The new head of GCHQ is neither a spy by trade nor a hard-hitting political bully — he is a diplomat. Robert Hannigan, selected to replace Sir Iain Lobban, as head of Britain’s spy agency GCHQ comes out of the Foreign Office and is a former adviser to Tony Blair in Northern Ireland.
Ex-colleagues say choice of Foreign Office diplomat as GCHQ chief suggests government is leaving door open to reform
Robert Hannigan: GCHQ director who can balance secrecy and accountability — Guardian
The implication is clear: maybe, just maybe, Cameron has realised the severity of not just public concern and distrust over GCHQ, but the dismay of our European political allies. It will take some serious diplomacy to soothe some very ruffled feathers. It already seems likely the Britain will be excluded from the EU’s Schengen-routing and Schengen-cloud (see here for details); and that would put the country at a severe trade disadvantage in our most important export market.
The Guardian goes on to give an example of Hannigan’s diplomacy:
Hannigan rose from being the head of communications in the Northern Ireland Office to running its political affairs department. At one particularly critical moment in the peace talks in 2007, Hannigan helped overcome an impasse between Sinn Féin’s Gerry Adams and the DUP’s Ian Paisley. The latter wanted an adversarial arrangement with the parties glaring at each other across a table; Adams wanted them sitting side by side, as partners. Hannigan suggested a diamond-shaped table as a compromise.
The best of all possible worlds will be that Hannigan’s brief is to open up GCHQ to some form of public transparency. The greater likelihood, however, is that his brief is to pull the diplomatic wool over everyone’s eyes to allow GCHQ to continue as is.
They claim to be super-patriots, but they would destroy every liberty guaranteed by the Constitution. They demand free enterprise, but are the spokesmen for monopoly and vested interest. Their final objective toward which all their deceit is directed is to capture political power so that, using the power of the state and the power of the market simultaneously, they may keep the common man in eternal subjection.
Vice President Henry Wallace, speaking of American Fascists
Damn. I hadn’t realised that Republicans and Democrats and Tories and Labour were all just synonyms for American Fascists.
This coming week the European Justice and Home Affairs Council (ie, national ministers from the individual national governments) will meet in Brussels. There are several items on the agenda.
Top of the list in a memo released by Viviane Redding is reform of the data protection laws. She says,
I am confident we will be able to build on the momentum injected into the negotiations by the Greek Presidency at the last informal Council meeting in January. Seeing the latest progress, I will continue working with Ministers for an adoption of the data protection reform before the end of this year.
Bottom of the list in a ministerial statement from Theresa May is reform of the data protection laws. She says,
There will be a state of play/orientation debate on the Proposal for a General data Protection Regulation. The UK continues to believe that this proposal is far from ready for a general agreement, and that no such agreement can occur until the text as a whole has been approved. The proposal remains burdensome on both public and private sector organisations and the Government would not want to see inflexible rules on transfers outside the European Economic Area which do not reflect the realities of the modern, interconnected world.
And yes, they really are talking about the same thing. Most of Europe has already agreed the data protection reform proposals; but the UK doesn’t like it and won’t play.
The problem is, providing more protection for our personal information is difficult for the UK. It would upset the three most powerful organizations in the country: GCHQ, Google and Facebook. GCHQ would have its ability to collect our private messages, photos, home videos and internet browsing habits severely curtailed — and of course nobody would want to see that.
Google and Facebook would no longer be able to ship our personal information to servers outside of the UK; that is, the US, from where the NSA/FBI could demand access while declining to allow us to be told (assuming they need to since GCHQ will probably have already intercepted the data via its taps on the fibre cables that run between the two continents and simply handed it en masse to the NSA for storage and safe keeping).
Since these negative arguments would not prove popular to the British public, they are being hidden in spurious and frankly false claims that data protection will cost business. Yes there will be some cost in protecting our data (not nearly as much as the government would like us to believe); but that will be more than compensated by the lower cost of doing business with dozens of different data protection regimes. The net effect of reforming data protection will be greater data protection at a lower overall cost.
But Theresa May doesn’t want us to understand that. She and David Cameron would like us to believe that they are protecting us when they are really just protecting vested interests and actually selling us down the river. They are willing to trade our privacy to keep GCHQ and big American business happy.
The Spectator’s great Coffee House blog announced today:
David Cameron seems to be prepared to speak out on certain subjects that many other politicians avoid. This is very welcome. I think it’s about time he took a dig at the Turner Prize.
