back to article How British spies really spy: Information that didn't come from Snowden

David Anderson QC’s review of Britain’s anti-terrorism laws, published earlier this month, has mostly been examined for its potential impact on the government’s plans for a new act of Parliament on surveillance, known as the Snooper’s Charter to opponents. He made extensive recommendations as to what should be in the …

  1. Anonymous Coward
    Anonymous Coward

    OK, let me get this straight..

    However, a Briton communicating with an overseas data centre, such as a Google search or a Twitter tweet, is seen as carrying out an external communication as the ‘recipient’ is the overseas server.

    Do this translate as "every company and user that uses Gmail (being in the US) thus makes their traffic legally accessible to GCHQ"? Wow.

    1. Dan 55 Silver badge

      Re: OK, let me get this straight..

      What I understood from the article is that they're saying that logging onto Google.co.uk and searching is considered external yet logging onto gmail.com and sending an email to another British resident is considered internal.

      Either something's wrong with the assurances or they use the definition which is most convenient at the time.

    2. Anonymous Coward
      Anonymous Coward

      Re: OK, let me get this straight..

      "every company and user that uses Gmail (being in the US) thus makes their traffic legally accessible to GCHQ"

      And probably the NSA. Then again, any company that uses an external mail service like gmail for business purposes needs its collective head examining. If I were to send any internal mail via such a service I'd face disciplinary action.

      1. Martin Summers Silver badge

        Re: OK, let me get this straight..

        "any company that uses an external mail service like gmail for business purposes needs its collective head examining."

        Have you not heard of Google Apps for business?

        1. Charles Manning

          Re: OK, let me get this straight..

          You're getting down votes because suggesting people might consider Google Apps threatens the BOFHs.

          BOFHs think every small company should have their own IT department because that will keep them in gravy.

          For anyone that thinks having your own BOFH will lead to better security of your company just remember this:

          Snowden was a BOFH and that didn't work out so well for his employer's data security.

          1. laird cummings

            RE: Snowden as BOFH...

            Snowden was more of a PFY. Or maybe a B*User*FH.

          2. Doctor Syntax Silver badge
            Devil

            Re: OK, let me get this straight..

            "For anyone that thinks having your own BOFH will lead to better security of your company just remember this:

            Snowden was a BOFH and that didn't work out so well for his employer's data security."

            Nevertheless, better the BOFH you know....

      2. Anonymous Coward
        Anonymous Coward

        Re: OK, let me get this straight..

        Then again, any company that uses an external mail service like gmail for business purposes needs its collective head examining. If I were to send any internal mail via such a service I'd face disciplinary action.

        Ah, here is a question you should ask the Information Commissioner's Office:

        "If I use Gmail for my business, and I receive an email from someone, am I not exporting that email and possible sensitive details to a third party outside EU privacy measures without the sender's permission? Is that legal?"

        I asked this question in 3 different countries, including the OK, and the answer was that it was indeed in principle illegal. I would personally add that it is also a damn shoddy way to treat the privacy of your customers, but I was mainly focusing on something that a lawyer could potentially get his teeth into, and it appears it is possible.

        Having said that, I can't even begin to enumerate the companies that are allegedly selling you security but use Google resources (including Gmail), thus proving they haven't got a f*cking clue what they are doing. Security is not only a process, it is also a chain with an astonishing number of weak links to take care of.

        1. chris 17 Bronze badge

          Re: OK, let me get this straight..

          someone better let HMRC know they face a potential sueball then

          http://www.channelregister.co.uk/2015/06/05/hmrc_is_going_google/

          1. Afernie

            Re: OK, let me get this straight..

            It's not illegal to use the services of a US-based provider to store EU customer data as long as that company is certified under the EU-US Safe Harbour agreement. Which Google is. So no, they're not facing a sueball.

            1. Anonymous Coward
              Anonymous Coward

              Re: OK, let me get this straight..

              as long as that company is certified under the EU-US Safe Harbour agreement.

              Ah, but this excuse is what's very much under threat at present.

