have noted, actually the security services pretty much have all the tools they need. So maybe this was more about keeping what they have, rather than getting any more, a trick politicians use a lot, be really radical upfront, and negotiate something more reasonable.

But people, how do you think the security services should behave? If they are totally transparent, then their adversaries will know how they will behave, and circumvent them. If you bind them too closely with legislation and oversight they will never keep up. There is nothing wrong with demanding a warrant to look deeply into someone's life, but in the worlds of serious crime and intelligence, how do you expect the security services to get enough information to request a warrant, if they don't listen in to conversations, be they in the pub, or on the internet. You cannot just rely on informants, who often have their own agendas, and then think about how many people who say they won't give information to the police because it's up to them to investigate.

I'm not sure what exactly you are all afraid of, in a democracy, you can get rid of governments and parties you don't like through the ballot box, you can even form new parties. Funnily enough, policemen, security service personnel, civil servants and armed forces personnel are also citizens, who in my experience are just as committed to democracy as the majority. Should we start to loose our democracy, then you will have something to worry about.

GCHQ, the NSA, and the rest, really do not give a stuff about your private lives, the don't look at your baby photographs, or eMails organising the curry night, such chaff is never seen by a human being, let alone made public. If however you want to organise a terrorist act or serious crime, then they will be interested. Criminals, Terrorists and Foreign spies always try to stay one step ahead, using new methods to evade detection, new internet services, new slang. Do you always want security services to react to events after they have happened, probably not, I'd think you want them to detect them before they happen. So STOP and think how you might do that without being found out by the people you are trying to stop.

3
8
Silver badge

Re: Not really thinking things through.

If you bind them too closely with legislation and oversight they will never keep up.

While I see the logic behind what you are saying, the problem is that they need to walk a fine line.

Yes, the security services need to watch people to determine who needs to be monitored further. This can still be targeted at people they have suspicions of, and does not require dragnet surveillance.

The dragnet they have been operating makes their jobs easier. It is a gross violation of our privacy, though. We need to find the line for them to walk, instead of allowing them to erase the line completely.

3
0

Re: Not really thinking things through.

So these benevolent overseers are infallible are they? They are always going to uphold the law upon which our society is built upon are they? And the subversion of innocent until proven guilty is perfectly acceptable now is it? Under five eyes' perfect regime we are all criminals unless proven otherwise, which I don't find democratic or acceptable. As others above have noted, there are legal channels to obtain warrants etc.

5
0
Vic
Silver badge

Re: Not really thinking things through.

I'm not sure what exactly you are all afraid of, in a democracy, you can get rid of governments and parties you don't like through the ballot box

Can you?

At the last election, we voted against the party that brought in tuition fees and the IMP. We got a coalition of parties, one of which had promised faithfully no abolish tuition fees, and both of which had decried the IMP as abhorrent.

So what did we get? Same shit, different day...

Vic.

0
0
Silver badge

Re: Not really thinking things through.

They probably will generally "uphold the law upon which our society is built", although they certainly will not be infallible. The fundamental problem is not surveillance activities that drive the law to be oppressive, but the laws that, whether intentionally or not, can be used oppressively and seem to necessitate ever-increasing surveillance.

0
0

Oddly inverted logic adapted to suit the occasion - must be wearing the 'special' glasses to think that it makes any kind of sense that global observation makes for better security. It just means that the snoops have become lazy.

3
0
Silver badge
Childcatcher

Terrorism is the wrong target

Statistically, I have way more chances of being murdered by my wife than by a terrorist.

What is GCHQ doing to protect me from my wife??

5
0
Bronze badge

Re: Terrorism is the wrong target

"Terrorist" and "murder" in the same sentence. Don't worry, everything in your household is being closely monitored 24/24.

0
0
Facepalm

No-one actually believes that they can't crack this stuff right?

I mean why make a song and dance about this new security and highlight that you can't crack it unless that is just what you want people to think.

What better way to get all the terrorists vomiting their plans over the wire(less) than to tell them you can't listen in.

0
1
Silver badge

Re: No-one actually believes that they can't crack this stuff right?

AES, used by both Android and Apple, was developed in Europe and subjected to a good deal of study both before submission to NIST as a candidate standard and after, and by both government and private sector cryptanalysts. There is no reason I have seen to think it has been broken by NSA or anyone else. Whether the Android or Apple implementation and key security are adequate is uncertain - both are likely to be somewhat vulnerable to key recovery as well as file access by anyone (law enforcement or not) who gains physical control of a powered on phone with the encrypted file system mounted.

0
0

Straw man

Clearly everything he said is bollocks. The only people gaining additional privacy protection by turning on encryption in everyday internet services are their everyday users. Bad guys already know how to use secure channels. or can make them for themselves. Its hardly rocket science. So the real target must be everyday users. Us. Q.E.D.

Now fuck off and find some criminals.

-A.

5
1
Anonymous Coward

Stop spitting your dummy and behave.

Maybe, and only maybe people might be willing to let security services have slightly more access to their data if they felt that the security services could be trusted with it. So far the security services have shown themselves to be underhand, deceitful, disingenuous, borderline corrupt and guilty of practices no better than the criminals they claim to be protecting us from.

Here's a thought Mr Spook: Instead of complaining about how difficult it is going to be to access the data, why not start with why those obstacles have been put there in the first place and modify your own behaviour? You want trust - earn it.

1
1
Facepalm

Improved?

In those long-ago days before the internet, did the intellegence services routinely open everyone's (snail) mail, listen to everyone's phonecalls on the off-chance that they might be up to mischief? I think not. They have to have reasonable grounds for suspicion and then get a court order to intercept those forms of communication.

Far from improving our security, all this interception of internet traffic is just our security services being lazy, quite possibly at the expense of doing the old-fashioned groundwork which leads to real results.

