European Parliament LIBE Inquiry on Electronic Mass Surveillance of EU Citizens

Below is some back­ground mater­ial from my sub­mis­sion to the European Parliament’s LIBE Com­mit­tee on the implic­a­tions of the NSA scandal.

Here is a video link to the hear­ing.

LIBE Com­mit­tee Inquiry on Elec­tronic Mass Sur­veil­lance of EU Cit­izens, European Par­lia­ment, 30th Septem­ber 2013

Bio­graphy:

Annie Machon was an intel­li­gence officer for the UK’s MI5 in the 1990s, before leav­ing to help blow the whistle on the crimes and incom­pet­ence of the Brit­ish spy agen­cies.  As a res­ult she and her former part­ner had to go on the run around Europe, live in exile in France, face arrest and impris­on­ment, and watch as friends, fam­ily and journ­al­ists were arrested.

She is now a writer, media com­ment­ator, polit­ical cam­paigner, and inter­na­tional pub­lic speaker on a vari­ety of related issues: the war on ter­ror­ism, the war on drugs, the war on whis­tleblowers, and the war on the inter­net.  In 2012 she star­ted as a Dir­ector of LEAP in Europe (www​.leap​.cc).

Annie has an MA (Hons) Clas­sics from Cam­bridge University.

Back­ground material:

Recom­mend­a­tions:

  • Mean­ing­ful par­lia­ment­ary over­sight of intel­li­gence agen­cies, with full powers of invest­ig­a­tion, at both national and European levels.
  • These same demo­cratic bod­ies to provide a legit­im­ate chan­nel for intel­li­gence whis­tleblowers to give their evid­ence of mal­feas­ance, with the clear and real­istic expect­a­tion that a full inquiry will be con­duc­ted, reforms applied and crimes punished.
  • Insti­tute a dis­cus­sion about the legal defin­i­tion of national secur­ity, what the real threats are to the integ­rity of nation states and the EU, and estab­lish agen­cies to work within the law to defend just that. This will halt inter­na­tional intel­li­gence mis­sion creep.
  • EU-wide imple­ment­a­tion of the recom­mend­a­tions in the Ech­elon Report (2001):
  1. to develop and build key infra­struc­ture across Europe that is immune from US gov­ern­mental and cor­por­at­ist sur­veil­lance; and
  2. Ger­many and the United King­dom are called upon to make the author­isa­tion of fur­ther com­mu­nic­a­tions inter­cep­tion oper­a­tions by US intel­li­gence ser­vices on their ter­rit­ory con­di­tional on their com­pli­ance with the ECHR (European Con­ven­tion on Human Rights).”
  • The duty of the European par­lia­ment is to the cit­izens of the EU.  As such it should act­ively pur­sue tech­no­logy policies to pro­tect the pri­vacy and basic rights of the cit­izens from the sur­veil­lance of the NSA and its vas­sals; and if it can­not, it should warn its cit­izens abut this act­ively and edu­cate them to take their own steps to pro­tect their pri­vacy (such as no longer using cer­tain Inter­net ser­vices or learn­ing to use pri­vacy enhan­cing tech­no­lo­gies). Con­cerns such as the trust Europeans have in ‘e-commerce’ or ‘e-government’ as men­tioned by the European Com­mis­sion should be sec­ond­ary to this con­cern at all times.
  • Without free media, where we can all read, write, listen and dis­cuss ideas freely and in pri­vacy, we are all liv­ing in an Orwellian dysto­pia, and we are all poten­tially at risk. These media must be based on tech­no­lo­gies that empower indi­vidual cit­izens, not cor­por­a­tions or for­eign gov­ern­ments. The Free Soft­ware Found­a­tion has been mak­ing these recom­mend­a­tions for over two decades.
  • The cent­ral soci­etal func­tion of pri­vacy is to cre­ate the space for cit­izens to res­ist the viol­a­tion of their rights by gov­ern­ments and cor­por­a­tions. Pri­vacy is the last line of defense his­tor­ic­ally against the most poten­tially dan­ger­ous organ­isa­tion that exists: the nation state. There­fore there is no ‘bal­ance between pri­vacy and secur­ity’ and this false dicho­tomy should not be part of any policy debate.

Dutch festival OHM — Observe, Hack, Make

Today I am limber­ing up to attend the Dutch geek fest­ival, Observe Hack Make (OHM 2013). A lot of talks from whis­tleblowers, sci­ent­ists, geeks, futur­ists and bleed­ing edge tech people. The visionaries?

You decide — all talks will be live streamed and avail­able after­wards. Enjoy!

RT interview about censorship of internet porn

Coin­cid­ent­ally, while in Ice­land I was invited on to RT to do an inter­view about the country’s pro­posal to cen­sor the inter­net in order to stop access to viol­ent porn.  I stress that this dis­cus­sion is still, appar­ently, at a con­sultat­ive stage — decisions have yet to be taken.

The FISA/Echelon Panopticon

A recent inter­view with James Corbett of the Corbett Report on Global Research TV dis­cuss­ing issues such as FISA, Ech­elon, and our cul­tural “groom­ing” by the bur­geon­ing sur­veil­lance state:

The End of Privacy and Freedom of Thought?

I saw this chilling report in my Twit­ter feed today (thanks @Asher_Wolf): Tel­stra is imple­ment­ing deep packet inspec­tion tech­no­logy to throttle peer to peer shar­ing over the internet.

