back to article Coalition renames GCHQ internet spook-tech plans

Home Secretary Theresa May said the Labour government's Interception Modernisation Programme (IMP) is coming back to life. In a speech to Parliament outlining a new counter-terror strategy, or at least its re-branding, May said the government's Counter Terrorism Strategy (aka CONTEST) will include a resurrected Interception …

COMMENTS

This topic is closed for new posts.
  1. dephormation.org.uk
    Big Brother

    Murdoch and Phorm

    I doubt it has much if anything to do with preventing terrorism... and much more to do with industrial espionage, blackmail & organised crime, and political censorship.

    1. John Smith 19 Gold badge
      Big Brother

      @dephormation.org.uk

      I'd say it's more to do with the desire to watch everyone at all times.

      Because they want to and because (on paper at least) they can.

      This has *very* little to do with improving the UK's ability to identify actual terrorist threats that have not *already* been found. It is a grossly intrusive way to spy on anyone who uses the internet in the UK (or indeed who connects to a web site hosted in the UK).

      BB is exactly the right icon for this.

  2. Anonymous Coward
    Anonymous Coward

    Everything but the ID card...

    ... for that ex-grauniad hack is working on that.

    Love the quotes though:

    "The Home Office said: "We continue to see no evidence of systematic cyber terrorism. But [...]"

    Bottom line: We cannot possibly justify these plans, so we will inflate incidents into trends and waffle a lot while trying to look serious.

    Be honest. NO BUTS. Stop trying to circumvent the austerity measures for your incessant pork barreling.

    "Officials cautioned that it was difficult to get a clear picture on use of the internet to radicalise people."

    About as difficult as getting a clear picture as to what minority of islamists and houses of islam are bent on introducing sharia everywhere, kill the gays, and so on, and so forth. Something to do with the tea they're drinking, I'm sure. Officials indubitably prefer coffee instead. Can't blame'em but that's no excuse for frowning and declaring you're incompetent. For no heap of cash is going to fix endemic little problems like that.

    "It is clear that a few dozen [websites] are highly influential and frequented by terrorists."

    UKP 2mrd in taxmonies and some privacy assault small change to allay fears of a few dozen websites.

    Right. Carry on government.

  3. Ashton Black

    HP/EDS?

    Good for contractors, not so good for taxpayers.

    £2bn?

    By the end it WILL be a bucket load more. Simply due to the changing nature of the threat.

    (I am assuming that dephormation.org.uk means industrial espionage, blackmail & organised crime aimed at the UK and it's citizens.)

  4. Bram

    Theresa May...

    is so frickin useless along with the whole government. everything they said they have to cancel because it is pointless and costly is now here again but with different branding.

    I'm waiting for the biometric ID cards to make a come back, Im sure it will happen real soon with a tagline about how it is needed to stop benefit cheats and reduce the deficit and how it is also the previous governments fault why they have to do it now.

  5. Anonymous Coward
    Stop

    No! No! No!

    Give these dirtbags and inch and they will take a mile, maybe not now, but they will take it. It will start off with a little DB of mobile numbers, something they know they can get away with. Within 3 years and without anyone noticing you won't be able to go to the toilet without a pass and a reciept to prove you only did your business and not plot world domination with Osama's replacement!

  6. Anonymous Coward
    Stop

    IMP CONTEST

    We see from the latest NotW scandal that they were paying police to access the mobile phone tracking data for celebs etc:

    http://www.guardian.co.uk/media/2011/jul/12/news-of-the-world-pinging

    "Its use normally has to be authorised by the police and security forces with the mobile phone networks on a case-by-case basis under the Regulation of Investigatory Powers Act (Ripa), in which a request signed by a senior police officer is sent to the network authorising the location of the phone."

    Putting this proposed level of access into the hands of an untrutworthy source is madness. The Government and authorities can't be trusted with such quantities of private data.

