Identifying terrorists: Let's find a value for needle in haystack

Someone has to say it - it's DIP shit.

I'm sick of these half-baked anti-terrorist measures. Why don't they just finish the job properly and have everyone in the country imprisoned in solitary confinement?

Offed by a drone because of software bug.

This will lead to you getting offed by a drone due to a flaw in the haystack searching software.

We all know how unbuggy software is.

I hate to say it, but...

I have a sad, dark feeling that the reason that our Illustrious Home Secretary has ommitted a lot of the safeguards and cross-referencing and aligning to other "higher ranking" fundamental bills of civil right is that this bill is essentially fait accompli.

I'm not sure I want to overplay it too much, and looking at in the context of the overall political processes currently in play surrounding the civilian referendum on the EU exit, to my mind this bill as it currently stands represents nothing less than the rape of our democratic process unless a similar referendum is allowed on this insidious piece of "potential" legislation.

Needle in an database stack

Putting civil liberties to one side (much like our civil servants and politicians do), finding a group of suspects using a single database would be about as quick as the computing power used to filter it.

Yes, you will need an immensely powerful system, but we're not talking science fiction scales here.

You have a criteria of a threat, eq Russian ecco-terrorist likely to poison a dignitaries food.

Filter the populace for anyone frequenting Russian language, cooking and ecological sites. From that you further filter with any more known factors, after that best guesses and you'll wind up with a manageable number of suspects to scrutinise more closely.

As easy as shopping.

.

The major problem is how wide open it is for abuse by organisations well known for abusing even the smallest oportunity.

Bit of a no-brainer really

I'm sure the vast majority of people would agree that the police should be able to investigate crimes, or (strongly) suspected crimes, and that, in the case of serious crimes (which needs to be clearly defined), would include asking a judge to give them the authority to access various records relating to the activities of known or suspected criminals. So far, so obvious.

Whether people agree that unaccountable 'Security Services' should have any role in domestic law enforcement is another matter.

The job of the police is to investigate crime and criminals, all crimes, including those committed by MI5, therefore they need data about criminals. They have absolutely no need to gather or access data relating to people who are not serious criminals.

It may not be easy for them to work out how to differentiate, but given their general success with addressing serious crime already without draconian data trawling, I would suggest that they have more than adequete data available now, without the need to make us pay for our own surveillance through higher ISP costs.

Serious crims will always find a way to avoid surveillance (El Reg commentards have already suggested many possible options) so only the law-abiding will have their communications tapped. So why bother?

Dear Mrs May, I am not a serious criminal so kindly fec off!

"[...] the following appear to be targets for dataset acquisition [..]"

That looks like it would also cover public library records and customer purchase records held by online book stores. Presumably store loyalty card usage records would also link a person to their brick store purchases.

"Thought crime" is already effectively with us in some prosecuted cases - but this would allow trawling of the population for any desired profile.

I'm torn on this. Part of me thinks 'nothing to hide, nothing to fear', but on a personal note, I've bought several books from Amazon which some could see as questionable ( Mein Kamp, Marx's Communist manifesto, etc ).

To a dispassionate reader, that could be seen as worthy of putting me on a dubious characters list. The fact that I'm reading them out of historical interest, not out of support for those ideologies is not something I'd trust somebody else to guess.

Even that's assuming a perfect state with no theft of information for blackmail purposes using embarrassing information such as MP's porn habits.

Part of me thinks that racial profiling probably isn't a terrible idea for this, but that's hardly fair ( infringe other innocents liberties so I can be left alone ).

I'm now, officially, an Enemy of the State

they have forced me into that position by becoming my enemy. Naturally, the arrangement is reciprocal. I suspect this conclusion will be shared by most other UK based Reg readers. Others have their own reasons for opposing their own states.

In short, I'd much rather face the miniscule risks of a terrorist attack against me and mine, than the colossal risks they're about to impose on us, without any realistic opportunity for us to opt out.

Half a dozen cases where access to bulk communications datasets have produced results

So what?

Even in the unlikely event that there was no other evidence available in any of those cases, the ends do not justify the means.

