New GCHQ spymaster: US tech giants are 'command and control networks for terror' The new head of Britain's equivalent to the NSA – Government Communications Headquarters (GCHQ) – has used his first day on the job to lambaste US technology companies for daring to improve the security of their products. "However much they may dislike it, they have become the command and control networks of choice for …
'He opined that Google and Apple were "in denial" if they thought the decision to turn on full-device encryption by default wouldn't help terrorists plan future attacks."'
He, on the other hand, is in denial if he thinks serious terrorists didn't already turn on encryption in their devices, since the option to do so is already there. This just means you can't easily snoop on Innocent Joe's data.
The new approach isn't so much "on by default" as "on by spooks'-fault."
If GCHQ and NSA hadn't conducted illegal activity and spied on every aspect of our lives without our consent and had then been found out, I suspect the public and the technology companies would be a lot more willing to cooperate. Until there is public accountability and proper due process for the access to our personal information I do not trust any government agency with my security. For all we know ISIS are THEIR creation?!???
ISIS is the result of endless invasions and interventions by the West over the years. Even the existence and layout of the countries in that area was created by the Western Powers after the First World War. They were deliberately set up to be unworkable, for the advantage of the West.
on the following condition's:
The below all agree to have ALL emails, phone conversations and financial transactions publicly available for us to check they are not <insert scare of the week> .
GCHQ Staff
MP's
MP's Staff
MI5 Staff
MI6 Staff
SIS Staff.
Thank you.
Still waiting for the FU Icon...
Haha, the guy is insane, the reason the tech companies are encrypting everything is because their customers demand it, they are a commercial company if they didn't think their customers cared then they wouldn't do it. His suggestion that internet users would welcome some surveillance is simply not backed up by the outrage people show towards it and the fact that these commercial organisations see that their customers want full encryption.
Spooks spy on all comms.
People find out, and are justifiably upset.
Eventually "some sort" of encryption/security is added to normal comms.
Spooks publicly freak out about it, in order to build the people's trust back up.
Spooks spy on all comms.
Using WhatsApp to organise terror attacks? Yeah, that seems like a good, secure idea...
"He opined that Google and Apple were "in denial" if they thought the decision to turn on full-device encryption by default wouldn't help terrorists plan future attacks."
We rely on companies such as Google and Apple to do their utmost to insure our devices and data are safe and secure from potential potential threats. We don't pay them to provide us with unsecured devices and its crazy to think someone could criticize them for doing their best to maintain their customers security and privacy. Id stop buying their devices if they took GCHQs convenience over my customer requirements.
the GCHQ boss told FT that internet users would welcome a little surveillance
Right. A little surveillance. Bucko, that's about as welcome as his cold nose peering up my arse while I'm bonking the missus. What the hell are you Brits feedin' yer ruling class bureaucrats to make 'em so ridiculously paranoid and fearful? Their nannies was floggin' their little gizmos with every diaper change?
internet users would welcome a little surveillance
I think they are probably right. But they can already do "a little" surveillance, and to do more they just need court orders.
We welcome them looking after us. We do not welcome them abusing their powers, scooping up all traffic regardless of who they are looking at, what the data is etc.
Targeted surveillance is fine. The dragnet they have been operating is not, and it is certainly not "a little" surveillance.
@Gray
We in Britain have been exposed to threats for centuries. York v. Lancaster, catholics v. Elizabeth I, the gunpowder plot (5-Nov-1605), Irish terrorism, German espionage, Russian espionage. Then today we have middle east fanatics, and other espionage possibly Chinese though they deny it of course.
So we expect the government to take active measures to protect the state itself plus at least a few of the people.
We expect the state to look after the interests of the whole of the people. That means democracy and respect for the law. It does not mean unfettered liberty for officers of the state who already have very wide powers.
We have all seen believable evidence of bad govenance of the security services, all that is required is believable evidence of good govenance.
It is simply not good enough for the Head Prefect of GCHQ to say that his chaps would rather walk than than be involved in mass surveillance. They are involved in mass surveilance and any thought that the mass surveillance data could not be misused because some GCHQ staffer would feel squeamish is laughable.
"GCHQ and its sister agencies, MI5 and the Secret Intelligence Service, cannot tackle these challenges at scale without greater support from the private sector, including the largest US technology companies which dominate the web. (...) However much they may dislike it, they have become the command-and-control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us."