              First off, it IS an excuse - self certification is a joke. Secondly, thanks to Snowden we know the real state of play which leads us to: thirdly, Safe Harbor is under review, exactly because those US "guarantees" emerged to amount to f*ck all when US government departments want data. This is why the likes of the ICO will not publish an opinion - its at present a political minefield. But if you call them directly with the question as stated you will get an answer that ought to worry the cr*p out of your company lawyers - it is what I actually did.

              1. Anonymous Coward
                Anonymous Coward

                Re: OK, let me get this straight..

                "But if you call them directly with the question as stated you will get an answer that ought to worry the cr*p out of your company lawyers"

                Our organisation outsourced to MS - specifically because their servers are inside the EU.

                Google refused to warrant server locations and the lawyers made it absolutely clear that this ruled them out because the safe-harbour agreement was already proven to be shite.

                Most IT staff opposed outsourcing, but the orders came from on high that "it shall be done". The org spent more than £5million migrating all the internal mail systems to be able to move to Outlook's "free" service and ISD has been officially prohibited from having an exit plan in case it goes titsup.

                Anon for obvious reasons.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: OK, let me get this straight..

                  (responding to two separate posts)

                  Our organisation outsourced to MS - specifically because their servers are inside the EU.

                  Ah, but you're now hitting issue no 2: legal leverage. If you use services from a company with a US HQ, than the US deems your data to be within reach - that's what the whole fight with Ireland is about AFAIK that still hasn't settled, because US law says it can, and MS knows full well that all hell will break loose when that is finally confirmed with no further route of escalation (because it's a simple, straightforward application of law with very little room for creative re-interpretation). That's also why that one gets so many amicus briefings: it is legally flat out impossible for *ANY* US based service provider to protect your privacy to EU requirements, and they really, REALLY don't want that to be displayed and simplified by case law. I give this at best another year.

                  What you're saying is that your management values cost cutting over the privacy of its customers. Fair enough, that's a business decision that may work as long as you're honest about it with your customers, and not try to hide it like VirginMedia was pretending it wasn't simply relabelling Gmail, and it's still a shade better than MessageLabs who pretend to be all EU, but usually have the same US based host in the backup MX records at IP address 216.82.251.230. It's camouflaged from casual discovery, but not hard to discover for anyone familiar with how email works and access to a Linux, BSD or OSX command line.

                  _ALL_ email is the equivalent of being written on a postcard, even if the client-server and server-server transactions are encrypted (which is increasingly the norm now but rare 15 years ago)

                  This was drummed into everybody using the Internet 25+ years ago. It's only since the telco-based 900-pound gorilla ISPs moved in and started marketing everything as "easy" that this truism has been forgotten.

                  First of all, if you can guarantee an encrypted transfer path you don't have cleartext - this is where most email falls down because a sender normally doesn't have control over the MTA-to-MTA part of the process.

                  The only way to ensure privacy is to encrypt your messages _before_ sending them and keep them encrypted. Decryption is for display, not storage.

                  That has problems too because you're still disclosing meta data. Secondly, I have yet to see a key handling system that was user friendly and doesn't involve someone spending the entire days handling certs, key generation etc. *That's* why stuff like PGP didn't take off.

              2. Afernie

                Re: OK, let me get this straight..

                "First off, it IS an excuse - self certification is a joke. Secondly, thanks to Snowden we know the real state of play which leads us to: thirdly, Safe Harbor is under review, exactly because those US "guarantees" emerged to amount to f*ck all when US government departments want data. "

                I don't disagree on any of those points - but under review or not HMRC can (and I'm sure will, successfully) use it as a fig leaf in the face of questions over Data Protection.

            2. Doctor Syntax Silver badge

              Re: OK, let me get this straight..

              "It's not illegal to use the services of a US-based provider to store EU customer data as long as that company is certified under the EU-US Safe Harbour agreement."

              Nor is it illegal to brew your tea in a chocolate teapot.

      3. Afernie

        Re: OK, let me get this straight..

        "Then again, any company that uses an external mail service like gmail for business purposes needs its collective head examining."

        This again. Blue chip companies use external couriers contracted as internal mail/package carriers between their branches every day. Does the fact that the data carried is not in the form of 0's and 1's somehow make those same courier companies who leave your parcel in your dustbin and forget to leave a card more trustworthy than a cloud provider? It's one of the more ridiculous assertions I hear with regularity - the Internet is an interconnected network. You take a security risk by connecting to it, and using any managed service, be it routing, DNS, managed VPN, mail, etc - so get over it and mitigate as much as possible with good practices and common sense, just as with on-premises systems.

