back to article BACK OFF, spooks: UK legal hacking code should be 'resisted at all costs' says lawyer

A proposed "electronic interference" code for spooks will sanction pervasive hacking powers without judicial or parliamentary scrutiny, experts and campaigners have warned. The government slipped out its consultation documents on "equipment interference" and "interception of communications" last month – on the same day the …

  1. Anonymous Coward
    Anonymous Coward

    Will the spooks be surprised ..

    When terrorists run rings round them using handwritten notes, faxes, and postcards ?

    If I were an international terrorist (worthy of the title, not some wannabe jihadist) then my list of things to note would go like this:

    0) all my communications are visible to all

    1) mores stuff here

    2) more here.

    There are many, many ways to communicate secretly, while being eavesdropped at every turn.

    1. Just a geek
      FAIL

      Re: Will the spooks be surprised ..

      Yup, I made that very point not long ago.

      All you need do is spun up a machine at Azure and send people messages through it and thanks to a shared knowledge of code words you can be spied on with no on knowing what you're saying....or forget the computers and have a meet up in the pub.

      If this law goes ahead it'll do three things:

      1. End a lot of business in the UK as other people do business elsewhere, scared that their data is being leaked.

      2. Someone outside the security services will find a way to exploit it

      3. Make a lot of extra work for IT people.

      This will become the Government's own superfish scandal.

    2. Richard Jones 1
      Happy

      Re: Will the spooks be surprised ..

      This reminds me of the First World War story of suspect telegram. The censor being suspicious changed a word in the message, it was something like from dead to deceased or some such. Back came the reply, is XXX dead or deceased!

      1. Pen-y-gors Silver badge

        Re: Will the spooks be surprised ..

        and another (verified) story: soldier's letter was intercepted and appeared to be in code. Sentenced to be shot as a spy. At last minute visiting officer sorted things out - letter was in Welsh!

      2. Anonymous Coward
        Anonymous Coward

        Re: Will the spooks be surprised ..

        (there's also the prob apocryphal story about the Cary Grant telegram - person sends to agent "how old Cary Grant?", Cary Grant sees it himself, rather than his agent seeing it, and replies "Old Cary Grant fine. How you?" - be nice if it's true, but sadly seems it probably didn't happen)

      3. phil dude
        Thumb Up

        Re: Will the spooks be surprised ..

        citation? This would be an interesting read...

        P.

    3. BongoJoe

      Re: Will the spooks be surprised ..

      So it's back to the Personal Notices in The TImes, komrade?

    4. h3

      Re: Will the spooks be surprised ..

      Or one time pad which is still unhackable. (If it is done right).

    5. This post has been deleted by its author

  2. Anonymous Coward
    Anonymous Coward

    Problem: GCHQ

    Solution: Use Ebola ridden catering staff to prepare their meals.......QED!

    1. Titus Technophobe

      Re: Problem: GCHQ

      Ah yes a good plan albeit with one minor flaw.

      1. Anonymous Coward
        Anonymous Coward

        Re: Problem: GCHQ

        They'll just have to work fast...

  3. James 51 Silver badge

    If you have hacked someone's computer or phone then you've effectively bugged them, searched their house and placed a GPS tracker on them with the phone. They're taking the 'on a mobile device' standard to their powers to avoid having to fill in all that pesky paperwork or you know, obey they law on breaking and entering and the computer misuse act. Probably data protection as well.

  4. Anonymous Coward 101

    The Picture

    Is there any explanation for why the picture used in this story is of a gentleman listening to a telephone in the guise of a shoe?

    1. Ben Norris

      Re: The Picture

      Its from a spy comedy show, 'get smart'. The implication being that our spys and their overlords are bumbling idiots.

      1. Tom 35 Silver badge

        Re: The Picture

        So we need to get them a cone of silence.

    2. A Non e-mouse Silver badge

      Re: The Picture

      I thought it was Agent 66 from Get Smart.

