Category Archives: IT

Poor Bloody Infantry

Posted on by Annie Machon
Copy permalink to clipboard

There is an ongo­ing cam­paign to save Bletch­ley Park for the nation, in the teeth of gov­ern­ment oppos­i­tion. As his­tor­ic Brit­ish monu­ments go, the ques­tion of wheth­er to pre­serve it for pos­ter­ity should be a no-brain­er. Bletch­ley is not only where Hitler­’s Enigma code machine was decryp­ted, along with many oth­er sys­tems, which argu­ably gave the Allies the intel­li­gence advant­age that led to vic­tory in World War 2, it is also where the first digit­al elec­tron­ic com­puters, code­named Colos­sus, were oper­ated. Two land­mark events of the 20th century.

Recently The Times repor­ted on this cam­paign. The art­icle also the dwells at some length on how long Bletch­ley’s secrets were kept by the 10,000 people who worked there dur­ing the war. Although this inform­a­tion was declas­si­fied after 30 years, the habit of secrecy was so deeply ingrained that many former employ­ees nev­er breathed a word. The art­icle laments the passing of this habit of dis­cre­tion from Brit­ish life, stat­ing that politi­cians and seni­or intel­li­gence officers now appear to view the pos­ses­sion of insider know­ledge as a good pen­sion fund when they come to write their memoirs.

Over the last dec­ade we have see a myri­ad of books emer­ging for the upper ech­el­ons of gov­ern­ment and intel­li­gence in the UK: Alastair Camp­bell, Robin Cook, Wash­ing­ton Ambas­sad­or Sir Chris­toph­er Mey­er, ex-MI5 chief Dame Stella Rim­ing­ton. Even Tony Blair has appar­ently signed a sev­en fig­ure deal for his memoirs.

All these books have a num­ber of char­ac­ter­ist­ics in com­mon: they are lengthy, but say little of rel­ev­ance about the burn­ing issues of the day; they appear to have been writ­ten for profit and not in the pub­lic interest; and not one of these writers has ever even been arres­ted under the Offi­cial Secrets Act, even when there is clear prima facie evid­ence of a breach.

Yet these dili­gent authors are the very people who are the first to use the OSA to stifle legit­im­ate dis­clos­ure of crime, cor­rup­tion and incom­pet­ence in the highest levels of gov­ern­ment and intel­li­gence by real whis­tleblowers, who risk their careers and their free­dom. The hypo­crisy is breathtaking.

But was the old-fash­ioned, blanket dis­cre­tion, vaunted by The Times, really such a good thing? The code of “loose talk costs lives” may have made sense dur­ing the Second World War, when this nation was fight­ing for its life. The work at Bletch­ley was mani­festly a suc­cess, obvi­at­ing any need to blow the whistle. But who can tell how these pat­ri­ot­ic men and women would have reacted had they wit­nessed crimes or incom­pet­ence that dam­aged our nation’s secur­ity, led to the deaths of our sol­diers, or even pos­sible defeat?

Also, was the 30-year non-dis­clos­ure rule around the work of Bletch­ley really neces­sary? After all, the war had been won, so how could dis­clos­ure bene­fit the enemy? This unthink­ing applic­a­tion of the stand­ard rules cost the UK dearly. In fact, it would be accur­ate to say that it severely dam­aged the UK’s eco­nom­ic well­being – some­thing the OSA is sup­posed to protect.

In 1943 the Brit­ish were the world lead­ers in digit­al elec­tron­ic com­put­ing. The dra­coni­an Offi­cial Secrets Act pre­cluded the devel­op­ment and com­mer­cial use of this know­ledge in Bri­tain after the war. In fact, mind­bog­glingly, the Colos­sus com­puters were dis­mantled and the research destroyed.

There were no sim­il­ar pro­vi­sions affect­ing the Amer­ic­an cryp­to­graph­ers who had been sta­tioned at Bletch­ley. Con­sequently, after the war they enthu­si­ast­ic­ally applied Brit­ish research and tech­no­logy to devel­op the US com­puter research pro­gramme and even­tu­ally the mar­ket, pav­ing the way to the suc­cess of Sil­ic­on Val­ley and the dom­in­a­tion of the world’s IT mar­kets for dec­ades. What price the famed Brit­ish stiff upper lip and dis­cre­tion then?

Of course, there need to be leg­al pro­vi­sions to pro­tect real secrets that could affect Bri­tain’s nation­al secur­ity. How­ever, this should be pro­por­tion­ate and bal­anced, and should not pre­vent the devel­op­ment of new research and tech­no­lo­gies, the expos­ure in the pub­lic interest of crime, and cer­tainly not the fact our coun­try was taken into war on the basis of lies.

Real­ist­ic­ally, how­ever, in the age of the inter­net such leg­al pro­vi­sions are increas­ingly mean­ing­less. Des­pite this, more and more coun­tries appear to be adopt­ing Bri­tain’s mod­el of anti­quated and dra­coni­an secrecy legislation.