Personally, rather than take a pop at the Turner prize, I think Cameron should enter for the Booker prize. His pre-election promises are pure fiction. That story, We shall roll back the database state, is pure unalloyed farce bordering on tragedy.
When I wrote about the Disqus compromise last month, I wrote purely from an infosec viewpoint (What lessons should we learn from the Disqus security breach?). Disqus had been breached by a group called Researchgruppen, which seemed to describe itself as “investigative journalists”. That post received a number of comments, almost unanimously from a political viewpoint. The view presented was of neither a happy nor relaxed society in Sweden. Sweden, it would seem, has been hijacked by the progressives; and God help anyone who dissents.
Typical of the comments to my post is this:
Researchgruppen was, at it has been pointed out, called AFA Documentation up until a few years ago.
The leaders of this far-left intelligence service are known AFA members, previously convicted of political crimes like for example assault with iron rods.
‘AFA’ is a worldwide organization known as Anti-Fascist Action, usually described as militant marxists; and it is almost certain that Researchgruppen, if not affiliated, shares the same views.
It rapidly became clear that Researchgruppen’s Disqus activity was blackhat behaviour and not in any way whitehat security research. Martin Fredriksson, leader of the group, has not (in a comment on this site) denied blackhat (“We focused on swedish hate sites and didn’t really know what to do with the comments from media sources”), but implied whitehat (“Just downloaded it to ‘prove a point’”).
The problem, however, is what has been done with that information. Very soon after the group, in conjunction with the Expressen newspaper, started naming people who had thought they were commenting anonymously via Disqus, one victim had a bomb dropped through his letterbox, and others have resigned or been sacked from their jobs. Their crime, it appears, is to voice non-progressive views on things like immigration, Islam, Israel and all of the other subjects for which there is an official progressive line.
The progressive agenda, incidentally, is defined by what is known as the ‘autonomous Left’, and includes the AFA.
On Friday I received an email, anonymously, from Sweden. The author added, “please keep me as anonymous as you can. In Sweden you can lose your job, be excluded from the unions and lose your benefits for leaking this.” It would seem that he also contacted databreaches.net, which also covered the Disqus breach.
What he said was that there have been around 400 cases of fraudulently obtained credit reports in Sweden recently, and that
Its a huge scandal in Sweden because mainstream media is cover this up. Reason is that they have used research group as “dirty” intelligence to get to swedendemocrats politicians, Sweden third largetst party and critical to Swedish current immigrationspolitic.
I can find no information about these credit reports; but he sounds credible, and that merely supports the assertion of a cover-up. However, he goes further:
It could be connected to one of the biggest breach in Swedish history — hacking the Swedish IRS by the Pirate Bay founder Gottfried Svartholm Warg, who right now is doing time in prison. It is believed that Gottfried got data on every Swedish citizen. And it could have been used in this project.
There is no evidence to substantiate this suggestion. But Martin Fredriksson of Researchgruppen was, with Svartholm, a co-founder of The Pirate Bay in 2003. It is a reasonable assumption that if anyone could get access to the IRS breached data, it would be him.
“You don’t pick up 400 social security numbers from the street just like that in Sweden,” said my contact. His suggestion is that by combining the personal data from the Disqus breach with social security numbers from the IRS breach, AFA affiliates have been able to fraudulently obtain certain credit reports.
No Swedish journalist or newspaper would dare to write about this. They will lose their jobs. Or they will be attacked by AFA and Revolution front. Most mainstream media in Sweden is left wing (83%) and are unofficial supporting these kind of things.
Now, if you think that this is just paranoid ramblings, consider the report Våldsbejakande
extremism i Sverige (Violence-promoting extremism in Sweden). This is a government report prepared by the Swedish Justice Department. It is almost entirely written in Swedish, but has a Summary in English. When you read it, remember that the ‘autonomous movement’ is the ‘autonomous Left’ (you might prefer to think of this as ‘militant marxist’).
the autonomous movement is a threat to some of the fundamental functions of the democratic system. This movement also has the ability to act in a coordinated and systematic manner. Attacks from the autonomous movement occur through illicit influence targeting officials, elected representatives, people who are politically active and other individuals. The autonomous movement therefore also represents a threat to individuals.
