Entries Tagged "UK"

Page 3 of 19

Detaining David Miranda

Last Sunday, David Miranda was detained while changing planes at London Heathrow Airport by British authorities for nine hours under a controversial British law—the maximum time allowable without making an arrest. There has been much made of the fact that he’s the partner of Glenn Greenwald, the Guardian reporter whom Edward Snowden trusted with many of his NSA documents and the most prolific reporter of the surveillance abuses disclosed in those documents. There’s less discussion of what I feel was the real reason for Miranda’s detention. He was ferrying documents between Greenwald and Laura Poitras, a filmmaker and his co-reporter on Snowden and his information. These document were on several USB memory sticks he had with him. He had already carried documents from Greenwald in Rio de Janeiro to Poitras in Berlin, and was on his way back with different documents when he was detained.

The memory sticks were encrypted, of course, and Miranda did not know the key. This didn’t stop the British authorities from repeatedly asking for the key, and from confiscating the memory sticks along with his other electronics.

The incident prompted a major outcry in the UK. The UK’s Terrorist Act has always been controversial, and this clear misuse—it was intended to give authorities the right to detain and question suspected terrorists—is prompting new calls for its review. Certainly the UK. police will be more reluctant to misuse the law again in this manner.

I have to admit this story has me puzzled. Why would the British do something like this? What did they hope to gain, and why did they think it worth the cost? And—of course—were the British acting on their own under the Official Secrets Act, or were they acting on behalf of the United States? (My initial assumption was that they were acting on behalf of the US, but after the bizarre story of the British GCHQ demanding the destruction of Guardian computers last month, I’m not sure anymore.)

We do know the British were waiting for Miranda. It’s reasonable to assume they knew his itinerary, and had good reason to suspect that he was ferrying documents back and forth between Greenwald and Poitras. These documents could be source documents provided by Snowden, new documents that the two were working on either separately or together, or both. That being said, it’s inconceivable that the memory sticks would contain the only copies of these documents. Poitras retained copies of everything she gave Miranda. So the British authorities couldn’t possibly destroy the documents; the best they could hope for is that they would be able to read them.

Is it truly possible that the NSA doesn’t already know what Snowden has? They claim they don’t, but after Snowden’s name became public, the NSA would have conducted the mother of all audits. It would try to figure out what computer systems Snowden had access to, and therefore what documents he could have accessed. Hopefully, the audit information would give more detail, such as which documents he downloaded. I have a hard time believing that its internal auditing systems would be so bad that it wouldn’t be able to discover this.

So if the NSA knows what Snowden has, or what he could have, then the most it could learn from the USB sticks is what Greenwald and Poitras are currently working on, or thinking about working on. But presumably the things the two of them are working on are the things they’re going to publish next. Did the intelligence agencies really do all this simply for a few weeks’ heads-up on what was coming? Given how ham-handedly the NSA has handled PR as each document was exposed, it seems implausible that it wanted advance knowledge so it could work on a response. It’s been two months since the first Snowden revelation, and it still doesn’t have a decent PR story.

Furthermore, the UK authorities must have known that the data would be encrypted. Greenwald might have been a crypto newbie at the start of the Snowden affair, but Poitras is known to be good at security. The two have been communicating securely by e-mail when they do communicate. Maybe the UK authorities thought there was a good chance that one of them would make a security mistake, or that Miranda would be carrying paper documents.

Another possibility is that this was just intimidation. If so, it’s misguided. Anyone who regularly reads Greenwald could have told them that he would not have been intimidated—and, in fact, he expressed the exact opposite sentiment—and anyone who follows Poitras knows that she is even more strident in her views. Going after the loved ones of state enemies is a typically thuggish tactic, but it’s not a very good one in this case. The Snowden documents will get released. There’s no way to put this cat back in the bag, not even by killing the principal players.

It could possibly have been intended to intimidate others who are helping Greenwald and Poitras, or the Guardian and its advertisers. This will have some effect. Lavabit, Silent Circle, and now Groklaw have all been successfully intimidated. Certainly others have as well. But public opinion is shifting against the intelligence community. I don’t think it will intimidate future whistleblowers. If the treatment of Chelsea Manning didn’t discourage them, nothing will.

This leaves one last possible explanation—those in power were angry and impulsively acted on that anger. They’re lashing out: sending a message and demonstrating that they’re not to be messed with—that the normal rules of polite conduct don’t apply to people who screw with them. That’s probably the scariest explanation of all. Both the US and UK intelligence apparatuses have enormous money and power, and they have already demonstrated that they are willing to ignore their own laws. Once they start wielding that power unthinkingly, it could get really bad for everyone.

