Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: Preserving Giant Squid |
| The Future of Ephemeral Conversation »
November 24, 2008
BNP Database Leaked
This is a big deal.
British National Party (BNP, a far-right nationalist party) membership and contacts list. 12,801 individuals are represented. Contains contact details and notes on selected party members and (possibly) other individuals. The list has been independently verified by Wikileaks staff as predominantly containing current or ex-BNP members, however other individuals who have donated to the BNP or who have had other contact (not necessarily supportive) with the BNP or one of its fronts may also be represented.
Occupations ascribed to the listed names include teachers, a doctor, nurse, vicar and members of the armed forces.
While there is no ban on many of those professions joining the BNP, its right-wing political stance and whites-only membership policy are seen by many as incompatible with frontline public service.
Police officers, on the other hand, are formally banned from joining, a policy which is recognised in the list.
Alongside the name of a serving officer, the document states that there is "Discretion required re. employment concerns".
Seems that the BNP database wasn't hacked from the outside, but that someone on the inside leaked the list.
There's a lot more leaked BNP documents on the Wikileaks website.
Posted on November 24, 2008 at 6:26 AM
• 32 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
People have the right to belong to whatever organisation they want. And the rest of us have the right to judge them accordingly ... ;-)
Is there some form of encryption available which could provide TPI (Two Person Integrity)? Where you have to have 2 people enter PINS before the info can be used. In order to be useful it would need to be integrated into the database tool being used so that data at rest was always protected.
I suppose you could encrypt, then re-encrypt the result with a different key, but that seems awkward and would only work with stand-alone tools which means the tables would be in the clear during use.
I think this was discussed on BBC's "Question Time" either last week or the week before if anyone wants to here some arguments on it.
I essentially think that the BNP are the scum of the earth, and would never, ever be friendly with a person I knew was a member. But in a democracy, people have a right to support whatever party they want, and have a right not to make that information public. It's a really bad thing when this stuff leaks.
@bob: I don't really think there is a good solution to this problem. It was an insider who leaked it, and even if you could finagle some system where two passwords were needed, it would way more trouble than it's worth, and not at all guaranteed to be foolproof (the insider can just make a copy of the list while person two is out getting coffee). Besides, there's probably a lot of people that need access to this list. If you look at it, there's notes on some of the items reading like "lost membership card, replacement sent XX/YY/ZZ". Surely that implies that there's a number of telephone operators and other party officials that would have had access to the list.
I don't know why I thought of the stonecutters when I read this :-)
These people looked deep within my heart and assigned me a number based on the order in which I joined.
Not the first data leak from the BNP.
The organisation has been penetrated by undercover journalists on several occasions, most famously a couple of years ago when a dancer with the Royal Ballet was revealed to be a BNP member.
Some of the leaked data seems to be out of date and it's alleged to contain details of people who are not members but who have had contact with the BNP, e.g. by buying their merchandise. Getting your house burned down by vigilantes because you bought a BNP mouse mat seems a bit harsh.
They only have 12,000 members and the data is passed around on spreadsheets rather than held centrally. They do seem to encrypt their data and use email encryption for communication between their activists.
Activists are issued with a CD of encryption software, presumably PGP, when they become regional organisers.
Trouble is, they pass the keys out to just about anybody. The journalist who exposed the ballet dancer became London regional organiser, with access to the whole membership list, in less than a year.
If they want to stop their membership list appearing in the papers, they need to realise that internal security isn't just about skinheads growling at people they don't like.
"Getting your house burned down by vigilantes because you bought a BNP mouse mat seems a bit harsh."
Getting your house burned down because you're a member would also seem a bit harsh to me. Or do they really do things that deserve such treatment? (You'd think they'd be at least banned if that were the case.)
based on personal experience, the brits are 10x more racist than your average southern redneck.
What makes it priceless is their political correctness which prevents them from admitting that.
Horrors: the BNP members included "a doctor, nurse and vicar". Please note the singular. OH, the BNP. I'm scared.
More British PC gone mad. This is marginal group and needs to be treated as such. This "banning' business is ridiculous. Brits are so sensitive about it because their entire society is permeated with racism.
The trouble with the BNP is they work hard to maintain a veneer of respectability. It's only when you get them in private that the real venom starts pouring out. Rather like the Daily Mail, I suppose.
I wonder how you'd feel as a black man knowing your doctor was a member? Publication of this list is no bad thing.
So, next time a politician claims that the National ID Database (or some other similarly intrusive and personal collection of data) is secure "because it's encrypted", we will have some idea of the degree or deceit or incompetence involved.
