If ever the term ‘secret services’ frightened you, stop worrying. Or maybe start worrying. Either way, BUGGER by Adam Curtis will give you a good laugh. It lays bare the fallacy that the spies we employ through our taxes and who spend more time spying on us than anyone else, know what they’re doing. Or are competent enough to do what they think they are doing.
It’s a series of stories about MI5, “and the very strange people who worked there. They are often funny, sometimes rather sad – but always very odd.”
It all started more than 100 years ago when a Franco/Brit called Le Queux wrote a fiction about a German invasion. I’m guessing it didn’t sell too well, because he took it to the Daily Mail. Lord Northcliffe ran the story as “‘The Invasion of 1910′ and it described how the Germans landed in East Anglia and marched on London.”
Thousands of Daily Mail readers wrote in, saying they had seen suspicious people – obviously German spies. Instantly, well rapidly, Britain’s spy service of one man and two assistants morphed into MI5, “created in large part by the dreams of a socially excluded novelist, and the paranoid imaginings of the readers of the Daily Mail.”
In other words, MI5 was born on the back of a lie (probably standing on the backs of four elephants on a turtle – pure comic fantasy). But it has carried on lying ever since. One such lie is the apprehension of a huge German spy ring in 1914. Historian Nicholas Hiley says,
One of the most famous successes of the British Security Service was its great spy round-up of August 1914. The event is still celebrated by MI5, but a careful study of the recently-opened records show it to be a complete fabrication – MI5 created and perpetuated this remarkable lie.
The great spy round-up of August 1914 never took place – as it was a complete fabrication designed to protect MO5(G) from the interference of politicians or bureaucrats.
The claim made next day that all but one had been arrested was false, and its constant repetition by Kell and Holt-Wilson [director and deputy director) was a lie.
And MI5 hasn’t stopped lying. Perhaps the biggest continuing lie is that it catches spies. “The terrible truth,” writes Curtis, “truth that began to dawn in the 1980s was that MI5 – whose job it was to catch spies that threatened Britain – had never by its own devices caught a spy in its entire history.”
There was one spy called Geoffrey Prime. He actually worked for GCHQ and sold secrets to the Russians. And he was caught – not by MI5 or GCHQ, but by the Cheltenham police.
And so it goes on. WMD in Iraq anyone? The whole war on terror, perhaps? It’s certainly true that after the end of the Cold War with Russia, MI5 should have contracted. It didn’t though, because along came the war on terror that forced it, for the sake of national security, to expand and expand and expand.
So why do we need to worry about such ineptitude? It is simply this: MI5 and GCHQ are spying on all of us, and are pressuring the government to give them even greater surveillance powers. The phrase that it and the government always throw out is, “if you haven’t done anything wrong you have nothing to worry about.”
Really? With this lot? It seems to me, on the basis of Adam Curtis’ potted history, if you haven’t done anything wrong you’ve got everything to worry about. It’s only by being a genuine threat that you will avoid the myopic gaze of the British intelligence services.
BUGGER, by Adam Curtis. Go read. Go laugh. Go cry.
Lisa Vaas states that “US customs can and will seize laptops and cellphones, [and] demand passwords”. Her article should be required reading for anyone crossing US borders. She cites an article in Sunday’s Boston Globe which describes the seizure of researcher David House’s laptop, with the authorities apparently looking for House’s connections with Bradley Manning.
Lisa makes it very clear that the American Constitution counts for nothing at the borders, and that the authorities are free to seize and search pretty much at will.
On House’s laptop, that data included contact information for WikiLeaks donors, House’s bank account passwords and family photos, and coding he had done in Mexico, Johnston writes. On other laptops, that data can include not only personal data but trade secrets.
US customs can and will seize laptops and cellphones, demand passwords
There is no mention on whether House’s computer was encrypted. But at the beginning of this year (too late for this incident) the Electronic Frontier Foundation (EFF) urged a single new year resolution: full disk encryption as a matter of course for all computers.
Without encryption, forensic software can easily be used to bypass an account password and read all the files on your computer.
New Year’s Resolution: Full Disk Encryption on Every Computer You Own
Moreover, EFF had already produced a whitepaper specifically on the border seizure problems: Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices. In this paper there is further reference to the House case:
In one instance, ICE held onto David House’s laptop, thumb drive, and digital camera for 49 days. An acquaintance of accused WikiLeaks whistleblower Bradley Manning, Mr. House was returning from Mexico when agents confiscated his electronic equipment. While the Justice Department conceded that it held onto his laptop for longer than thirty days, it explained that “[t]he lack of password access required ICE computer experts to spend additional time on Mr. House’s laptop.” Kevin Poulsen, Feds Defend Seizure of Wikileaks Supporter’s Laptop, Wired Threat Level ( July 28, 2011).
