A recent interview I gave while in Stockholm to the Privacy as Innovation project:
Category Archives: IT
Keynote at Internetdagarna, Stockholm, November 2014
Here is my keynote speech at the recent Internetdagarna (Internet Days) conference in Stockholm, Sweden, discussing all things whistleblower, spy, surveillance, privacy and TTIP:
RT Breaking the Set — interview about spies with Abby Martin
Here’s my interview from yesterday on RT’s excellent Breaking the Set show with host, Abby Martin. We discussed all things spy, surveillance, Snowden, oversight, and privacy. A fun and lively interview! Thanks, Abby.
European Parliament LIBE Inquiry on Electronic Mass Surveillance of EU Citizens
Below is some background material from my submission to the European Parliament’s LIBE Committee on the implications of the NSA scandal.
Here is a video link to the hearing.
LIBE Committee Inquiry on Electronic Mass Surveillance of EU Citizens, European Parliament, 30th September 2013
Biography:
Annie Machon was an intelligence officer for the UK’s MI5 in the 1990s, before leaving to help blow the whistle on the crimes and incompetence of the British spy agencies. As a result she and her former partner had to go on the run around Europe, live in exile in France, face arrest and imprisonment, and watch as friends, family and journalists were arrested.
She is now a writer, media commentator, political campaigner, and international public speaker on a variety of related issues: the war on terrorism, the war on drugs, the war on whistleblowers, and the war on the internet. In 2012 she started as a Director of LEAP in Europe (www.leap.cc).
Annie has an MA (Hons) Classics from Cambridge University.
Background material:
- The insider threat
- Free Speech Debate project
- Whistleblower discussion panel
- What whistleblowers want
- The value of whistleblowers
- The cost of whistleblowing
- The real purpose of UK secrecy laws
- Head of MI6 statement
- Early article on Wikileaks
- Possible whistleblower protections
- Failure of UK parliamentary oversight
- UK spies and the law
- UK spies: unethical and unaccountable
Recommendations:
- Meaningful parliamentary oversight of intelligence agencies, with full powers of investigation, at both national and European levels.
- These same democratic bodies to provide a legitimate channel for intelligence whistleblowers to give their evidence of malfeasance, with the clear and realistic expectation that a full inquiry will be conducted, reforms applied and crimes punished.
- Institute a discussion about the legal definition of national security, what the real threats are to the integrity of nation states and the EU, and establish agencies to work within the law to defend just that. This will halt international intelligence mission creep.
- EU-wide implementation of the recommendations in the Echelon Report (2001):
- to develop and build key infrastructure across Europe that is immune from US governmental and corporatist surveillance; and
- “Germany and the United Kingdom are called upon to make the authorisation of further communications interception operations by US intelligence services on their territory conditional on their compliance with the ECHR (European Convention on Human Rights).”
- The duty of the European parliament is to the citizens of the EU. As such it should actively pursue technology policies to protect the privacy and basic rights of the citizens from the surveillance of the NSA and its vassals; and if it cannot, it should warn its citizens abut this actively and educate them to take their own steps to protect their privacy (such as no longer using certain Internet services or learning to use privacy enhancing technologies). Concerns such as the trust Europeans have in ‘e‑commerce’ or ‘e‑government’ as mentioned by the European Commission should be secondary to this concern at all times.
- Without free media, where we can all read, write, listen and discuss ideas freely and in privacy, we are all living in an Orwellian dystopia, and we are all potentially at risk. These media must be based on technologies that empower individual citizens, not corporations or foreign governments. The Free Software Foundation has been making these recommendations for over two decades.
- The central societal function of privacy is to create the space for citizens to resist the violation of their rights by governments and corporations. Privacy is the last line of defense historically against the most potentially dangerous organisation that exists: the nation state. Therefore there is no ‘balance between privacy and security’ and this false dichotomy should not be part of any policy debate.
Dutch festival OHM — Observe, Hack, Make
Today I am limbering up to attend the Dutch geek festival, Observe Hack Make (OHM 2013). A lot of talks from whistleblowers, scientists, geeks, futurists and bleeding edge tech people. The visionaries?
You decide — all talks will be live streamed and available afterwards. Enjoy!