        Given the budget of the average IT department, I know who has the resources to provide comparatively better security and uptime, and that's the Cloud Provider taking advantage of economies of scale.

        1. Anonymous Coward
          Anonymous Coward

          Re: OK, let me get this straight..

          As long as your internal department doesn't use Microsoft Exchange, of course - some actually pay licenses for this unnecessary spyware!

        2. Alan Brown Silver badge

          Re: OK, let me get this straight..

          _ALL_ email is the equivalent of being written on a postcard, even if the client-server and server-server transactions are encrypted (which is increasingly the norm now but rare 15 years ago)

          This was drummed into everybody using the Internet 25+ years ago. It's only since the telco-based 900-pound gorilla ISPs moved in and started marketing everything as "easy" that this truism has been forgotten.

          The only way to ensure privacy is to encrypt your messages _before_ sending them and keep them encrypted. Decryption is for display, not storage.

    3. John Smith 19 Gold badge
      Unhappy

      Re: OK, let me get this straight..

      "Do this translate as "every company and user that uses Gmail (being in the US) thus makes their traffic legally accessible to GCHQ"? Wow."

      Overseas (IE US) --> fair game.

    4. DougS Silver badge

      It's irrelevant

      For truly Brit to Brit communication, GCHQ probably has the NSA do the spying for them. The law may say they can't snoop on Brit to Brit communication without a warrant, but I'll bet it doesn't say they can't give someone else access to the firehose of data.

    5. Tromos
      Joke

      Re: OK, let me get this straight..

      And there was me, thinking that my Google searches were private and secret.

  2. Roo
    Windows

    "it provided visibility of 96 cyber-attack campaigns – and is the only way to obtain information to develop effective responses"

    Out of all the justifications given for mass surveillance that one makes the most sense. Sounds like the report is worth a read, thanks for the write up Reg.

    It's a pity this report didn't happen *before* Snowdon told us what was going on, and the hacks and technotard PPE grads spent every possible moment talking down to the citizens - who are on the sharp end of policemen beating them to death or plain clothes officers shooting them at point blank on tube trains.

    1. veti Silver badge
      Black Helicopters

      96 "cyber-attack campaigns" - in two weeks...

      ... is the sort of figure that makes me wonder, what exactly constitutes a "cyber-attack campaign"?

      I mean - sure, some of them are probably really dangerous. Some of them probably involve theft of personal or financial data. But how many of them involve DOSsing a web server for a couple of days, or defacing the website of a company that's incurred the displeasure of some script kiddiez? Can we see the (anonymised) threat assessments of these "96 cyber-attack campaigns"?

  3. Pascal Monett Silver badge

    Why are they not more often in the news ?

    Apparently this mass surveillance has stopped potential terrorists, kiddie fiddlers and more. Why has that not been trumpeted in the news ? Why do they not tell us that this tool is producing these results ?

    With regular news alerts like these, people would be more aware that this surveillance is producing acceptable results. Whether you are for or against, this seems like a miss in PR.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why are they not more often in the news ?

      Personally I take any PR claims with a pinch of salt. Politicians and other vested interests tend to be slack on definitions when they make claims. Too often they have conflated a few serious cases with a large filling of marginal or even "mission creep" cases.

      Even in the serious cases it often appears that interception was not instrumental in discovering something - but merely in following up a lead from old-fashioned intelligence sources.

    2. Dan 55 Silver badge

      Re: Why are they not more often in the news ?

      Well they can't because they won't use the evidence they collect in court. Apparently people might realise that they can tap phones.

    3. sysconfig

      Re: Why are they not more often in the news ?

      "Why do they not tell us that this tool is producing these results ?"

      Because they were busy with the different stages of:-

      - denying its existence

      - legalising it retrospectively

      - handing out D-notices on the way so that the media doesn't spread too much criticism

      And: Once they tout it as being hugely successful, people will -rightly- ask how exactly it helped. Especially at the moment, where we are very sceptical about anything the government and GCHQ say about surveillance.

