Oversight
"and have always been exceptionally good at understanding the need to keep our work secret"
Enough superlatives there to think the committee doesn't really question them that hard.
New documents revealing GCHQ's mass-surveillance activities have detailed an operation codenamed KARMA POLICE, which slurped up the details of "every visible user on the Internet". The operation was launched in 2009, without Parliamentary consultation or public scrutiny, to record the browsing habits of "every visible user on …
Probably the same one that goes to church every sunday, drives a diesel car, has 2.4 children in paid for education and drinks bottled water while listening to non-threatening christian rock on their new iphone.
Ok, it's standard fact that everything you type or post on the internet is monitored and that the government has and will continue to monitor all this information. My question is this, there must have been things found out about certain politicians or celebrities, what has happened to that information? Has it been used for blackmail? I certainly don't believe for one minute that everyone has nothing to hide and that people don't slip up in emails or chat programs? e.g. "oi Dave remember the time you stuck your **** in a dead ***, how we all laughed."
Let's end this unless you are a crim you have nothing to hide debate.
I'm not a crim and I actually have nothing to hide, however I'm a curious person I like to look at a wide range of sources to understand the news and anything else that takes my interest, this includes using things like Kali to test my home network setup and also researching vulnerabilities to see if I can check them off my lists of what my machines are vulnerable to.
So in your case I should be fine? However I'm not, I'm sure that some of the news topics I've researched would border on extremist, am I an extremist, of course not, would I ever be an extremist of any political viewpoint, definitely not however I like to see all sides of an argument before I make an informed opinion (and that's not taking wikipedia as my main source). This of course flags me up, I know this. Take my vulnerability research, that probably flags me up even more, would I ever write a program to use this? No. Do I find it funny that a hatstand of vulns recently failed in the fact they probably used strcpy() without any verification, Yes because it's buffer overflow in it's most basic of uses.
So in retrospect I'm a curious person who likes to learn and read information however my government is going to pigeonhole me as a terrorist hacker even though my beliefs are so far from that it's shocking.
And you say if I'm a crim I have nothing to hide? No, I don't have anything to hide however I don't see why everything I do is monitored, analysed, dissected and could potentially be used to make me appear to be someone I'm not.
I'm not going to post this as anon as it's about time someone said this because at the end of the day I'm sure a lot of the people on here follow the same logic I do and could potentially be flagged up as I probably am.
GCHQ and the NSA can f*ck off.
</rantoff>
Exactly and that's the point I was making. Just because you read something doesn't make you allied to that perspective.
So anyone that says I'm not a crim I have nothing to hide is a complete and utter idiot.
I'm fully aware I shouldn't answer these idiots but to be honest I think that I should share my view and if people want to rip it up then I will read and maybe change it. That's the beauty of being a thinking intelligent person, it's a shame it alludes a lot of people.
And likewise i'm probably going to look like a terrorist because I've read the Hamas charter, mostly because of a comment on a similar forum to pointing out that one of the articles of the Hamas charter is that they say that they won't make peace and only want to solve the Israel problem by Jihad. Hamas explicitly say in their charter that international peace conferences are a waste of time.
Something which you'd think that some news outlet might have mentioned in unbiased coverage because it makes it somewhat more obvious as to why peace conferences with them involved don't go anywhere. Still, simply reading such things probably has me flagged on a watchlist as well. :/
scoot76, I totally agree. The problem isn't so much they're collecting metric assloads of data - well that is the problem, but only one part of it - it's the fact that they're drawing inferences on this data without any sort of context. I remember hearing a story about a high school kid who ended up in an interrogation room with the Secret Service because he posted on Facebook warning Pres. Obama to "watch his back". However as it turns out it wasn't a threat but a legit warning, the kid was concerned someone was gonna try and assassinate him for being black and was legit concerned for the President's well-being - hence "watch your back" meaning "stay alert" not "I'm coming for you."
I'll be honest, with the Orwellian level of surveillance going its only a matter of time before someone gets locked up over their browsing habits because they got flagged just like you. Hell I wouldn't put it past the government to come up with some kind of weapon that only works on people that got flagged as terrorists because they read Al-Jazeera's website instead of BBC - not unlike the Dominator guns from "Psycho-Pass." (Bonus points if the Karma Police's core system is actually a distributed processor consisting of two-hundred odd brains in a jar...)
Oh good,then would you please publish all your id numbers,real name,address,phone and email address,along with all your credit cards with security codes right now? I mean,you don't have anything to hide,now do ya? Except the fact you wear Spider-Man pajamas?
