So... memorandum of understanding
Does this mean any system that uses an Intel CPU is now considered insecure?
The UK's National Crime Agency – Blighty's equivalent of the FBI – wants its staff to "colocate" with private-sector IT security companies around the world. In other words, investigators and infosec employees placed alongside each other to sniff out cyber-criminals. This will apparently help the agency reach across …
So the self-styled National Crime Agency is drowning in all that yummy illegal-until-recently-legalised-as-voted-for-by-you data? Who would have guessed.
"This will apparently help the agency reach across jurisdictions, and bust underworld gangs around the planet." Sounds like The National Crime Agency chiefs fancied getting in on the international jetset of knobhead mid-to-senior ranking civil servants to me... we just have to go and visit our colleages in Mauritius to see how they handle these issues, it's lovely at this time of year.
was SOCA, now NCA. no amount of rebranding can alter the reality: it's plod plodding along - way behind the curve because only the thickest, unimaginative people with a taste for control end up amongst their ranks.
I would supply my public key in order to facilitate a dialogue but I doubt they would know how to proceed.
stupid fucks.
That sort of colocation, and searching through all sorts of dirty laundry, is not without its downside risks, as is evidenced here? ..... http://www.wired.com/2010/08/codebreaker-death/
Another illegal transnational snooping system.
Can you say "Regulatory capture"
Can you say "Tainted chain of evidence."
Can you say "Frame ups on demand."
Can anyone in such a senior role really believe this won't be open to widespread abuse?
They'd almost literally have to be too dumb to live.
I'm expecting the down votes, but given that the commentards so far appear to come from the tin-foil hat brigade, so be it.
One the one hand, you are ROTFLYAO because the law enforcement agencies that are pretty much a *necessary* part of your being able to wear your hats cannot keep up with the quantities of data being captured, and on the other you are wailing and gnashing your teeth because someone might go trawling your Inbox (not an innuendo filled metaphor, BTW).
A SENSIBLE approach might be to try and use the data sensibly and within the scope of current legislation, maybe even (gasp) developing cse files on persons and organisations of interest, and concentrating on those. Which is pretty much what happens.
Or would you prefer to do nothing, because I'm fairly sure that the bad guys (who do exist) are continuing to develop *their* networks?
Face it: it's a necessary evil.
Upvote from me, never fails to astound me how the Registrati are so ready to criticise and abuse, but never offer a sane alternative.
As noted in the article NCA obtains data by seizure, which means it is legally obtained, presumably as part of a raid on such heroes as drug dealers, human traffickers, card scammers, child pornographers (CEOP is a part of NCA) and other unsavoury people. All of whom I would hope, but sometimes wonder, the Registrati would wish to see banged up.
A quick visit to their web site will tell you what they do and who they go after, have a read of the Strategic Assessment for the why. Oh and they are not all Police Officers either there's a fair sprinkling of HMRC and others there as well.
This post has been deleted by its author
Otto,
So all of a sudden, an agency of HMG only does what it says it does according to what is written on its' website?
WTF are you smoking matey?
I mean no cops/spooks in the UK have ever:
- looked at something that have no right to
- shot and killed people who were presenting no danger to anyone (too many to mention)
- GOT AWAY with the above...
- gone on fishing expeditions
- framed individiduals (supposed IRA bombers)
- colluded for decades after blaming whole groups of people (Hillsborough...)
- not chased down public figures who were it would now seem to have been very naughty indeed (kiddie-fiddlers etc)
Does the above give you any pause for thought WHATSOEVER?
Kind regards,
Jay
Many would say that the current legislation already goes too far in allowing mass data collection, that more checks and balances are required to prevent from being mis-used.
Secondly, if law enforcement can't keep up with the quantity of data, collecting more isn't a benefit, it's a liability: more to categorise, analyse and protect against illegal disclosure.