But the real question is not about about the capabilities - vile as they are. It's about the fact that the Bill seeks to make knowledge of those capabilities illegal and therefore, there never can or will be discussion of them.

Nobody's going to take this one to the ECHR because it will be illegal for them to admit to knowing what they know.

[citation provided]

I wonder if all this data might lead to new and interesting ways for the bad guys to hide and get missed. If you know the data is being collected you could put up a front that looked very legitimate. Humans are fundamentally lazy creatures so most people even if they are suspicious will only look at the easily collected data. With all this data sloshing about who could be bothered to do the hard work of finding out if there are any secret communications taking place. Basically I think well end up with the situation where the idiots get caught and the clever criminals continue to get away with as they always have done. Worse this puts a pressure on the criminals to improve what they are doing e.g. move to fully encrypted systems.

"Annex 9 to his report lists half a dozen cases where access to bulk communications datasets have produced results"

Does it? Or does it just claim to do that (which we really should be expecting by now)?

From a quick skim

case 1 claim someone was caught, but gives no proof of this

case 2: claims there was a conviction, gives no evidence of this (case reference, name of the person convicted)

case 3: unsubstantiated (and admittedly, probably unsubstantiable) claim

case 4: see case 2

case 5: so unsubstantiated it doesn't even name the country it supposedly happened in

case 6: see case 2. Also, this was in Syria

They might as well have added the following

"case 7: Bulk data allowed us to identify that a teenage in america was babysitting for a family, but got 'stoned' on marijuana cigarettes, the family called and asked if everything was ok, she replied everything was fine, and she had put the chicken in the oven. Analysis of types not available through conventional interception allowed us to identify that there was no chicken, and she had put the baby in the oven"

Option (c)

(c) Burn down the entire haystack and sift the ashes with a magnet.

Well, that's what it feels like. Civil liberties and accountability don't count for much anymore, not in comparison to a few politicians crapping themselves that someone (possibly them, but not likely) might be killed on their watch. Not that deaths seem to bother them if it's a UK citizen being driven to suicide by a harsh and unjustified withdrawal of disability benefit.

Dear government,

I fear you more than the terrorists.

To quote Blackadder, "please, please, please stop"

Forgetting my annoyance at this disgraceful debacle ...

I particularly liked this clarification.

in addition “data” is defined to include “any information which is not data”.

So the information is data because it isn't data?

"Needle in a haystack"

Nope, wrong metaphor for what they're doing.

What they're trying to do is look for a needle in a mountain of pins using a scrapyard electromagnet, without a clue as to how to find the needle after they've lifted the lot.

Yyou are fined one credit for a violation of the Verbal Morality Statute

I've a number of intelligent comments to make, but that would take too much time.

So this instead:

"Why don't you just shove a leash up my ass?"

"<insert name here> you are fined one credit for a violation of the Verbal Morality Statute."

http://www.imdb.com/title/tt0106697/quotes

So how long before we lose the £ and find our selves in 'credits' ?

Let's drop the bull puckey. All this spy vs terrorist crap, is crap. It is all about corporations versus political activists, whom the corporations want to be able to treat as terrorists because of political activists threat to unlimited power and profits.

The corporations via their control of government want to destroy political activists, stick you head up to complain and they want to cut it off. This via prosecution as persecution, denial of access to public transport, denial of access to corporate or government employment, denial of access to financial services and this not just for the political activist but for their entire family.

For all of that they need to track everyone all of the time, so they can put boot heel to head the very instant you approach the focal point of any political activism either individually or as a group (in that political activism include Labour Unions, peace activists, environmentalists and those who support free and fair elections as well as justice systems with honesty and integrity).

Absolutely nothing what so ever to do with terrorists, unless of course you use the typical far right extremists US position where all those mentioned have been within three letter agencies declared terrorists (at least amongst the corporate appointees).

This with the four of the five eyes all sliming along behind, four of them under threat of egregious political targeted espionage activities (so really a one eyed Cyclops and four blind mice).

What do the general public know?