RT interview about censorship of internet porn
Coincidentally, while in Iceland I was invited on to RT to do an interview about the country’s proposal to censor the internet in order to stop access to violent porn. I stress that this discussion is still, apparently, at a consultative stage — decisions have yet to be taken.
The FISA/Echelon Panopticon
A recent interview with James Corbett of the Corbett Report on Global Research TV discussing issues such as FISA, Echelon, and our cultural “grooming” by the burgeoning surveillance state:
The End of Privacy and Freedom of Thought?
I saw this chilling report in my Twitter feed today (thanks @Asher_Wolf): Telstra is implementing deep packet inspection technology to throttle peer to peer sharing over the internet.
Despite being a classicist not a geek by training, this sounds like I know what I’m talking about, right? Well somewhat to my own surprise, I do, after years of exposure to the “hacktivist” ethos and a growing awareness that geeks may our last line of defence against the corporatists. In fact, I recently did an interview on The Keiser Report about the “war on the internet”.
Officially, Telstra is implementing this capability to protect those fragile business flowers (surely “broken business models” — Ed) within the entertainment and copyright industries — you know, the companies who pimp out creative artists, pay most of them a pittance while keeping the bulk of the loot for themselves, and then whine about how P2P file sharing and the circulation and enjoyment of the artists’ work is theft?
But who, seriously, thinks that such technology, once developed, will not be used and abused by all and sundry, down to and including our burgeoning police state apparatus? If the security forces can use any tool, no matter how sordid, they will do so, as has been recently reported with the UK undercover cops assuming the identities of dead children in order to infiltrate peaceful protest groups.
Writer and activist, Cory Doctorow, summed this problem up best in an excellent talk at the CCC hackerfest in Berlin in 2011:
The shredding of any notion of privacy will also have a chilling effect not only on the privacy of our communications, but will also result in our beginning to self-censor the information we ingest for fear of surveillance (Nazi book burnings are so 20th Century). It will, inevitably, also lead us to self-censor what we say and what we write, which will slide us into an Orwellian dystopia faster than we could say “Aaron Swartz”.
As Columbian Professor of Law, Eben Moglen, said so eloquently last year at another event in Berlin — “freedom of thought requires free media”:
Two of my favourite talks, still freely available on the internet. Enjoy.
The Scorpion Stare
I have written over the years about the encroaching surveillance state, the spread of CCTV and the increasing use of drones in our skies. When the North East of England introduced talking CCTV cameras that could bark orders at passing pedestrians in 2008, I thought that we were fast approaching the reductio ad absurdum point — and indeed this subject has raised a wry laugh from audiences around the world ever since.
Recently I have been reading with dismay a slew of articles about the increasing corporatisation of the surveillance state. First I stumbled across a piece describing Facebook’s latest innovation, Facedeal: cameras planted in shops and bars that will use the facial recognition and tagging abilities of FB to recognise you as a valued customer and offer you a discount, simply because you have signed up to this Big Brother app on Facebook.
Add this to the fact that Facebook is probably, well, an open book for to the entire US security apparatus, and you can see the potential abuse of this system. We shall effectively be bribed to allow ourselves to be spied on.
Facedeal is being trialed in the US. Some European countries, most notably Germany, have already stated that data recognition technology used even just for photo “tagging” is or could be deemed illegal. Germany specifically has regulations that allow Internet users control over their data. They are not going to like Facedeal.
Secondly, it was reported today that Google had patented intelligent image recognition technology. Combine this capability with Googles Earth and Street, and we are potentially looking at a truly panopticon society. The Germans are really not going to like that. (Nor indeed will certain of the French, including the man who earlier this year tried to sue Google after being photographed having a pee in his own front garden).
Thirdly, Boeing has triumphantly launched the concept of the drone swarm, operating with a hive mentality and upping the capabilities of military surveillance exponentially, while taking much of the risk out of any operation.
And finally, the Wikileaks story about TrapWire. This first emerged as yet another bonkers American scheme, where the footage from CCTV street cameras was being mainlined into the security apparatus. Subsequently, it has emerged via Wikileaks that Trapwire is also being used in other western countries, including the UK.
Not only can the securocrats watch you, they too are installing face recognition software that can identify you. While this may not yet be as accurate as the spies might wish, TrapWire has also installed predictive software that apparently can assess whether you are acting, loitering or walking in a suspicious manner. So you could pre-emptively be assessed to be about to commit a crime or an act of terrorism and, no doubt, appropriately and pre-emptively “dealt with”.
