CIA and MI5 hacking our “Internet of Things”

Yet again Wikileaks has come good by exposing just how much we are being spied upon in this brave new digital world – the Vault 7 release has provided the proof for what many of us already knew/suspected – that our smart gadgets are little spy devices.

Here are a couple of interviews I did for the BBC and RT on the subject:

BBC – CIA and MI5 Hack our TVs from Annie Machon on Vimeo.

And:

Wikileaks release info re CIA/MI5 hacks from Annie Machon on Vimeo.

Webstock, New Zealand, 2016

Now, I speak all over the world at conferences and universities about a whole variety of interconnected issues, but I do want to highlight this conference from earlier this year and give a shout out for next year’s. Plus I’ve finally got my hands on the video of my talk.

Webstock celebrated its tenth anniversary in New Zealand last February, and I was fortunate enough to be asked to speak there.  The hosts promised a unique experience, and the event lived up to its reputation.

Webstock_2016They wanted a fairly classic talk from me – the whistleblowing years, the lessons learnt and current political implications, but also what we can to do fight back, so I called my talk “The Panopticon: Resistance is Not Futile”, with a nod to my sci-fi fandom.

So why does this particular event glow like a jewel in my memory? After expunging from my mind, with a shudder of horror, the 39 hour travel time each way, it was the whole experience. New Zealand combines the friendliness of the Americans – without the political madness and the guns, and the egalitarianism of the Norwegians – with almost equivalent scenery. Add to that the warmth of the audience, the eclecticism of the speakers, and the precision planning and aesthetics of the conference organisers and you have a winning combination.

Our hosts organised vertigo-inducing events for the speakers on the top of mile-high cliffs, as well as a surprisingly fun visit to a traditional British bowling green. Plus I had the excitement of experiencing my very first earthquake – 5.9 on the Richter scale apparently. I shall make no cheap jokes about the earth moving, especially in light of the latest quakes to hit NZ this week, but the hotel did indeed sway around me and it wasn’t the local wine, excellent as it is.

I mentioned eclecticism – the quality of the speakers was ferociously high, and I would like to give a shout out to Debbie Millman and her “joy of failure” talk, Harry Roberts, a serious geek who crowd-sourced his talk and ended up talking seriously about cocktails, moths, Chumbawamba and more, advertising guru Cindy Gallop who is inspiring women around the world and promoting Make Love Not Porn, and Casey Gerald, with his evangelically-inspired but wonderfully humanistic talk to end the event.

All the talks can be found here.

It was a fabulous week.  All I can say is thank you to Tash, Mike, and the other organisers.

If you ever have the chance to attend or speak at the event in the future, I seriously recommend it.

And here’s the video of my talk:

A Good American – Bill Binney

I have for a number of years now been involved with a global group of whistleblowers from the intelligence, diplomatic and military world, who gather together every year as the Sam Adams Associates to give an award to an individual displaying integrity in intelligence.

This year’s award goes to former CIA officer, John Kiriakou, who exposed the CIA’s illegal torture programme, but was the only officer to go to prison – for exposing CIA crimes.

The award ceremony will be taking place in Washington on 25 September at the “World Beyond War” conference.

Last year’s laureate, former Technical Director of the NSA Bill Binney, is currently on tour across Europe to promote an excellent film about both his and the other stories of the earlier NSA whistleblowers before Edward Snowden – “A Good American“.

The film is simply excellent, very human and very humane, and screenings will happen across Europe over the next few months. Do watch if you can!

This is a film of the panel discussion after a screening in London on 18th September:

“A Good American” – panel discussion with ex-NSA Bill Binney from Annie Machon on Vimeo.

The Blacklist – how to go on the run

Recently I did this interview for BBC Click to promote the third series of the excellent US spy series “The Blacklist”:

How to go on the run from Annie Machon on Vimeo.
The series is apparently huge in the USA – and I can see why, as it is good – but little known to date in the UK.

Thought police

Here is the full interview I did recently for RT about the announcement of a new section of the UK Metropolitan Police dedicated to hunting down “internet trolls”.

And here is the clip used in the interview:

Thought Police from Annie Machon on Vimeo.

Fight for your Right to Privacy

A recent talk I gave to the excellent Spark.me conference in beautiful Montenegro:

Annie Machon at SparkMe conference 2016 from Annie Machon on Vimeo.