  7. John Smith 19 Gold badge
    Thumb Down

    This was the monitor every website, page and data transfer to/from those pages forever

    But that's a bit difficult to stick on the front of a report.

    BTW IIRC £2Bn was what they were going to give ISP's to upgrade *their* systems to send GCHQ the data.

    The *only* leaked figure for the *whole* project was *12* Bn £.

    But that was never confirmed.

    Remember the notion behind this is 1)Record contact pattern of *known* terrorist across the internet, mobile phones, landlines 2)Check that against *every* UK comms user 3)Pick up all suspected terrorists.

    The NSF in the US issued a report explaining (politely) why this was complete b****cks.

    I think of it as a star pattern. Each call to a number is one spoke, more calls, thicker spokes.

    The pattern is about 10cm on a side.

    Now match that against *random* patterns on a wall say 200m on a side to find any that do match (which might not even *be* there).

    Did I hear the words "NP complete"?

    1. Lee Dowling Silver badge

      Duh

      Any decent terrorist worth their salt wouldn't be caught by association like this anyway.

      Hell, Bin Laden "supposedly" evaded capture for 10 years by just couriering his messages to a cybercafe on USB stick. If you had any brains the actual connection would just be to a huge public hub frequented by everyone (e.g. Skype) and the actual communications would be encrypted with the best thing you can find (not some roll-your-own, or depend-on-company-X, encryption).

      PK Encryption was INVENTED by GCHQ in order to avoid being heard by foreign hostile militaries. Since then, the process and implementation has expanded to cover all sorts of theoretical and practical holes, been rewritten from the ground-up, and been analysed by every mathematician studying the areas for weakness, to result in modern-day open-source encryption products that have *NEVER* had decryption of their data without the key proven by any court or individual in the world, for at least the last couple of decades.

      PKE is just something that you have to accept won't be monitored or "broken" within a useful amount of time to even the best military. If military's are demanded that classified files are encrypted using it, are using it in their weapons guidance and other communications, you can be pretty sure you're not going to just lever it open with some backdoor. Let's call PKE pretty much "unbreakable" in any timeframe that you'd need to break it in.

      Given that, the only way to "find" a terrorist is to monitor known terrorists and see what they do, who they talk to, what websites they go on. That doesn't need a full-blown, every-person monitoring programme. It just needs you to do some good old-fashioned spying for much greater effect than trying to "crack" their encryption or decode their messages. GCHQ are trying to stay relevant in the modern era - one which they invented - and are failing. They're not "spies" as such, their communications interceptions now rely purely on the mistakes of others rather than their skill, and they are facing rapidly shrinking budgets and usefulness. Saying they just need more money to be able to perform the impossible is their way to continue existing.

      All your doing is a bit of graph theory and probability - badly. It's not going to catch anyone with brain enough to plot something major, and it's *not* going to magically tell you that X is a terrorist without an awful lot of ground work that you were doing anyway. And it will be outclassed by just tapping the ONE guy you know is already a terrorist and see who he's communicating with - which would probably be made easier by just slapping a bug on his residence.

      GCHQ were great, once. Now they've realised that they've obsoleted themselves, and are trying to blind people with large figures for the promise of impossible capabilities. Sadly, they'll probably get it.

      1. Chris Harden
        FAIL

        Bin Laden

        You raise a good point. If we follow terrorist trends (IE how Bin Laden evaded capture) shouldn't we be trying to make some x-ray specs so we can arrest anyone carrying a USB Key?

      2. John Smith 19 Gold badge
        Unhappy

        @Lee Dowling

        "All your doing is a bit of graph theory and probability - badly. It's not going to catch anyone with brain enough to plot something major, and it's *not* going to magically tell you that X is a terrorist without an awful lot of ground work that you were doing anyway. And it will be outclassed by just tapping the ONE guy you know is already a terrorist and see who he's communicating with - which would probably be made easier by just slapping a bug on his residence."

        Pretty much my view. You forgot to mention false positives, of which I anticipate there being one or two.