All of which must be so reassuring to protest groups such as Occupy, which have been subject to massive CCTV surveillance in NYC and which have been labelled a “terrorist/extremist threat” in the City of London.
At the risk of sounding alarmist, we now all know what “being dealt with” in this era of anti-activist SWAT teams, drone strikes and kill lists can potentially entail.
So where does this leave us as concerned citizens? It strikes me that we are being catapulted into some sci-fi dystopia beyond even Orwell’s wildest imaginings. Any fan of modern thrillers and sci-fi will be familiar with the concept of integrated super-computers that can watch our every move via CCTV.
The latter is what TrapWire et al are working towards. These new technologies remind me of a story line from a wonderful series of books called the The Laundry Files by Charles Stross. These novels are a perfect of merging of Len Deighton’s laconic spy fiction, à la Harry Palmer, with the geek universe and beyond. And, at the risk of a spoiler, one of the story lines envisages a centralised and weaponised CCTV system, mainlining into the secret services, that can be turned on UK citizens if the balloon goes up. This system is codenamed the “Scorpion Stare”.
Sounds far-fetched? Well The Laundry Files are a rollicking good read, but do bear in mind not only that our CCTV systems may be centralised courtesy of TrapWire, but also that various law enforcement agencies in the UK are using micro-drones to spy on protesters, and that they have reportedly enquired if these drones could be weaponised.….
So it all depends on how you define the balloon, I suppose.
Published in The Huffington Post UK, 3 September 2012
What whistleblowers want
Whistleblowers want the sun and the moon — or at least they want to get their information out there, they want to make a difference, they want a fair hearing, and they don’t want to pay too high a personal price for doing so.
Is that too much to ask? The decision to expose criminality and bad practice for the public good has serious, life-changing implications.
By going public about serious concerns they have about their workplace, they are jeopardising their whole way of life: not just their professional reputation and career, but all that goes with it, such as the ability to pay the mortgage, their social circle, their family life, their relationship… Plus, the whistleblower can potentially risk prison or worse.
So, with these risks in mind, they are certainly looking for an avenue to blow the whistle that will offer a degree of protection and allow them to retain a degree of control over their own lives. In the old days, this meant trying to identify an honourable, campaigning journalist and a media organisation that had the clout to protect its source. While not impossible, that could certainly be difficult, and becomes increasingly so in this era of endemic electronic surveillance.
Today the other option is the secure, high-tech publishing conduit, as trail-blazed by Wikileaks. While this does not provide the potential benefits of working with a campaigning journalist, it does provide anonymity and a certain degree of control to the modern whistleblower, plus it allows their information to reach a wide audience without either being filtered by the media or blocked by government or corporate injunctions.
As someone who has a nodding acquaintance with the repercussions of blowing the whistle on a secret government agency, I have liked the Wikileaks model since I first stumbled across it in 2009.
As with most truly revolutionary ideas, once posited it is blindingly obvious.
Never before has this been technically possible — the idea that a whistleblower’s information could be made freely available to the citizens of the world, in order to inform their democratic choices, with no blockage, not censorship, no filtering or “interpretation” by the corporate media.
This is particularly relevant in an age when the global media has been consolidated in the hands of a few multinationals, and when these multinationals have a certain, shall we say “cosy”, relationship with many of top our politicians and power elites.
The control of the mainstream media by the spooks and governments has been the focus of many of my recent talks. These corrupt inter-relationships have also been recently laid bare with the News International phone-hacking scandals.
The days of garnering news from one favoured paper or TV bulletin are long gone. Few people now trust just one media outlet — they skip across a variety of news sources, trying to evaluate the truth for themselves. But even that can be problematic when something big occurs, such as the “justification” for the invasion of Iraq or Libya, and the current beat of war drums against Iran, when the corporate media mysteriously achieves a consensus.
Hence the democratic disconnect, hence the distrust, and hence (in part) the plummeting profits of the old media.
Wikileaks is based on a simple concept — it allows the people to read the source material for themselves and make up their own minds based on real information. This led to exposure of all kinds of global nasties way before the massive 2010 US data-dump.