RT Going Underground – the Snoopers’ Charter

Here is a recent interview I did for the RT UK’s flagship news channel, “Going Underground” about the horrors of the proposed Investigatory Powers Bill – the so-called “snoopers charter” – that will legalise previously illegal mass surveillance, mass data retention, and mass hacking carried out by GCHQ in league with the NSA:

My interview starts at 19 minutes in – there is Brexit stuff first, about which I shall write more about soon….

Defending Human Rights in a Digital Age

This is an (abbreviated) version of my contribution to a panel discussion about human rights in a digital age, hosted last December by Professor Marianne Franklin and Goldsmiths University in London:

Goldsmiths University Privacy Discussion, December 2015 from Annie Machon on Vimeo.

Parliamentary Evidence on the UK Investigatory Powers Bill

My written evidence to the Scrutiny Committee in the UK Houses of Parliament that is currently examining the much-disputed Investigatory Powers Bill (IP):

1. My name is Annie Machon and I worked as an intelligence officer for the UK’s domestic Security Service, commonly referred to as MI5, from early 1991 until late 1996. I resigned to help my partner at the time, fellow intelligence officer David Shayler, expose a number of instances of crime and incompetence we had witnessed during our time in the service.

2. I note that the draft IP Bill repeatedly emphasises the importance of democratic and judicial oversight of the various categories of intrusive intelligence gathering by establishing an Investigatory Powers Commissioner as well as supporting Judicial Commissioners. However, I am concerned about the real and meaningful application of this oversight.

3. While in the Service in the 1990s we were governed by the terms of the Interception of Communications Act 1985 (IOCA), the precursor to RIPA, which provided for a similar system of applications for a warrant and ministerial oversight.

4. I would like to submit evidence that the system did not work and could be manipulated from the inside.

5. I am aware of at least two instances of this during my time in the service, which were cleared for publication by MI5 in my 2005 book about the Shayler case, “Spies Lies, and Whistleblowers”, so my discussing them now is not in breach of the Official Secrets Act. I would be happy to provide further evidence, either written or in person, about these abuses.

6. My concern about this draft Bill is that while the oversight provisions seem to be strengthened, with approval necessary from both the Secretary of State and a Judicial Commissioner, the interior process of application for warrants will still remain opaque and open to manipulation within the intelligence agencies.

7. The application process for a warrant governing interception or interference involved a case being made in writing by the intelligence officer in charge of an investigation. This then went through four layers of management, with all the usual redactions and finessing, before a final summary was drafted by H Branch, signed by the DDG, and then dispatched to the Secretary of State. So the minister was only ever presented with was a summary of a summary of a summary of a summary of the original intelligence case.

8. Additionally, the original intelligence case could be erroneous and misleading. The process of writing the warrant application was merely a tick box exercise, and officers would routinely note that such intelligence could only be obtained by such intrusive methods, rather than exploring all open source options first. The revalidation process could be even more cavalier.

9. When problems with this system were voiced, officers were told to not rock the boat and just follow orders. During the annual visit by the Intelligence Intercept Commissioner, those with concerns were banned from meeting him.

10. Thus I have concerns about the realistic power of the oversight provisions written into this Bill and would urge an additional provision. This would establish an effective channel whereby officers with concerns can give evidence directly and in confidence to the Investigatory Powers Commissioner in the expectation that a proper investigation will be conducted and with no repercussions to their careers inside the agencies. Here is a link to a short video I did for Oxford University three years ago outlining these proposals:

11. This, in my view, would be a win-win scenario for all concerned. The agencies would have a chance to improve their work practices, learn from mistakes, and better protect national security, as well as avoiding the scandal and embarrassment of any future whistleblowing scandals; the officers with ethical concerns would not be placed in the invidious position of either becoming complicit in potentially illegal acts by “just following orders” or risking the loss of their careers and liberty by going public about their concerns.

12. I would also like to raise the proportionality issue. It strikes me that bulk intercept must surely be disproportionate within a functioning and free democracy, and indeed can actually harm national security. Why? Because the useful, indeed crucial, intelligence on targets and their associates is lost in the tsunami of available information. Indeed this seems to have been the conclusion of every inquiry about the recent spate of “lone wolf” and ISIS-inspired attacks across the West – the targets were all vaguely known to the authorities but resources were spread too thinly.

13. In fact all that bulk collection seems to provide is confirmation after the fact of a suspect’s involvement in a specific incident, which is surely specifically police evidential work. Yet the justification for the invasive intercept and interference measures laid out in the Bill itself is to gather vital information ahead of an attack in order to prevent it – the very definition of intelligence. How is this possible if the sheer scale of bulk collection drowns out the vital nuggets of intelligence?