Even if I accepted that everyone working in law enforcement today, and everyone in authority over them, was snow white, collecting everyone's inbox is an ongoing liability - tomorrow we might get a leader that says, "If you're not with us, you're against us. And, if ISIS can execute people for having the wrong religion, so can we - Check the inbox archive!!".
A SENSIBLE approach might be to reform current legislation, collect less data and focus on better targeting and analysis.
Face it: it's an unnecessary evil. FTFY.
(I do so love the irony when people write, "you are wailing and gnashing your teeth because someone might go trawling your Inbox" and then post AC.)
Here's a solution, dear AC. If the law enforcement agencies cannot keep up with the quantities of data being captured, they should FUCKING STOP CAPTURING SO MUCH DATA by spying on everyone and instead focus on capturing data from people under suspicion.
But, Ah, I hear you say, then how will the law enforcement agencies know who to investigate? Well, how about some good old-fashioned police work? Coppers on the ground and on patrol instead of sitting in a data center, creating relationships and goodwill with communities instead of spying on them, building up networks of informants. Use the money to hire and train police officers instead of spending it on electronics. Build up some trust with ordinary people, instead of creating a situation where many people see the police as the enemy instead of an integral part of civil society.
If the police are worried about cybercrime, they should *encourage* ordinary citizens to use strong encryption, secure OSes, devices and networks, not undermine the security of these networks by wanting access to them.
Think back a bit to the physical world in the 50s or 60s, were the police up in arms because they couldn't intercept everyone's post just in case some criminals were communicating through it? Did they ask the public to leave their doors on a latch rather than a secure lock, just so that the police could pop in and check for any criminal activity?
If some criminals go uncaught, so be it, that is the nature of the society that we choose to live in.
>> focus on capturing data from people under suspicion.
Didn't I say that?
>> Coppers on the ground and on patrol instead of sitting in a data center, creating relationships and goodwill with communities instead of spying on them, building up networks of informants.
Don't think I didn't say we should do that... HUMINT is a lot more valuable than SIGINT, but you need them both.
AC for a reason.
There already is contact between infosec and law/security agencies, in the traiditional manner. Various gatherings of interested parties take place where the civilians can be sounded out over a nice dinner. Your propsects of doing infosec work in sensitive sectors (including finance) can be improved by your participation.
I'd much rather see overt and transparent relationships developing with industry, but I suspect the plan is merely to extend the scope of such relationships, not to reduce their opacity.
I'll give you a "f*cking solution", sorry but this pisses me off.
What are you looking for Mr/Mrs Policeman/Government and how do you find them in a proper and measured way without shitting on everyones personal privacy?
Let go through the different types,
Pedo's - Catch a Pedo collate contacts catch more, found a website hosting material then monitor everyone who looks at it and every one of their contacts using warrants which will be easily obtained from a court.
Terrorists - Catch a terrorist collate contacts catch more, found a website hosting material (that includes Facebook and Twitter for the specific users only) then monitor everyone who looks at it and every one of their contacts using warrants which will be easily obtained from a court.
Criminals - Catch a criminal collate contacts catch more, found a form of communication they are using then monitor contacts who use it and every one of their contacts using warrants which will be easily obtained from a court.
Once identified use good old fashioned police work to confirm if these people of interest are actually pedoterrorcriminals by coollating it with local law enforcement data and monitoring of the suspects all with a warrant from a court.
Tell me what is wrong with that?
I'll tell you why they don't want to do that and it's nothing to do with tin foil hats, it has been proven on many many occasions that if you disagree with the government, e.g. environmentalists, occupy supporters etc.. then they can and they will try to take you down or mark you card using the information that's only supposed to be used for pedoterrorcrims. Also, if someone admits to a minor crime in an email they can up their crime reduction figures. Can you imagine if councils had access to this? You mention in an email or instant message that you accidentally dropped a banana skin in the town centre then two days later you get a fine. Don't think that could happen? Welcome to the future.