      1. channel extended
        Headmaster

        Re: The Picture

        Agent 86. Maxwell Smart Excuse me gotta go.

        1. MrDamage

          Re: The Picture

          > I thought it was Agent 66 from Get Smart.

          >> Agent 86. Maxwell Smart Excuse me gotta go.

          He missed it by -> <- that much.

          1. Mark 85 Silver badge
            Holmes

            Re: The Picture

            Sorry about that chief....Would you believe it is Agent 86. Yes, it's the old Google/Wikipedia trick: http://en.wikipedia.org/wiki/Get_Smart

  5. A Non e-mouse Silver badge

    Oversight & Transparency

    I understand the need for covert intelligence gathering - which could include hacking. But there MUST been clear & transparent oversight of what the spooks are doing. Now I know that transparent oversight and covert intelligence gathering are polar opposites, but something needs to be done to keep the the spooks in check.

    Power corrupts. Absolute power absolutely corrupts.

  6. Adolph Clickbait
    Mushroom

    If you've got nothing to hide....

    they'll give you something...

    1. Marketing Hack Silver badge

      Re: If you've got nothing to hide....

      Or they will keep searching until they find something that you really do have to hide, like hacking your computer and using the microphone to pick up you and your spouse/significant other "doing the deed".

      1. Intractable Potsherd Silver badge

        Re: If you've got nothing to hide....

        "... using the microphone to pick up you and your spouse/significant other "doing the deed"."

        If we could get over the stupid puritan idea that sex is something that is shameful and needs hiding, then society would be a better place, and the spy/police organisations would have to actually look for something that really *is* "bad" behaviour.

        1. earl grey Silver badge
          Joke

          Re: If you've got nothing to hide....

          If it would get my other half to "do the deed", they could put in a whole house of microphones.

  7. Anonymous Coward
    Anonymous Coward

    Hacking....

    Not sure its the right phrase. Interception would be a better description of what they do. Hacking is the act of gaining access. Let face it they already have access all they are doing is intercepting the traffic.

    1. no-one in particular

      Re: Hacking....

      > Hacking is the act of gaining access

      Nah, that is "cracking", see the Jargon File

      http://www.catb.org/jargon/html/C/crack.html

      as opposed to "hacking"

      http://www.catb.org/jargon/html/H/hack.html

      1. Anonymous Coward
        Anonymous Coward

        Re: Hacking....

        Ah, my mistake. Neither really fit. I'm sticking with interception.

      2. Tom 38 Silver badge
        Unhappy

        Re: Hacking....

        Alas, the jargon file is full of our words, but the world does not use our words how we would use them.

        1. Anonymous Coward
          Anonymous Coward

          Re: Hacking....

          then the world must change to suit how I think it should be.

          Sorry, I forgot, I'm not a politician

  8. Anonymous Coward
    Anonymous Coward

    What I find most worrying...

    ...is not the fact they can snoop on everybody without oversight. (That's bad enough, mind you)

    What has me worried even more is that there are, let's say, untrustworthy agents/police men etc out there. What if they used access to a target's computer, which was not signed off by any judge (because it no longer has to) to *plant* evidence?

    We know that the US are fabricating terror plots to keep the machinery growing and well-fed; who is to say that the same couldn't happen in the UK? And uncontrolled access like that would make it damn easy.

    The separation of powers is getting more and more blurry. "In dubio pro reo" no longer applies (especially when a very very remote link to terrorism can be drawn -- intending to buy a flight ticket to the middle east is probably good enough these days).

    I'm truly concerned about the world my daughter will grow up in.

    1. Anonymous Coward
      Anonymous Coward

      Re: What I find most worrying...

      They don't tend to have direct access to the end point. They tend intercept (I'm at it again!) the traffic from ISP's or Phone companies, so they couldn't plant anything.

      1. Anonymous Coward
        Anonymous Coward

        Re: What I find most worrying...

        "[...] so they couldn't plant anything."

        If they can intercept at the ISP then they can do a "Man In The Middle" manipulation of data streams to install trojans etc on a person's devices.

