Embed Size (px)
Citation preview
Civil liberties and security - are they in balance?
in association with
ARE WE BEING WATCHED?
01 Dont spy on us cover.indd 15 23/09/2014 12:12:08
FACTS & FIGURES
Worried about whether surveillance is happening? According to the evidence, it’s too late to be concerned – it’s been going on for some time, as these examples illustrate.
Need to know
GR
APH
ICS:
SH
UT
TE
RST
OC
K. D
ESI
GN
BY
LE
ON
PA
RK
S
EdgehillA GCHQ programme used to decrypt information and to gain access to Gmail servers.l Operational since 2012l GCHQ hopes to have cracked codes used by 15 major internet companies and
300 VPNs by 2015
http://www.theguardian.com/world/2013/sep/05/ nsa-gchq-encryption-codes-security
QuantumTheoryThis is an attack vector that injects packets into target computers to launch Computer Network Attacks (CNA) and Computer Network Defence (CND)l GCHQ has used QuantumTheory to gain access to Gmail, AOL, Yandex (Russian web browser), Twitter, YouTube and other sites
http://www.spiegel.de/fotostrecke/photo-gallery- how-the-nsa-infiltrates-computers-fotostrecke-105339-13.html
World of Warcraft spyingl GCHQ uses World of Warcraft to spy on gamers, who, according to the agency’s documents, amount to over ten million usersl NSA documents say GCHQ has developed exploitation modules for Xbox Live (48 million-plus players) and World of Warcraft. Had the ability to start producing reports beginning in April 2008
https://www.eff.org/files/2013/12/09/20131209-nyt-nsa_games.pdf
Nosey Smurf, Dreamy Smurf, Tracker Smurf
Series of programmes used to exploit smartphone apps and to collect a “target’s” information. Developed jointly by GCHQ and the NSA; operational at least since 2010.l Nosey: turns the phone’s microphone onl Tracker: high-precision geolocationl Dreamy: power managementl Paranoid: hides presence of spyware
l GCHQ can download data from users of Angry Birds (reported to be roughly 1.7 billion users)
http://www.spiegel.de/fotostrecke/photo-gallery-how-the-nsa-infiltrates- computers-fotostrecke-105339-13.html
Squeaky DolphinCollection programme owned by GCHQ and used to monitor.l Collects from Facebook, Twitter and YouTube in real timel Can collect addresses from videos watched and other user information, on a daily basis. Can also monitor the URLs “liked” by visitors on blogger/blogspot and Facebook visits
http://www.spiegel.de/fotostrecke/photo-gallery-how-the-nsa-infiltrates-computers-fotostrecke-105339-13.html
Royal ConciergeOwned by GCHQ, this is a collection programme that exploits hotel reservations to track the location of foreign diplomats.l Monitors 350 hotels worldwide
http://www.spiegel.de/international/europe/gchq-monitors-hotel-reservations-to-track-diplomats-a-933914.html
Optic NerveGCHQ programme that can collect still images of Yahoo webchat.l Saves one photo every five minutesl 1.8 million users targeted in a
six-month periodhttp://www.theguardian.com/world/2014/feb/27/gchq-
nsa-webcam-images-internet-yahoo
Dishfire
Global text message collection database operated by the NSA and GCHQ. GCHQ has access to the database (though British analysts are not legally permitted to read the contents of SMS messages).l Collects 200 million text messages from across the world every dailyl Extracts location, contacts book, credit card details and more
l Collecting five million missed callsl Border crossings (roughly 1.6 million)l Names from electronic bus cards (110,000 from electronic business cards)l Financial transactions (over 800,000 through text-to-text transactions or credit card linkage to phone users)l Geolocation (from more than 76,000 texts, including texts from travel companies)http://www.theguardian.com/world/2014/jan/16/nsa-collects-millions-
text-messages-daily-untargeted-global-sweep
2 | NEW STATESMAN | 26 SEPTEMBER – 2 OCTOBER 2014
02 facts & figures.indd 2 23/09/2014 10:58:14
26 SEPTEMBER – 2 OCTOBER 2014 | NEW STATESMAN | 3
CO
VE
R: S
HU
TT
ER
STO
CK
. DE
SIG
N B
Y L
EO
N P
AR
KS
New StatesmanFarringdon Place20 Farringdon RoadLondon EC1M 3HETel 020 7936 6400Fax 020 7305 7304info@ newstatesman.co.ukSubscription inquiries, reprints and syndication rights: Stephen Brashersbrasher@ newstatesman.co.uk0800 731 8496
Supplement EditorGuy ClappertonDesign and ProductionLeon Parks
Commercial DirectorPeter Coombs+44 (0)20 3096 2268Head of PartnershipsEleanor Slinger+44 (0)20 3096 2275 Special Projects ManagerDominic Rae+44 (0)20 3096 2273
CONTENTS
Taking liberties?It can be hard to have a conversation about civil liberties when, as a country, we face a palpable terrorist threat. Any responsible authorities would take action to mitigate risks and to protect the population. Yet this does not have to come at the expense of the civil liberties that terrorists hate and oppose.