>>Pedo's - Catch a Pedo collate contacts catch more, found a website hosting material then monitor everyone who looks at it and every one of their contacts using warrants which will be easily obtained from a court
Same AC here... seriously, I can't actually understand what you are suggesting. And for your other 'Catch a..' examples, too.
And tell me how your system weeds out mischievous individuals with an axe to grind on their neighbour? A situation no different from the good old days when a word in the ear of your friendly neighbourhood beat copper would have to be investigated, malicious *or* well intentioned.
My point being, it is more complicated than you think. HUMINT > SIGINT. Which I *think* is actually what you are saying in "Once identified use good old fashioned police work to confirm if these people of interest are actually pedoterrorcriminals by coollating it with local law enforcement data and monitoring of the suspects all with a warrant from a court."
>> I'll tell you why they don't want to do that
Which 'they'?
The last part of my comment explains that,
"Once identified use good old fashioned police work to confirm if these people of interest are actually pedoterrorcriminals by coollating it with local law enforcement data and monitoring of the suspects all with a warrant from a court."
What I am saying in a nutshell is don't snoop on everyone but only people of interest you have identified through traditional methods with judicial oversight.
Ok someone with an axe to grind could potentially get you on the "of interest" list but why is that any different to what we have now? The alternative I'm suggesting is that only people "of interest" lose their privacy, which is better? everyone loses their privacy or only some who are "of interest" until they have been investigated because of a suspicion of criminal activities overseen by a court order?
The they is the government and people in power that don't like people disagreeing with their policies and before you tell me to take off my tin foil hat I shall give the example of "Mark Kennedy" and that was before they had all this nice juicy information at their disposal, do you really think "they" don't bother anymore?
"because I'm fairly sure that the bad guys (who do exist) are continuing to develop *their* networks?"
I'm sure they will be if they've any sense. So why take it out on the innocent who want to do things like use internet banking and buy stuff online?
@AC It's not about the pedocyberterrorists.
It's all about control. You can't catch seditionists* with good old fashioned policing. You have to hoover up everything.
The independent reviewer of snooping legislation has already stated that its stacked in favour of anti-democracy and yet they still want more powers! Kind of shows they're not working for Joe public.
When Andrew Parker recently talked about increased measures for keeping us safe, he wasn't talking about "us", he was referring to "them". And they reserve the right to ruin the life of anyone who gets in their way. Then they wonder why the public doesn't trust them...
*anyone who disagrees with the State.
Is that lawful seizure is so broad in the UK its now standard practice for the plod to seize your phone and any other device you might be carrying regardless of what they arrest you for.
This then gives them a second chance to get you for something if the original arrest was weak.
Hence the mountains of data they are currently lost in.
A simple change in the law would solve this so that the seizure has to relate to the arrest so if you get stopped for no car tax for example it would not be proportionate to seize your phone.
That won't happen because despite protestations of drowning in data they want to hoover up as much as they can.
This post has been deleted by its author
.. make installing a bridgehead mandatory. The only problem with that is the same as for any backdoor: it makes it easier to breach an infrastructure.
No . effing . way.
If I were forced to install such an appliance in my data centre you'd find it quite frequently hooked up to the mains via its RJ45 jacks.
"Oops, sorry, don't know what happened there, when I came in it was smouldering and we had to pull the plug. Yes, I appreciate it's a sealed black box that we don't know anything about, that's why we have not been able to monitor it going wrong until the smoke detectors tripped, so sorry? Yes, I know it's the third one this month, maybe you just gave that whole rack bad karma. What, cameras broken as well? Were they by any chance on the same network? Tsk tsk, what a coincidence. I feel for you. Want some help carrying it out? Some coffee before you go? What do you mean it tastes funny? Oh hi, welcome back, are you OK? No, that's the replacement kit you carried in yourself, we have not been near it so the scorch marks must have been on it already. My God, is that the time already? Can you come back tomorrow? No, you can leave the new kit here, it'll be quite safe, trust me. Ta, thanks."
This was a public service broadcast. Please stay calm and do as the nice policeman tells you.