        This gives them a far more powerful surveillance capability as they will be able to retrieve data "in clear" which would otherwise be encrypted on the network. Such data will include logins, passwords, emails, local documents, Skype calls, IM chats etc.

        Surreptitiously activating microphones and cameras on the devices will give access to local conversations etc. Mobile devices will be commanded to spoof power off so as to track locations via towers or GPS.

        1. Joe 48

          Re: What I find most worrying...

          @AC If they can intercept at the ISP then they can do a "Man In The Middle" manipulation of data streams to install trojans etc on a person's devices.

          It doesn't quite work that way. Besides with man in the middle you'd need the encryption keys. Traffic with those services are encrypted at the end point so the ISP can't see inside the data any more than anyone else.

          1. Anonymous Coward
            Anonymous Coward

            Re: What I find most worrying...

            "Besides with man in the middle you'd need the encryption keys."

            El Reg articles have described scenarios where MITM attacks are possible. It is usually not about breaking encryption - but about spoofing certificates. Although there have been suggestions that encryption keys can also be compromised by MITM.

            You only need to inject the malware into an unencrypted page's HTML to attempt to install it on someone's device.

          2. Anonymous Coward
            Anonymous Coward

            Re: What I find most worrying...

            "It doesn't quite work that way." The victim establishes a session with the data harvester using the cert presented by the harvester, issued by a gov owned CA, there are plenty "trusted" CA installed in your super secure windows PC, then they establish a session with the victim's intended destination and look at the unencrypted clear stuff in the middle.

            1. Joe 48

              Re: What I find most worrying...

              That's one thing I'm not sure about. My understanding, and its limited, was that the data was mirrored out the side of the ISP, as such no direct connection is made between the end point and the [insert 5 eyes here], so they can't side load or do much with the traffic bar analysis it.

          3. T. F. M. Reader Silver badge

            Re: What I find most worrying...

            @Joe 48: "with man in the middle you'd need the encryption keys"

            Not really. The keys are generated per session, and exchanged between the parties based on the trust in signed certificates. Suppose you try to connect to Google through your ISP. I am GCHQ and I convince or force or trick the ISP (and maybe a CA or two) to do my bidding. As a result you get a fake certificate over the SSL connection that says I am Google and is verified to a fare-thee-well. You trust the certificate and exchange keys for the session with me, thinking I am Google. I exchange keys with Google who think I am you. The session is encrypted between you and me and between me and Google, but not end to end.

            This does not necessarily mean I can install a trojan on your Linux virtual machine.

          4. Roj Blake Silver badge

            Re: What I find most worrying...

            "It doesn't quite work that way. Besides with man in the middle you'd need the encryption keys."

            You mean like the compromised Gemalto SIM encryption keys?

    2. Lyndon Hills 1

      Re: What I find most worrying...

      there are, let's say, untrustworthy agents/police men etc out there

      Surely not

      What, like those mentioned in this other story in todays El Reg?

    3. Mark 85 Silver badge

      Re: What I find most worrying...

      Oversight would be good.... but... who watches the watchers?

      1. Anonymous Coward
        Happy

        Re: What I find most worrying...

        Me

    4. veti Silver badge

      Re: What I find most worrying...

      I'm sorry to say that all this was also true of the world you grew up in. Police and spooks have been planting evidence on people since, probably, as long as there have been police and spooks.

      And this is why we should insist on fair and open trials, and humane treatment of those who are convicted, no matter what they're convicted of. That's the hill we should be fighting on, here. We can't control the spooks - if we could, they'd be no use to us. But we can protect one another from being destroyed by them.

      If we can be bothered.

      1. Intractable Potsherd Silver badge

        Re: What I find most worrying...

        "And this is why we should insist on fair and open trials, and humane treatment of those who are convicted, no matter what they're convicted of."