And it’s not going to be good for them, either. They seem to want Snowden so badly that that they’ll burn the world down to get him. But every time they act impulsively aggressive—convincing the governments of Portugal and France to block the plane carrying the Bolivian president because they thought Snowden was on it is another example—they lose a small amount of moral authority around the world, and some ability to act in the same way again. The more pressure Snowden feels, the more likely he is to give up on releasing the documents slowly and responsibly, and publish all of them at once—the same way that WikiLeaks published the US State Department cables.

Just this week, the Wall Street Journal reported on some new NSA secret programs that are spying on Americans. It got the information from “interviews with current and former intelligence and government officials and people from companies that help build or operate the systems, or provide data,” not from Snowden. This is only the beginning. The media will not be intimidated. I will not be intimidated. But it scares me that the NSA is so blind that it doesn’t see it.

This essay previously appeared on TheAtlantic.com.

EDITED TO ADD: I’ve been thinking about it, and there’s a good chance that the NSA doesn’t know what Snowden has. He was a sysadmin. He had access. Most of the audits and controls protect against normal users; someone with root access is going to be able to bypass a lot of them. And he had the technical chops to cover his tracks when he couldn’t just evade the auditing systems.

The AP makes an excellent point about this:

The disclosure undermines the Obama administration’s assurances to Congress and the public that the NSA surveillance programs can’t be abused because its spying systems are so aggressively monitored and audited for oversight purposes: If Snowden could defeat the NSA’s own tripwires and internal burglar alarms, how many other employees or contractors could do the same?

And, to be clear, I didn’t mean to say that intimidation wasn’t the government’s motive. I believe it was, and that it was poorly thought out intimidation: lashing out in anger, rather than from some Machiavellian strategy. (Here’s a similar view.) If they wanted Miranda’s electronics, they could have confiscated them and sent him on his way in fifteen minutes. Holding him for nine hours—the absolute maximum they could under the current law—was intimidation.

I am reminded of the phone call the Guardian received from British government. The exact quote reported was: “You’ve had your fun. Now we want the stuff back.” That’s something you would tell your child. And that’s the power dynamic that’s going on here.

EDITED TO ADD (8/27): Jay Rosen has an excellent essay on this.

EDITED TO ADD (9/12): Other editors react.

Posted on August 27, 2013 at 6:39 AMView Comments

How Security Becomes Banal

Interesting paper: “The Banality of Security: The Curious Case of Surveillance Cameras,” by Benjamin Goold, Ian Loader, and Angélica Thumala (full paper is behind a paywall).

Abstract: Why do certain security goods become banal (while others do not)? Under what conditions does banality occur and with what effects? In this paper, we answer these questions by examining the story of closed circuit television cameras (CCTV) in Britain. We consider the lessons to be learned from CCTV’s rapid—but puzzling—transformation from novelty to ubiquity, and what the banal properties of CCTV tell us about the social meanings of surveillance and security. We begin by revisiting and reinterpreting the historical process through which camera surveillance has diffused across the British landscape, focusing on the key developments that encoded CCTV in certain dominant meanings (around its effectiveness, for example) and pulled the cultural rug out from under alternative or oppositional discourses. Drawing upon interviews with those who produce and consume CCTV, we tease out and discuss the family of meanings that can lead one justifiably to describe CCTV as a banal good. We then examine some frontiers of this process and consider whether novel forms of camera surveillance (such as domestic CCTV systems) may press up against the limits of banality in ways that risk unsettling security practices whose social value and utility have come to be taken for granted. In conclusion, we reflect on some wider implications of banal security and its limits.

Posted on August 23, 2013 at 1:23 PMView Comments

Stories from MI5

This essay is filled with historical MI5 stories—often bizarre, sometimes amusing. My favorite:

It was recently revealed that back in the 1970s—at the height of the obsession with traitors—MI5 trained a specially bred group of Gerbils to detect spies. Gerbils have a very acute sense of smell and they were used in interrogations to tell whether the suspects were releasing adrenaline—because that would show they were under stress and lying.

Then they tried the Gerbils to see if they could detect terrorists who were about to carry a bomb onto a plane. But the gerbils got confused because they couldn’t tell the difference between the terrorists and ordinary people who were frightened of flying who were also pumping out adrenaline in their sweat.

So the gerbils failed as well.

Posted on August 14, 2013 at 12:06 PMView Comments

Scientists Banned from Revealing Details of Car-Security Hack

The UK has banned researchers from revealing details of security vulnerabilities in car locks. In 2008, Phillips brought a similar suit against researchers who broke the Mifare chip. That time, they lost. This time, Volkswagen sued and won.

This is bad news for security researchers. (Remember back in 2001 when security researcher Ed Felten sued the RIAA in the US to be able to publish his research results?) We’re not going to improve security unless we’re allowed to publish our results. And we can’t start suppressing scientific results, just because a big corporation doesn’t like what it does to their reputation.