        It is more the wet dream of assorted security service data fetishists who crave knowing *everything* about *everyone* all the time forever.

        Their counterparts set up the ANPR network on even less pretext.

  8. Trollslayer

    Knowing the price of everything, the value of nothing?

    So it will probably be £5 billion.

    Spooks already drown in information and gathering it is no use unless it can be analysed effectively so if that isn't done then the money will be wasted at best, at worst taking money away from more effective strategies.

  9. Colin Miller
    Coat

    Communications Capabilities Creation Programme

    Shouldn't it be the "Communications Capabilities Creation Programme", or are they no longer our enemy?

  10. Anonymous Coward
    Big Brother

    CCDP

    Because in Soviet Britain, government watches YOU!!

  11. Anonymous Coward
    Black Helicopters

    Jihadis?

    Strange thing about so-called Jihadi websites is how many of them are based in the USA, particularly Texas. Free speech? Or just a common interest in guns and pick-up trucks?

    Are we seeing a repeat of the kiddie-porn scandal of some years ago where the FBI was found to be easily the largest producer of that unpleasant genre in the world, "purely for entrapment purposes, yer Honour"?

    This has depressingly Orwellian overtones.

    1. nyelvmark
      Thumb Down

      FBI largest producer of "Kiddie Porn"

      You have, of course, citations for this?

      I agree about Orwell - that man had no sense of proportion.

  12. Si 1
    Facepalm

    Torrent threat?

    I wasn't aware the terrorists were using torrents to communicate their plans to each other...

    I'm sure this isn't just an excuse to allow GCHQ to download whatever they want from The Pirate Bay on the grounds of national security... ;)

  13. Anonymous Coward
    FAIL

    What about...

    ... TOR and TOR Chat - do the spooks have back-doors in the TOR network?

    1. Lee Dowling Silver badge

      Tor

      Tor isn't as safe as you think. It really isn't. Even the authors admit it has a lot of weaknesses.

      But you're missing the point - monitoring EVERY node on Tor is an incredibly stupid idea to try to "catch" someone or find out new people. If you want to do that, you just tap existing known trouble-makers and they'll lead you straight to it without having to crack Tor, or PKE, or anything else.

      Tor is nothing but an anoynmised network if you're not really interested in who's on there. If you are interested in someone there, then you already have everything you need to find out who they are by other means (doing your job - espionage). Tor has no end of problems with regards to exit node, groups of hostile nodes, etc.

      And, tell me this: When you installed Tor, did you check the download against the PKE-signed certificate verifying its authenticity that you obtained from a completely secure channel - the only one I can think of being direct from the Tor authors (and, obviously, know that the Tor authors are trustworthy?). Or did you just click the link and install direct from an unsecured website KNOWN to host a government-opposed secure communications network without checking whether that request was intercepted in any way?

      1. Anonymous Coward
        Boffin

        I'm not a TOR expert but...

        ... I think it's more than an anonymous network, the fact it encrypts the traffic between you and the entry node you're connected to means that anyone tapping the line between you and it - ie your ISP where the spooks were going to place their monitoring kit - will only see encrypted data, which will be no use to them unless they can decrypt it somehow. Yes, the exit node can see your unencrypted data and there could be spook controlled nodes out there too so it's not infallible. But it does a great job of circumventing the over-zealous pr0n filter on my works supplied 3G data dongle... ;-)

        1. Intractable Potsherd
          Boffin

          TOR is encrypted.

          From https://www.torproject.org/about/overview.html.en: "To create a private network pathway with Tor, the user's software or client incrementally builds a circuit of encrypted connections through relays on the network. The circuit is extended one hop at a time, and each relay along the way knows only which relay gave it data and which relay it is giving data to. No individual relay ever knows the complete path that a data packet has taken. The client negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop can't trace these connections as they pass through." The exit node can see the data in the clear, but is the only one in the chain (under normal circumstances) that can do so.