The debate around liberty v surveillance is important and complex – and bigger than party politics, as the presence of two senior Conservative MPs in this supplement attests. We have a huge responsibility to get it right. Protection from terrorism does not justify the tapping of undersea cables (in secret), or surrendering individual or corporate data to every friendly government that happens to ask. Nor does it justify the government monitoring our location, or social media messages between families, or lovers, or even bitter enemies, with no judicial oversight.
If it wasn’t for a US contractor, Edward Snowden, blowing the whistle on what our intelligence services were up to, we would not be having this debate. Surveillance has crept up on us without the say of parliament and these secretive programmes have remained in the shadows.
The Don’t Spy On Us campaign says oversight of these agencies remains too weak and that many of the most invasive programmes exposed were not subject to parliament’s consent. We believe that our rights to privacy and freedom of expression have been violated. It’s time for parliament to decide on how much power it grants the security services through a new and comprehensive law.
A wide range of voices support our call, as you will see in the following pages. There’s a significant and growing coalition behind our campaign. And it isn’t just NGOs or charities. Businesses
4 David DavisLiberty is allWe need a measure of surveillance for our security but current measures may be going too far
5 Dominic GrieveWithin the lawTerrorist threats have increased and any responsible government has to deploy sensible monitoring, suggests the former attorney general
6 CampaignersFree expressionsStephen Fry joins senior representatives from civil liberties organisations to demand less intrusion into our daily lives
7 Eric KingThey’ll be watching youThe deputy director of Privacy International outlines the possibilities post-Snowden
David Davis: watching our detectives Dominic Grieve: a need for caution
realise that undermining privacy reduces our trust in the internet as a whole. As consumers move their data to more secure democracies, the losses to UK and US tech firms could be huge: Forrester Research estimates that the cost could be as high as £110bn every year.
We urge you to ask yourself, as you read this supplement, whether you understand the implications of what Snowden revealed. Are you comfortable with the powers that the security services have? Are you confident that parliament has a grip on the situation? The likelihood is that many of us couldn’t confidently answer yes to these questions.
In a democratic society, that is a problem. Privacy and free expression are rights we expect and deserve. It is essential that we know, and business knows, what is happening to these rights. The debate is only just beginning. lMike Harris, campaign director, Don’t Spy On Us
The paper in this magazine originates from timber that is sourced from sustainable forests, responsibly managed to strict environmental, social and economic standards. The manufacturing mills have both FSC and PEFC certification and also ISO9001 and ISO14001 accreditation.
First published as a supplement to the New Statesman of 26 September – 2 October 2014. © New Statesman Ltd. All rights reserved. Registered as a newspaper in the UK and USA.
This supplement, and other policy reports, can be downloaded from the NS website at newstatesman.com/page/supplements
54
03 intro & contents.indd 3 23/09/2014 10:37:18
4 | NEW STATESMAN | 26 SEPTEMBER – 2 OCTOBER 2014
HEAD TO HEAD
Earlier this year, the government rammed emergency data retention legislation through Parliament with-
in two days, forgoing proper debate and scrutiny. There was just one problem with this approach – there was no emergency.
The judgment of the European Court that overruled the old legislation came three months before the government’s purported “emergency” – providing am-ple time for a full legislative process.