Des­pite being a clas­si­cist not a geek by train­ing, this sounds like I know what I’m talk­ing about, right?  Well some­what to my own sur­prise, I do, after years of expos­ure to the “hackt­iv­ist” ethos and a grow­ing aware­ness that geeks may our last line of defence against the cor­por­at­ists.  In fact, I recently did an inter­view on The Keiser Report about the “war on the internet”.

Offi­cially, Tel­stra is imple­ment­ing this cap­ab­il­ity to pro­tect those fra­gile busi­ness flowers (surely “broken busi­ness mod­els” — Ed) within the enter­tain­ment and copy­right indus­tries — you know, the com­pan­ies who pimp out cre­at­ive artists, pay most of them a pit­tance while keep­ing the bulk of the loot for them­selves, and then whine about how P2P file shar­ing and the cir­cu­la­tion and enjoy­ment of the artists’ work is theft?

But who, ser­i­ously, thinks that such tech­no­logy, once developed, will not be used and abused by all and sun­dry, down to and includ­ing our bur­geon­ing police state appar­atus? If the secur­ity forces can use any tool, no mat­ter how sor­did, they will do so, as has been recently repor­ted with the UK under­cover cops assum­ing the iden­tit­ies of dead chil­dren in order to infilt­rate peace­ful protest groups.

Writer and act­iv­ist, Cory Doc­torow, summed this prob­lem up best in an excel­lent talk at the CCC hack­er­fest in Ber­lin in 2011:

The shred­ding of any notion of pri­vacy will also have a chilling effect not only on the pri­vacy of our com­mu­nic­a­tions, but will also res­ult in our begin­ning to self-censor the inform­a­tion we ingest for fear of sur­veil­lance (Nazi book burn­ings are so 20th Cen­tury).  It will, inev­it­ably, also lead us to self-censor what we say and what we write, which will slide us into an Orwellian dysto­pia faster than we could say “Aaron Swartz”.

As Columbian Pro­fessor of Law, Eben Moglen, said so elo­quently last year at another event in Ber­lin — “free­dom of thought requires free media”:

Two of my favour­ite talks, still freely avail­able on the inter­net. Enjoy.

The Scorpion Stare

I have writ­ten over the years about the encroach­ing sur­veil­lance state, the spread of CCTV and the increas­ing use of drones in our skies.  When the North East of Eng­land intro­duced talk­ing CCTV cam­eras that could bark orders at passing ped­es­tri­ans in 2008, I thought that we were fast approach­ing the reduc­tio ad absurdum point — and indeed this sub­ject has raised a wry laugh from audi­ences around the world ever since.

Recently I have been read­ing with dis­may a slew of art­icles about the increas­ing cor­por­at­isa­tion of the sur­veil­lance state.  First I stumbled across a piece describ­ing Facebook’s latest innov­a­tion, Facedeal: cam­eras planted in shops and bars that will use the facial recog­ni­tion and tag­ging abil­it­ies of FB to recog­nise you as a val­ued cus­tomer and offer you a dis­count, simply because you have signed up to this Big Brother app on Facebook.

Add this to the fact that Face­book is prob­ably, well, an open book for to the entire US secur­ity appar­atus, and you can see the poten­tial abuse of this sys­tem.  We shall effect­ively be bribed to allow ourselves to be spied on.

Facedeal is being trialed in the US.  Some European coun­tries, most not­ably Ger­many, have already stated that data recog­ni­tion tech­no­logy used even just for photo “tag­ging” is or could be deemed illegal. Ger­many spe­cific­ally has reg­u­la­tions that allow Inter­net users con­trol over their data. They are not going to like Facedeal.

Secondly, it was repor­ted today that Google had pat­en­ted intel­li­gent image recog­ni­tion tech­no­logy.  Com­bine this cap­ab­il­ity with Googles Earth and Street, and we are poten­tially look­ing at a truly pan­op­ticon soci­ety.  The Ger­mans are really not going to like that. (Nor indeed will cer­tain of the French, includ­ing the man who earlier this year tried to sue Google after being pho­to­graphed hav­ing a pee in his own front garden).

Thirdly, Boe­ing has tri­umphantly launched the concept of the drone swarm, oper­at­ing with a hive men­tal­ity and upping the cap­ab­il­it­ies of mil­it­ary sur­veil­lance expo­nen­tially, while tak­ing much of the risk out of any operation.

And finally, the Wikileaks story about Trap­Wire. This first emerged as yet another bonkers Amer­ican scheme, where the foot­age from CCTV street cam­eras was being main­lined into the secur­ity appar­atus. Sub­sequently, it has emerged via Wikileaks that Trap­wire is also being used in other west­ern coun­tries, includ­ing the UK.

Not only can the securo­crats watch you, they too are installing face recog­ni­tion soft­ware that can identify you. While this may not yet be as accur­ate as the spies might wish, Trap­Wire has also installed pre­dict­ive soft­ware that appar­ently can assess whether you are act­ing, loiter­ing or walk­ing in a sus­pi­cious man­ner.  So you could pre-emptively be assessed to be about to com­mit a crime or an act of ter­ror­ism and, no doubt, appro­pri­ately and pre-emptively “dealt with”.

