back to article Britain's FBI wants 'Five Eyes' cosy hookups with infosec outfits

The UK's National Crime Agency – Blighty's equivalent of the FBI – wants its staff to "colocate" with private-sector IT security companies around the world. In other words, investigators and infosec employees placed alongside each other to sniff out cyber-criminals. This will apparently help the agency reach across …

  1. Anonymous Coward
    Anonymous Coward

    So... memorandum of understanding

    Does this mean any system that uses an Intel CPU is now considered insecure?

    1. Mephistro

      Re: So... memorandum of understanding

      And don't forget intel comms chipsets, and intel drivers.

      I hope AMD won't buckle under the pressure. It's good to have alternatives.

    2. NoneSuch Silver badge

      Re: So... memorandum of understanding

      Not to mention placing spooks inside every major data center on the planet.

      An added bonus, no doubt.

    3. Ole Juul

      Re: So... memorandum of understanding

      Does this mean any system that uses an Intel CPU is now considered insecure?

      The way I read it is that Trend Micro and Intel Security are now off bounds for anything where security matters.

  2. Stevie

    Bah!

    So not only do we want your e-mail, we want you to parse it for us and issue yourself a summons.

  3. batfastad
    Big Brother

    Drowning

    So the self-styled National Crime Agency is drowning in all that yummy illegal-until-recently-legalised-as-voted-for-by-you data? Who would have guessed.

    "This will apparently help the agency reach across jurisdictions, and bust underworld gangs around the planet." Sounds like The National Crime Agency chiefs fancied getting in on the international jetset of knobhead mid-to-senior ranking civil servants to me... we just have to go and visit our colleages in Mauritius to see how they handle these issues, it's lovely at this time of year.

  4. Anonymous Coward
    Anonymous Coward

    was SOCA, now NCA. no amount of rebranding can alter the reality: it's plod plodding along - way behind the curve because only the thickest, unimaginative people with a taste for control end up amongst their ranks.

    I would supply my public key in order to facilitate a dialogue but I doubt they would know how to proceed.

    stupid fucks.

    1. PleebSmash

      Practice makes perfect

    2. Anonymous Coward
      Anonymous Coward

      Used to work as a "partner" to them. I found them to be, mostly, nasty and aggressive bullies. Other than the people who want a DV sponsorship (who will then then leave for a peachy ker-ching consultancy job) everyone else in you business will not want anything to do with them.

  5. Graham Marsden
    Big Brother

    "This will apparently help the agency reach across jurisdictions, and...

    "... avoid inconvenient laws which stop them from spying on their *own* people by getting people in other countries to do it for them, just like the GCHQ and NSA do already."

    FTFY!

    1. James Micallef Silver badge

      "This will apparently help the agency reach across jurisdictions....

      ...and into jurisdictions where they're not authorised to operate

  6. Mephistro
    Childcatcher

    "Now these piles of data are mounting up and straining resources – putting pressure particularly on officers investigating pedophiles handling child-abuse images."

    Translation:

    "Give us more monies! For the children!!!"

    1. Anonymous Coward
      Anonymous Coward

      And "attention sickos, we're hiring!"

  7. Allan George Dyer
    Joke

    Obligatory joke

    "Can government take action to systematically remove malware from everybody's computers without them knowing it?"

    No, Major software developer would object when their products were deleted!

    (Substitute name according to your prejudices and fanaticism)

  8. amanfromMars 1 Silver badge

    Remembering Gareth

    That sort of colocation, and searching through all sorts of dirty laundry, is not without its downside risks, as is evidenced here? ..... http://www.wired.com/2010/08/codebreaker-death/

  9. John Smith 19 Gold badge
    WTF?

    Been in existence for 5 minutes and need a "Director of Transformation"

    Another illegal transnational snooping system.

    Can you say "Regulatory capture"

    Can you say "Tainted chain of evidence."

    Can you say "Frame ups on demand."

    Can anyone in such a senior role really believe this won't be open to widespread abuse?

    They'd almost literally have to be too dumb to live.