We live in a coun­try that crim­in­al­ises any dis­clos­ure of sens­it­ive inform­a­tion – unless it comes in the form of mem­oirs from seni­or politi­cians, White­hall offi­cials or spooks of course. As always, there is one rule for the gen­er­als and one for the poor bloody infantry.

For the good of our coun­try, we need to rethink this legislation.

IT Defense Conference, Hamburg January 2008

Posted on by Annie Machon
Copy permalink to clipboard

In Janu­ary 2008 I spoke at the IT Defense Con­fer­ence in Ham­burg in Janu­ary 2008.  This is a sum­mary of my talk.

The Spy­ing Game? – Annie Machon

I gave a present­a­tion about the role of intelligence
agen­cies in the cur­rent era of the unend­ing “war on ter­ror”, how they
mon­it­or us, and the implic­a­tions for our democracies.

In the name of pro­tect­ing nation­al secur­ity, spy agen­cies are being
giv­en sweep­ing new powers and resources. Their intel­li­gence has been
politi­cised to build a case for the dis­astrous war in Iraq, they are
fail­ing to stop ter­ror­ist attacks, and they con­tin­ue to col­lude in
illeg­al acts of intern­ment and tor­ture, euphemist­ic­ally called
“extraordin­ary rendi­tion”. Most west­ern demo­cra­cies have already given
so many new powers to the spies that we are effect­ively liv­ing in
police states. As an informed com­munity, what can we do about this?
t‑style: nor­mal; font-vari­ant: nor­mal; font-weight: nor­mal; font-size: 7pt; line-height: nor­mal; font-size-adjust: none; font-stretch: nor­mal;”> The illeg­al MI6
assas­sin­a­tion attempt against Col­on­el Gad­dafi of Libya

Pay peanuts, get monkeys

Posted on by Annie Machon
Copy permalink to clipboard

So the spooks are yet again try­ing to recruit IT pro­fes­sion­als. MI6 is cur­rently advert­ising for a, quote, “world class enter­prise archi­tect”, but is offer­ing a salary sig­ni­fic­antly below the mar­ket rate. MI5 is con­stantly on the lookout for IT staff –as recent adverts in the press will attest.

My sense is that the agen­cies are still des­per­ately play­ing IT catch-up. In the 1990s, when I worked as an intel­li­gence officer, we were still writ­ing out everything longhand and get­ting our sec­ret­ar­ies to type it up – with all the attend­ant typos, revi­sions and delays. Inform­a­tion data­bases, such the sys­tem code­named Durbar, which held the ter­ror­ist records, could only be accessed via 1970s, beige, mon­it­or-and-key­board, all-in-one computers.

In the early 1990s MI5 did try to devel­op its own inform­a­tion man­age­ment sys­tem from scratch, rightly think­ing that buy­ing off-the-shelf from an Amer­ic­an mega­corp was prob­ably not good secur­ity. How­ever, MI5 man­age­ment still thought IT was a low pri­or­ity – des­pite the fact the effi­cient pro­cessing of inform­a­tion should have been the core work. So, the agency paid sig­ni­fic­antly below the mar­ket rates for IT pro­fes­sion­als, and pos­ted main­stream intel­li­gence officers, with no pro­ject man­age­ment exper­i­ence, to run the depart­ment for 2 year peri­ods. Need­less to say, mor­al was rock-bot­tom. The IT bods were unmo­tiv­ated, the IOs demor­al­ised at being pos­ted to a career grave­yard slot and the unwieldy sys­tem, code­named Grant, nev­er got off the ground.

In the middle of the dec­ade MI5 in des­per­a­tion bought an off-the-shelf pack­age which was based on Win­dows 95. Even then officers had to fight to have access to a ter­min­al to do their work. And, of course, Win­dows is not known as the most stable or secure sys­tem avail­able. I also heard recently that MI5 is still using this pro­pri­et­ary soft­ware, and thinks that it can pro­tect its inform­a­tion sys­tems by patch­ing up secur­ity prob­lems. It gives one such faith that MI5 can really pro­tect this coun­try from ter­ror­ist attack.

But this leads us onto a more ser­i­ous issue regard­ing our nation­al sov­er­eignty. What the hell is our gov­ern­ment doing, shov­el­ling bil­lions of pounds every year over to US IT com­pan­ies to pay for licences that then per­mit our gov­ern­ment depart­ments to use their soft­ware pack­ages? And with the cur­rent con­cerns about ter­ror­ism and the sub­sequent datamin­ing activ­it­ies of a para­noid US admin­is­tra­tion, how can we be sure that the NSA is not sneak­ing a peek at the work of our secur­ity forces via back doors in this software?

So, to pro­tect our sov­er­eignty, as well as devel­op our know­ledge base and grow our eco­nomy, why does the UK gov­ern­ment not encour­age all gov­ern­ment agen­cies and depart­ments to switch from pro­pri­et­ary to open source soft­ware? After all, many oth­er coun­tries around the world are already doing this for pre­cisely these reasons.