All of which must be so reas­sur­ing to protest groups such as Occupy, which have been sub­ject to massive CCTV sur­veil­lance in NYC and which have been labelled a “terrorist/extremist threat” in the City of London.

At the risk of sound­ing alarm­ist, we now all know what “being dealt with” in this era of anti-activist SWAT teams, drone strikes and kill lists can poten­tially entail.

So where does this leave us as con­cerned cit­izens?  It strikes me that we are being cata­pul­ted into some sci-fi dysto­pia bey­ond even Orwell’s wild­est ima­gin­ings.  Any fan of mod­ern thrillers and sci-fi will be famil­iar with the concept of integ­rated super-computers that can watch our every move via CCTV.

The lat­ter is what Trap­Wire et al are work­ing towards.  These new tech­no­lo­gies remind me of a story line from a won­der­ful series of books called the The Laun­dry Files by Charles Stross.  These nov­els are a per­fect of mer­ging of Len Deighton’s lac­onic spy fic­tion, à la Harry Palmer, with the geek uni­verse and bey­ond. And, at the risk of a spoiler, one of the story lines envis­ages a cent­ral­ised and weapon­ised CCTV sys­tem, main­lin­ing into the secret ser­vices, that can be turned on UK cit­izens if the bal­loon goes up. This sys­tem is code­named the “Scor­pion Stare”.

Sounds far-fetched? Well The Laun­dry Files are a rol­lick­ing good read, but do bear in mind not only that our CCTV sys­tems may be cent­ral­ised cour­tesy of Trap­Wire, but also that vari­ous law enforce­ment agen­cies in the UK are using micro-drones to spy on pro­test­ers, and that they have reportedly enquired if these drones could be weaponised.….

So it all depends on how you define the bal­loon, I suppose.

Pub­lished in The Huff­ing­ton Post UK, 3 Septem­ber 2012

What whistleblowers want

Whis­tleblowers want the sun and the moon — or at least they want to get their inform­a­tion out there, they want to make a dif­fer­ence, they want a fair hear­ing, and they don’t want to pay too high a per­sonal price for doing so.

Is that too much to ask? The decision to expose crimin­al­ity and bad prac­tice for the pub­lic good has ser­i­ous, life-changing implications.

By going pub­lic about ser­i­ous con­cerns they have about their work­place, they are jeop­ard­ising their whole way of life: not just their pro­fes­sional repu­ta­tion and career, but all that goes with it, such as the abil­ity to pay the mort­gage, their social circle, their fam­ily life, their rela­tion­ship…  Plus, the whis­tleblower can poten­tially risk prison or worse.

So, with these risks in mind, they are cer­tainly look­ing for an avenue to blow the whistle that will offer a degree of pro­tec­tion and allow them to retain a degree of con­trol over their own lives.  In the old days, this meant try­ing to identify an hon­our­able, cam­paign­ing journ­al­ist and a media organ­isa­tion that had the clout to pro­tect its source.  While not impossible, that could cer­tainly be dif­fi­cult, and becomes increas­ingly so in this era of endemic elec­tronic surveillance.

Today the other option is the secure, high-tech pub­lish­ing con­duit, as trail-blazed by Wikileaks. While this does not provide the poten­tial bene­fits of work­ing with a cam­paign­ing journ­al­ist, it does provide anonym­ity and a cer­tain degree of con­trol to the mod­ern whis­tleblower, plus it allows their inform­a­tion to reach a wide audi­ence without either being filtered by the media or blocked by gov­ern­ment or cor­por­ate injunctions.

As someone who has a nod­ding acquaint­ance with the reper­cus­sions of blow­ing the whistle on a secret gov­ern­ment agency, I have liked the Wikileaks model since I first stumbled across it in 2009.

As with most truly revolu­tion­ary ideas, once pos­ited it is blind­ingly obvious.

Never before has this been tech­nic­ally pos­sible — the idea that a whistleblower’s inform­a­tion could be made freely avail­able to the cit­izens of the world, in order to inform their demo­cratic choices, with no block­age, not cen­sor­ship, no fil­ter­ing or “inter­pret­a­tion” by the cor­por­ate media.

This is par­tic­u­larly rel­ev­ant in an age when the global media has been con­sol­id­ated in the hands of a few mul­tina­tion­als, and when these mul­tina­tion­als have a cer­tain, shall we say “cosy”, rela­tion­ship with many of top our politi­cians and power elites.

The con­trol of the main­stream media by the spooks and gov­ern­ments has been the focus of many of my recent talks.  These cor­rupt inter-relationships have also been recently laid bare with the News Inter­na­tional phone-hacking scandals.

The days of gar­ner­ing news from one favoured paper or TV bul­letin are long gone. Few people now trust just one media out­let — they skip across a vari­ety of news sources, try­ing to eval­u­ate the truth for them­selves. But even that can be prob­lem­atic when some­thing big occurs, such as the “jus­ti­fic­a­tion” for the inva­sion of Iraq or Libya, and the cur­rent beat of war drums against Iran, when the cor­por­ate media mys­ter­i­ously achieves a consensus.

Hence the demo­cratic dis­con­nect, hence the dis­trust, and hence (in part) the plum­met­ing profits of the old media.

Wikileaks is based on a simple concept -  it allows the people to read the source mater­ial for them­selves and make up their own minds based on real inform­a­tion.  This led to expos­ure of all kinds of global nas­ties way before the massive 2010 US data-dump.