Ac,
please update us when you have:
- published all of your bank statements online
- shared your calendar (work AND personal)
- ensured that any online Vid service history and your sexual peccadilloes are available for review
- ensured that all of your colleagues are aware of your 'package'
- published your tax return (and accompanying spreadsheets) in full
- web cams in all rooms where you live (just in case you get up to anything, you know 'illegal')
- confirm the insurance policy IDs for your home[s] and/or vehicles
- summarised your political preferences and voting history
- ensured that any bright ideas you have had are in the public domain, otherwise someone might not give you credit down the line...
Something for you to ponder on...
Regards,
jay
>Well unless you are a crim, what have you got to hide?
Well in some people's eye's being: white, heterosexual, male, married, middle aged and "middle class" (a term seemingly used to mean any one who isn't on benefits and isn't rich enough to own a 'mansion') is sufficient to be regarded as a criminal and most definitely should not be allowed anywhere near children particularly if they work in IT...
Joke because whilst we can laugh, it only takes a media started rumour to trash your reputation...
1) When have you seen anyone not middle class buying wine? (at least in Britain/Ireland/Scotland)
2) One bottle of wine (excluding a 'magnum') is exempt, there's really only two to three good glasses in there.
3) My scale only grades lower-middle down, not upper-middle or upper.
4) If you bought the wine 'as an investment' and failed to stop yourself drinking it, you've got bigger problems.
5) My system is not foolproof, it also usually mis-grades students.
Where I'm from the alcoholics used to exclusively buy a fortified wine made by a company called 'Mundies'. 20/20, Sanatogen and that one made by monks that's popular in Scotland (whose name I can't remember) are also wines. If I choose to view these as exceptions, I'm generalising, not necessarily stereotyping.
Jean Charles de Menezes had nothing to hide and they fucking murdered him for it.
What about Alan Turing? He shouldn't have had to hide what he did have to hide and that ended pretty damned badly too.
We're not so different today. Are you interested in being next?
SIGINT = SIGnals INTelligence.
Passive SIGINT is a means of acquiring data/info without needing anything specific on the part of the person being monitored. To give a car analogy (cos they're always the best sort)...
If I set up a radar speed detector in your road, everyone who drives past is visible to the detector. That's analogous to being visible to passive SIGINT.
If I plant a box of tricks in your car to report your speed/location to me without your knowledge, then that's analogous to being visible through active SIGINT
"Another programme, codenamed BLAZING SADDLES, was used to target listeners of "any one particular radio station ... to understand any trends or behaviours." The summary report states how:
A wealth of datamining techniques could be applied on small closed groups of individuals, to look for potential covert communications channels for hostile intelligence agencies running agents in allied countries, terrorist cells, or serious crime targets."
Heady stuff indeed.
> It's *HEDLEY"!!! <
>Parliament needs to kick arse, kick arse hard, and kick it NOW!
Sadly, that only happens when the matter is really important, like MPs' salaries. But mostly they wouldn't even have got through the candidate selection process if they'd shown any inclination for independent thought.
"Foreign Government complaints about UK spying will be very muted, as they no doubt also receive some of the nice juicy intelligence reports produced from it."
As well as collecting and collating their own. I have no doubt Germany will do doing the same. And especially the French. They REALLY don't like being beholden to anyone else.
I wonder how much faster the intertubes would be if all data monitoring and gathering suddenly stopped? (NSA/GCHQ/Others/Google et al.
"I can imagine several foreign governments being annoyed with this.
Mainly Germany. But possibly a few others as well."
Really ? Then watch how none of european countries officials are ever going to react to this, nor how the mainstream press is gonna even talk about it.
Truth is: no-one understand a bit of this, and pending understanding, opposing what is seen (wrongly) as counter-terrorism is very risky from a political standpoint.
The AD networks seem to be doing a good job of exactly the same thing, judging by how spookily accurately the online ads that web pages display respond to my browsing behaviour. Like earlier this year when I was looking at some reviews of TV sets, very soon almost all online ads I saw were about TV sets...
'Good job' depends what they were seeking.
Further sales I'm assuming, but how many TVs were they expecting you to buy?
I get the same issues with Amazon. They know who I am they have my order history, why do they keep recommending things I've already bought?
a) If I've bought one before I clearly don't need it's existence brought to my attention.
b) Most items are not the kind of thing you buy more than one of.
I don't expect GCHQ to be any more intelligent without human oversight.
For a different spin on things, I'm going to leave the morality of this aside for a moment and approach the issue from an analytical standpoint.
The last terrorist attack in the UK (according to a very brief Google search) was the London 2005 bombings, which killed 56 people (including the suicide bombers) and injured 700 or so. On a per-year basis over the last decade, that's 6 people dead and 70 injured
GCHQ is funded (mostly) from the Single Intelligence Account, budgeted at £1.9 billion a year. It shares this with MI5 and MI6, so at a rough guess GCHQ probably gets at least half a billion a year. How much of that they spend on mass-surveillance programs like this is anybody's guess. Shall I throw in a figure of a hundred million each year?
