Brit spy chief: We need trust or we won't have a 'licence to operate in cyberspace' GCHQ's director-general has called for more public trust in the controversial British spy agency. Jeremy Fleming told the Cyber UK conference in Glasgow this morning that his agency "must have the legal, ethical and regulatory regimes to foster public trust, without which we just don't have a licence to operate in cyberspace …
Is that not a euphemism for backdoor for 'friendly and benign security services'?
Is it that I'm too cynical, and should take his speech at face value, as some sort of olive branch to the thinking section of British society?
It could be a "euphemism for backdoor" insertion if you start with the assumption that device manufacturers, IoT purveyors, OS-mongers, ISP router selection, etc, are all made with security as a #1 (or even recognisable) priority.
Or, cutting them some slack, you could also look at the current pisspoor state of the above and find it might be quite the opposite.
Tricky one to decide...
And not forgetting,
the spy agency "will share intelligence with banks to enable them to alert customers to threats in close to real time."
That just reeks of a get-out for TSB et al to blame a "credible cyberthreat from GCHQ" for their using crap software developers to build leaky apps. It is bad enough that banks already allow access their account management API, supposedly always "with the account holder's permission" .. yeah, tell that one to HMRC.
Oh, and well done to GCHQ for not mentioning "AI".
Beat me to the post.
Of course, staying within "the legal, ethical and regulatory regimes" already in place might help foster public trust. Erring a little on the side of caution, gaining an explicit green light before indulging in anything too near the bone, and a readiness to apologise before being publicly dragged over the coals, might help too.
I think you'll find it's rather more than once.
And yes, trust is earned, not given.
But data fetishists do not ask for you data. They either demand it as a right (when you actually have a legally enforceable right to refuse) or simply take it if you don't (hello NHS).
Would he have even bothered to show up here if it was not for Edward Snowden's data dump?
Would he f**k.
"his agency "must have the legal, ethical and regulatory regimes to foster public trust, without which we just don't have a licence to operate in cyberspace".
Translated to read: "We need to change the law to legitimize and extend our ubiquitous state surveillance. Then when people complain about spying we can piously say we're doing nothing illegal. The public will then discard all their objections and happily fall into place behind Big Brother!"
Sorry you jerks. We know when a law is unjust and that won't make anyone love you. It will make us mistrust you more, watching you removing our rights and using Newspeak to brand your evil acts as beneficial. A Police State by any other name...
Que slow sarcastic clap - Clap... 2 second pause... clap... 2 second pause... clap...
Its great you realised this, but the trust-boat set sail a long time ago, so your going to have to paddle pretty bloody hard to catch it! Of course, you could always try starting with an apology, Mr D Trumps method with suffice (grovel on your hands and knees).
OK enough of my sarcasm, personally I've a lot of time and respect for the bods at GCHQ and NCSS.. What I don't respect though, is the real lack of oversight and means of recourse, and simple fact, all the overseers need do is wave the magic "National Security" wand and everything disappears!
It's hard not to get increasingly bitter at the levels of incompetence in high paid jobs, when I have to hear how my 30 years of experience "doesn't count".
Anyway, the key here is not the fear of what *this* bunch of crooks get up to with all that power they have. It's what the next bunch do ....
This is key.
I can understand that we need an agency like GCHQ that is trying to monitor as much as possible, intercept as much as possible. That is a sensible precaution to deal with many internal and external threats.
But don't pretend that that agency needs or expects trust. Or that it should have any role at all in building security.
We are probably best secured by clever academics and by creating a suspicious and untrusting public who will pay private industry for real security. Of course, this isn't easy (as the non-existence of security in the IoT world illustrates). But we don't need GCHQ pretending to be helpful.
GCHQ's job is to break security. Fine. But don't whine that we should trust you.
....and here we have Jeremy Fleming talking about "trust".
*
I suppose he also wants foreign governments to "trust" the UK....say the Belgian government:
- https://www.theguardian.com/uk-news/2018/sep/21/british-spies-hacked-into-belgacom-on-ministers-orders-claims-report
*
....and that's just one that we know about. And Edward Snowden had some stuff to say about the so called "Five Eyes".
*
And finally - GCHQ just can't wait for 5G to be implemented so they can do EVEN MORE spying on 60 million UK citizens. The same Jeremy Fleming is using the current nonsense about China as pure misdirection of the public...