This year is a ‘super election year’ in Sweden, when European elections coincide with national elections. There is no better time for the politically-motivated to attempt to influence public opinion. What may be happening in Sweden is an attempt by the autonomous Left to coerce rather than just influence that opinion.
Martin Fredriksson has tweeted: “Mailade den här liraren igår”. I don’t know what ‘liraren’ means, but I assume it is some variation on ‘liar’ – in which case he is saying “[I] emailed this liar yesterday.”
For this reason I post below that complete conversation:
By what source of information do you connect Researchgruppen to AFA?
You write that we were formerly called “AFA Dokumentation”, on what basis?
If it’s not true, please feel free to say so in the comments. Alternatively, you could give me a statement and I’ll add it as an ‘update’.
Would you also care to comment on the suggestion that you might have access to the IRS breach data?
I take it you have no basis of information. The IRS breach? Why do you want to spread around speculations like that without any credible source? I take it you can present some facts to back it up.
I say, “There is no evidence to substantiate this suggestion.”
I am now inviting you to deny it. If you do deny it, I will publish that denial in full. What more do you want?
Interesting publishing policy. You make unfounded speculations, I deny.
This is a blog not a newspaper. It contains my opinions — and speculations.
But you are absolutely free to denounce them if you wish.
I think that answers my original question.
Last week the Daily Mail wrote:
Unless patients object, officials will start to extract confidential data from their files next month.
This is wrong. It’s talking about the UK government’s plans to extract all health records from our GPs and place them into a single central database which it will then sell to drug companies, insurance companies, academics and others. The Mail is wrong because it doesn’t matter whether you object or not. You cannot stop the collection and centralisation of your personal records.
All you can do is tell your GP that you do not wish to be identifiable from those records. You can do this at two levels: firstly, that you do not wish your identity to be associated with the records stored in the database; and secondly that you do not wish your identity to be associated with the records passed on to third parties (whose only possible purpose in buying this data is to increase their profits).
As far as I can gather — and remember that the government simply does not want us to understand what is going on — if requested by the patient, the system will seek to anonymise the data collected, and pseudoanonymise the data sold. How they will do this is not made clear.
Anonymisation is impossible. Big data makes it impossible. Even if every scrap of directly identifying information is removed (and I very much doubt that will happen) there is so much other data about all of us readily available that anyone with a few resources and determination will be able to identify us by collating the different bits. Drug companies and insurance companies have more than a few resources. This is not, as the government will tell us, a slight theoretical possibility, but a practical reality — and an inevitability.
As for pseudoanonymisation, that is a farce. It literally means slight anonymisation that can be reversed — and reversed it will be.
There’s another aspect. At the moment, if the police want our health records they can get them from our GPs with a warrant. They will no longer need a warrant. Backbench Tory MP David Davis asked the government (written question):
To ask the Secretary of State for Health whether any medical data will be extracted by care.data from GP-held records of patients who have objected to the use of their confidential information by others than those providing them with care.
Daniel Poulter, the Parliamentary Under-Secretary of State for Health, responded (written answer):
In terms of information which identifies a patient, NHS England’s “Better information means better care” leaflet sets out how people can ask their GP practice to note their objections, which will prevent confidential, identifiable data about them being used by the care.data programme, other than in a very limited number of exceptional circumstances.
As examples, existing public health legislation may require data to control the spread of specific infectious diseases or the police may require information about an individual patient when investigating serious crime. Decisions are made on a case-by-case basis and must balance legal requirements, the duty of confidentiality owed to the patient and the accepted public interest in a confidential health service, all against any benefits that may arise from the disclosure.
It is important to note that provisions in the Health and Social Care Act 2012 are designed to strengthen and clarify the role of the Health and Social Care Information Centre so that information can be collected, held securely and made readily available to those who need it in safe, de-identified formats, with crucial safeguards in place to protect the confidential data it holds.
The Health and Social Care Act 2012 is clear that
“information which identifies or enables identification of a person must not be published”.
Poulter’s response is as clear as mud. Note that there is no mention of opting out, merely objecting. But note also that the police ‘may require information about an individual patient’. To get to an individual means they must and can bypass all anonymisation and pseudoanonymisation instructions we give to our doctors.