14. Finally, I would like to raise the point that the phrase “national security” has never been defined for legal purposes in the UK. Surely this should be the very first step necessary before formulating the proposed IP Bill? Until we have such a legal definition, how can we formulate new and intrusive laws in the name of protecting an undefined and nebulous concept, and how can we judge that the new law will thereby be proportionate within a democracy?

The Dark Web – interview on TRT World

Here’s a recent interview I did for “The Newsmakers” programme on TRT World, discussing the Dark Web and privacy:

The Newsmakers, TRT World, Turkey from Annie Machon on Vimeo.

Re:publica – The War on Concepts

This week I made my first visit to the re:publica annual geekfest in Berlin to do a talk called “The War on Concepts”. In my view this, to date, includes the four wars – on drugs, terror, the internet, and whistleblowers. No doubt the number will continue to rise.

Here’s the video:

republica_2015_Annie_Machon_The_War_on_Concepts from Annie Machon on Vimeo.

Anything to Say? unveiled in Berlin

Last week artist Davide Dormino unveiled his sculpture celebrating whistleblowers in Alexanderplatz, Berlin.

Called “Anything to Say?”, the sculpture depicts Chelsea Manning, Edward Snowden and Julian Assange standing on three chairs, with an empty fourth chair beside them, upon which we are all encouraged to stand up on and speak our truth.

Davide invited me to do just that for the unveiling ceremony, along with German MP for the Green Party and whistleblower supporter, Hans Christian Stroebele and Wikileaks’ Sarah Harrison. Here’s a report:

Anything_to_Say?_sculpture_unveiled_in_Berlin from Annie Machon on Vimeo.

Code Red Media Launch in Perugia

I am very happy to announce a new initiative, Code Red,  that Simon Davies (the founder of Privacy International and The Big Brother Awards) and I have been organising over the last few months.  In fact, not just us, but a panoply of global privacy and anti-surveillance campaigners from many areas of expertise.

Simon and I have known each other for years, way back to 2002, when he gave one of the earliest Winston Awards to David Shayler, in recognition of his work towards trying to expose surveillance and protect privacy. That award ceremony, hosted by comedian and activist Mark Thomas, was one of the few bright points in that year for David and me – which included my nearly dying of meningitis in Paris and David’s voluntary return to the UK to “face the music”; face the inevitable arrest, trial and conviction for a breach of the Official Secrets Act that followed on from his disclosures about spy criminality.

Anyway, enough of a detour down memory lane – back to Code Red. Regular readers of this website will know that I have some slight interest in the need to protect our privacy for both personal reasons and societal good. Over the last 18 years since helping to expose the crimes of the British spies, I have worked with the media, lawyers, campaigners, hackers, NGOs, politicians, wonks, geeks, whistleblowers, and wonderfully concerned citizens around the world – all the time arguing against the encroaching and stealthy powers of the deep, secret state and beyond.

While many people are concerned about this threat to a democratic way of life, and in fact so many people try to push back, I know from experience the different pressures that can be exerted against each community, and the lack of awareness and meaningful communication that can often occur between such groups.

So when Simon posited the idea of Code Red – an organisation that can functionally bring all these disparate groups together, to learn from each other, gain strength and thereby work more effectively, it seemed an obvious next step.

Some progress has already been make in this direction, with international whistleblower conferences, cryptoparties, training for journalists about how to protect their sources, campaigns to protect whistleblowers, activist and media collectives, and much more.  We in Code Red recognise all this amazing work and are not trying to replicate it.

But we do want to do is improve the flow of communication – would it not be great to have a global clearing house, a record, of what works, what does not, a repository of expertise from all these inter-related disciplines from a round the world that we can all learn from?

This is one of the goals of Code Red, which launched to the media at the International Journalism Festival in Perugia a few weeks ago.  We were then lucky enough to also hold a launch to the tech/hacktivist community in Berlin a few days after at C Base – the mother-ship of hackers.

Here is the film of the Perugia launch:

Code Red – launched in Perugia, April 2015 from Annie Machon on Vimeo.

No encryption? How very rude.

First published on RT Op-Edge.

It struck me today that when I email a new contact I now reflexively check to see if they are using PGP encryption.  A happily surprising number are doing so these days, but most people would probably consider my circle of friends and acquaintance to be eclectic at the very least, if not downright eccentric, but then that’s probably why I like them.