No doubt it’s that pesky “spe­cial rela­tion­ship” kick­ing in again.….

CCTV doesn’t prevent crime

Posted on by Annie Machon
Copy permalink to clipboard

So, the argu­ment about CCTV and our big broth­er soci­ety rumbles on. A seni­or police­man, Detect­ive Chief Inspect­or Mick Neville of the Visu­al Images, Iden­ti­fic­a­tions and Detec­tions Office (Viido) at New Scot­land Yard, has been quoted as say­ing that only 3 per cent of crimes have been solved by CCTV evid­ence. Des­pite the UK hav­ing the highest per cap­ita num­ber of CCTVs in the world, this brave new world has failed to make us safer.

A few oth­er police forces, and nat­ur­ally the secur­ity com­pan­ies flog­ging the kit, say that CCTV has at least dra­mat­ic­ally reduced oppor­tun­ist­ic crimes. Who should we believe?

What can­not be dis­puted is the fact that there are well over 4,000,000 CCTVs in this coun­try, and the organ­isa­tion, Pri­vacy Inter­na­tion­al, assesses that we are the most watched cit­izenry in Europe.

While some law-abid­ing cit­izens say they feel intim­id­ated by CCTV and how the inform­a­tion could poten­tially be mis­used, most people seem not to care. In fact, the major­ity appar­ently feel safer if they can see CCTV on the streets, even if this per­vas­ive sur­veil­lance has in no way dis­cour­aged crimes of viol­ence. So why this gap between per­cep­tion and reality?

One of my pet the­or­ies has always been to blame Big Broth­er. No, not the book. I have always been flum­moxed by the pop­ular­ity of the TV show and the pleth­ora of real­ity TV spin-offs. My instinct­ive reac­tion was that it was sim­il­ar to being “groomed” to accept round-the-clock intru­sion into our per­son­al lives. More than accept – desire it. The clear mes­sage is that such sur­veil­lance can lead to instant fame, wealth and access to the Z‑list parties of Lon­don. And for that we are sleep-walk­ing into a real Orwellian nightmare.

Slightly flip­pant the­or­ies aside, it is inter­est­ing that one of the most cited examples of the need for CCTV was the Bish­opsgate bomb­ing in Lon­don in 1993. In this case a lorry bomb, filled with a tonne of home made explos­ive (HME) was det­on­ated in the heart of the city of Lon­don by the IRA. One per­son was killed, many were injured, and hun­dreds of mil­lions of pounds worth of dam­age was caused, not to men­tion the fact threat the IRA scored a huge pub­li­city coup.

But this had noth­ing to do with the lack or oth­er­wise of CCTV in the streets of the City. It was an intel­li­gence fail­ure, pure and simple.

This attack could and should have been pre­ven­ted. It occurred while I was work­ing in MI5, and it was widely known in the ser­vice at the time that the bomber should have been arres­ted six months before dur­ing a sur­veil­lance oper­a­tion. Des­pite the fact that he was seen check­ing out anoth­er lorry bomb in stor­age, he was allowed to walk free and escape to the Repub­lic of Ire­land due to pro­ced­ur­al cock-ups. Months later, he returned to the City and bombed Bishopsgate.

By rely­ing increas­ingly on tech­no­lo­gies to pro­tect us, we are fol­low­ing in the foot­steps of the Amer­ic­ans. They have always had an over-reli­ance on gad­gets and giz­mos when seek­ing to invest­ig­ate crim­in­als and ter­ror­ists: satel­lite track­ing, phone taps, bugs. But this hoover­ing up of inform­a­tion is nev­er an adequate replace­ment for pre­cise invest­ig­at­ive work. Plus, any crim­in­al or ter­ror­ist worth their salt these days knows not to dis­cuss sens­it­ive plans electronically.

Scat­ter-gun approaches to gath­er­ing intel­li­gence, such as blanket sur­veil­lance, still at this stage require human beings to pro­cess and assess it for evid­en­tial use. That, accord­ing to DCI Neville, is part of the prob­lem. There is just too much com­ing in, not enough staff, insuf­fi­cient co-oper­a­tion between forces, and the job lacks per­ceived status with­in the police.

The oth­er prob­lem of an over-reli­ance on tech­no­logy is that it can always be hacked. The most recent hack­ing has broken the RFID chips that we all carry in our pass­ports, Oyster cards and the planned ID cards. New tech­no­lo­gies can­not guar­an­tee that our per­son­al data is secure, so rather than pro­tect­ing us, they make us more liable to crimes such as iden­tity theft.

So once again nation­al and loc­al gov­ern­ment bod­ies have rushed to buy up tech­no­logy, without fully think­ing through either its applic­a­tion or its use­ful­ness. And without fully assess­ing the implic­a­tions for a free soci­ety. Just because the tech­no­logy exists, it does not mean that it is fit for pur­pose, nor that it will make us safer.