Needless to say, the Wired article gives further details. My assumption is that the US authorities got past House’s access password, but not any encryption on the system.
Either way, the moral of this story is that if you value the privacy of your data and even think about visiting the United States, either don’t, or make sure you use the strongest whole disk encryption you can get.
As if we didn’t already know it, where security is concerned, the user is the flaw. Guido has published the perfect example:
Everyone has to carry around not only their government communications network issued Blackberry phone, but a Blackberry Smart Card Reader too, with another SIM card in it. If the two are separated by more than ten metres or so the Blackberry stops working. So if a pickpocket stole the Blackberry, it would stop working. Carrying two units is a little cumbersome and inconvenient. Unfortunately from a security point of view, the wonks and spinners have taken to just sello-taping the two of them back to back…
Downing Street’s iSpAd Blackberry Security Flaw
That’s our problem, folks.
Talk about the irony!
I was away from the office. Access to the internet was only via T-Mobile. But I was reading a fascinating but frightening blog by the well-known terrorist, James Firth, CEO of the Open Digital Policy Organization. I urge you to do the same: Premier League joins group lobbying for web blocking, proposing confused “voluntary” scheme – overseen by the courts
It describes another typically secretive attempt to persuade government to instigate internet blocking on behalf of rightsholders. The irony? Up pops a little message from T-Mobile: “The website you are trying to access is blocked by Content Lock as it contains content that is unsuitable for under 18s.”
Me? Under 18?
I didn’t ask for this. I certainly didn’t pay for it. I am not under 18. And I don’t use credit cards. So, basically, I’m stuffed by T-Mobile – who, once this subscription runs out, I shall never use again.
But it does show the danger of these ‘voluntary’ blocking schemes, by whomever, for whatever: they will be used for censorship, and there will be nothing we can do about them. So we simply mustn’t allow them.
Empiricism. It is the acceptance of proof based on experience. Empiricism suggests that we should doubt politicians. Empiricism shows that they use fine words followed by foul deeds.
Security is a perfect example. Where security is concerned, the art of politics is to persuade us that what we really want is whatever they give us. Consider Neelie Kroes, Vice President of the European Commission. On Tuesday she met with “a dozen high-flying young Europeans” and subsequently wrote
…we talked about issues of privacy and cyber-security—and how the law should find the right balance. There are clearly risks online—as there are out there in the real world. But if we over-regulate in response to that then we risk losing what is most precious about the internet—its openness and freedom. And so, for me, the best way to tackle security and privacy issues is to inform and empower digital citizens so they are aware of and can deal with those risks, just like they would in the off-line world.
The implication is that the EC is well aware that too much security means too little freedom; and because of that, the EC will strike the right balance. But the right balance is what they tell us it is. And empiricism shows that all governments use security to increase control regardless of civil liberties. ACTA, the Digital Economy Act, net neutrality, HADOPI, RIPA all come to mind. Where is the right balance in any of these?
So let’s not praise fine words until they are backed by fine deeds. And let’s not hold our breaths.
Amit Klein, CTO at Trusteer, has an interesting blog on the incidence of successful phishing:
We recently conducted research into the attack potency and time-to-infection of email phishing attacks. One of our findings was eye-popping, namely, that 50 per cent of phishing victims’ credentials are harvested by cyber criminals within the first 60 minutes of phishing emails being received. Given that a typical phishing campaign takes at least one hour to be identified by IT security vendors, which doesn’t include the time required to take down the phishing Web site, we have dubbed the first 60 minutes of a phishing site’s existence [as] the critical ‘golden hour’.
Trusteer’s solution is for the security industry to recognise and react to phishing campaigns with greater speed:
As an industry, our goal should be to reduce the time it takes for institutions to detect they are being targeted by a phishing attack from hours to within minutes of the first customer attempting to access a rogue phishing page. We also need to establish really quick feeds into browsers and other security tools, so that phishing filters can be updated much more quickly than they are today. This is the only way to swiftly takedown phishing websites, protect customers, and eliminate the golden hour.
But as users, we cannot simply rely on the industry to protect us. That is a dereliction of responsibility when we need to accept more, not less, personal responsibility for our behaviour online. Amit Klein is right – the industry needs to be as effective as possible. But just as the industry needs to block phishers, we as users need to ignore phishers.
There are two primary actions we can take. The first is increased security awareness; and that means continuous staff training. The second is to make it more difficult to be phished, by preventing the automatic running of scripts by our browsers. For example, Firefox users can install the NoScript add-on (see here for an interview with its developer, Giorgio Maone). Non-Firefox users should become Firefox users.
Back in January I wrote: Jobs’ megalomania: the fatal flaw of a tragic hero. I was wrong. Jobs isn’t a pathological egotist suffering from delusions of grandeur – but I’m afraid I can’t think of the term that describes someone who thinks he is God.