EDITED TO ADD (8/14): Here’s the ruling.

Posted on August 1, 2013 at 6:37 AMView Comments

Alan Turing Cryptanalysis Papers

GCHQ, the UK government’s communications headquarters, has released two new—well, 70 years old, but new to us—cryptanalysis documents by Alan Turing.

The papers, one entitled The Applications of Probability to Crypt, and the other entitled Paper on the Statistics of Repetitions, discuss mathematical approaches to code breaking.

[…]

According to the GCHQ mathematician, who identified himself only as Richard, the papers detailed using “mathematical analysis to try and determine which are the more likely settings so that they can be tried as quickly as possible.”

The papers don’t seem to be online yet, but here’s their National Archives data.

EDITED TO ADD (5/12): The papers are available for download at GBP 3.50 each.

Posted on April 23, 2012 at 6:18 AMView Comments

British Tourists Arrested in the U.S. for Tweeting

Does this story make sense to anyone?

The Department of Homeland Security flagged him as a potential threat when he posted an excited tweet to his pals about his forthcoming trip to Hollywood which read: ‘Free this week, for quick gossip/prep before I go and destroy America’.

After making their way through passport control at Los Angeles International Airport (LAX) last Monday afternoon the pair were detained by armed guards.

Despite telling officials the term ‘destroy’ was British slang for ‘party’, they were held on suspicion of planning to ‘commit crimes’ and had their passports confiscated.

There just as to be more than this story. The DHS isn’t monitoring the Tweets of random British tourists—they just can’t be.

EDITED TO ADD (1/30): According to DHS documents received by EPIC, the DHS monitors the Internet, including social media.

In February 2011, the Department of Homeland Security announced that the agency planned to implement a program that would monitor media content, including social media data. The proposed initiatives would gather information from “online forums, blogs, public websites, and messages boards” and disseminate information to “federal, state, local, and foreign government and private sector partners.” The program would be executed, in part, by individuals who established fictitious usernames and passwords to create covert social media profiles to spy on other users. The agency stated it would store personal information for up to five years.

[…]

The records reveal that the DHS is paying General Dynamics to monitor the news. The agency instructed the company to monitor for “[media] reports that reflect adversely on the U.S. Government, DHS, or prevent, protect, respond government activities.”

[…]

The DHS instructed the company to “Monitor public social communications on the Internet.” The records list the websites that will be monitored, including the comments sections of [The New York Times, The Los Angeles Times, the Huffington Post, the Drudge Report, Wired, and ABC News.]”

Still, I have trouble believing that this is what happened. For this to work General Dynamics would have had to monitor Twitter for key words. (“Destroy America” is certainly a good key word to search for.) Then, they would have to find out the real name associated with the Twitter account—unlike Facebook or Google+, Twitter doesn’t have real name information—so the TSA could cross-index that name with the airline’s passenger manifests. Then the TSA has to get all this information into the INS computers, so that the border control agent knows to detain him. Sure, it sounds straightforward, but getting all those computers to talk to each other that fast isn’t easy. There has to be more going on here.

EDITED TO ADD (1/30): One reader points out that this story is from the Daily Mail, and that it’s prudent to wait for some more reputable news source to report the story.

EDITED TO ADD (1/30): There’s another story from The Register, but they’re just using the Daily Mail.

EDITED TO ADD (1/30): The FBI is looking for someone to build them a system that can monitor social networks.

The information comes from a document released on 19 January looking for companies who might want to build a monitoring system for the FBI. It spells out what the bureau wants from such a system and invites potential contractors to reply by 10 February.

The bureau’s wish list calls for the system to be able to automatically search “publicly available” material from Facebook, Twitter and other social media sites for keywords relating to terrorism, surveillance operations, online crime and other FBI missions. Agents would be alerted if the searches produce evidence of “breaking events, incidents, and emerging threats.”

Agents will have the option of displaying the tweets and other material captured by the system on a map, to which they can add layers of other data, including the locations of US embassies and military installations, details of previous terrorist attacks and the output from local traffic cameras.

EDITED TO ADD (1/30): New reports are saying that customs was tipped off about the two people, and their detention was not a result of data mining:

“Based on information provided by the LAX Port Authority Infoline—a suspicious activity tipline—CBP conducted a secondary interview of two subjects presenting for entry into the United States,” says the spokesperson, who notes that the CBP “denies entry to thousands of individuals” each year. “Information gathered during this interview revealed that both individuals were inadmissible to the United States and were returned to their country of residence.”

This makes a lot more sense to me.

Posted on January 30, 2012 at 10:52 AMView Comments

1 2 3 4 5 19

Sidebar photo of Bruce Schneier by Joe MacInnis.