Our intelligence agencies have long ar-gued that they have a “gap in coverage”, which requires new powers. This argu-ment was utterly rejected by a Joint Com-mittee of both Houses of Parliament. As a result, the government has been very wary of holding a protracted debate on surveillance powers. A manufactured po-litical emergency was the perfect cover to avoid just such a debate.
The aim should be, and I am sure that this is a view shared by Dominic Grieve, a system that protects the public while having a minimal impact on the privacy of citizens.
Unfortunately, our current system is failing on both counts: it does not suffi-ciently protect us and is highly intrusive. Indeed, current mass surveillance tech-niques may well be making our security services less effective.
The fact of the matter is we collect far more information than we can effectively analyse or use, and we do not necessarily use it well:l Prior to 9/11, the NSA monitored com-munication traffic through the al-Qaeda communications hub in the Yemen, but failed to pass on information to the FBI. The CIA also knew that two of the hijack-ers were in the US prior to the attack, and deliberately failed to notify the FBI.l Similarly, in the 7/7 attack in London,
the bombers were known to our intel-ligence agencies, however our various agencies and police forces mismanaged that intelligence.
Both incidents might have been averted or the impact lessened if we had made better use of the information we had. We will never know.
But it would benefit no one to give our security services the ability to gather more of our data without judicial con-straint. After all, when you are searching for a pin in a haystack, it does not help to increase the size of the haystack. Instead, we need to get much better at targeting data interceptions and collection, and im-proving our data analysis methods.
After the NSA whistleblower Edward Snowden revealed the huge extent of rou-tine surveillance carried out by western intelligence agencies, an extraordinary
defence was rolled out to justify this gross intrusion of our privacy – essentially, “we may collect the data but we don’t look at it, or if we look at it we don’t remember it, or if we do remember it we don’t use it”.
There are simply too many flaws in our current system:l There is too little protection for the public. And remember, it is not just state agencies that may misuse these powers. It could be a malevolent police officer, or an intelligence agent, or an external hacker or even a Snowden-style contractor.l There is a propensity to protect the sys-tem rather than the public. The secrecy of our interception techniques appears more
important than effectively catching and prosecuting those who would do us harm – and so we are the only major country in the world that forbids the use of inter-cept evidence in courts. This protects the spies, but not the public.l The mechanisms of approval and over-sight are wholly inadequate. The approval mechanisms are essentially in-house for the majority of metadata collection, and there is no judicial approval process at all.
Of course, some collected data is vital to the work of our intelligence agencies. Phone location information, for exam-ple, is massively important in kidnap cases. But all such cases could be easily and swiftly approved under an effective judicial oversight system. I do not argue that we should not use such data: but we should use it more judiciously.
It is understandable that our police and intelligence agencies always want more powers, more data, more intrusive capa-bility. But there are serious questions over the efficacy of such methods.
The US agencies abandoned email data collection some time ago on the grounds that is was not cost-effective, and are withdrawing from much of the phone metadata programmes. Our agencies would benefit from following suit.
In the words of one American intelli-gence officer: “We are not a police state, but the mechanisms are in place to create one.” Instead of extending such mecha-nisms, we should be concentrating on the better use of less, but more effectively targeted data. This would create more fear among our enemies, and at the same time more security for us. lDavid Davis is the Conservative MP for Haltemprice and Howden. He stood against David Cameron in the 2005 Conservative leadership election
The best intelligence system would protect the public but have a minimal impact on our privacy. Our current system fails on both counts
By David Davis
Liberty is all
When you are searching for a pin in a haystack,
don’t enlarge the haystack
04 David Davis.indd 4 23/09/2014 10:30:21
THE LEGAL FRAMEWORK
There is one thing on which I know David Davis and I will agree, and this is that the issue of surveillance
and the interception of communications is a legitimate matter of public debate. I do not subscribe to the doctrine of “noth-ing to hide, nothing to fear”. In a free and civilised society, the right to privacy and restrictions on state power to infringe it are of central importance and need to be upheld. And that is what our laws should set out to provide.