*
How much hypocrisy can we take? Pass the sick bag, Alice!
I think Mr. or Mrs. Any Other Name is absolutely right about Stasi. I also do not believe GCHQ or MI5 are anywhere in that league. Nor is the current government or any past government of the UK in the same league as that of the former GDR.
That, however, has very little bearing on the issue of trust. Point is, our security and privacy policies and mechanisms absolutely must foresee the possibility that the Security Services may become like Stasi at some point, with the corresponding transformation of the political system as well. No, I do not trust that it will not happen in my time or my children's time, and therein lies the limit of the trust that the Services may get from me. The trust is constrained by the spectrum of Stasi a lot more than the known or even unknown historical actions of the Services. That's just basic risk management, IMHO.
Good thing for the GCHQ that he didn't read from the other internal memo, "We will work with ISPs to place internet-connected surveillance devices in every home".
Not required, Google are only too happy to collect everything in the room of one of their devices Facebook and the gullible public are only to happy to shell out for them in exchange for the ability to play music without pushing a button.
Whilst I think we've made a good start, the next stage of our strategy is even more critical. It'll need a national effort if it's to succeed." .... Jeremy Fleming, GCHQ director-general
Christ, ... what is it in the UKGBNI water that allows the likes of a Jeremy Fleming to spout so much of the same rabid garbage as a Mark Carney does for the Old Lady of Threadneedle Street?
The word NOT on the street, is critical cyberspace strategies proceed best and always succeed with private and/or pirate internetional efforts. You know, ye olde worlde off-the-books type covert missions with benefits rewarding the serially smart clandestine renegade rogue elements whom one has to buy into in order to avail oneself of a quite unbelievable advantage which permits the free radical remote exercise of a more universal command and virtual control of fielded assets ..... for the mainstream doesn't lead whenever all IT ever does is follow the counsel of media hosting muppets.
And although that be a tad harsh, such is nevertheless perfectly true and a crying shame for Cheltenham to presently bear.
Christ, ... what is it in the UKGBNI water that allows the likes of a Jeremy Fleming to spout so much of the same rabid garbage
It isn't in the water, it is in the name. I am rather surprised nobody made that link yet. However, I am pretty sure one Ian Fleming would like to disown him.
You're responding to a bot. It isn't reading your reply, and wasn't asking a question. It just really likes Markov chains. .... Anonymous Coward
Crikey, AC, you got everything spectacularly wrong with that comment. Bravo, Sir or Madam. Don't call us, we'll call you if we need nothing of value.
Who in their right mind would trust them - they have proven themselves to be completely untrustworthy.
Lying is their stock in trade - even the name is a lie GCHQ - Government Communications Headquarters which tries to give the impression that it is used for this government's communications whereas its actual job is to spy on other peoples communications.
When there is a suitably long record of them behaving ethically and following the rules (100 years should suffice!!!) then people might start to believe them - until then they have even less credibility than a politician.
I wonder.
Could GCHQ potentially build some bridges if they were to head-hunt one or two respected privacy advocates, with a remit something like UN weapons inspectors? Someone with authority and not afraid to ruffle feathers.
Any big organisation will contain a certain mix of good and bad. If you have an image problem like GCHQ it may be hard to recruit People who Care, so you'd need to kick-start something. Microsoft have recruited some great folks in their turnaround: maybe GCHQ could learn from them, and create an Advocatus Diabolus role for someone who would be their natural critic?
p.s. is this Fleming any relation of the famous Ian?
a government agency. It remit and its activity is regulated by government. And therein lies the problem. While there may be many competent and ethically upstanding people inside the service, the people setting the parameters for its activity are anything but. What GCHQ provides is used by both the Home and Foreign Office (at least) and is, therefore within the remit of the secretaries of state. Now consider that in recent time that list of political no marks in those posts has included Amber Rudd, Theresa May, Boris Johnson and Jeremy Hunt*, you begin to see the problem. In theory there is parliamentary oversight, but in reality things are much murkier (and sometimes for sensible reasons).
I am always wary of organisation with large amounts of power that are subject to direct political control, so my trust is in very very short supply, I'm afraid.
* and yes, I remember the bad old days of Jack Straw too, so it's not entirely party political.