Despite this approach, the impact was initially subdued until Wikileaks collaborated with the old media. This, as we all know, did indeed produce the coverage and awareness of those issues deemed important as it was filtered through the MSM. This has also inevitably lead to tensions between the new model hacktivists and the old-school journalists.
No government, least of all the USA, likes to have demands for justice and transparency forced upon it, and the push back since 2010 has been massive across the world in terms of an apparently illegal financial blockade, opaque legal cases and a media backlash. Certain of Wikileaks’s erstwhile media partners have collaborated in this, turning on one of their richest sources of information in history.
However, Wikileaks is more than a media source. It is a whole new model — a high-tech publisher that offers a safe conduit for whistleblowers to cache and publicise their information without immediately having to overturn (and in some cases risk) their lives.
For this work, Wikileaks has over the years won a number of internationally prestigious journalism awards.
Inevitably, critics in the mainstream media seem to want to have their cake and eat it too: one early partner, the New York Times, has written that it doesn’t recognise Wikileaks as a journalist organisation or a publisher — it is a source, pure and simple.
Either way, by saying this the media are surely shooting themselves in the corporate feet with both barrels. If Wikileaks is indeed “just” a source (the NYT seems to be blithely forgetting that good journalism is entirely dependent on its sources), then the media are breaking their prime directive: protect a source at all costs.
However, if Wikileaks is a journalism or publishing organisation and as such is being targeted by the US government, then all other media are surely equally at risk in the future?
By not standing up for Wikileaks in either capacity, it appears that the old media have a death wish.
Over the years whistleblowers around the world have demonstrated their trust in Wikileaks, as it was set up by someone emerging from the original bona fide hacker community. And rightly so — let’s not forget that no source has been exposed through the failure of the organisation’s technology.
Many media organisations rushed to emulate its success by trying to set up their own “secure” whistleblowing repositories. What the media execs failed to understand was the hacker ethos, the open source mentality: they went to their techie department or commercial IT service providers and said “we want one”, but failed to understand both the ethos and the security concerns around closed, proprietary software systems, often channelled through the post-Patriot Act, post-CISPA USA.
Other, apparently well-meaning organisations, also tried to emulate the Wikileaks model, but most have died a quiet death over the last year. Perhaps, again, for want of real trust in their origin or tech security?
Why on earth would any security-conscious whistleblower, emerging out of a government, military or intelligence organisation, trust such a set-up? If someone comes out of such an environment they will know all-too-well the scale of the push-back, the possible entrapments, and the state-level resources that will be used to track them down. They either need an über-secure whistleblowing platform, or they need journalists and lawyers with fire in their belly to fight the fight, no matter what.
So now to OpenLeaks — apparently the brainchild of Wikileaks defector Daniel Domsheit-Berg. He and the shadowy “Architect” famously fell out with Julian Assange in late 2010, just when the political heat was ramping up on the organisation. They left, reportedly taking some of the crucial coding and a tranche of files with them, and Domsheit-Berg decided to set up a rival organisation called OpenLeaks. As a result of his actions, Domsheit-Berg was uniquely cast out of the international hacker group, the CCC in Berlin.
He now seems to have been welcomed back into the fold and OpenLeaks appears, finally, to be ready to receive whistleblower information.
However, there is a crucial difference between the two organisations. Where Wikileaks wants to lay the information out there for public evaluation, OpenLeaks will merely act as a repository for certain approved mainstream media organisations to access. We are back to the original blockage of the corporate media deciding what information we, the people, should be allowed to ingest.
I would not wish to comment on Domsheit-Berg’s motivation, but to me this seems to be an even worse option for a whistleblower than directly contacting a campaigning journalist with a proven track record of covering hard-core stories and fighting for the cause.
With OpenLeaks, the whistleblower loses not only the automatic widespread dissemination of their information, but also any semblance of control over which journalists will be working on their story. Their information will be parked on the website and anyone from pre-selected media organisations will be able to access, use and potentially abuse it.
One could say that OpenLeaks operates as a secure staging platform where a whistleblower can safely store sensitive documents and information.… but the founder allegedly removed and destroyed sensitive files from Wikileaks when he jumped ship in 2010. Could any whistleblower really trust that OpenLeaks would not similarly “disappear” shit-hot information in the future?