Apart from the privacy issue it seems
From the coverage it seems there was a specific problem with certain professions (e.g prison officers, police) who are not allowed to be members of this political party. It was not clear to me if this restriction applied to membership of all political parties or just certain ones including the BNP. The BNP are a legal political party in the UK even though many disagree with them. They have had some success in local elections.
It appears there is some internal dispute within the BNP and this list may have leaked because of that. There are high court injunctions saying the list should not be published and naming specific ex-officers of the party so if it was proved that they did it then the legal means for action is in place already.
There are reports of people being attacked and other suspended from their jobs as a result of being on this list.
Some names on the list where already known if they had stood in local elections.
46 members from USA? What are they, ex-patriates?
(Sigh of relief) For a moment there I thought the article was about BNP as in Banque Nationale de Paris.
Now that would have been interesting ...
I'm glad about the leak. I helped get the leak out there.
You don't say what your "personal experience" is. I've lived in the US for 14 years, on and off, and the UK for a bit longer (I currently live in neither country), and I think the most precise way to describe your comment is to say that it is utter crap.
Talk to a black Brit who's been to Alabama.
Also, get some historical perspective. A color bar operated legally in much of the southern USA within the living memory of not-very-old people.
Sunshine is the best disinfectant !
@ Bob: The algorithm you are looking for was described by Rivest in "How to Share a Secret"
Basically he showed how to divide a key amongst N people such that it can be recovered by any combination of K people, but no combination of K-1 people has any information whatsoever about the key.
Something I've always been interested in: if you discriminate against an employee because your customers are boycotting your store because of that employee... are you allowed to fire them to save your business, or do you have to be "fair" until bankruptcy, when you fire everyone?
@RH: This similar situation happened with a Sacramento theater director. He made a large donation to support Prop 8, and was the #2 person at the theater. Many gay and gay-friendly people in that industry were openly calling for a boycott of the theater.
This is a substantially similar situation to the above hypotheticals: what do you do when one of your highest level "employees" contributes the maximum donation possible to kick both your customers and suppliers in the short and curlies?
I'm not seeing the difference between this leak and the fact that in any US state, you can get a complete list of all registered voters, with party affiliation, including their home addresses. The parties and campaigns routinely do it for mailing lists.
So a party in England had exposed the same information we routinely expose; why is that a huge deal?
Of more concern is the fact you can be fired for having joined the wrong party; but then, you live in a country without a guarantee of free speech, this kind of comes with the territory.
I first thought BNP stood for BNP Paribas, which would have been seriously bad.
The leak is bad, even that kind of scum deserve privacy. But now that its out there we might as well deal with the ones that are police, as knowing how ordinary policemen can be the last thing a place thats near a surveillance state needs is BNP cops and soldiers.
There is no general policy against British police officers being members of political parties. The rule is against them being members of explicitly racist organizations, because it would conflict with their obligations as police officers to enforce the laws fairly and abide by anti-racist policies. The BNP is such an organization.
Party membership is somewhat different in the U.S. than in the United Kingdom. Also, while anyone can get a list of, say, registered Democrats in the state of New York, all registering as a Democrat means is that someone wants to be able to vote in the Democratic primary, not that they sympathize with the Democratic party, or have ever given it money or time. I had a high school teacher who always voted Republican, but was registered as a Democrat because the Democrats have primaries much more often. (Whether this is kosher is a separate question: it's legal and not especially rare.)
Membership lists for a specific political club affiliated with a party might be relevant, but those aren't available from the Board of Elections.
@ Nostromo; not to argue politics but in living memory white Britain ruled over 500 million black and brown people. Far worse than slavery, I'd say.
Oh, they don't allow Catholics to run the country.
Try being a brown american going through british immigration controls -- quite the eye opener.
As I said, the BNP is about as much threat as the American Nazi Party.
A friend, originally from Texas, told me that it was common for people from one political party to vote in the other party's primary to try and get a nut case in as that party's candidate and make their actual preferred party candidate more likely to be elected.
syberghost: It's not the same thing exactly. In Britain, virtually no-one is a member of a political party - it's not a list of registered affiliations as in the US, but a list of people who actively join and support the party.
Costs money to join, etc.
I look at this as a defamation vector. Drop a few of your political enemies in this list, then leak it anonymously on wikileaks. Suddenly you can paint people you don't like as racists and they'll be ostracized by society.
"not to argue politics but in living memory white Britain ruled over 500 million black and brown people. Far worse than slavery, I'd say."