In my time as attorney general, a central part of my work was to ensure that our security agencies acted within the law. The Regulation of Investigatory Powers Act 2000 undoubtedly requires replace-ment in view of the technological changes that have taken place since it was enact-ed. The need for this was highlighted by the government’s being obliged to enact emergency legislation with a two-year sunset clause this year to cover gaps. But that does not mean that there is a free-for-all for the agencies in this area, as some assertions made after the NSA whistle-blower Edward Snowden’s allegations have suggested.
All in proportionUnless the Interception of Communica-tions Commissioner, Sir Anthony May, the Intelligence Services Commissioner, Sir Mark Waller (both retired judges), the intelligence and security committee of parliament and government ministers, including myself, have been system-atically hoodwinked, which I find im-probable, the agencies, and in particular GCHQ, have been scrupulous in ensur-ing they operate within the law and that the interception of communications, in-cluding the handling of metadata, is done in a manner that meets the criteria of not
going outside the scope of an authorising warrant and being necessary and propor-tionate to the dangers from which we need to be protected.
Late last year, Sir Iain Lobban, director of GCHQ, gave evidence in public to the intelligence and security select commit-tee. He made clear that the post-Snowden allegations of generalised access, or even the possibility of such access, to commu-nications metadata was a fantasy version of their work. He also made clear that co-operating with the US cannot be used to circumvent legal requirements.
Part of the problem is any discussion that involves revealing technical capac-ity often risks compromising that capac-ity, so of necessity it creates conditions where some statements have to be taken
on trust. I doubt there is an easy solution to this, but it would be helpful if in enact-ing new legislation there could be greater statutory clarity on what is permitted.
We could also do with a greater under-standing of the threat to both our security and privacy from cybercrime, some of which is a state-sponsored and -directed activity. We should be far more worried about this than anything being done by the UK government. It directly threat-ens our security, privacy and economic well-being. Countering it is going to need sustained effort and underlines the need for the agencies to have a role in this area without which we cannot address it.
I am also convinced that the retention of communications data for use in criminal
proceedings is absolutely necessary. We have been able to do this for years, start-ing with the records of numbers called on fixed telephone lines. In prosecut-ing drug importation cases, it was relied on routinely, as I, then a junior barrister, can confirm.
Further safeguardsThe principle today remains the same, even if the variety of methods available to communicate is much greater. There is certainly scope for considering what further safeguards could reasonably be added in relation to how access to this data, which does not include content, is authorised. But I think it is entirely rea-sonable to require service providers to retain it for a reasonable period of time. The potential for any misuse simply does not outweigh the evidential benefits for investigating and prosecuting serious crime and terrorism.
There are other areas of possible sur-veillance away from communications that should rightly trouble us. I was de-lighted when the present government got rid of the legal structure for identity cards. We also need to be vigilant about intru-sive bureaucratic snooping and knee-jerk reactions to terrorist outrages promoting pointless infringements of liberty.
But none of this means we cannot take comfort in having laws and rules in place at present which, in an imperfect world, allow for both our security to be protect-ed and our freedom respected. We should build on them and not get mired in the delusion that they are being ignored. lDominic Grieve is the Conservative MP for Beaconsfield. He served as attorney general for England and Wales and advocate general for Northern Ireland from May 2010 to July 2014
Britain should take comfort in knowing we have legislation which, however imperfect, allows us to feel our security is protected and our right to privacy respected
By Dominic Grieve
Within the law
Cybercrime is more of a worry than anything done
by the UK government
26 SEPTEMBER – 2 OCTOBER 2014 | NEW STATESMAN | 5
05 Dominic Grieve.indd 5 23/09/2014 10:30:06
6 | NEW STATESMAN | 26 SEPTEMBER–2 OCTOBER 2014
THE CAMPAIGN
Concern over privacy in the age of social media, Big Data and both state and corporate surveillance is
not restricted to any single political per-suasion. A number of influential NGOs have come together in an unprecedented coalition – the Don’t Spy On Us campaign – to tackle these issues.
Thomas Hughes, executive director of Article 19, is among them. “All of us have a right to free expression and a right to privacy, but these are violated by arbitrary mass surveillance programmes that as-sume guilt over innocence,” he says.
“If the UK, which prides itself on being an open and democratic nation, contin-ues to carry out mass surveillance on this scale, it gives carte blanche to oppressive regimes to keep spying on their citizens.”