Plus, there is the added worry for any rightly-paranoid whistleblower that the founder of OpenLeaks so easily abandoned Wikileaks when under pressure. Who’s to say that this would not happen again, if the full might of the Pentagon were brought to bear on OpenLeaks?
OpenLeaks offers neither the personal support of working with a trusted journalist and a media organisation with the clout to fight back, nor does it provide full disclosure to the wider public to side-step potential media self-censorship and government law suits, as the original Wikileaks model does.
As such OpenLeaks seems, at least to this particular whistleblower, to be an evolutionary blip — a retrograde step — in the quest for justice and accountability.
Judicial rendition — the UK-US extradition treaty is a farce
Sometimes I sit here reading the news — on subjects in which I take a deep interest such as the recent police investigation into UK spy complicity in torture, where the police decided not to prosecute — and feel that I should comment. But really, what would be the point? Of course the police would not find enough concrete evidence, of course no individual spies would be held to account, despite the fact that the British government has already paid massive settlements to the victims.
Now there are reports that the police will be investigating MI6 involvement in the extraordinary rendition and torture of two Libyans. The case appears bang to rights, with documentary evidence that high-ranking MI6 officers and government ministers were involved in and approved the operation. Yet I’m willing to bet that the plods at Scotland Yard will still not be able to find the requisite evidence to prosecute anybody.
The inevitable (and probably wished-for outcome on the part of the authorities) is that people become so weary and cynical about the lack of justice that they stop fighting for it. And they can temporarily succeed, when we succumb to cynical burnout.
But the case reported in today’s Daily Mail, that of a young British student facing extradition to the US despite having broken no laws in the UK, succeeded in rousing my wrath.
The hapless 23-year old Richard O’Dwyer faces 10 years in a maximum security American prison. His crime, according to the US, is that he set up a UK-based website that provided links to other international websites that allegedly hosted copyright material.
This case is so troubling on so many levels it is difficult to know where to begin. There are issues around the crackdown of US corporate copyright law, issues around the inequality of the unilateral Extradition Act 2003, and historic questions of US hypocrisy about extradition.
So let’s start with the unsupported allegations against poor Richard O’Dwyer. He is a student who built a website that collated a list of sites in other countries that host films, books and music for free download. O’Dwyer did not himself download any copyrighted material, and the websites he linked to were apparently within jurisdictions where such downloads are not illegal. Providing a signpost to other legal international sites is manifestly not a crime in the UK and he has never been charged.
However, over the last couple of decades the US entertainment lobby has been fighting a vicious rearguard action against copyright infringement, starting with the music, then the film, and now the publishing industry. The lobbyists have proved victorious and the invidious SOPA and PIPA laws are soon to be passed by the US Congress. All well and good you might think — it’s one of those mad US issues. But oh no, these laws have global reach. What might be legal within the UK might still mean that you fall foul of US legislation.
Which is where the Extradition Act 2003 becomes particularly threatening. This law means that any UK citizen can be demanded by and handed over to the US with no prima facie evidence. As we have seen in the appalling case of alleged hacker Gary McKinnon, it matters not if the “crime” were committed on UK soil (as you can see here, McKinnon’s case was not prosecuted by the UK authorities in 2002. If it had been, he would have received a maximum sentence of 6 months’ community service: if extradited he is facing up to 70 years in a US maximum security prison).
The UK government has tried to spin the egregious Libyan cases as “judicial rendition” rather than “extraordinary kidnapping” or whatever it’s supposed to be. So I think it would be accurate to call Gary McKinnon’s case “judicial rendition” too, rather than boring old extradition.
Richard O’Dwyer apparently didn’t commit anything that could be deemed to be a crime in the UK, and yet he is still facing extradition to the US and a 10 year stretch. The new US laws like SOPA threaten all of us, and not just with judicial rendition.
As I have mentioned before, digital rights activist Cory Doctorow summed it up best: “you can’t make a system that prevents spying by secret police and allows spying by media giants”. These corporate internet laws are a Trojan horse that will threaten our basic civil liberties across the board.
So now to my third point. The hypocrisy around the American stance on extradition with the UK is breathtaking. The UK has been dispatching its own citizens off at an alarming rate to the “tender” mercies of the US judicial system since 2004, with no prima facie evidence required. In fact, the legal proof required to get a UK citizen extradited to the US is less than that required for someone to be extradited from one US state to another.