Forget politics have you actually studied world history?
"Oh, they don't allow Catholics to run the country"
"Try being a brown american going through british immigration controls -- quite the eye opener."
Have you ever been through immigration in other northan European countries, beleive me you are in for a surprise...
Also have you tried going into the U.S. As a non U.S. Citizen?
With regard to Catholics and rule. Every Nov 5th we have bonfire night where we burn the effigy of a Catholic who attempted to kill not just the English king but the fledgling parliment as well so that a Catholic puppet could be put in to be run by the pope (not to different to setting up puppet Goves in Iraq and Afganistan by Bush et al).
For some reason various carholic popes throughout history belive they had the right to impose their view, politics and way of life on people who are unwilling to accept it. They were also responsable for such things as the Spanish inquestion and other atrocities. As well as numerous attempts to take control of England.
What you may be refering to is that in ages past various laws where made by parliment preventing the king or queen having a catholic spouse. This was in effect to prevent the Church of England of which the king/queen is head of and the people of England coming under catholic influance.
However many many of our politicians are catholic (Tony Blair officialy converted after leaving office) and in recent times some catholic ministers resigned as their catholic belifes became in conflict with British politics.
I don't have the time or the space to debunk the "British Empire" myths but I suspect those in the U.S. are just begining to wake up and realise what the their new middle East oil/drug Empire actually costs.
I would of thought we had learned the lessons of how bad an idea it was after setting up Israel in tha Palistinian protectorate as political expediancy. But as has been observed those who do not learn from history are cursed to re-live it, and as the Chinese curse says "may you live in interesting times".
It was suggested on the Radio 4 Newsquiz this week that the leaking of their entire membership list demonstrates that the BNP is finally ready for government.
International Covenant on Civil and Political Rights
s.1. Everyone shall have the right to freedom of thought, conscience and religion. This right shall include freedom to have or to adopt a religion or belief of his choice, and freedom, either individually or in community with others and in public or
**private**, to manifest his religion or belief in worship, observance, practice and teaching.
I don't want to address the story Bruce, but I do want to address "Charlie".
"@ Nostromo; not to argue politics but in living memory white Britain ruled over 500 million black and brown people. Far worse than slavery, I'd say."
So stop arguing politics and stop going on about stuff about which you obviously know very little. Just making yourself look like a right tit now.
Britain racist? because of our empire?
Have you read the news for the last 100 years? Jeez. The American empire is a little more relevent today than the British empire and it makes a lot more sense to moan about current American imperialism than British imperialism which literally finished years ago. The British empire is as relevent to this discussion as the friggin Roman empire. You utter fool.
Furthermore though the British empire was undoubtedly responsible for some bad shit that happened to some people, would you honestly rather live under Mugabe, than the previous white rulers?
Heard of William Wallace? American was he?
Are Catholics a 'race'?
What point exactly were you trying to make, apart from demonstrating your lack of knowledge about pretty much everything!?
@Zorro: "The American empire is a little more relevent today than the British empire and it makes a lot more sense to moan about current American imperialism than British imperialism which literally finished years ago. The British empire is as relevent to this discussion as the friggin Roman empire. You utter fool."
I want to make sure I'm not misunderstanding you. So let me try to be clear. If you think people have something to moan about in regards to "American imperialism," then you have no business calling someone else an utter fool because you qualify as well.
On the other hand, and your post seemed tough to understand for sure, if that is not what you meant then I apologize.
The BNP is a far right political party with militant roots. They are the result of a mixed constituency from the actively violent ex Combat 18, to the only slightly more palatable (to like minded Brits) the National Front, the latter of which was disbanded after infighting and allegations of homosexuality. Both of the former organisations were accused of race hate crimes from pouring gas though letter boxes to outright murder and assault. They could be compared to the Ku Klux Klan in many ways except their strength was not bolstered by institutional attitudes embedded within the "separate but equal" concept. They are not banned because they take great pains to appear a broadly political party. However on several occasions journalists have reported more sinister behaviour at clandestine and public gatherings and rallies.
I am of Afro-Caribbean descent, writing from the UK and having lived in both the UK and the USA, I would say the racism in both countries is about the same, the key difference is in how it is manifested.
Having said all of that I am troubled by this leak. Whether I disagree with the views or not, and given the above I am more than inclined to. The leaking of the membership register of a currently legal political party is a threat to democracy. Personally I would prefer these types to be in the open and argue their points in the light of day. The alternatives such as Al Qaeda, Timothy McVey, The Clan etc are created by forcing these people back under their rocks.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.