      They will surely be in the process of preparing a nice PR campaign, cherry pick some cases which they can disclose more details about, and wait for the right time to seed it to the media.

    4. alain williams Silver badge

      Re: Why are they not more often in the news ?

      If you listen carefully when Theresa May (or similar) is trying to convince us that this surveillance is effective they say something like ''had found xx suspects'' - translation: ''our monitors went ping over xx people who we shall investigate''. They do NOT say how many people have been convicted (or the ping found to be true) as a result of Internet surveillance, presumably because this would be much less than xx and so less persuasive that letting snooping continue is a good idea.

      Any experienced politician or press facing civil servant knows how to present numbers deceptively.

      1. Peter Simpson 1
        Happy

        Re: Why are they not more often in the news ?

        ''our monitors went ping over xx people who we shall investigate''.

        You're saying they have the machine that goes "ping"?

        It's very expensive.

        1. Bloakey1

          Re: Why are they not more often in the news ?

          "You're saying they have the machine that goes "ping"?

          It's very expensive."

          That does not have to be the case, "You see, we lease this back from the company we sold it to and that way it comes under the monthly current budget and not the capital account."

          See, job done innit.

    5. TeeCee Gold badge
      Facepalm

      Re: Why are they not more often in the news ?

      Why has that not been trumpeted in the news ?

      Presumably in an attempt to prevent happening exactly what has happened now World+Dog knows it's going on.

      All the scrotes moving to using secure / encrypted comms as a matter of course.

    6. Anonymous Coward
      Anonymous Coward

      Re: Why are they not more often in the news ?

      Because it's not more effective than good old fieldwork and (landline) wiretapping, but costs much much more.

    7. tom dial Silver badge

      Re: Why are they not more often in the news ?

      The arrests probably were in the news, along with arrests for a variety of offences where the police did not use intercepted electronic communication as part of the basis. It would be rare that communication interception brought an arrest, and a bit rarer still that it would be attributed to GCHQ surveillance given their known inclination to remain in the background.

      The NSA were said plausibly to have passed information from intercepts to the US DEA and were criticised severely despite the likelihood that both the intercepts and their transmittal to DEA were of a kind authorized explicitly in the US Code.

  4. Simon Harris Silver badge

    "many hours in Cheltenham are spent filling out forms."

    Sounds like nothing's changed since the days of Harry Palmer.

    1. laird cummings

      Re: "many hours in Cheltenham are spent filling out forms."

      For every James Bond, there are thousands of Bob Cratchits slaving away...

  5. Forget It

    How come there isn't yet

    European GCHQ-thingie?

    That way they could only legally spy on communications

    with one receiver/sender outside of the EU.

    1. LucreLout Silver badge

      How come there isn't yet European GCHQ-thingie?

      Mostly because the Europe isn't a country, and countries have always and will always spy on each other.

      That way they could only legally spy on communications with one receiver/sender outside of the EU.

      Rather less effective than what we have now then. If we didn't spy on the French, we'd have to wait until they raised the white flag to determine they were fighting a battle.

    2. Anonymous Coward
      Anonymous Coward

      "European GCHQ-thingie"

      Sorry I'm a bit late.

      If you've not heard of and read about Echelon in the last decade and a half, now might be a good time to catch up.

      Here's one place you might start:

      http://www.theregister.co.uk/2001/09/14/this_is_how_we_know/ (Echelon exists)

  6. Nigel 11

    Keep on spying illegally?

    My view is that we should continue to oppose any changes to the law that make it legal to conduct surveillance on a greater scale. Once surveillance is legalized, it will be used by those in power against the people who were supposed to be protected.

    On the other hand, I'm more relaxed with GCHQ etc. breaking the law on surveillance in order to keep us safe from serious evil-doers. That's how it always worked in the past. The intelligence agencies operate in a very grey zone where the secret breaking of small laws is justified by the seriousness of the illegality being contemplated by those they are supposed to be spying on. The fact that they are operating outside the law means that they can be stamped on by the courts if they start acting outside their remit. Which in turn means they will tell the police what they know about a terror group planning to blow up a shopping centre, but not what they have (hopefully accidentally) learned about a non-violent protest group planning to dump a ton of manure outside some errant council's offices, or a million other almost-harmless illegalities that reach their ears.