The US, on the other hand, delayed ratifying the law until 2006, and the burden of proof required to extradite someone to the UK remains high, so it is unbalanced not only in concept but also in practice. And this despite the fact that the law was seen as crucial to facilitate the transfer of highly dangerous terrorist suspects in the endless “war on terror”.
Why has this happened? One can but speculate about the power of the Irish lobby in the US government, as Sir Menzies Campbell did during a parliamentary debate about the Act in 2006. However, it is well known that the US was remarkably coy about extraditing IRA suspects back to the UK to stand trial during the 30-year “Troubles” in Northern Ireland. We even have well-known apologists such as Congressman Peter King, the Chairman of the Homeland Security Committee attempting to demonise organisations like Wikileaks as terrorist organisations, while at the same being a life-long supporter of Sinn Féin, the political wing of the Provisional IRA.
The double standards are breath-taking. The US dictates an extradition treaty with the UK to stop terrorism, but then uses this law to target those who might potentially, tangentially, minutely threaten the profits of the US entertainment mega-corps; and then it delays ratifying and implementing its own law for potentially dubious political reasons.
And the UK government yet again rolls over and takes it, while innocent students such as Richard O’Dwyer must pay the price. As his mother is quoted as saying: “if they can come for Richard, they can come for anyone”.
Geek humour
Well, it made me laugh:
Of course, I’ve never done this myself.….
More of these excellent cartoons can be found at xkcd.org.
Bits of Freedom — Amsterdam Talk, 16 September 2010
It’s going to be a busy month for talks — I’ll be in Amsterdam with the Dutch (digital) civil rights organisation, Bits of Freedom, on 16th September. I use the brackets consciously, as I don’t personally see a distinction between rights in the physical or digital world — the underlying principles are the same.
BoF is doing great work, so anyone within striking distance of Amstie please come along, not only for the talk, but for what also promises to be a great social evening!
If you can’t make that night, I seriously recommend coming along to a BoF dinner on 24th September, where the guest of honour is acclaimed journalist, blogger and author, Cory Doctorow. I had the pleasure of meeting up with him a couple of years ago in London — an extremely switched on man.
I really, really enjoyed his digital activists’ handbook — sorry, novel — “Little Brother”, ostensibly aimed at the young adult market. But, hey, we’re all young at heart, and this book is spot on!
Watch out, Big Brother.….
Echelon and the Special Relationship
Journalist and writer James Bamford, has a new book, “The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America” (Doubleday), which came out this week in the United States.
Bamford is a former producer at ABC News of thirty years’ standing, and his book has caused quite a stir. One of his key gripes is the fact that foreign companies try to acquire work in sensitive US departments. He cites in particular the attempt in 2006 of Israeli data security company, Check Point Software Technologies, to buy an American company with existing contracts at the Defence Department and the NSA. This deal was stopped after the FBI objected.
Foreign software and security companies working within intelligence agencies are indeed a problem for any country. It compromises the very notion of national sovereignty. In the UK, MI5 and many other government departments rely on proprietary software from companies like Microsoft, notorious for their vulnerability to hackers, viruses and back door access. Should our nation’s secrets really be exposed to such easily avoidable vulnerabilities?
Another section of the book to have hit the headlines is Bamford’s claims that bedroom “conversations” of soldiers, journalists and officials in Iraq have been bugged by the National Security Agency (NSA).
Bamford, who is by no means a fan of the NSA in its current rampant form, makes the mistake of thinking that in the innocent days pre‑9/11, the agency respected democratic rights enshrined in the US constitution and never snooped on US citizens in their own country.
While technically this might be true, does nobody remember the ECHELON system?
ECHELON was an agreement between the NSA and its British equivalent GCHQ (as well as the agencies of Canada, Australia, and New Zealand) whereby they shared information they gathered on each others’ citizens. GCHQ could legally eavesdrop on people outside the UK without a warrant, so they could target US citizens of interest, then pass the product over to the NSA. The NSA then did the same for GCHQ. Thus both agencies could evade any democratic oversight and accountability, and still get the intelligence they wanted.
Special relationship, anyone?