        ^^^ This!! Everyone on the "hang 'em high" side of the debate needs this tattooing where they cannot fail to see it several times a day. There are too many people serving time for things that any sensible jury would have thrown out, purely because it serves some political purpose (e.g. claims of "historical sexual abuse" which wouldn't get past intelligent people because the length of time involved means that there is a surfeit of reasonable doubt). The worrying thing is that it is likely to get worse before it gets better, and no-one can say that they won't fall foul of it. The Rawlsian Veil of Ignorance requires that everyone supports a fair justice system and good conditions for prisoners.

  9. Dan 55 Silver badge
    Meh

    I see uk.gov's updating the law to match current practice... again...

    1. Graham Hawkins

      Did you mean:

      I see uk.gov's updating the law to match current _mal_practice... again...

  10. Anonymous Coward
    Anonymous Coward

    Once they have your machine hacked they can start planting evidence on there.

  11. phil dude
    Trollface

    1776...

    just saying...

    P.

  12. arrbee
    Holmes

    So if someone is accused solely on the basis of files found on their computer their defence lawyer can tell the jury there must be "reasonable doubt" since the evidence could have been planted, quite legally, by an 'authorised agency' who are under no obligation to disclose their action to the court ?

    1. Intractable Potsherd Silver badge

      Yes, but juries are made up of ordinary people - you know, the ones that think there is no smoke without fire, especially if the allegation involves child porn. Reasonable doubt wouldn't stand a chance in such a case.

      1. Anonymous Coward
        Anonymous Coward

        "Reasonable doubt wouldn't stand a chance in such a case."

        An acquaintance was prosecuted for such an alleged offence. The judge criticised the quality of the prosecution's evidence - and particularly the unprofessional opinions of their "expert" witness. The jury looked at the allegedly indecent pictures and declared "not guilty". The prosecution's twisted interpretation of the pictures beggared belief. It reinforces the impression that much of the offence is in the mind of people who have become unduly sensitised.

        It is possible that juries look at pictures culled from family albums and think "We have some like that". Unlike people in public the jury is not having to prove they are "not one of them" - although it may depend on the character of the jury foreman in avoiding putting the other members in that position. A secret ballot often produces a more honest result than a show of hands

  13. Marketing Hack Silver badge
    Go

    I encourage EVERY UK CITIZEN here to go to the consultation page url provided

    And let your government know what you think about this.

    I'd do it myself, but I am an American, so my stated opposition would probably be ignored or even used to validate the Home Office's plans--"Well, we got some negative comments, but a lot of them were from overseas hot-heads, so we can ignore the comments"

  14. Chris G Silver badge

    The current Conservative Government

    Must be beyond Blair's wildest dreams as worthy successors to his work.

    I'm just waiting to see where they slip in ID cards before they go.

    Or maybe a chip under the skin but hopefully they will stop short of tatooing one's National Insurance number on the wrist.

  15. scrubber
    Unhappy

    safety first

    Is this shit keeping us safe? And even if it is, is it a price worth paying?

    In a democracy we should be able to ask these questions and get honest answers. Unfortunately the consent of the governed isn't required anymore.

  16. Champ

    Who is representing the anti-Spook vote?

    There's an election in a few weeks.

    The vast majority of Reg Commentards seem to regularly reject increased and uncontrolled interception of our comms by the state. This implies that there is an anti-Spook vote out there.

    But has anyone heard from anyone seeking election who represents this point of view? I haven't. Everyone seeking office seems to think that increased state powers are necessary.

    If someone, anyone, came out representing my point of view (no state interception of my comms) then I'd vote for them tomorrow. Well, on 7th May.

    1. Roj Blake Silver badge

      Re: Who is representing the anti-Spook vote?

      The Greens are the closest to what you want.

      The Lib Dems have also acted as a brake on the the worst of the Tories' ideas.

  17. Anonymous Coward
    Meh

    A thought

    there is a problem in govenment in that whenever they perceive a problem the knee-jerk decision is that they need more powers/laws to deal with it; when if they actually knew the law they would know such things already exist. But then, they couldn't show they had done anything could they?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019