Jo Glanville, director of English PEN, concurs. “The protection of the right to a private life is crucial for freedom of ex-pression,” she says. “None of us can freely exchange or record information and ideas without the expectation of privacy.
“It’s been over a year since we found out that GCHQ has been engaging in blanket, unwarranted surveillance and our politi-cians have conspicuously failed to address our concerns or to protect our rights. They need to act now.”
Shami Chakrabarti, director of Liberty, is blunt: “The game is up and the authori-ties busted on blanket surveillance pur-sued without democratic debate, let alone legal authority. Those in power need to know we care.”
The theme is developed by Jim Killock, executive director of the Open Rights Group. “The government needs to stop sidelining the issue of mass surveillance, hold a proper inquiry and bring in legisla-
tion that will make its agencies account-able for their actions,” he says. “They’re undermining everyone’s confidence in the security services, parliament and the technologies we use every day.”
Gus Hosein, executive director of Pri-vacy International, adds: “Secret surveil-lance is anathema to a democratic society, as no real debate can take place without an informed public. The Snowden docu-ments have been critical in sparking this debate, and we must now advocate for laws that make the state’s actions transparent, subject to independent authorisation and effective oversight while outlining clear legal frameworks in accordance with democratic principles.”
Emma Carr, director of Big Brother Watch, sums it up: “All of us have a right to free expression and a right to privacy, but these are violated by arbitrary mass surveillance programmes that assume guilt over innocence.
If the UK, which prides itself on being an open and democratic nation, continues to carry out mass surveillance on this scale, it gives carte blanche to op-pressive regimes to keep spying on their citizens, restricting the space for free expression.” lDon’t Spy On Us calls for reform ofthe legal framework so the intelligenceagencies reduce spying on the people ofBritain. Visit: dontspyonus.org.uk/org
Free expressions
“The game is up. Those in power need
to know we care”
Stephen Fry“There is something squalid and rancid about being spied on. Nobody likes it, the idea of having your letters read, your telegrams, your faxes, your
postcards intercepted. It was always considered one of the beastliest, meanest things a human being could do – and for a government to do without good cause.
“Using the fear of terrorism that we all have, the fear of the unknown that we all share, the fear of enemies who hate us, is a duplicitous and deeply wrong means of excusing something as base as spying on citizens of your own country.
“GCHQ and the NSA in America co-operate through Prism, and other systems, to listen in on, to read and intercept everything we send.
It’s enough that corporations know so much about us: our spending habits, our eating habits, our sexual preferences, everything else. But that a government – something we elect, something that should be looking after our best interests – should presume, without asking, to take information that we swap, we hope privately, among ourselves, is frankly disgraceful.
“Those of us who at the very beginning of the internet had the highest hopes for it haven’t lost our optimism. We still think that the ability to call our masters to account, to find things out, is incredibly important. But it is very depressing how much governments wish to control the internet and it’s up to us to speak out about it.
“And it’s up to the real leaders and masters, as it were, in this field – the ones we trust and know are on the side of freedom, people such as Sir Tim Berners-Lee – to lend their voice to a campaign to urge governments, everywhere in the free world, to step back from the brink of totalitarianism that is threatening to engulf us.” l
06 Soundbytes.indd 6 23/09/2014 11:41:32
OPINION: THE ROLE OF THE STATE
Surveillance, once targeted at a small number of individuals, has grown in scope to encompass everyone
who uses a device to connect to the in-ternet. This is a long-term trend. Privacy International’s report Eyes Wide Open demonstrates that the Five Eyes alliance of states – comprising the signals intelli-gence agencies of the United States, UK, Canada, Australia and New Zealand – has been growing unchecked for almost 70 years. The report shows how Five Eyes has infiltrated every aspect of modern global communications systems.
Much of it relates to the digital nature of modern communications. A leaked strat-egy document by the US National Secu-rity Agency (NSA), published by the New York Times in November 2013, exposes the clear interest that the intelligence agencies have in collecting and analysing signals intelligence (SIGINT):
“Digital information created since 2006 grew tenfold, reaching 1.8 exabytes in 2011, a trend projected to continue; ubiquitous computing is fundamentally changing how people interact as individuals become untethered from information sources and their communications tools; and the traces individuals leave when they interact with the global network will define the capacity to locate, characterise and understand entities.”