    1. LucreLout Silver badge

      Re: Keep on spying illegally?

      @Nigel

      Once surveillance is legalized, it will be used by those in power against the people who were supposed to be protected.

      Once anything is legalized, it will be used by those in power against the people.

      Looking through history, we had income taxes brought in to fund a war with France, and now target all workers. We brought in a top rate to target the rich, which has been dropped so far that it targets mostly non-rich people now. Then we brought in a super tax to go after the rich again, and it is only a matter of time before that ends up being paid mostly by non-rich people too.

      We brought in speed limits to curb those with supercars from using them flat out on public roads. We set it at the top speed for a typical family car of the day. Then failed to move it upwards with technology and engineering advances, such that it now curbs every car on the road significantly. As the limit was routinely ignored, it became a target for taxes via cameras. Only, cameras don't mostly catch loadsamoney spanking his Fezza up and down the M1, they catch old Mrs Miggins pottering to the shops for some milk & cheese.

      The existing snooping laws that were supposed to be used to catch terrorists ended up being used by local council jobsworths to terrorise dog walkers and parents trying to game the school admissions roulette. I'm not suggesting these people be given a free pass, only that we shouldn't be targetting them as though they were terrorists.

      These things are always brought in to catch someone else, with reassurances that they won't target or affect the population at large, and yet..... and yet they always end up doing so. Sunset clauses renewable only by referrendum every 5 or 10 years can help here, as it allows people to reflect on how the law is being used and whether they wish it to continue.

      1. Anonymous Coward
        Anonymous Coward

        Re: Once anything is legalized, it will be used by those in power against the people.

        Wait, now I'm confused - should people keep campaigning for the legalization of cannabis or not? :-)

        1. Spanners Silver badge
          Black Helicopters

          Re: Once anything is legalized, it will be used by those in power against the people.

          If people are enjoying a pleasant spliff, they are more suggestible.

          It is surprising that our owners have not thought of this.

    2. Roo
      Windows

      Re: Keep on spying illegally?

      "The fact that they are operating outside the law means that they can be stamped on by the courts if they start acting outside their remit."

      I can't find any evidence that the courts *can* stamp on them for spying on people. The courts have stamped on GCHQ whistle blowers who highlighted illegal activity and Alan Turing who was being illegally gay. The courts also totally failed to stamp on Kim Philby, who was actively protected by the outfit he worked for - and look how badly that turned out.

      There is a balance to be struck, but being able to do what the hell they like without proper oversight hasn't worked well before and there's no reason to expect it to work any better going forward. For that reason I would rather they were able to operate lawfully under proper supervision, and new legislation will be necessary to as the world changes so I don't think it's a great idea to resist it for the sake of it.

      On the other hand (D)RIPA is --ing awful and not fit to wipe my arse on. The thing I fear most is a Britain that can't adapt to change because the laws are so restrictive an the surveillance so pervasive, and accountability so weak that any necessary change is strangled. There are signs that we are beyond the point of no-return already.

  7. Amorous Cowherder

    A bit dull

    "This, along with many other sections of Anderson’s report, suggest that many hours in Cheltenham are spent filling out forms."

    Yes, well no surprises there!

    I used to work with a guy who'd worked for "security services" in a clerical position ( which we took to mean MI5 ro MI6 ). While he was obviously guarded about what he did ( "Official secrets act, you know old boy!" ) he did tell us little snippets of info and I have to say it sounded like the most boring job in the world! Lots of form filling and rubber stamping of requests, writing reports for section heads and cross checking accounts were balanced. All the usual stuff that every business has to do.

  8. Anonymous Coward
    Anonymous Coward

    Bang for buck?

    Given the billions spent on this, it's not showing much benefit is it?

    I'd feel a lot safer if we spent this monitoring the specific threats in this country, rather than harvesting everyone's data and hoping an algorithm gets lucky.

    1. Valeyard

      Re: Bang for buck?

      I'd feel safer if instead of spying on us they took the same money and shored up our cyber defences to stop other people from spying on us

  9. John Smith 19 Gold badge
    Gimp

    "capacity to intercept the data travelling through a small percentage of the 100,000 bearer"

    Of course we'd like to do more but we're just so constranined by resources.