I was at the pub with a small group of friends, mostly of the older generation but savvy enough to do one or two things online, last weekend. I was asked about the TalkTalk hack and how could it happen, what it meant, etc.

Naturally I used patronising, non-jargon type language to explain (well, there's a mummy computer and a daddy computer...) The end result was that they were absolutely mortified to learn that there was no guarantee that their online activities were, well, private or safe.

To my point then, Joe Public seem to be very unaware of the risks to them from so-called hackers (crackers/scammers): they seem to understand the risks of letting HM's Govt. frolic with wild abandon through their personal data even less so.

I noted that this week's Panorama focused on hackers and identity theft, perhaps they'd like to educate the British public on the scope and ideas behind this new bill? I don't think the public are aware to any significant extent what this means to their personal data.

A close family member and I sometimes discuss privacy and the Intertwebz, he was in the "nothing to hide, nothing to fear" camp, until I pointed out that everyone has something to hide, even if they don't realise they wished they'd hidden it more carefully later...

Will we see a fall off in the usage of online services I wonder? I've noticed I'm more reluctant to do things online for sure.

SD

I think you all have hit it on the head !

Great feedback to this article, but like someone has already stated we are all probably on the hit list now since we read this article let alone responded to it.

Which is really scary ;

a.) The fact that George Orwell got it right !

b.) The fact that George Orwell got it right all that time ago !

c.) The fact that George Orwell let us know what was gonna happen and we let it happen anyway !

d.) All of the above !

e.) So will we have pre-crime justice system soon ?

Missing (and really obvious) safeguards

There are some strange oddities in the bill if you trawl through. For example, section 16 provides "additional protection for Members of Parliament etc" which requires the Prime Minister to be consulted on warrants affecting MPs, MEPs, MSPs etc. However there appears to be no similar obligation for warrants issued by Scottish Ministers.

Make more data

As 'they' are so desperate to collect as much data as possible, surely it is our patriotic duty to generate as much data as we can. Let 'them' drown in it.

Very unpersuasive evidence

Does anyone else find the case studies in Annex 9 of the Anderson report remarkably unpersuasive?

Cast study 1 covers two items, (1) tax collection by HMRC (how is that relevant, and what is MTIC fraud?), and item (2) about bulk data collection allowing the arrest of terrorists in the late 2000s. But if they were arrested why no details - surely by now they would have been convicted so the names could be revealed?

Case study 2 is about an airline worker with links to Al Qaida - they surely doesn't need bulk surveillance, just interception of those working for airlines? That was in 2010 - again no details of his name and conviction.

Case study 4 is about a known list of extremists who had been to Pakistan - again no need for access to data for the whole population, just for those under suspicion.

Case study 6 is about men contacting children online - but these appear to have been specific overseas individuals. Obviously the authorities were right to check on these individual's communications, but there seems no evidence that bulk access was necessary.

And there have only been six cases in the last 15 years, apparently. No names are given at all so we can check on these cases. But in the Appendix 10 which follows this section, names are named. So why so much secrecy here? These cases are so weak and unconvincing one wonders if there is anything in them at all.

Data overload time

As soon as you know that the spooks are watching for certain patterns, it is childishly simple to start overloading them with false positives. Most home computers in this country run Windows, and most of these Windows machines are not fully patched or are even running completely out of date operating systems. Therefore most computers in the country are vulnerable to a lot of malware that is out there.

So, consider what happens when some smart malware authors get into the fray. These people would first of all try to make a mildly malicious bit of code that would try to infect as many systems as possible, and which once in a machine would start making HTTP GETs to as many dubious, dodgy websites as possible.

Jihadi forums, pornography, radical politics, bulk nitrate fertiliser suppliers, cat litter bulk suppliers, red diesel and heating oil merchants, carbon credit brokers, EU VAT law forums; everything anyone can possibly think of to throw up spurious interesting coincidences.

Do that in a few thousand households, and very quickly the GCHQ database is so skewed that only law abiding and frankly exceedingly boring people will ever get picked up, on the grounds that they're way too squeaky-clean to be real.