This month, before March when the collection begins, I shall be doing a number of things:
- demand of my GP (in writing) that my records are collected without identifying information
- demand of my GP (in writing) that my records are not sold or given to third parties with any identifying information
- inform my GP that I forbid the uploading of any of my personal data to a central database, and invoke the European Data Protection directive in support
- write to my MP and explain my objections
- sign all and every petition I can find that objects to this government theft of my personal data (here are two: 38 degrees, and Epetitions)
Either we believe that the Snowden leaks are the biggest con in the history of the universe, or we accept that they are true. I know of no-one who has suggested the former – so they should be taken at face value.
The latest leak, published by NBC, is a presentation that discusses GCHQ’s DDoS attack against the anonops IRC channel, and its infiltration of the Anonymous chat rooms by GCHQ agents.
Nobody who has ever spoken to anyone in Anonymous will be surprised by this. Firstly, the group automatically assumes that every second person in the chat rooms is a ‘Fed’; and secondly they have been faced with DDoS attacks (either directly or via government supporters such as Jester) for many years.
So the reality is: no surprise here.
For me, the most worrying element is the response from GCHQ. It said, according to the NBC report:
All of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensure[s] that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All of our operational processes rigorously support this position.
War on Anonymous: British Spies Attacked Hackers, Snowden Docs Show
Think about this. Firstly, GCHQ is saying that its use of DDoS is legal. I doubt if many Brits understand that the law (probably the Terrorism Act and/or RIPA) allows the spy agency to engage in broadbrush DDoS attacks against innocent citizens (not everyone who uses IRC is a criminal!).
Secondly, GCHQ is saying that everything it does is subject to the oversight of the Secretary of State. That the Secretary of State did not stop this DDoS attack means that the Secretary of State sanctioned it.
So what we have is a government and legislation that specifically allows GCHQ to engage in practices against innocent people of unknown nationality with impunity, when members of Anonymous doing similar would be, and are, locked up. The only alternative is that GCHQ is lying – in which case Sir Iain Lobban should be locked up. Either way, it is an unacceptable situation.
When I checked on cyberwarnews.info this morning I got a GoDaddy parking page asking me (and of course all other visitors) if I’d like to buy the domain name.
I asked @Cyber_War_News what had happened, and was told simply, “…is gone and most likely for good.”
A slightly different message subsequently appeared on the site. It confirms that the site has closed, and says that it is very unlikely to return, “but you just never know.” It then explains what happened. It ran a story about the Bell Canada breach and claims it got 70,000 hits in 24 hours. This took it well above the traffic limits of its provider business plan.
It would seem, then, that CyberWarNews.info has been killed off by its own success. Without the financial resources to pay for a successful site, it has closed.
This is very sad for independent news. It is something we are likely to see in increasing numbers in the future. If governments get their way in forcing ISPs to be more proactive in policing the internet, and in storing masses of customer data, ISP prices are likely to increase in order to pay for it. When that happens, there will be more casualties.
The law is a slow and laborious process, not to be attempted by the faint of heart nor weak of pocket. Back in October, having exhausted UK attempts at challenging GCHQ’s mass surveillance and cooperation with the NSA, Big Brother Watch, English PEN, The Open Rights Group and Dr Constanze Kurz lodged a complaint against the UK government with the European Court of Human Rights.
Morally it is a very simple issue: GCHQ (and thereby the UK government) has no right to engage in mass surveillance of telecommunications (the GCHQ Tempora programme), nor share that information with, nor receive surveillance intercepts from, the NSA. Legally it is far more complex.
Three months later, this complaint has passed its first hurdle: the European Court has not rejected the complaint and has moved to the next stage: it has invited the UK government to explain why it should reject it.
A letter to the complainants was sent by the European Court dated 9 January. It provides procedural information, notes that the court decided “to give priority to the application”, and says:
The Government have been requested to submit their observations by 2 May 2014. These will be sent to you in order that you may submit written observations in reply on behalf of the applicants, together with any claim for just satisfaction under Article 41 (cf. Rule 60)…
The Government have been requested to deal with the questions set out in the document appended to this letter…
That appended document provides an excellent overview of the issues at stake, from the complex legal rather than simple moral standpoint. It is well worth reading if you have any interest in or concern over (which we all should) the UK and US mass surveillance of innocent citizens.
It is an important first hurdle. It will take many months to be settled, even if it ever is. But it also, perhaps, throws extra light on the UK government’s increasingly bellicose attitude towards Europe, threatening to revoke the Human Rights Act and even withdraw from the European Union if it doesn’t succeed in renegotiating membership terms to its own liking.