I have some modest questions about the claims of our superiors.
What's wrong with calling the police?
Why complicate the solution: "GCHQ and its sister agencies, including, MI5 and the Secret Intelligence Service"?
Why refer to the pluralities of "challenges at scale", when the rest of the world understands them to be as a single concept, "mass surveillance"?
Why are the "rest of us" outweighed by "terrorists and criminals"?
Why criticise society's ability to transform? Is the alternative, not called Stasis !
It would be interesting to know if or to what extent there are plans to integrate medical records from the NHS Care Data programme into the spooks' databanks. As background information this would presumably be quite valuable to them.
In fact such central collation of personal data and snooping would do more harm than good, and not only because of the loss of public confidence. It would present a huge risk if such data were to become available for blackmail, coercion and spear fishing.
If any NHS contractors have inside knowledge of this, or plans to redeploy a version of the Child Database, or development of Deloite's RYOGENS programme for predictive policing of potential troublemakers, then I believe El Reg is among others who have set up facilities for secure and anonymous communication.
Big surprise that now that the NSA backdoor AKA heartbleed has come to light they want people to avoid encryption. Lets wash over the fact that GCHQ knew about this hole in the security that underpins our whole financial sector for years and failed to warn anyone because it made their life easier.
Not to mention routing UK traffic out of the country to avoid laws which deliberately limit what they can snoop on.
He says all this is required to protect us from criminals and terrorists and yet GCHQ have become both criminals and terrorists.
Instead of blaming new technology how about he starts operating within the laws that the British people have set for him to operate under.
yet GCHQ have become both criminals and terrorists
I would agree that the security services are terrorists. All their statements are worded to cause maximum fear in the general population, and to use that fear to progress their own agenda. This definitely counts as terrorism in my eyes. I would say that they have done more to promote terror than any terrorist group, in this country.
As for criminal, I believe that they (mostly) operate within the law, by however fine a margin. Those laws are unjust, and their actions would be illegal if anyone else did them, but not for them.
I don't know enough about it (and I doubt anyone outside the organisations themselves does) to be certain they haven't broken any laws, though.
@AC "Instead of blaming new technology how about he starts operating within the laws that the British people have set for him to operate under."
Oh but that we had such power! The laws are set by the people enforcing them, which is why there are weasel words so they can be selectively enforced. We could send Section 12 notices under the Data Protection Act to GCHQ and expect that to remove us from the bulk processing. I'd instead expect it to trigger rule 5b if such an exemption isn't already in place.
http://www.legislation.gov.uk/ukpga/1998/29/section/12
Maybe he should have a chat with my iraqi colleague about the trade-offs between a surveillance state and an open democracy with free speech. Good points: never any crime and you could leave your front door open. Bad points: you can't do anything the state doesn't like, like his cousin going missing overnight and turning up 5 years later having been beaten and interrogated nearly all that time. He'd been arrested in secret for attending a friend's party with left-leaning guests.
Guess it comes to down to whether you want to risk your house being robbed, being the victim of violent crime or even being blown up by extremists... or to be monitored indefinitely and possibly disappear one night for saying the wrong the wrong thing. I know which I would rather.
This is what you'd expect him to say, surely?
But it's interesting that the spooks are squealing almost in proportion to the rapidly-increasing number of access requests being made to internet companies. So it looks very much as if the increased attention to security is forcing them to go through the proper channels at last.
That they obviously don't like doing this tells us all we need to know about whether they should have more surveillance powers.
As one or two commentators have noted, actually the security services pretty much have all the tools they need. So maybe this was more about keeping what they have, rather than getting any more, a trick politicians use a lot, be really radical upfront, and negotiate something more reasonable.
But people, how do you think the security services should behave? If they are totally transparent, then their adversaries will know how they will behave, and circumvent them. If you bind them too closely with legislation and oversight they will never keep up. There is nothing wrong with demanding a warrant to look deeply into someone's life, but in the worlds of serious crime and intelligence, how do you expect the security services to get enough information to request a warrant, if they don't listen in to conversations, be they in the pub, or on the internet. You cannot just rely on informants, who often have their own agendas, and then think about how many people who say they won't give information to the police because it's up to them to investigate.
I'm not sure what exactly you are all afraid of, in a democracy, you can get rid of governments and parties you don't like through the ballot box, you can even form new parties. Funnily enough, policemen, security service personnel, civil servants and armed forces personnel are also citizens, who in my experience are just as committed to democracy as the majority. Should we start to loose our democracy, then you will have something to worry about.