Des­pite this approach, the impact was ini­tially sub­dued until Wikileaks col­lab­or­ated with the old media.  This, as we all know, did indeed pro­duce the cov­er­age and aware­ness of those issues deemed import­ant as it was filtered through the MSM. This has also inev­it­ably lead to ten­sions between the new model hackt­iv­ists and the old-school journalists.

No gov­ern­ment, least of all the USA, likes to have demands for justice and trans­par­ency forced upon it, and the push back since 2010 has been massive across the world in terms of an appar­ently illegal fin­an­cial block­ade, opaque legal cases and a media back­lash. Cer­tain of Wikileaks’s erstwhile media part­ners have col­lab­or­ated in this, turn­ing on one of their richest sources of inform­a­tion in history.

How­ever, Wikileaks is more than a media source.  It is a whole new model — a high-tech pub­lisher that offers a safe con­duit for whis­tleblowers to cache and pub­li­cise their inform­a­tion without imme­di­ately hav­ing to over­turn (and in some cases risk) their lives.

For this work, Wikileaks has over the years won a num­ber of inter­na­tion­ally pres­ti­gi­ous journ­al­ism awards.

Inev­it­ably, crit­ics in the main­stream media seem to want to have their cake and eat it too: one early part­ner, the New York Times, has writ­ten that it doesn’t recog­nise Wikileaks as a journ­al­ist organ­isa­tion or a pub­lisher — it is a source, pure and simple.

Either way, by say­ing this the media are surely shoot­ing them­selves in the cor­por­ate feet with both bar­rels. If Wikileaks is indeed “just” a source (the NYT seems to be blithely for­get­ting that good journ­al­ism is entirely depend­ent on its sources), then the media are break­ing their prime dir­ect­ive: pro­tect a source at all costs.

How­ever, if Wikileaks is a journ­al­ism or pub­lish­ing organ­isa­tion and as such is being tar­geted by the US gov­ern­ment, then all other media are surely equally at risk in the future?

By not stand­ing up for Wikileaks in either capa­city, it appears that the old media have a death wish.

Over the years whis­tleblowers around the world have demon­strated their trust in Wikileaks, as it was set up by someone emer­ging from the ori­ginal bona fide hacker com­munity.   And rightly so — let’s not for­get that no source has been exposed through the fail­ure of the organisation’s technology.

Many media organ­isa­tions rushed to emu­late its suc­cess by try­ing to set up their own “secure” whis­tleblow­ing repos­it­or­ies.  What the media execs failed to under­stand was the hacker ethos, the open source men­tal­ity: they went to their techie depart­ment or com­mer­cial IT ser­vice pro­viders and said “we want one”, but failed to under­stand both the ethos and the secur­ity con­cerns around closed, pro­pri­et­ary soft­ware sys­tems, often chan­nelled through the post–Pat­riot Act, post–CISPA USA.

Other, appar­ently well-meaning organ­isa­tions, also tried to emu­late the Wikileaks model, but most have died a quiet death over the last year.  Per­haps, again, for want of real trust in their ori­gin or tech security?

Why on earth would any security-conscious whis­tleblower, emer­ging out of a gov­ern­ment, mil­it­ary or intel­li­gence organ­isa­tion, trust such a set-up?  If someone comes out of such an envir­on­ment they will know all-too-well the scale of the push-back, the pos­sible entrap­ments, and the state-level resources that will be used to track them down. They either need an über-secure whis­tleblow­ing plat­form, or they need journ­al­ists and law­yers with fire in their belly to fight the fight, no mat­ter what.

So now to Open­Leaks — appar­ently the brainchild of Wikileaks defector Daniel Domsheit-Berg. He and the shad­owy “Archi­tect” fam­ously fell out with Julian Assange in late 2010, just when the polit­ical heat was ramp­ing up on the organ­isa­tion.  They left, reportedly tak­ing some of the cru­cial cod­ing and a tranche of files with them, and Domsheit-Berg decided to set up a rival organ­isa­tion called Open­Leaks.  As a res­ult of his actions, Domsheit-Berg was uniquely cast out of the inter­na­tional hacker group, the CCC in Berlin.

He now seems to have been wel­comed back into the fold and Open­Leaks appears, finally, to be ready to receive whis­tleblower information.

How­ever, there is a cru­cial dif­fer­ence between the two organ­isa­tions.  Where Wikileaks wants to lay the inform­a­tion out there for pub­lic eval­u­ation, Open­Leaks will merely act as a repos­it­ory for cer­tain approved main­stream media organ­isa­tions to access. We are back to the ori­ginal block­age of the cor­por­ate media decid­ing what inform­a­tion we, the people, should be allowed to ingest.

I would not wish to com­ment on Domsheit-Berg’s motiv­a­tion, but to me this seems to be an even worse option for a whis­tleblower than dir­ectly con­tact­ing a cam­paign­ing journ­al­ist with a proven track record of cov­er­ing hard-core stor­ies and fight­ing for the cause.

With Open­Leaks, the whis­tleblower loses not only the auto­matic wide­spread dis­sem­in­a­tion of their inform­a­tion, but also any semb­lance of con­trol over which journ­al­ists will be work­ing on their story.  Their inform­a­tion will be parked on the web­site and any­one from pre-selected media organ­isa­tions will be able to access, use and poten­tially abuse it.

