UK Surveillance Consultation Suggests It Is End-Point Security, Not Encryption, ...
#1
A few weeks ago, we reported on David Cameron's apparent call to undermine all encryption in the UK. But as we noted then, it was not clear from his offhand remark what exactly he meant, or how he planned to implement the idea. A new consultation document on the legal framework of surveillance in the UK provides a clue, as spotted by The Guardian:
Quote:Britain's security services have acknowledged they have the worldwide capability to bypass the growing use of encryption by internet companies by attacking the computers themselves.

The Home Office release of the innocuously sounding "draft equipment interference code of practice" on Friday put into the public domain the rules and safeguards surrounding the use of computer hacking outside the UK by the security services for the first time.

The publication of the draft code follows David Cameron's speech last month in which he pledged to break into encryption and ensure there was no "safe space" for terrorists or serious criminals which could not be monitored online by the security services with a ministerial warrant, effectively spelling out how it might be done.

 

That certainly makes sense. As Edward Snowden said during an early Q&A:
Quote:Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

The new consultation document from the UK's Home Office seems to confirm that GCHQ can also find ways around it. It is one of two draft "codes of practice" for the main UK law governing surveillance, the Regulation of Investigatory Powers Act 2000 (RIPA). Although it's welcome that more details about the legislative framework are being provided, the way that is being done is problematic, as Carly Nyst, legal director of Privacy International, points out in the Guardian article:
Quote:"GCHQ cannot legitimise their unlawful activities simply by publishing codes of conduct with no legislative force. In particular, the use by intelligence agencies of hacking -- an incredibly invasive and intrusive form of surveillance -- cannot be snuck in by the back door through the introduction of a code of conduct that has undergone neither parliamentary nor judicial scrutiny. It is surely no mistake that this code of conduct comes only days before GCHQ is due to argue the lawfulness of its hacking activities in court."

It is also striking that the codes of conduct were released on the same day that the UK's secretive Investigatory Powers Tribunal ruled that British intelligence services had broken the law, but that they were now in compliance because previously unknown policies had been made public. As Nyst speculates, it could be that the UK government is releasing more details of its spying in the form of these consultation documents in an attempt to head off future losses in the courts.

Whether or not that is the case, it certainly seems that the attempts by civil liberties groups to end or at least limit mass surveillance are already having an effect on the UK government, and forcing it to provide basic details of its hitherto completely-secret activities. That success is a strong incentive to continue fighting for more proportionality and meaningful oversight here.

source

 
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Trump signs bill renewing NSA's internet surveillance program nygeek 15 34,777 Jun 14, 2024, 23:51 pm
Last Post: stts2
  US surveillance of Merkel’s phone prompts angry German reaction. Spud17 10 42,165 Jun 14, 2024, 23:00 pm
Last Post: stts2
  FBI labels TikTok ‘national security threat’ while befriending Facebook Resurgence 0 6,519 Nov 17, 2022, 13:12 pm
Last Post: Resurgence
  UK food banks at ‘breaking point’ Resurgence 0 6,077 Nov 11, 2022, 14:01 pm
Last Post: Resurgence
  Wi-Fi security hack allows drones to see through walls Resurgence 0 6,159 Nov 11, 2022, 13:47 pm
Last Post: Resurgence



Users browsing this thread: 2 Guest(s)