GCHQ, the NSA, and the rest, really do not give a stuff about your private lives, the don't look at your baby photographs, or eMails organising the curry night, such chaff is never seen by a human being, let alone made public. If however you want to organise a terrorist act or serious crime, then they will be interested. Criminals, Terrorists and Foreign spies always try to stay one step ahead, using new methods to evade detection, new internet services, new slang. Do you always want security services to react to events after they have happened, probably not, I'd think you want them to detect them before they happen. So STOP and think how you might do that without being found out by the people you are trying to stop.
If you bind them too closely with legislation and oversight they will never keep up.
While I see the logic behind what you are saying, the problem is that they need to walk a fine line.
Yes, the security services need to watch people to determine who needs to be monitored further. This can still be targeted at people they have suspicions of, and does not require dragnet surveillance.
The dragnet they have been operating makes their jobs easier. It is a gross violation of our privacy, though. We need to find the line for them to walk, instead of allowing them to erase the line completely.
So these benevolent overseers are infallible are they? They are always going to uphold the law upon which our society is built upon are they? And the subversion of innocent until proven guilty is perfectly acceptable now is it? Under five eyes' perfect regime we are all criminals unless proven otherwise, which I don't find democratic or acceptable. As others above have noted, there are legal channels to obtain warrants etc.
They probably will generally "uphold the law upon which our society is built", although they certainly will not be infallible. The fundamental problem is not surveillance activities that drive the law to be oppressive, but the laws that, whether intentionally or not, can be used oppressively and seem to necessitate ever-increasing surveillance.
I'm not sure what exactly you are all afraid of, in a democracy, you can get rid of governments and parties you don't like through the ballot box
Can you?
At the last election, we voted against the party that brought in tuition fees and the IMP. We got a coalition of parties, one of which had promised faithfully no abolish tuition fees, and both of which had decried the IMP as abhorrent.
So what did we get? Same shit, different day...
Vic.
I mean why make a song and dance about this new security and highlight that you can't crack it unless that is just what you want people to think.
What better way to get all the terrorists vomiting their plans over the wire(less) than to tell them you can't listen in.
AES, used by both Android and Apple, was developed in Europe and subjected to a good deal of study both before submission to NIST as a candidate standard and after, and by both government and private sector cryptanalysts. There is no reason I have seen to think it has been broken by NSA or anyone else. Whether the Android or Apple implementation and key security are adequate is uncertain - both are likely to be somewhat vulnerable to key recovery as well as file access by anyone (law enforcement or not) who gains physical control of a powered on phone with the encrypted file system mounted.
Clearly everything he said is bollocks. The only people gaining additional privacy protection by turning on encryption in everyday internet services are their everyday users. Bad guys already know how to use secure channels. or can make them for themselves. Its hardly rocket science. So the real target must be everyday users. Us. Q.E.D.
Now fuck off and find some criminals.
-A.
Maybe, and only maybe people might be willing to let security services have slightly more access to their data if they felt that the security services could be trusted with it. So far the security services have shown themselves to be underhand, deceitful, disingenuous, borderline corrupt and guilty of practices no better than the criminals they claim to be protecting us from.
Here's a thought Mr Spook: Instead of complaining about how difficult it is going to be to access the data, why not start with why those obstacles have been put there in the first place and modify your own behaviour? You want trust - earn it.
In those long-ago days before the internet, did the intellegence services routinely open everyone's (snail) mail, listen to everyone's phonecalls on the off-chance that they might be up to mischief? I think not. They have to have reasonable grounds for suspicion and then get a court order to intercept those forms of communication.
Far from improving our security, all this interception of internet traffic is just our security services being lazy, quite possibly at the expense of doing the old-fashioned groundwork which leads to real results.
.. the moment this is made perfectly symmetrical. If a chief of organisation XYZ tells me that I should have nothing to worry if I have nothing to hide (which is BS, but I digress), then I think we're perfectly entitled to have a view of his or her life for, say, a trial period of 3..6 months to see if this law is indeed a sensible idea. None of this "National Security" crap - they don't know what I do for a living either, nor do they know that of all the other people who get lumbered with yet another government funded stalking setup.
Hell, I think we should make this a permanent requirement for anyone involved in surveillance. After all, we must make sure it's not operated by Jimmy Saville v2, no?