One could say that Open­Leaks oper­ates as a secure sta­ging plat­form where a whis­tleblower can safely store sens­it­ive doc­u­ments and inform­a­tion.… but the founder allegedly removed and des­troyed sens­it­ive files from Wikileaks when he jumped ship in 2010.  Could any whis­tleblower really trust that Open­Leaks would not sim­il­arly “dis­ap­pear” shit-hot inform­a­tion in the future?

Plus, there is the added worry for any rightly-paranoid whis­tleblower that the founder of Open­Leaks so eas­ily aban­doned Wikileaks when under pres­sure.  Who’s to say that this would not hap­pen again, if the full might of the Pentagon were brought to bear on OpenLeaks?

Open­Leaks offers neither the per­sonal sup­port of work­ing with a trus­ted journ­al­ist and a media organ­isa­tion with the clout to fight back, nor does it provide full dis­clos­ure to the wider pub­lic to side-step poten­tial media self-censorship and gov­ern­ment law suits, as the ori­ginal Wikileaks model does.

As such Open­Leaks seems, at least to this par­tic­u­lar whis­tleblower, to be an evol­u­tion­ary blip — a ret­ro­grade step — in the quest for justice and accountability.

Judicial rendition — the UK-US extradition treaty is a farce

Some­times I sit here read­ing the news -  on sub­jects in which I take a deep interest such as the recent police invest­ig­a­tion into UK spy com­pli­city in tor­ture, where the police decided not to pro­sec­ute — and feel that I should com­ment.  But really, what would be the point?  Of course the police would not find enough con­crete evid­ence, of course no indi­vidual spies would be held to account, des­pite the fact that the Brit­ish gov­ern­ment has already paid massive set­tle­ments to the victims.

BelhadjNow there are reports that the police will be invest­ig­at­ing MI6 involve­ment in the extraordin­ary rendi­tion and tor­ture of two Liby­ans.  The case appears bang to rights, with doc­u­ment­ary evid­ence that high-ranking MI6 officers and gov­ern­ment min­is­ters were involved in and approved the oper­a­tion.  Yet I’m will­ing to bet that the plods at Scot­land Yard will still not be able to find the requis­ite evid­ence to pro­sec­ute anybody. 

The inev­it­able (and prob­ably wished-for out­come on the part of the author­it­ies) is that people become so weary and cyn­ical about the lack of justice that they stop fight­ing for it.  And they can tem­por­ar­ily suc­ceed, when we suc­cumb to cyn­ical burnout.

But the case repor­ted in today’s Daily Mail, that of a young Brit­ish stu­dent facing extra­di­tion to the US des­pite hav­ing broken no laws in the UK, suc­ceeded in rous­ing my wrath. 

Richard_ODwyerThe hap­less 23-year old Richard O’Dwyer faces 10 years in a max­imum secur­ity Amer­ican prison.  His crime, accord­ing to the US, is that he set up a UK-based web­site that provided links to other inter­na­tional web­sites that allegedly hos­ted copy­right material.

This case is so troub­ling on so many levels it is dif­fi­cult to know where to begin.  There are issues around the crack­down of US cor­por­ate copy­right law, issues around the inequal­ity of the uni­lat­eral Extra­di­tion Act 2003, and his­toric ques­tions of US hypo­crisy about extradition.

So let’s start with the unsup­por­ted alleg­a­tions against poor Richard O’Dwyer.  He is a stu­dent who built a web­site that col­lated a list of sites in other coun­tries that host films, books and music for free down­load.  O’Dwyer did not him­self down­load any copy­righted mater­ial, and the web­sites he linked to were appar­ently within jur­is­dic­tions where such down­loads are not illegal.  Provid­ing a sign­post to other legal inter­na­tional sites is mani­festly not a crime in the UK and he has never been charged.

How­ever, over the last couple of dec­ades the US enter­tain­ment lobby has been fight­ing a vicious rear­guard action against copy­right infringe­ment, start­ing with the music, then the film, and now the pub­lish­ing industry.  The lob­by­ists have proved vic­tori­ous and the invi­di­ous SOPA and PIPA laws are soon to be passed by the US Con­gress.  All well and good you might think — it’s one of those mad US issues.  But oh no, these laws have global reach.  What might be legal within the UK might still mean that you fall foul of US legislation.

Gary_McKinnon2Which is where the Extra­di­tion Act 2003 becomes par­tic­u­larly threat­en­ing.  This law means that any UK cit­izen can be deman­ded by and handed over to the US with no prima facie evid­ence.  As we have seen in the appalling case of alleged hacker Gary McKin­non, it mat­ters not if the “crime” were com­mit­ted on UK soil (as you can see here, McKinnon’s case was not pro­sec­uted by the UK author­it­ies in 2002.  If it had been, he would have received a max­imum sen­tence of 6 months’ com­munity ser­vice: if extra­dited he is facing up to 70 years in a US max­imum secur­ity prison).

The UK gov­ern­ment has tried to spin the egre­gious Libyan cases as “judi­cial rendi­tion” rather than “extraordin­ary kid­nap­ping” or whatever it’s sup­posed to be.  So I think it would be accur­ate to call Gary McKinnon’s case “judi­cial rendi­tion” too, rather than bor­ing old extradition.