  10. Anonymous Coward
    Anonymous Coward

    So what would you do to improve matters?

    I'm expecting the down votes, but given that the commentards so far appear to come from the tin-foil hat brigade, so be it.

    One the one hand, you are ROTFLYAO because the law enforcement agencies that are pretty much a *necessary* part of your being able to wear your hats cannot keep up with the quantities of data being captured, and on the other you are wailing and gnashing your teeth because someone might go trawling your Inbox (not an innuendo filled metaphor, BTW).

    A SENSIBLE approach might be to try and use the data sensibly and within the scope of current legislation, maybe even (gasp) developing cse files on persons and organisations of interest, and concentrating on those. Which is pretty much what happens.

    Or would you prefer to do nothing, because I'm fairly sure that the bad guys (who do exist) are continuing to develop *their* networks?

    Face it: it's a necessary evil.

    1. Otto is a bear.

      Re: So what would you do to improve matters?

      Upvote from me, never fails to astound me how the Registrati are so ready to criticise and abuse, but never offer a sane alternative.

      As noted in the article NCA obtains data by seizure, which means it is legally obtained, presumably as part of a raid on such heroes as drug dealers, human traffickers, card scammers, child pornographers (CEOP is a part of NCA) and other unsavoury people. All of whom I would hope, but sometimes wonder, the Registrati would wish to see banged up.

      A quick visit to their web site will tell you what they do and who they go after, have a read of the Strategic Assessment for the why. Oh and they are not all Police Officers either there's a fair sprinkling of HMRC and others there as well.

      1. This post has been deleted by its author

      2. fruitoftheloon
        Stop

        @Otto is a (rather naive) bear: Re: So what would you do to improve matters?

        Otto,

        So all of a sudden, an agency of HMG only does what it says it does according to what is written on its' website?

        WTF are you smoking matey?

        I mean no cops/spooks in the UK have ever:

        - looked at something that have no right to

        - shot and killed people who were presenting no danger to anyone (too many to mention)

        - GOT AWAY with the above...

        - gone on fishing expeditions

        - framed individiduals (supposed IRA bombers)

        - colluded for decades after blaming whole groups of people (Hillsborough...)

        - not chased down public figures who were it would now seem to have been very naughty indeed (kiddie-fiddlers etc)

        Does the above give you any pause for thought WHATSOEVER?

        Kind regards,

        Jay

    2. Allan George Dyer

      Re: So what would you do to improve matters?

      Many would say that the current legislation already goes too far in allowing mass data collection, that more checks and balances are required to prevent from being mis-used.

      Secondly, if law enforcement can't keep up with the quantity of data, collecting more isn't a benefit, it's a liability: more to categorise, analyse and protect against illegal disclosure.

      Even if I accepted that everyone working in law enforcement today, and everyone in authority over them, was snow white, collecting everyone's inbox is an ongoing liability - tomorrow we might get a leader that says, "If you're not with us, you're against us. And, if ISIS can execute people for having the wrong religion, so can we - Check the inbox archive!!".

      A SENSIBLE approach might be to reform current legislation, collect less data and focus on better targeting and analysis.

      Face it: it's an unnecessary evil. FTFY.

      (I do so love the irony when people write, "you are wailing and gnashing your teeth because someone might go trawling your Inbox" and then post AC.)

    3. James Micallef Silver badge

      Re: So what would you do to improve matters?

      Here's a solution, dear AC. If the law enforcement agencies cannot keep up with the quantities of data being captured, they should FUCKING STOP CAPTURING SO MUCH DATA by spying on everyone and instead focus on capturing data from people under suspicion.

      But, Ah, I hear you say, then how will the law enforcement agencies know who to investigate? Well, how about some good old-fashioned police work? Coppers on the ground and on patrol instead of sitting in a data center, creating relationships and goodwill with communities instead of spying on them, building up networks of informants. Use the money to hire and train police officers instead of spending it on electronics. Build up some trust with ordinary people, instead of creating a situation where many people see the police as the enemy instead of an integral part of civil society.