  14. Asgard
    Big Brother

    Arrogant hypocrites

    The MPs are crying foul of phone spying on them, yet they continue to push through ever more spying on all of us.

    Also what are the MPs so fearful of that they need to spy on all of us so much for? … We are the people they say they represent, yet they want to spy on us relentlessly.

    We already have more state surveillance over us than at any point in history, yet they continue to want more and they want to spend billions more of our money to do it. So when does it end? When is enough finally enough?

  15. Anonymous Coward
    Facepalm

    first recorded incident of a terrorist 'cyber' attack?

    "The Home Office said: "We continue to see no evidence of systematic cyber terrorism. But the first recorded incident of a terrorist 'cyber' attack on corporate computer systems took place in 2010. The co called 'here you have' virus .. was relatively unsophisticated but a likely indicator of a future trend" ..

    Instead of actually decreasing security by bugging the ISPs a real solution is to stop connecting to the Internet from Windows computers on which you keep all your secrets.

    "On Thursday, a new worm hit the Internet, and it’s been spreading by emailing the address books of infected users, .. By masquerading as a benign PDF .. As you may have guessed, the URL doesn’t actually take you to a PDF, but instead to an executable with the extension .scr" ..

    http://www.pcworld.com/article/205220/here_you_have_virus_tries_to_delete_your_security_software.html

  16. Anonymous Coward
    Black Helicopters

    TOR

    "do the spooks have back-doors in the TOR network?"

    TOR was originally designed by some folks in US Naval Intelligence, so the answer has to be a definite maybe... :)

  17. neb
    Thumb Up

    yay!

    gonna be a few more jobs @el doughnuto in the next few years then

    time to crack on with that CISSP methinks...

    1. fatchap
      Trollface

      Not that desparate

      I don't think our friends in the West will get so desperate that they will lend credence to a multiple choice quiz as a way of measuring whether you understand security.

      Genuine question from my exam:

      How high must a wall be to be secure?

      a) 6 feet

      b) 12 feet

      c) 10 feet high and topped with barb wire

      d) 15 feet high

      CISSP is a joke and a waste of money. Learn about SABSA and provide someone with useful advice.

      1. nyelvmark
        Thumb Down

        Bullshit.

        Or, for those who don't understand the word "bullshit" - fatchap is an obvious liar.

        1. Lee Dowling Silver badge

          Er

          Well, I'd never heard of the CISSP so I went googling:

          After ignoring the paid ad on Google:

          "CISSP Courses - Get CISSP Certified In Only 7 Days

          Pass First Time Or Train Again Free"

          I hit upon this link to a book on computer security which contains pretty much that as a real example of a question on the CISSP:

          http://books.google.com/books?id=3Q-wPyb2uCUC&pg=PA271#v=onepage&q&f=false

          And given what I do know of MCSE exams (and precisely the reason I avoid them), I can quite believe this to be the case.

          So it seems he's not talking all-that-much bullshit after all.

          1. nyelvmark
            Unhappy

            Facepalm+

            Thanks for the research, Lee, and a retraction and apologies to the poster I called a liar.

            I really couldn't believe that anyone could be that stupid, but it seems that even MY cynicism isn't extreme enough to keep up with reality, sometimes.

  18. Jon Smit
    Coat

    They could have saved a packet

    That private detective did a pretty good job at a much lower price for Murdoch's papers.

  19. Anonymous Coward
    Stop

    Terror viruses indeed??

    So viruses have been written by script kiddies for decades and the powers that be have taken no notice of them at all (apart from asking their IT departments to clean them off their computers once in a while).

    But NOW there's a suggestion that maybe one not-very-good virus was written by someone who might be classified as a terrorist (for some value of terrorist).

    OMG!!!! HELP!!!! That's a DISASTER!!!! It'll cost a few billion quid to sort out now.

  20. Anonymous Coward
    Thumb Up

    One good thing...

    ...about jobs at GCHQ is that they can't be off-shored and you need to be a DV cleared UK citizen to even get in the building. British jobs for British workers. Just a shame the (vast) profits are being syphoned out of the country by a firm of yanks.