If the entertainment industry can collectively take down file-sharing sites, then the law enforcement agencies should be able to take down those giants that provide terrorists with avenues of secure communications.
Both copyright infringement and terrorist activities are illegal, right?
The filesharing sites were only a service that enabled copyright infringement, the same way that an encrypted communications channel enables terrorism. Both filesharing and encrypted communications aren't always used for nefarious purposes.
If law enforcement agencies want the likes of Google and Apple to stop their efforts at securing communications, then they need to provide proof that those activities directly aid terrorism.
But that would be revealing secrets they don't want known.
These guys in the sigint agencies just don't get it, do they? The sigint agencies arrange a legal procedure to get data from tech companies that is very favorable to the sigint agencies, including secret warrants, gag orders on tech companies receiving warrants, courts where there is not opposing council to fight info requests.
Then, not satisfied with that, the sigint agencies go around those procedures to tap fiber-optic links between countries and tech company datacenters directly. This includes the creation of "in your face" powerpoint presos with little smiley faces pointing out where they are screwing over the tech companies by intercepting all this data.
Then, they penetrate tech companies' offerings at the product level, exploiting insecure applications, unencrypted data streams, and gathering tech company customer information, including passwords. Or the sigint agences maintain catalogs showing devices they have developed to compromise name-brand routers, servers, PCs, mobile devices and mobile voice and data service.
Then, not happy with that, they spoof tech companies' offerings to phish for intelligence targets with things like faked LinkedIn, Yahoo! and Facebook pages, all the while gathering data these intelligence targets think they are sharing through these tech companies' offerings.
Then, the sigint agencies work to actively undermine security at the standard-setting level, so they can better penetrate any applications or data relying on these standards.
The result is that the sigint agencies make the entire tech industry look like fools and stooges. By pointing out, exploiting and actively creating vulnerabilities the sigint agencies are actively damaging the brand equity of these companies that employ millions of people around the world. By spoofing these companies' offerings to get intelligence they undermine user certainty that data they are sharing through tech companies is actually going where the user intends it to. Its bad enough that users have to worry about what the tech companies might do with the data, but at least they can terminate a business relationship, but there is no getting rid of a government agency.
THEN, having done all this to damage the tech industry, the sigint agencies complain that that the tech industry is responding by improving security!!!! You know why that is happening, Mr. GCHQ goon?? BECAUSE YOUR AGENCY AND IT'S FRIENDS ARE DOING FAR MORE DAMAGE TO THE TECH INDUSTRY THAN AL QAEDA/ISIL EVERY COULD!!!!!!!!! This is simply a natural defensive response by the tech industry to a group of government agencies who are actively undermining that industry. You'd do the same thing at the GCHQ if the tech industry was actively damaging your organization, so PLEASE SHUT THE HELL UP with your allegations that the tech industry is coddling terrorists.
This post has been deleted by its author
Is this really a straight play?
It seems to suggest people of TERROR should just use these social media channels to communicate as without Facebook et. al playing a different role they'll go unchallenged.
Surely either that's the case and it seems the bad guys are being given a green light, or it's not the case and this is encouraging them to use a relatively small number of platforms they're capable of eavesdropping.
So you get this big wig who takes over the british spy house, and the first thing he does is bash companies that have finally made the data on our phones unreadable by hackers and governments. Boo Hooo hooo...
What did you do 10-15 years ago before we had smart phones to record everything we did? Go back to doing that you lazy ass. It is called detective work. Become a detective again. Get out there and pound the pavement. Work the streets talking to your sources. Do some real detective work. And quit whining. You do NOT have the right to whats in our phones, no matter what you think to the contrary.
And if you do not believe that you can do your job without spying on the citizens, QUIT! NOW! BEFORE YOU GET PEOPLE KILLED! JUST FLAT QUIT AND GO AWAY! Let someone who can do your job do it.
There is no alternative. Snowden showed us what the Governments around the globe have been doing. Expect EVERYTHING to become encrypted. Soon. Very soon.
The people have spoken. We do not want to be spied on. Especially those of us that are not breaking any laws and have no intention of breaking any. We like our privacy, and expect what we do to remain private. If you cannot accept that, QUIT! NOW! BEFORE YOU GET PEOPLE KILLED! JUST FLAT QUIT AND GO AWAY! Let someone who can do your job do it.
Enough said! GROW UP!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