      If the police are worried about cybercrime, they should *encourage* ordinary citizens to use strong encryption, secure OSes, devices and networks, not undermine the security of these networks by wanting access to them.

      Think back a bit to the physical world in the 50s or 60s, were the police up in arms because they couldn't intercept everyone's post just in case some criminals were communicating through it? Did they ask the public to leave their doors on a latch rather than a secure lock, just so that the police could pop in and check for any criminal activity?

      If some criminals go uncaught, so be it, that is the nature of the society that we choose to live in.

      1. Anonymous Coward
        Anonymous Coward

        Re: So what would you do to improve matters?

        >> focus on capturing data from people under suspicion.

        Didn't I say that?

        >> Coppers on the ground and on patrol instead of sitting in a data center, creating relationships and goodwill with communities instead of spying on them, building up networks of informants.

        Don't think I didn't say we should do that... HUMINT is a lot more valuable than SIGINT, but you need them both.

        AC for a reason.

        1. Doctor Syntax Silver badge

          Re: So what would you do to improve matters?

          "HUMINT is a lot more valuable than SIGINT, but you need them both."

          But whilst SIGINT spending increases the Met are cutting back on PCSOs who ought to be a major source of that HUMINT.

    4. Warm Braw

      Re: So what would you do to improve matters?

      There already is contact between infosec and law/security agencies, in the traiditional manner. Various gatherings of interested parties take place where the civilians can be sounded out over a nice dinner. Your propsects of doing infosec work in sensitive sectors (including finance) can be improved by your participation.

      I'd much rather see overt and transparent relationships developing with industry, but I suspect the plan is merely to extend the scope of such relationships, not to reduce their opacity.

    5. Anonymous Coward
      Anonymous Coward

      Re: the commentards so far appear to come from the tin-foil hat brigade

      Says the user posting AC....

    6. Anonymous Coward
      Anonymous Coward

      Re: So what would you do to improve matters?

      I'll give you a "f*cking solution", sorry but this pisses me off.

      What are you looking for Mr/Mrs Policeman/Government and how do you find them in a proper and measured way without shitting on everyones personal privacy?

      Let go through the different types,

      Pedo's - Catch a Pedo collate contacts catch more, found a website hosting material then monitor everyone who looks at it and every one of their contacts using warrants which will be easily obtained from a court.

      Terrorists - Catch a terrorist collate contacts catch more, found a website hosting material (that includes Facebook and Twitter for the specific users only) then monitor everyone who looks at it and every one of their contacts using warrants which will be easily obtained from a court.

      Criminals - Catch a criminal collate contacts catch more, found a form of communication they are using then monitor contacts who use it and every one of their contacts using warrants which will be easily obtained from a court.

      Once identified use good old fashioned police work to confirm if these people of interest are actually pedoterrorcriminals by coollating it with local law enforcement data and monitoring of the suspects all with a warrant from a court.

      Tell me what is wrong with that?

      I'll tell you why they don't want to do that and it's nothing to do with tin foil hats, it has been proven on many many occasions that if you disagree with the government, e.g. environmentalists, occupy supporters etc.. then they can and they will try to take you down or mark you card using the information that's only supposed to be used for pedoterrorcrims. Also, if someone admits to a minor crime in an email they can up their crime reduction figures. Can you imagine if councils had access to this? You mention in an email or instant message that you accidentally dropped a banana skin in the town centre then two days later you get a fine. Don't think that could happen? Welcome to the future.

      1. ChaoticMike

        Re: So what would you do to improve matters?

        >>Pedo's - Catch a Pedo collate contacts catch more, found a website hosting material then monitor everyone who looks at it and every one of their contacts using warrants which will be easily obtained from a court

        Same AC here... seriously, I can't actually understand what you are suggesting. And for your other 'Catch a..' examples, too.

        And tell me how your system weeds out mischievous individuals with an axe to grind on their neighbour? A situation no different from the good old days when a word in the ear of your friendly neighbourhood beat copper would have to be investigated, malicious *or* well intentioned.