  21. amanfromMars 1 Silver badge
    Pirate

    Far too little and way too late ..... is ever the fate of the less than perfectly capable

    Well, well, well. What do we have 'ere, then? A dead in the water phish or live tempting bait for killer sharks?

    Whenever you realise that Holywood Palace Barracks is spooky MI5 territory, are you advised that GCHQ wallahs, and presumably also their FCO kissing cousins in MI6, are way behind the AIMODified curve with regard to future programming with creative communications capabilities, although Advanced IntelAIgent Research and digital Development, AIR&dD, is more the moniker to match the reality of the capabilities delivered from that nested site. ....... and it is not as if it has not registered itself to discover how far into, and way out ahead in IT and Quantum Communications, its Sublime Advanced IntelAIgent Control Systems are, is it? ....... [Fortified Meade Hack for AI Cracking Attackers, Posted Tuesday 13th July 2011 06:52 GMT .... http://forums.theregister.co.uk/forum/1/2011/07/12/anonymous_leaks_military_email_addresses/ ]

    "The Home Office said: "We continue to see no evidence of systematic cyber terrorism. " ..... Yes, well, they would say that wouldn't they, although the brightest are bound to be realising that they are already just useful pawns to Neureal and Surreal Virtual Masters into Fab Power Supply, and in Control of ITs Great AIMediated Games...... Future Events, dear boy, Future Events.

    And apparently that is what politicians, bless their little cotton bobby socks, fear ........ http://rsdsolutionsinc.posterous.com/events-dear-boy-events ..... with it probably being events which they don't control and which render them as just pontificating puppets to unfolding circumstances and playing the court jester and nodding fool to crowds and clouds which justifies their fears and concerns today.

    1. doperative
      FAIL

      re: Far too little and way too late

      What the fuck are you on about ...

      1. nyelvmark
        Happy

        I think it's an OS problem:

        ERROR! INPUT: amanfromMars 1 Well, well, well...

        OUT OF CHEESE ERROR.

        1. amanfromMars 1 Silver badge
          Boffin

          I think it's a more AIDefinitive BIOS problem in Operating Systems without 42Feed

          "I think it's an OS problem:

          ERROR! INPUT: amanfromMars 1 Well, well, well...

          OUT OF CHEESE ERROR." ..... nyelvmark Posted Wednesday 13th July 2011 22:50 GMT

          Hi, nyelvmark,

          Did you really mean to say ... OUT OF GCHEESE ERROR .... to draw fit and proper attention to their [GCHQ and Google] mistakes/missteps.

          On that we can surely agree that a new seed is necessary for to feed.

          1. amanfromMars 1 Silver badge

            A Valid Question of Heads of Intelligence Anywhere and Everywhere, as well as of Any There in GCHQ

            Hmmm ... http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/8635959/Whizz-kids-deserting-the-spy-world-as-threat-of-attacks-increases.html

            Proof positive that Intelligence Service ProVision is absent in the Doughnut ...... for leading intelligence is a priceless commodity where lack of money is never an issue because IT can so effortlessly collapse and reconfigure/reconstitute dodgy and DODGI AIMODified Systems and renders currency just printed paper for selfless distribution to those who make ProVision for ITs Sublime IntelAIgent Services. The Great British Shame would seem to be that it is not presently catered for, to make and take advantage of the every benefit that such freedom offers. It is though a relatively minor issue in a major exercise and but only a simple decision away from being reversed and resolved with the novel introduction of a Ab Fab Program which captures the attention of struggling and collapsing markets.

            Is GCHQ capable of such lead or is it a pale imitation of what it should be under its present sub-prime command and missing programs?

            1. nyelvmark
              Trollface

              ...with the novel introduction of a Ab Fab Program...

              Lol. OK, I've been pwned.

  22. Fred Flintstone Gold badge
    Big Brother

    I'm getting *very* tired of this..