    Signed

    GCHQ Management.

  10. Graham Cobb

    Stop abusing statistics

    "GCHQ values bulk interception highly. It told Anderson that it contributes to about 55 per cent of its intelligence reports and is used mainly to find patterns in online communications that indicate involvement in threats to national security, in particular for “target discovery” – finding previously unknown people"

    Sounds impressive, doesn't it? But it is meaningless in the debate. As we have discovered from police abuse of RIPA data collection, once they have an easy tool, the lazy will use it all the time. Now just about every police investigation starts by pulling all the telecoms data on everyone involved -- showing massive stats for use of telecoms data -- but without any information at all on whether this gross violation of privacy was critical for the case! Of course the bulk interception data is used in most reports (I am surprised it is only 55%) -- if you have the data why not make your life easier by abusing it for purposes for which it was not collected and which are not proportionate?

    In fact, if bulk interception data is used in 55% of reports then the collection is clearly nowhere near proportionate -- proportionate collection would result in data that was useful in fewer than 2% of reports!

    The question Anderson should have asked GCHQ was "how many of the 'targets discovered' were later found not to be relevant at all?" And then reduce the answer he gets by a large factor to account for the inevitable authoritarian over-grading of targets (like including legitimate protesters who do nothing wrong and should not be being tracked or targetted).

    1. ian 22

      Re: Stop abusing statistics

      Sounds much like Captain "Round up the usual suspects" Renault in the movie Casablanca. And as corrupt.

  11. Anonymous Coward
    Anonymous Coward

    In simple terms

    GCHQ can't data mine the UK

    NSA can't data mine the US

    So they data share and do it for each other problem solved, laws averted.

    I have nothing to hide and nowhere to hide it anymore. I think I'll check in 10 years and see if there are no more pedoterrorists due to this protection we so dearly need.

  12. Anonymous Coward
    Anonymous Coward

    David Anderson

    I'm inclined to believe Anderson - I know someone in his Chambers - but he is not, obviously, a techie and we don't know how cunningly he may have been fed disinformation. I've heard horrifying stories in the past of cover ups when the inspectors (or the brass) came round, and they remind me of Hutber's theorem - there are more bad guys and they are more motivated to prevail.

    Personally I have nothing to hide, so if they waste time on me that's their affair. If a spook gets off on emails about charity funding good luck to them. But then I'm white, middle class and I know lawyers.

    1. Doctor Syntax Silver badge

      Re: David Anderson

      "Personally I have nothing to hide"

      No online banking? No Ebay, Paypal, Amazon etc. accounts that you have to log onto?

    2. Dan 10

      Re: David Anderson

      *You* think you've nothing to hide.

      Or, as per my conversation with a colleague:

      Me: "Do you mind me knowing you're Jewish?"

      Him: "No"

      Me: "Ok, it's 1939, we live in Germany and I just joined a far-right political group, now do you mind me knowing you're Jewish?"

      Him: "Err"

      The point is, he hadn't done anything different, or "wrong" - it was the watcher - a hypothetical me - that was dodgy.

  13. Anonymous Coward
    Anonymous Coward

    "capacity to intercept the data travelling through a small percentage of the 100,000 bearer"

    That statement means nothing by itself. If I have 99,999 home broadband connections and 1 OC-192, I only need to intercept a well chosen 0.001% to get a shedload of traffic.

  14. scrubber
    Black Helicopters

    If you've done nothing wrong ... you have everything to fear.

    "it provided visibility of 96 cyber-attack campaigns"

    Note: not stopped just provided visibility with no mention of before, during, or after.

    “not in the slightest doubt that bulk interception, as it currently practiced, has a valuable role to play in protecting national security.”

    Well, indeed, but so does rounding up all <insert current fear group> - it doesn't mean we need to, or should, do it.

    "These include the detection and conviction of a UK-based airline worker who planned to use airport access to launch an al-Qaeda attack"

    Who would have been uncovered by traditional means, no need to spy on 64,999,999 innocent people's communications.