        My point being, it is more complicated than you think. HUMINT > SIGINT. Which I *think* is actually what you are saying in "Once identified use good old fashioned police work to confirm if these people of interest are actually pedoterrorcriminals by coollating it with local law enforcement data and monitoring of the suspects all with a warrant from a court."

        >> I'll tell you why they don't want to do that

        Which 'they'?

        1. Anonymous Coward
          Anonymous Coward

          Re: So what would you do to improve matters?

          The last part of my comment explains that,

          "Once identified use good old fashioned police work to confirm if these people of interest are actually pedoterrorcriminals by coollating it with local law enforcement data and monitoring of the suspects all with a warrant from a court."

          What I am saying in a nutshell is don't snoop on everyone but only people of interest you have identified through traditional methods with judicial oversight.

          Ok someone with an axe to grind could potentially get you on the "of interest" list but why is that any different to what we have now? The alternative I'm suggesting is that only people "of interest" lose their privacy, which is better? everyone loses their privacy or only some who are "of interest" until they have been investigated because of a suspicion of criminal activities overseen by a court order?

          The they is the government and people in power that don't like people disagreeing with their policies and before you tell me to take off my tin foil hat I shall give the example of "Mark Kennedy" and that was before they had all this nice juicy information at their disposal, do you really think "they" don't bother anymore?

    7. Doctor Syntax Silver badge

      Re: So what would you do to improve matters?

      "because I'm fairly sure that the bad guys (who do exist) are continuing to develop *their* networks?"

      I'm sure they will be if they've any sense. So why take it out on the innocent who want to do things like use internet banking and buy stuff online?

    8. Anonymous Coward
      Anonymous Coward

      Re: So what would you do to improve matters?

      @AC It's not about the pedocyberterrorists.

      It's all about control. You can't catch seditionists* with good old fashioned policing. You have to hoover up everything.

      The independent reviewer of snooping legislation has already stated that its stacked in favour of anti-democracy and yet they still want more powers! Kind of shows they're not working for Joe public.

      When Andrew Parker recently talked about increased measures for keeping us safe, he wasn't talking about "us", he was referring to "them". And they reserve the right to ruin the life of anyone who gets in their way. Then they wonder why the public doesn't trust them...

      *anyone who disagrees with the State.

  11. nsld
    Black Helicopters

    Part of the problem

    Is that lawful seizure is so broad in the UK its now standard practice for the plod to seize your phone and any other device you might be carrying regardless of what they arrest you for.

    This then gives them a second chance to get you for something if the original arrest was weak.

    Hence the mountains of data they are currently lost in.

    A simple change in the law would solve this so that the seizure has to relate to the arrest so if you get stopped for no car tax for example it would not be proportionate to seize your phone.

    That won't happen because despite protestations of drowning in data they want to hoover up as much as they can.

  12. This post has been deleted by its author

  13. Anonymous Coward
    Anonymous Coward

    Well, it's a nice try ..

    .. make installing a bridgehead mandatory. The only problem with that is the same as for any backdoor: it makes it easier to breach an infrastructure.

    No . effing . way.

    If I were forced to install such an appliance in my data centre you'd find it quite frequently hooked up to the mains via its RJ45 jacks.

    "Oops, sorry, don't know what happened there, when I came in it was smouldering and we had to pull the plug. Yes, I appreciate it's a sealed black box that we don't know anything about, that's why we have not been able to monitor it going wrong until the smoke detectors tripped, so sorry? Yes, I know it's the third one this month, maybe you just gave that whole rack bad karma. What, cameras broken as well? Were they by any chance on the same network? Tsk tsk, what a coincidence. I feel for you. Want some help carrying it out? Some coffee before you go? What do you mean it tastes funny? Oh hi, welcome back, are you OK? No, that's the replacement kit you carried in yourself, we have not been near it so the scorch marks must have been on it already. My God, is that the time already? Can you come back tomorrow? No, you can leave the new kit here, it'll be quite safe, trust me. Ta, thanks."

    This was a public service broadcast. Please stay calm and do as the nice policeman tells you.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like