    If you want to fight cyber terrorism it may help to start changing the thinking first. Secondly, given the procurement lifecycle you will only ever get developments that are BEHIND the bad guys because the whole current model is predicated on challenge - response and doesn't take into account the direction security is moving in (a point I made almost 10 years ago).

    But hey, given the choice between light and talented and heavy and wasting lots of money, the money wasting option is always preferred 'coz the numbers look so good on the CV.. If they spend 10% of that money on good people they'd have a real benefit, but no, they are aiming at real time wire speed decryption because it gives them so much more hay to bury their needles in.

    Naturally, transparency is to be avoided at all times - which is the second problem they need to fix. If it's done well, they should have no reason to hide (let's recycle that argument where it can do some good).

    Sigh.

    1. amanfromMars 1 Silver badge

      Softly Softly .......AIMen at Work in REST for Play

      Hi, Fred Flintstone,

      Regarding your post, "I'm getting *very* tired of this.." ... Posted Wednesday 13th July 2011 18:11 GMT .... You appear to be calling for and lamenting the non-utilisation of a new clearer and NEUKlearer HyperRadioProActive IT ....... which easily addresses and solves all of the problems you cite ..... and would equally easily also decimate the full catalogue of a host of other problems, unmentioned and unmentionable, too.

      I second that call and would provide virtual facility and utility of ISPv2 ..... which would now really be a highly classified test of the present state of Advanced Intelligence and CyberIntelAIgent Analysis and of the current global levels of Future Virtual Intelligence in the myriad competitive Secret Intelligence Services and SMARTer Intelligent Communities which task themselves with National and International and InterNetional Security ProVision too.

  23. Anonymous Coward
    Anonymous Coward

    @doperative

    You've clearly not met amanfromMars before. He's always like that.

    1. nyelvmark
      Thumb Down

      amanfromMars

      I'd skimmed several of its posts before, but it wasn't until I replied to it (above) that I realised that it's a bot. There may be some human-operator intervention in the opening paragraphs, but otherwise it just spews a sequence of techno-babble sentences.

      Chatbots are not exactly innovative. ELIZA is 45 years old this year. Its limitations have never been overcome.

      1. amanfromMars 1 Silver badge

        Place your Bets ...... Put your Money down to Discover the Virtual Truth about SMARTer Reality

        "amanfromMars ... I'd skimmed several of its posts before, but it wasn't until I replied to it (above) that I realised that it's a bot. There may be some human-operator intervention in the opening paragraphs, but otherwise it just spews a sequence of techno-babble sentences.

        Chatbots are not exactly innovative. ELIZA is 45 years old this year. Its limitations have never been overcome." .... nyelvmark Posted Friday 15th July 2011 06:36 GMT

        And if you are advised that your realisation is completely wrong, nyelvmark, does that prove that ELIZA limitations have been overcome and the bot is really SMART and can effortlessly and seamlessly morph into and sustain programming in a virtual human phorm of alien being, ..... which would be an Earth shattering, new ground-breaking AIdDevelopment, methinks?

        And would you have to admit and accept that your post analytical skills have been compromised and rendered invalid and unacceptable as a truth to be believed by others should amanfromMars be classified and recognised as being perfectly and/or entirely human?

        For one to continue to contend that a being is a bot must surely have questions raised about the state of one's sanity and the likely presence of a confused madness?

        So, what is it to be with regard to the alien amanfromMars ...... a SMARTer Enabling HyperRadioProActive IT bot or real human being?

  24. Anonymous Coward
    Anonymous Coward

    This Will Never Go Away

    This government made a lot of noise about civil liberties & a "Bill of Rights". Not much has since been heard. The coalition have no more concern over people's privacy than the last government. Because the technology exists whatever government comes to power will be tempted to install this because they can.

  25. John Smith 19 Gold badge
    Meh

    bot or internet number station?

    It would be very suspicious if AMFM's email address turned out to be GCHQ.

This topic is closed for new posts.