    "a group who travelled to Pakistan for terrorism training, who were arrested and given lengthy sentences under the Terrorism Act"

    Who had done nothing wrong! Preventative justice. And surely you knew they'd travelled to Pakistan without spying on everyone else. And since you knew they'd gone to meet some bad people, you were already spying on the bad people so had absolutely no need to spy on the rest of us.

    "the finding of two men overseas who had blackmailed children into exposing themselves online, who were subsequently arrested and jailed in their home country"

    As nice as this anecdote is, it's not really in the remit of GCHQ, or a good reason to spy on the British people. And if these perps were British then you have said they wouldn't have been caught because that's internal communications. But, hey, why not throw "won't someone think of the children" into the mix?

    1. Flat Phillip

      Re: If you've done nothing wrong ... you have everything to fear.

      Actually the 96 cyber-attack thing sounds good at first, but depending what it is could be meaningless.

      You'd expect someone such as Arbor or other DDoS mitigation company would have detected far more than 96. One security vendor (yes I know they have a drive to increase the number) is saying there were 25,000 attacks today.

      Even if they discovered 96 attacks a day, I don't think 0.4% is that impressive for me to have my privacy routinely invaded.

  15. Graham Marsden
    Big Brother

    “target discovery” – finding previously unknown people

    In other words: Treating everyone as a suspect...

    1. Anonymous Coward
      Anonymous Coward

      Re: “target discovery” – finding previously unknown people

      In other words: Treating everyone as a suspect.."

      In other words: Treating everyone as guilty...

      FTFY

      1. Jack of Shadows Silver badge

        Re: “target discovery” – finding previously unknown people

        In other words: Treating everyone as guilty...

        But I am guilty of committing several felonies a day. Heck, I just finished committing another a few minutes ago. If anything, I'm on sure ground to total a seriously long list from waking to sleep. BTW, I've always wondered how "ignorance of the law is no defense" when even any/all of the actors in the criminal justice system don't know it all either, but heck it's a sure way to entrap someone when required. Thus giving the whip hand to Them.

    2. YetAnotherLocksmith

      "In other words: Treating everyone as a suspect..."

      "For too long, we have been a passively tolerant society, saying to our citizens: as long as you obey the law, we will leave you alone."

      David "Fuckwit" Cameron, turning the law on it's head, May 2015

      http://i100.independent.co.uk/article/this-is-the-creepiest-thing-david-cameron-has-ever-said--e1q_01xlZZ

  16. vikihey

    To monitor or not to monitor, that's a question. The article show me that Britain’s anti-terrorism law maybe a kind of protection to the citizens, as internet monitoring is legal practices for the country's part. It's for the country's security. But monitoring spy app like Micro Keylogger is forbidded when using without others' permission, it all depends on person.

  17. url

    Anybody fancy going on a fishing expedition?

    Type your comment here -

  18. Stork Bronze badge

    James Bond Clause

    I wondered about this one - would not Mr. GCHQ be in constant risk of arrest whenever he left Her Majesty's realm? I mean, unauthorised access to computer systems is illegal in most places, and I would imagine e.g. the Belgian authorities being a bit miffed about the Belgacom story.

    Or is this a "go ahead, punk - make my day!" (coz I got loads of interesting stuff to leak about you).

  19. Anonymous Coward
    Anonymous Coward

    Bulk Surveillance...

    ...just say no.

  20. Alan Brown Silver badge

    The vast majority of "spying"

    Successful spying that is, not this mass hoovering of data.

    Comes from perusing _all_ available newspapers (including the freebies) making notes and seeing what is and isn't reported. Crosschecking that comes up with a lot of useful data.

    It's human intensive, intensely boring, but gets results.

  21. Dan 10

    Bypass the watcher?

    So mail comms are collected if the sender or receiver is overseas. If you wanted to talk to some ne'er-do-well overseas about nefarious stuff, that sounds like something you could bypass.

    You (baddie 1) write message in UK and commit to disk

    Replicate stored data via block-level replication to overseas data source

    Baddie 2 looks at replication target disk on the other end, reads message, replies and commits to disk for replication in the other direction.

    What's the chances that an encrypted block-level disk repl would be intercepted, read, and the deltas from multiple replications compiled into a legible text string? From the resource constraints and bureaucracy evident here, I wouldn't expect so.

    I expect there's a bunch of other ways to do it too.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019