Of course, it's hard to provide proof of deaths / injuries prevented, but even if they were successfully preventing ten terrorist attacks on the scale of the London bombings per year, that would work out as a cost of £1.7 million per life saved (or £133k per casualty prevented).
Hiring a handful of extra policemen to patrol a busy city centre on club nights would reduce the casualty rate by a similar amount. One extra ambulance might well save the lives of 50-odd people in a year. How many lives could the NHS save with an extra 100 million?
These figures are very rough, but even varying the result by an entire order of magnitude, it's still a pretty poor investment. If we accept this, then what motivation does the government have for providing such funding, if not for the well-being of the population? Discuss.
P.S. If anyone has more accurate figures than those I have used above, please comment.
Cameron, May and all those lot are much higher profile targets than the regular proles on the street.
A fact that I imagine the intelligence services are constantly making them aware of.
How much are they willing to spend to reduce the risk to their own hides is the question you should be asking...
@Justicesays - They are now slightly higher profile targets, now that a hefty fraction of the UK population (and I suppose the population of the net as a whole) knows who to blame for them being spied on constantly for five or six years.
In this case, getting found out in spending a lot to reduce the risk to their own hides has likely increased the risk to their own hides :)
@Lobrau - There was the revenge attack for Lee Rigby's death just a week or two ago wasn't there? The guy survived, but trying to behead a random guy who fit the ethnic profile seems to fit the description, especially since he was basically trying to replicate what happened to Rigby (except he attacked a random dentist rather than soldier on leave)
Of that £1.9 billion, if even just a third of it goes towards domestic security, that £600 million on protecting us at home. Each year. If there were even 6000 'active terrorists' in the UK you could afford to pay for 24/7 round the clock eyes on. Actually pay a man in a suit to follow the threat around. A person, in realtime, to sound the alarm if something is actually about to happen.
Rather than hoovering up more data than you know what to do with, that only makes sense AFTER something has happened.
Wow, back in 2009 every internet user totalled 200k users. Nowadays we're at what, 3.5 billion. That is some growth.
Either that or (a) fake leaked doc winding up the tinhat-ers or (b) GCHQ doesn't realise the internet covers the planet, and users in say North Korea are unlikely to be visible to them in good old Blighty.
damn, I'm flattered! They could have saved me trouble and told me where else to find that book by an ex-spook which had mysteriously disappered from cryptome and from a couple of other pages (yeah, I got it in the end, before they printed it in Moscow).
I say old chap, that sounds a tad in the extreme.
How about if we get jolly batey with them and turn our backs whilst making a harrumphing noise? That should tell those rum coves what we think of them and their nefarious activities.
Having read your comment, Bloakey 1, i think your strategy for dealing with the operatives at GCHQ is a much more balanced and coherent one than my woeful Knee-Jerk reaction...however, as for the Canteen Staff, they're still getting fucked!
@Mr Dogshit
"Oh no!
Spies found to be spying!"
If I may (and, since I guess I'm not going to wait for approval, even if I may not):
"Spies found to be spying allegedly/ apparently/ without oversight, parliamentary discussion (secret or public) or approval."
Given that form, I'm actually OK with the 'Oh no!' bit. Though potentially from a different perspective than that from which it might have been written.
Sigh.
@ Mr Dogshit
I don't mind them spying - it's them being bat-shit crazy that worries me. They have been given a big, beautiful doughnut stuffed with gizmos and what do they do? They profile people listening to the radio! As research, even for the arcane world of spying, this is a complete waste of time.
Their budget is way too big.
..is for them to use it for blackmail and leverage, not for protecting it's citizens.
Having the contents of every email and knowledge of every website visited of every person in the UK, allows those in power to apply pressure and leverage to anyone - since everyone has 'dirty laundry' they don't want airing.
And if you don't have any dirty laundry, and live a whiter-than-white existence, then don't be surprised if the spooks have malware dropped on your PC, and fake evidence is planted to make some.
A lot, actually.
I have a lot to hide.
I utterly reject this notion that just because my private life isn't criminal that somehow gives people the right to know about it.
Who I have sex with - or not.
What political parties I'm a member of - or not.
What charitable organizations I support - or not.
What religion I'm a member of - or not.
These are all non-criminal behaviours that I feel I have every bloody right to hide from public scrutiny. It's no one's damn business! I don't _care_ if any of those things being public knowledge won't do me any harm, that's not the god damned point!
If the authorities wanted to arrest you, you're already cooked. Hours after your arrest, the media will be informed - correctly - that you were discovered to have had child pornography on your computer and bomb-making equipment in your home. Consider this:
Child Pornography; Level 1 on the COPINE scale:
'Non-erotic and non-sexualised pictures showing children in their underwear or swimming costumes from either commercial sources or family albums.'