3
0
Anonymous Coward

I will fully support insight in my life ..

.. the moment this is made perfectly symmetrical. If a chief of organisation XYZ tells me that I should have nothing to worry if I have nothing to hide (which is BS, but I digress), then I think we're perfectly entitled to have a view of his or her life for, say, a trial period of 3..6 months to see if this law is indeed a sensible idea. None of this "National Security" crap - they don't know what I do for a living either, nor do they know that of all the other people who get lumbered with yet another government funded stalking setup.

Hell, I think we should make this a permanent requirement for anyone involved in surveillance. After all, we must make sure it's not operated by Jimmy Saville v2, no?

1
0
Anonymous Coward

What's good for the goose...

If the entertainment industry can collectively take down file-sharing sites, then the law enforcement agencies should be able to take down those giants that provide terrorists with avenues of secure communications.

Both copyright infringement and terrorist activities are illegal, right?

The filesharing sites were only a service that enabled copyright infringement, the same way that an encrypted communications channel enables terrorism. Both filesharing and encrypted communications aren't always used for nefarious purposes.

If law enforcement agencies want the likes of Google and Apple to stop their efforts at securing communications, then they need to provide proof that those activities directly aid terrorism.

But that would be revealing secrets they don't want known.

0
0
Silver badge
Flame

Jesus fuckin' Christ....

These guys in the sigint agencies just don't get it, do they? The sigint agencies arrange a legal procedure to get data from tech companies that is very favorable to the sigint agencies, including secret warrants, gag orders on tech companies receiving warrants, courts where there is not opposing council to fight info requests.

Then, not satisfied with that, the sigint agencies go around those procedures to tap fiber-optic links between countries and tech company datacenters directly. This includes the creation of "in your face" powerpoint presos with little smiley faces pointing out where they are screwing over the tech companies by intercepting all this data.

Then, they penetrate tech companies' offerings at the product level, exploiting insecure applications, unencrypted data streams, and gathering tech company customer information, including passwords. Or the sigint agences maintain catalogs showing devices they have developed to compromise name-brand routers, servers, PCs, mobile devices and mobile voice and data service.

Then, not happy with that, they spoof tech companies' offerings to phish for intelligence targets with things like faked LinkedIn, Yahoo! and Facebook pages, all the while gathering data these intelligence targets think they are sharing through these tech companies' offerings.

Then, the sigint agencies work to actively undermine security at the standard-setting level, so they can better penetrate any applications or data relying on these standards.

The result is that the sigint agencies make the entire tech industry look like fools and stooges. By pointing out, exploiting and actively creating vulnerabilities the sigint agencies are actively damaging the brand equity of these companies that employ millions of people around the world. By spoofing these companies' offerings to get intelligence they undermine user certainty that data they are sharing through tech companies is actually going where the user intends it to. Its bad enough that users have to worry about what the tech companies might do with the data, but at least they can terminate a business relationship, but there is no getting rid of a government agency.

THEN, having done all this to damage the tech industry, the sigint agencies complain that that the tech industry is responding by improving security!!!! You know why that is happening, Mr. GCHQ goon?? BECAUSE YOUR AGENCY AND IT'S FRIENDS ARE DOING FAR MORE DAMAGE TO THE TECH INDUSTRY THAN AL QAEDA/ISIL EVERY COULD!!!!!!!!! This is simply a natural defensive response by the tech industry to a group of government agencies who are actively undermining that industry. You'd do the same thing at the GCHQ if the tech industry was actively damaging your organization, so PLEASE SHUT THE HELL UP with your allegations that the tech industry is coddling terrorists.

5
1

This post has been deleted by its author

Anonymous Coward

Odd tactic?

Is this really a straight play?

It seems to suggest people of TERROR should just use these social media channels to communicate as without Facebook et. al playing a different role they'll go unchallenged.

Surely either that's the case and it seems the bad guys are being given a green light, or it's not the case and this is encouraging them to use a relatively small number of platforms they're capable of eavesdropping.

0
0
Silver badge
Unhappy

Talk about hyterical

Their screams are getting steadily more childish and petulant.

0
0
Stop

It is high time Governments STOP SPYING ON US!

So you get this big wig who takes over the british spy house, and the first thing he does is bash companies that have finally made the data on our phones unreadable by hackers and governments. Boo Hooo hooo...

What did you do 10-15 years ago before we had smart phones to record everything we did? Go back to doing that you lazy ass. It is called detective work. Become a detective again. Get out there and pound the pavement. Work the streets talking to your sources. Do some real detective work. And quit whining. You do NOT have the right to whats in our phones, no matter what you think to the contrary.

And if you do not believe that you can do your job without spying on the citizens, QUIT! NOW! BEFORE YOU GET PEOPLE KILLED! JUST FLAT QUIT AND GO AWAY! Let someone who can do your job do it.

There is no alternative. Snowden showed us what the Governments around the globe have been doing. Expect EVERYTHING to become encrypted. Soon. Very soon.

The people have spoken. We do not want to be spied on. Especially those of us that are not breaking any laws and have no intention of breaking any. We like our privacy, and expect what we do to remain private. If you cannot accept that, QUIT! NOW! BEFORE YOU GET PEOPLE KILLED! JUST FLAT QUIT AND GO AWAY! Let someone who can do your job do it.

Enough said! GROW UP!

2
1
Silver badge

Re: It is high time Governments STOP SPYING ON US!

Welcome, OmgTheyLetMePostInTheUK.

1
1
Anonymous Coward

Quick history lesson: there was a bad man called Saddam who posed no threat to the UK. The intelligence services got rid of him so now there is a terrorist threat to the UK and they want to spy on us more. Apparently for this brilliance we pay their rent and give them pensions.

1
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017