The Five Eyes intelligence agencies ap-pear to be the most powerful they have ever been. Operating with little oversight from our elected politicians and mislead-ing the public, the agencies boasted in this secret strategy document how they “have
adapted in innovative and creative ways” that have led some to describe these times as “the golden age of SIGINT”.
GCHQ is playing a dirty game; not content with following the already per-missive legal processes under which it operates, it has found ways, according to disclosures by the whistleblower Edward Snowden, to infiltrate all aspects of mod-ern communications networks. Thanks to Snowden, we have a great deal of de-tail on these programmes, including code names. Though many of the programs and documents he exposed have now been ac-knowledged publicly by the NSA, GCHQ
has refused to comment. The projects were never disclosed to parliament. Only by understanding them can we work out how surveillance affects us personally:
The Prism programme forces major internet companies to hand over their customers’ data under secret orders. The Muscular programme enables the NSA to secretly tap fibre-optic cables between the data centres of some of the globe’s most popular online platforms.
GCHQ has co-opted the world’s largest telecommunications companies, such as Vodafone and BT, to intercept the trans-atlantic undersea cables as they land in Cornwall under the Tempora programme. Tempora scans and filters every commu-nication that passes through these cables.
It is the equivalent of downloading the entire British Library 192 times every day.
The Bullrun programme sabotages en-cryption standards and standards bodies, undermining the ability of internet users to secure information. Encryption is used for everything from online banking to our personal emails.
Even your mobile phone can be ac-cessed directly. Dreamy Smurf can infil-trate our smartphones and turn them on (even when we’ve switched them off). Nosey Smurf can turn on the microphone in a mobile remotely to listen in to our conversations, and Tracker Smurf can track our location in real time.
None of the capabilities listed above has ever been scrutinised by parliament. By remaining in the shadows, our intel-ligence agencies – and the governments that are supposed to control them – have removed both our ability to challenge their actions and their impact on our indi-vidual human rights.
Can we fight back? You can encrypt your email using free open-source tools such as GPG, your phone calls using apps such as Signal and your text messages with TextSecure from Open Whisper Systems, making mass passive surveil-lance that much harder to do. But, to achieve meaningful change, the policies and practices of GCHQ and others in the Five Eyes alliance must change, too.
Secret law has never been acceptable law, and we cannot allow our intelligence agencies to justify their activities on the basis of it. lEric King is the deputy director of Privacy International
Technology has made us vulnerable to snooping. So what exactly are the security agencies able to do – and what can we do to protect ourselves?
By Eric King
They’ll be watching you
The intelligence agencies work with little oversight from elected politicians
26 SEPTEMBER – 2 OCTOBER 2014 | NEW STATESMAN | 7
07 Eric King.indd 7 23/09/2014 10:29:15
“Don’t worry, it’s just metadata”Metadata is data about data. Not what is written in the email, but information on who the email is to, whether they read it, the time it was sent and from which computer or device. Governments around the world, including the British Government, are now demanding access to this type of data on a mass scale, proclaiming it is not intrusive as it is not the same as listening in to a phone call. So, what is metadata and why should you care?
Your phone is a spying device – it has two microphones, 2 cameras, telephony, GPS, Bluetooth and WiFi capability.Most people are more honest with their internet searches than they are with their own family.
The Government’s surveillance services can now know:l EVERYTHING you have searched for online and the page addresses you visited from those search results, your location when you were online, how long you stayed on a pagel Your login details if you have the auto-fill feature switched onl Who you are with and the duration you were with them.l Who you are emailing, the subject line, whether it has been read and whether it has been replied to.l Every person you call, their location and how long the call lastedl When and where you took photos which are now online, plus all the information you tag it withl The apps you use
TAKE BACK CONTROL OF THE INTERNET
Download F-Secure Freedome now! Get 3 months free with this unique code cnt5nze8
F-Secure Freedome• Ensures that nobody can track you when you are online• Encrypts your data so that no one else can read it when using Public WiFi• Allows you to browse safely online by blocking harmful sites and apps• Automatically blocks viruses and malware freedome.f-secure.com
F-secure back page.indd 1 23/09/2014 12:28:32