Bomb-making equipment - for obvious reasons I'm not going into detail here, but if you have bleach, one of several types of domestic cleaning products, and gasoline in the car in your garage you are well on the way. Add nitrogen-based fertilizer in the garden shed and you certainly can produce a handy bang.
You might as well plead guilty now.
Setting aside for a moment the politics and morality etc
Do the alleged documents reflect in any way the fact that users of the big name ISPs (which I guess is most Web users in the UK?) generally have dynamic addresses, so any given IP address may belong to different people on different days? And different people in the same premises may use the same visible IP address.
How daft is this stuff (if genuine)? Does it just have to be good enough to look good to the clueless and irresponsible and immoral people who are signing the cheques each year?
Well there are two parts to this, firstly it would seem that they are simply hoovering up everything available through passive SIGINT - which would be in line with something previously published during the Snowden revelations, that they like to maintain a short history of all traffic so that they can go back if they find anything significant. So in its raw form the changes in a user's IP address is probably not a concern, however, this would become an issue if they then decided to more actively investigate a trail. But it wouldn't surprise me that sufficient user id information is transmitted in the clear for them to do a basic linkup of sessions involving different IP addresses, before they need to go and ask the ISP's for their records.
On the face of it, slurping up the details of every visible user on the internet might seem to be a good way of gathering intelligence.
There is an obvious drawback to this, it seems to me. There are plenty of sites (such as The Register) whose users provide interesting and maybe valuable information, but the more I look the internet the more I'm led to believe that, taken as a whole, Internet users are bat-shit crazy.
I hope that GCHQ are mindful of this and have taken steps to ensure that they have appropriate mental health professionals available to help their human operatives deal with the inevitable consequences of trying to make some sense of what they are looking at.
Better, I think, to let machines handle the major part of the work, provided they can find ones that won't melt under the stress of trying to get a handle on what the fuck people are really up to.
"On the face of it, slurping up the details of every visible user on the internet might seem to be a good way of gathering intelligence."
Not to anyone with a clue it doesn't. You've already mentioned that 99% of the Web's content comes from people who are demonstrably bat-shit crazy. Alongside that, there's also the small matter of false positives. The more people are being observed, the more false positives you get, unless a miracle happens.
It's not a good way to spend taxpayers' money.
For some, it is a good way to bring money in though. Imagine being a sales rep for a technology supplier to GCHQ. No work to do once you're security cleared, just watch the orders roll in (if you've got the right product). They never tell you what they want to do with the kit and you can't ask. Just take the orders and wait for the commission. Sweet.
The difference is that we choose to be a part of the incentives scheme, plus if we are buying something that we decide we don't want associated with ourselves (case in point a while back I picked up two packs of adult sized nappies for an elderly neighbour; didn't feel that I wanted that added to the profiling so I just "oops forgot" the store card), we have the choice of not using the card.
A more realistic comparison would be that when you walk into a supermarket, an employee swipes your keys to rummage around in your car to see what you might have bought from other shops. Would you tolerate that?
To scoot76. You say "however my government is going to pigeonhole me as a terrorist hacker". I'm interested to know how you think that, have they accused you of anything?
If you walk down a road past a burgled house and you are wearing a balaclava and carrying a swag bag, would you expect the police to show an interest in you? If they stopped you and let you on your way once they see you bag isn't full of swag would you think they had fair grounds?
If they are watching a drug dealer on a street corner and you innocently stop to ask the time and have furtive chat would you expect them to show interest in you?
Just because they see you looking suspicious does not mean you are branded and they will arrest you. I'm sure they have many ways of filtering out the millions of curios people.
I know there is a more to it, and I'm not entirely comfortable with the data collection, but as most of you work in IT I'm sure you'll realise that in order to do a search you need the data already there.
The article also confirms that it's mainly the meta data, they aren't reading your emails but just looking for links. If you become of interest then they know where to look.
So, it's just metadata.
"At eleven PM Mrs X visited a rape crisis center, at 9 AM she was at a family planning clinic."
All metadata, no idea what that's all about. Nobody's privacy has been invaded here.
Now excuse me while I visit a suicide prevention website. I can tell you that without oversharing, right? It's only metadata.
To whom it may concern,
We're using Tor this week on my daughters computer because Firefox stopped being able to print to our Epson All in One while Tor still can. Shes got a book report due and the book report related project requires searching for and printing source docs for a visual presentation.
Intelligence agencies can slurp everyone's data, but they can't do anything with it. There's a huge difference between being able to monitor anyone, and being able to monitor everyone. The latter is impossible unless two-thirds of the population are monitoring the other third - and the other third is monitoring the two-thirds.
I know you are monitoring Posts on The Register.
Please amaze me and send me an email on my real email address and indicate my favorite online radio station.
I'm happy to help tracking down terrorists, child pornography, criminals etc. but I won't sell my soul to the devil and turn on my own people!