There are still alarming numbers who are not using PGP though, particularly in journalist circles, and I have to admit that when this happens I do feel a tad miffed, as if some basic modern courtesy is being breached.

It’s not that I even expect everybody to use encryption – yet – it’s just that I prefer to have the option to use it and be able to have the privacy of my own communications at least considered. After all I am old enough to remember the era of letter writing, and I always favoured a sealed envelope to a postcard.

And before you all leap on me with cries of “using only PGP is no guarantee of security….” I do know that you need a suite of tools to have a fighting chance of real privacy in this NSA-saturated age: open source software, PGP, TOR, Tails, OTR, old hardware, you name it.  But I do think the wide-spread adoption of PGP sets a good example and gets more people thinking about these wider issues.  Perhaps more of us should insist on it before communicating further.

Why is this in my mind at the moment?  Well, I am currently working with an old friend, Simon Davies, the founder of Privacy International and the Big Brother Awards. He cut his first PGP key in 2000, but then left it to wither on the vine. As we are in the process of setting up a new privacy initiative called Code Red (more of which next week) it seemed imperative for him to set a good example and “start using” again.

Anyway, with the help of one of the godfathers of the Berlin cryptoparties, I am happy to report that the father of the privacy movement can now ensure your privacy if you wish to communicate with him.

I am proud to say that my awareness of PGP goes back even further.  The first time I heard of the concept was in 1998 while I was living in hiding in a remote farmhouse in central France, on the run from MI5, with my then partner, David Shayler.

Our only means of communication with the outside world was a computer and a dial-up connection and David went on a steep learning curve in all things geek to ensure a degree of privacy.  He helped build his own website (subsequently hacked, presumably by GCHQ or the NSA as it was a sophisticated attack by the standards of the day) and also installed the newly-available PGP. People complain now of the difficulties of installing encryption, but way back then it was the equivalent of scaling Mount Everest after a few light strolls in the park to limber up.  But he managed it.

Now, of course, it is relatively easy, especially if you take the time to attend a Cryptoparty – and there will be inevitably be one happening near you some place soon.

Cryptoparties began in late 2012 on the initiative of Asher Wolf in Australia.  The concept spread rapidly, and after Snowden went public in May 2013, accelerated globally. Indeed, there have been various reports about the “Snowden Effect“.  Only last week there was an article in the Guardian newspaper saying that 72% of British adults are now concerned about online privacy. I hope the 72% are taking advantage of these geek gatherings.

The US-based comedian, John Oliver, also recently aired an interview with Edward Snowden.  While this was slightly painful viewing for any whistleblower – Oliver had done a vox pop in New York that he showed to Snowden, where most interviewees seemed unaware of him and uncaring about privacy – there was a perceptible shift of opinion when the issue of, shall we say, pictures of a sensitive nature were being intercepted.

Officially this spy programme is called Optic Nerve, an issue that many of us have been discussing to some effect over the last year.  In the Oliver interview this transmogrified into “the dick pic programme”.  Well, whatever gets the message out there effectively…. and it did.

We all have things we prefer to keep private – be it dick pics, bank accounts, going to the loo, talking to our doctor, our sex lives, or even just talking about family gossip over the phone.  This is not about having anything to hide, but most of us do have an innate sense of privacy around our personal issues and dealings and this is all now lost to us, as Edward Snowden has laid bare.

As I have also said before, there are wider societal implications too – if we feel we are being watched in what we watch, read, say, write, organise, and conduct our relationships, then we start to self-censor.  And this is indeed already another of the quantified Snowden effects. This is deleterious to the free flow of information and the correct functioning of democratic societies.  This is precisely why the right to privacy is one of the core principles in the 1948 Universal Declaration of Human Rights.

Lessons had then been learned from the Nazi book burnings and the Gestapo spy state, and privacy was recognised as a pre-requisite of open democracy. Yet now we see senior and supposedly well-informed US politicians calling for the modern equivalent of book burnings and failing to rein in the global abuses of the NSA.

How quickly the lessons of history can be forgotten and how carelessly we can cast aside the hard-won rights of our ancestors.

Edward Snowden, at great personal risk, gave us the necessary information to formulate a push back. At the very least we can have enough respect for the sacrifices he made and for the rights of our fellow human beings to take basic steps to protect both our own and their privacy.

So please start using open source encryption at the very least. It would be rude not to.