Richard O’Dwyer appar­ently didn’t com­mit any­thing that could be deemed to be a crime in the UK, and yet he is still facing extra­di­tion to the US and a 10 year stretch.  The new US laws like SOPA threaten all of us, and not just with judi­cial rendition. 

As I have men­tioned before, digital rights act­iv­ist Cory Doc­torow summed it up best: “you can’t make a sys­tem that pre­vents spy­ing by secret police and allows spy­ing by media giants”.  These cor­por­ate inter­net laws are a Tro­jan horse that will threaten our basic civil liber­ties across the board.

So now to my third point.  The hypo­crisy around the Amer­ican stance on extra­di­tion with the UK is breath­tak­ing.   The UK has been dis­patch­ing its own cit­izens off at an alarm­ing rate to the “tender” mer­cies of the US judi­cial sys­tem since 2004, with no prima facie evid­ence required.  In fact, the legal proof required to get a UK cit­izen extra­dited to the US is less than that required for someone to be extra­dited from one US state to another. 

The US, on the other hand, delayed rat­i­fy­ing the law until 2006, and the bur­den of proof required to extra­dite someone to the UK remains high, so it is unbal­anced not only in concept but also in prac­tice.  And this des­pite the fact that the law was seen as cru­cial to facil­it­ate the trans­fer of highly dan­ger­ous ter­ror­ist sus­pects in the end­less “war on terror”.

Why has this happened?  One can but spec­u­late about the power of the Irish lobby in the US gov­ern­ment, as Sir Men­zies Camp­bell did dur­ing a par­lia­ment­ary debate about the Act in 2006.   How­ever, it is well known that the US was remark­ably coy about extra­dit­ing IRA sus­pects back to the UK to stand trial dur­ing the 30-year “Troubles” in North­ern Ire­land.  We even have well-known apo­lo­gists such as Con­gress­man Peter King, the Chair­man of the Home­land Secur­ity Com­mit­tee attempt­ing to demon­ise organ­isa­tions like Wikileaks as ter­ror­ist organ­isa­tions, while at the same being a life-long sup­porter of Sinn Féin, the polit­ical wing of the Pro­vi­sional IRA.

UK_poodleThe double stand­ards are breath-taking.  The US dic­tates an extra­di­tion treaty with the UK to stop ter­ror­ism, but then uses this law to tar­get those who might poten­tially, tan­gen­tially, minutely threaten the profits of the US enter­tain­ment mega-corps; and then it delays rat­i­fy­ing and imple­ment­ing its own law for poten­tially dubi­ous polit­ical reasons.

And the UK gov­ern­ment yet again rolls over and takes it, while inno­cent stu­dents such as Richard O’Dwyer must pay the price.  As his mother is quoted as say­ing: “if they can come for Richard, they can come for anyone”.

Bits of Freedom — Amsterdam Talk, 16 September 2010

It’s going to be a busy month for talks — I’ll be in Ams­ter­dam with the Dutch (digital) civil rights organ­isa­tion, Bits of Free­dom, on 16th Septem­ber.  I use the brack­ets con­sciously, as I don’t per­son­ally see a dis­tinc­tion between rights in the phys­ical or digital world — the under­ly­ing prin­ciples are the same.

BoF is doing great work, so any­one within strik­ing dis­tance of Amstie please come along, not only for the talk, but for what also prom­ises to be a great social evening!

Little_BrotherIf you can’t make that night, I ser­i­ously recom­mend com­ing along to a BoF din­ner on 24th Septem­ber, where the guest of hon­our is acclaimed journ­al­ist, blog­ger and author, Cory Doc­torow.  I had the pleas­ure of meet­ing up with him a couple of years ago in Lon­don — an extremely switched on man.

I really, really enjoyed his digital act­iv­ists’ hand­book — sorry, novel — “Little Brother”, ostens­ibly aimed at the young adult mar­ket.  But, hey, we’re all young at heart, and this book is spot on!

Watch out, Big Brother.….

Echelon and the Special Relationship

Journ­al­ist and writer James Bam­ford, has a new book, “The Shadow Fact­ory: The Ultra-Secret NSA from 9/11 to the Eaves­drop­ping on Amer­ica” (Doubleday), which came out this week in the United States.

Bam­ford is a former pro­du­cer at ABC News of thirty years’ stand­ing, and his book has caused quite a stir. One of his key gripes is the fact that for­eign com­pan­ies try to acquire work in sens­it­ive US depart­ments. He cites in par­tic­u­lar the attempt in 2006 of Israeli data secur­ity com­pany, Check Point Soft­ware Tech­no­lo­gies, to buy an Amer­ican com­pany with exist­ing con­tracts at the Defence Depart­ment and the NSA. This deal was stopped after the FBI objected.

For­eign soft­ware and secur­ity com­pan­ies work­ing within intel­li­gence agen­cies are indeed a prob­lem for any coun­try. It com­prom­ises the very notion of national sov­er­eignty. In the UK, MI5 and many other gov­ern­ment depart­ments rely on pro­pri­et­ary soft­ware from com­pan­ies like Microsoft, notori­ous for their vul­ner­ab­il­ity to hack­ers, vir­uses and back door access. Should our nation’s secrets really be exposed to such eas­ily avoid­able vulnerabilities?

Another sec­tion of the book to have hit the head­lines is Bamford’s claims that bed­room “con­ver­sa­tions” of sol­diers, journ­al­ists and offi­cials in Iraq have been bugged by the National Secur­ity Agency (NSA).