His company, an erstwhile hero of mine, Apple, has applied for a patent for which EFF has had to invent a new word: traitorware.
In other words, Apple will know who you are, where you are, and what you are doing and saying and even how fast your heart is beating. In some embodiments of Apple’s “invention,” this information “can be gathered every time the electronic device is turned on, unlocked, or used.” When an “unauthorized use” is detected, Apple can contact a “responsible party.” A “responsible party” may be the device’s owner, it may also be “proper authorities or the police.”
Apple does not explain what it will do with all of this collected information on its users, how long it will maintain this information, how it will use this information, or if it will share this information with other third parties. We know based on long experience that if Apple collects this information, law enforcement will come for it, and may even order Apple to turn it on for reasons other than simply returning a lost phone to its owner.
This patent is downright creepy and invasive…
Steve Jobs Is Watching You: Apple Seeking to Patent Spyware
No matter. Nietzsche has an answer to the fallacy of God. We must stop believing in Apple. Then we will have killed Apple. I think it is time to fall out of love with Apple, and to return to the secularism of open systems.
TechnoLlama has a fascinating and worrying comment on “The open Web vs the closed Internet”. It suggests that ‘the battle for the future of the Internet is taking place right now’, and asks ‘Where do you stand?’.
On the one hand we have the anarchic, chaotic but essentially free (in both spirit and cost) internet we have known so far. But on the other hand we have those who are trying to close it down and own it so that they can charge us to use it: what TechnoLlama calls the ‘Jobsian future’ (Steve Jobs, not JobsWorth, of course). Think of what Jobs is already doing: music for the iconic iPod can only be got from him; apps for the iconic iPhone and iPad can only be bought from him. And where he leads, others will follow.
The Apple Internet is a very different place to that which we know, in this vision of the future your browser will be the least important element of your daily interaction with the Internet. In this future, you will open your mobile device (smart phone or iPad), you will read your daily newspaper through a paid app (The Times, The Guardian, NYT), you will also browse the magazines through an app (Wired, The Economist), then you will read your Twitter feed through TweetDeck, check your email through yet another app, plan your route to work using the Google Maps app, and then get to work and read books with the e-book reader app of your choice. During this process, you will not have touched the browser once.
And don’t expect help from governments. They want a closed internet as much as Jobs does; not so much on commercial grounds as on political control grounds. So it’s time to decide. As TechnoLlama asks: ‘Where do you stand?’ If you stand for an open and free internet, you may need to act now. Whenever there is a choice, choose the open source option: Android or other rather than iPhone; Linux rather than Windows; Firefox rather than IE, Safari or Chrome. In many cases it may simply be ‘anything but Apple’. But don’t let the Jobsian future take root by default.
For some time now we have known that UK ISP Talk Talk has been monitoring its users’ movements across the internet. Instinctively this seems a bad thing – but Talk Talk earned a degree of credit in its principled opposition to the Digital Economy Act. So when the Talk Talk blog reassuringly commented:
You may have read this week about our trial of scanning web pages. It’s certainly created a debate among those who follow our industry and on our Members Forum. It’s a discussion we welcome and I’d like to use this blog to answer questions and get feedback as we progress with the testing.
To provide some context, we’re doing this trial in advance of offering a free opt-in product that will warn customers if their computer or device connected to their home broadband is viewing a page that contains viruses or threats…
then I decided to wait for more information. This has now arrived in the form of a post from the No DPI blog – and No DPI has even greater credit for its unwavering, active and effective opposition to Phorm. No DPI gives a pretty thorough analysis and description (which is worth reading in full) of why Talk Talk’s actions are actually illegal, and concludes:
By covertly stalking their customers, obtaining intellectual property using fraud, obtaining unauthorised access to computers and data, failing to protect retained data securely, failing to seek consent for processing… TalkTalk have committed a series of criminal offences.
If you value the privacy, security, and integrity of your communications… use a trustworthy ISP. Do not use TalkTalk.
If you’re a TalkTalk subscriber or web master with evidence of illegal interception by TalkTalk, you should report them to the police.
If you operate a web site serving internet users in the UK, you should use SSL encryption for all of your communications.
TalkTalk becomes StalkStalk
StopMalvertising has an interesting dissection of some Twitter spam that tries to beat discovery by impersonating a bit.ly URL.
But the thing that really caught my eye was the impersonation of bit.ly. People are so used to see shortened URL’s and bitly everywhere so that the chance of the link being seen as a trusted source, and thus clicked, is highly increased.
There is no bitly involved here, only short URL’s created by bitly.thruhere.net and they redirect to articles on various websites…
Twitter Spam Impersonating bit.ly