Continuing a low-key theme that has been growing over the past few years, he also called for more public acknowledgement of GCHQ's own hacking capabilities
Suspect this - maintaining and developing GCHQ's own hacking abilities - has bearing on the UK security establishment's view of Huawei.
Regardless on what may or may not be the case, having Huawei equipment in the UK and hence in our sandbox, then we are better placed to 'play' with the kit and to monitor for any backdoors/side channels. Then that knowledge is available to explore other huawei deployments...
I start from the assumption that Fleming and his staff basically are decent people. That applies also to MI5, MI6, and the plethora of other security/police agencies operating within or beyond the public gaze. Many such people are competent too.
That said, I don't trust GCHQ or any other UK-linked security/surveillance agency one jot more than absolutely necessary i.e. very little at all. It's no so much existence of these agencies that offends me but rather the creatures within whose purview the agencies fall i.e. their political masters. Politics never has greatly attracted people of intellect, broad education, taste, wisdom, and unbending probity. The quality of personnel in the British legislature's two chambers declined markedly when Blair took office and continues at a level of incompetence and peculation more fitting to the eighteenth and early nineteenth centuries. Observe how these non-entities assiduously proclaim their importance, dignity, and entitlements despite the fact of few possessing merit and those holding executive government posts barely capable of running a whelk stall in Brighton. Watch them in their chambers, particularly the lower one, mired in anachronistic customs and practices, and stuck with speeches, so-called oratory, as means of communication within their Houses.
That's not to say there weren't in recent times figures of stature. Churchill, Bevan, MacMillan, Wilson, Powell, and Wedgwood-Benn come immediately to mind. Doubtless some genuine talent coupled with personal integrity persists, though unlikely to be found in the Cabinet.
At one time, people appointed to senior ministerial positions usually had sharp enquiring minds. Ministers, in general, were not placed in charge of departments on the basis of subject matter knowledge and skills; indeed to do so risks blinkered vision and attitudes. It was, perhaps still is, if anyone bothers to think on it, customary to put generalists rather than specialists in charge. Thus, a minister is expected to quickly come up to speed on policy issues. He is not required to master fine detail and associated technologies. Yet, when allocating budgets and preparing legislation he must be fully aware of the consequences of his choices. Only a fool would rely upon receiving accurate and unbiased advice from civil servants and brought-in expertise. Underlings likely are reliable and honest but a minister should give as much due diligence to disbursing public funds as he would when buying a house for himself. Thus, a sharp interrogative mind is required. One able to ask penetrating questions and recognise bullshit when proffered it. By making pertinent enquiry a mind trained in any rigorous discipline is capable of fathoming the most complicated of matters sufficiently to make informed decisions.
Present day reality departs widely from the ideal. Would-be career politicians are a curse on society. They do the 'right things' such as the almost worthless Oxford PPE (designed to enable dim sons of monied gentlefolk to make contacts in Oxford's social milieu). They proceed to suitable 'stepping stone' employment (if on the 'Right' something in the City, if on the 'Left' office in a trade union, deadbeat lawyers abound too).
Imagine the likes of these interacting with Jeremy Fleming or the heads of other agencies. With reference to GCHQ there is high likelihood of its overmaster politician at any point in time being a proud mathematical illiterate (read English literature and nothing more) and incapable of grasping the concept of encryption/obfuscation beyond simple letter substitution. Fleming, and colleagues elsewhere, doubtless put forth plans and schemes with sincere intent; regardless of that, there cannot be proper governance unless the minister is capable of formulating penetrating questions.
The UK is, in effect, ruled on all matters truly important to the 'establishment' by an inner cabal of the Privy Council. This arrogates responsibility for foreign relations, defence, and security. It serves the wishes of its true 'deep state' masters (e.g. political party donors, conglomerate tax avoiders, financiers, and defence equipment manufacturers) using instruments known as royal prerogatives left over from the Act of Settlement. So the position is of ministerial monkeys representing de facto departmental organ grinders on the one body in the land with sufficient power to cock matters up royally.
GCHQ and similar can earn trust in two ways. First people from government being indisputably capable of policy direction and prudent budget allocation to the agency. Second, considerably lifting unnecessary shrouds of secrecy to enable informed opinion to judge whether agencies deliver that requested of them in cost-effective manner, and don't depart from their remit.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