Bam­ford, who is by no means a fan of the NSA in its cur­rent rampant form, makes the mis­take of think­ing that in the inno­cent days pre-9/11, the agency respec­ted demo­cratic rights enshrined in the US con­sti­tu­tion and never snooped on US cit­izens in their own country.

While tech­nic­ally this might be true, does nobody remem­ber the ECHELON system?

ECHELON was an agree­ment between the NSA and its Brit­ish equi­val­ent GCHQ (as well as the agen­cies of Canada, Aus­tralia, and New Zea­l­and) whereby they shared inform­a­tion they gathered on each oth­ers’ cit­izens. GCHQ could leg­ally eaves­drop on people out­side the UK without a war­rant, so they could tar­get US cit­izens of interest, then pass the product over to the NSA. The NSA then did the same for GCHQ. Thus both agen­cies could evade any demo­cratic over­sight and account­ab­il­ity, and still get the intel­li­gence they wanted.

Spe­cial rela­tion­ship, anyone?

Poor Bloody Infantry

There is an ongo­ing cam­paign to save Bletch­ley Park for the nation, in the teeth of gov­ern­ment oppos­i­tion. As his­toric Brit­ish monu­ments go, the ques­tion of whether to pre­serve it for pos­ter­ity should be a no-brainer. Bletch­ley is not only where Hitler’s Enigma code machine was decryp­ted, along with many other sys­tems, which argu­ably gave the Allies the intel­li­gence advant­age that led to vic­tory in World War 2, it is also where the first digital elec­tronic com­puters, code­named Colos­sus, were oper­ated. Two land­mark events of the 20th century.

Recently The Times repor­ted on this cam­paign. The art­icle also the dwells at some length on how long Bletchley’s secrets were kept by the 10,000 people who worked there dur­ing the war. Although this inform­a­tion was declas­si­fied after 30 years, the habit of secrecy was so deeply ingrained that many former employ­ees never breathed a word. The art­icle laments the passing of this habit of dis­cre­tion from Brit­ish life, stat­ing that politi­cians and senior intel­li­gence officers now appear to view the pos­ses­sion of insider know­ledge as a good pen­sion fund when they come to write their memoirs.

Over the last dec­ade we have see a myriad of books emer­ging for the upper ech­el­ons of gov­ern­ment and intel­li­gence in the UK: Alastair Camp­bell, Robin Cook, Wash­ing­ton Ambas­sador Sir Chris­topher Meyer, ex-MI5 chief Dame Stella Rim­ing­ton. Even Tony Blair has appar­ently signed a seven fig­ure deal for his memoirs.

All these books have a num­ber of char­ac­ter­ist­ics in com­mon: they are lengthy, but say little of rel­ev­ance about the burn­ing issues of the day; they appear to have been writ­ten for profit and not in the pub­lic interest; and not one of these writers has ever even been arres­ted under the Offi­cial Secrets Act, even when there is clear prima facie evid­ence of a breach.

Yet these dili­gent authors are the very people who are the first to use the OSA to stifle legit­im­ate dis­clos­ure of crime, cor­rup­tion and incom­pet­ence in the highest levels of gov­ern­ment and intel­li­gence by real whis­tleblowers, who risk their careers and their free­dom. The hypo­crisy is breathtaking.

But was the old-fashioned, blanket dis­cre­tion, vaunted by The Times, really such a good thing? The code of “loose talk costs lives” may have made sense dur­ing the Second World War, when this nation was fight­ing for its life. The work at Bletch­ley was mani­festly a suc­cess, obvi­at­ing any need to blow the whistle. But who can tell how these pat­ri­otic men and women would have reacted had they wit­nessed crimes or incom­pet­ence that dam­aged our nation’s secur­ity, led to the deaths of our sol­diers, or even pos­sible defeat?

Also, was the 30-year non-disclosure rule around the work of Bletch­ley really neces­sary? After all, the war had been won, so how could dis­clos­ure bene­fit the enemy? This unthink­ing applic­a­tion of the stand­ard rules cost the UK dearly. In fact, it would be accur­ate to say that it severely dam­aged the UK’s eco­nomic well­being – some­thing the OSA is sup­posed to protect.

In 1943 the Brit­ish were the world lead­ers in digital elec­tronic com­put­ing. The dra­conian Offi­cial Secrets Act pre­cluded the devel­op­ment and com­mer­cial use of this know­ledge in Bri­tain after the war. In fact, mind­bog­glingly, the Colos­sus com­puters were dis­mantled and the research destroyed.

There were no sim­ilar pro­vi­sions affect­ing the Amer­ican cryp­to­graph­ers who had been sta­tioned at Bletch­ley. Con­sequently, after the war they enthu­si­ast­ic­ally applied Brit­ish research and tech­no­logy to develop the US com­puter research pro­gramme and even­tu­ally the mar­ket, pav­ing the way to the suc­cess of Sil­icon Val­ley and the dom­in­a­tion of the world’s IT mar­kets for dec­ades. What price the famed Brit­ish stiff upper lip and dis­cre­tion then?

Of course, there need to be legal pro­vi­sions to pro­tect real secrets that could affect Britain’s national secur­ity. How­ever, this should be pro­por­tion­ate and bal­anced, and should not pre­vent the devel­op­ment of new research and tech­no­lo­gies, the expos­ure in the pub­lic interest of crime, and cer­tainly not the fact our coun­try was taken into war on the basis of lies.

Real­ist­ic­ally, how­ever, in the age of the inter­net such legal pro­vi­sions are increas­ingly mean­ing­less. Des­pite this, more and more coun­tries appear to be adopt­ing Britain’s model of anti­quated and dra­conian secrecy legislation.

We live in a coun­try that crim­in­al­ises any dis­clos­ure of sens­it­ive inform­a­tion – unless it comes in the form of mem­oirs from senior politi­cians, White­hall offi­cials or spooks of course. As always, there is one rule for the gen­er­als and one for the poor bloody infantry.

For the good of our coun­try, we need to rethink this legislation.

IT Defense Conference, Hamburg January 2008

In Janu­ary 2008 I spoke at the IT Defense Con­fer­ence in Ham­burg in Janu­ary 2008.  This is a sum­mary of my talk.

The Spy­ing Game? – Annie Machon

I gave a present­a­tion about the role of intel­li­gence
agen­cies in the cur­rent era of the unend­ing “war on ter­ror”, how they
mon­itor us, and the implic­a­tions for our democracies.

In the name of pro­tect­ing national secur­ity, spy agen­cies are being
given sweep­ing new powers and resources. Their intel­li­gence has been
politi­cised to build a case for the dis­astrous war in Iraq, they are
fail­ing to stop ter­ror­ist attacks, and they con­tinue to col­lude in
illegal acts of intern­ment and tor­ture, euphemist­ic­ally called
“extraordin­ary rendi­tion”. Most west­ern demo­cra­cies have already given
so many new powers to the spies that we are effect­ively liv­ing in
police states. As an informed com­munity, what can we do about this?
t-style: nor­mal; font-variant: nor­mal; font-weight: nor­mal; font-size: 7pt; line-height: nor­mal; font-size-adjust: none; font-stretch: nor­mal;”> The illegal MI6
assas­sin­a­tion attempt against Col­onel Gad­dafi of Libya

Pay peanuts, get monkeys

So the spooks are yet again try­ing to recruit IT pro­fes­sion­als. MI6 is cur­rently advert­ising for a, quote, “world class enter­prise archi­tect”, but is offer­ing a salary sig­ni­fic­antly below the mar­ket rate. MI5 is con­stantly on the lookout for IT staff –as recent adverts in the press will attest.

My sense is that the agen­cies are still des­per­ately play­ing IT catch-up. In the 1990s, when I worked as an intel­li­gence officer, we were still writ­ing out everything longhand and get­ting our sec­ret­ar­ies to type it up – with all the attend­ant typos, revi­sions and delays. Inform­a­tion data­bases, such the sys­tem code­named Durbar, which held the ter­ror­ist records, could only be accessed via 1970s, beige, monitor-and-keyboard, all-in-one computers.

In the early 1990s MI5 did try to develop its own inform­a­tion man­age­ment sys­tem from scratch, rightly think­ing that buy­ing off-the-shelf from an Amer­ican mega­corp was prob­ably not good secur­ity. How­ever, MI5 man­age­ment still thought IT was a low pri­or­ity – des­pite the fact the effi­cient pro­cessing of inform­a­tion should have been the core work. So, the agency paid sig­ni­fic­antly below the mar­ket rates for IT pro­fes­sion­als, and pos­ted main­stream intel­li­gence officers, with no pro­ject man­age­ment exper­i­ence, to run the depart­ment for 2 year peri­ods. Need­less to say, moral was rock-bottom. The IT bods were unmo­tiv­ated, the IOs demor­al­ised at being pos­ted to a career grave­yard slot and the unwieldy sys­tem, code­named Grant, never got off the ground.

In the middle of the dec­ade MI5 in des­per­a­tion bought an off-the-shelf pack­age which was based on Win­dows 95. Even then officers had to fight to have access to a ter­minal to do their work. And, of course, Win­dows is not known as the most stable or secure sys­tem avail­able. I also heard recently that MI5 is still using this pro­pri­et­ary soft­ware, and thinks that it can pro­tect its inform­a­tion sys­tems by patch­ing up secur­ity prob­lems. It gives one such faith that MI5 can really pro­tect this coun­try from ter­ror­ist attack.

But this leads us onto a more ser­i­ous issue regard­ing our national sov­er­eignty. What the hell is our gov­ern­ment doing, shov­el­ling bil­lions of pounds every year over to US IT com­pan­ies to pay for licences that then per­mit our gov­ern­ment depart­ments to use their soft­ware pack­ages? And with the cur­rent con­cerns about ter­ror­ism and the sub­sequent datamin­ing activ­it­ies of a para­noid US admin­is­tra­tion, how can we be sure that the NSA is not sneak­ing a peek at the work of our secur­ity forces via back doors in this software?

So, to pro­tect our sov­er­eignty, as well as develop our know­ledge base and grow our eco­nomy, why does the UK gov­ern­ment not encour­age all gov­ern­ment agen­cies and depart­ments to switch from pro­pri­et­ary to open source soft­ware? After all, many other coun­tries around the world are already doing this for pre­cisely these reasons.

No doubt it’s that pesky “spe­cial rela­tion­ship” kick­ing in again.….