Group items tagged

GCHQ's mass surveillance spying programmes are probably illegal and have been signed off by ministers in breach of human rights and surveillance laws, according to a hard-hitting legal opinion that has been provided to MPs.The advice warns that Britain's principal surveillance law is too vague and is almost certainly being interpreted to allow the agency to conduct surveillance that flouts privacy safeguards set out in the European convention on human rights (ECHR).The inadequacies, it says, have created a situation where GCHQ staff are potentially able to rely "on the gaps in the current statutory framework to commit serious crime with impunity".

Last year, Hague told MPs: "It has been suggested GCHQ uses our partnership with the US to get around UK law, obtaining information that they cannot legally obtain in the UK. I wish to be absolutely clear that this accusation is baseless."However, the legal advice poses awkward new questions about the framework GCHQ operates within, the role of ministers and the legality of transferring bulk data to other spy agencies.The advice makes clear Ripa does not allow GCHQ to conduct mass surveillance on communications between people in the UK, even if the data has briefly left British shores because the call or email has travelled to an internet server overseas.

The legal advice has been sent to the 46 members of the all-party parliamentary group on drones, which is chaired by the Labour MP, Tom Watson.

GCHQ’s bulk surveillance of electronic communications has scooped up emails to and from journalists working for some of the US and UK’s largest media organisations, analysis of documents released by whistleblower Edward Snowden reveals. Emails from the BBC, Reuters, the Guardian, the New York Times, Le Monde, the Sun, NBC and the Washington Post were saved by GCHQ and shared on the agency’s intranet as part of a test exercise by the signals intelligence agency. The disclosure comes as the British government faces intense pressure to protect the confidential communications of reporters, MPs and lawyers from snooping.

Senior editors and lawyers in the UK have called for the urgent introduction of a freedom of expression law amid growing concern over safeguards proposed by ministers to meet concerns over the police use of surveillance powers linked to the Regulation of Investigatory Powers Act 2000 (Ripa). More than 100 editors, including those from all the national newspapers, have signed a letter, coordinated by the Society of Editors and Press Gazette, to the UK prime minister, David Cameron, protesting at snooping on journalists’ communications. In the wake of terror attacks on the Charlie Hebdo offices and a Jewish grocer in Paris, Cameron has renewed calls for further bulk-surveillance powers, such as those which netted these journalistic communications.

The journalists’ communications were among 70,000 emails harvested in the space of less than 10 minutes on one day in November 2008 by one of GCHQ’s numerous taps on the fibre-optic cables that make up the backbone of the internet. The communications, which were sometimes simple mass-PR emails sent to dozens of journalists but also included correspondence between reporters and editors discussing stories, were retained by GCHQ and were available to all cleared staff on the agency intranet. There is nothing to indicate whether or not the journalists were intentionally targeted. The mails appeared to have been captured and stored as the output of a then-new tool being used to strip irrelevant data out of the agency’s tapping process. New evidence from other UK intelligence documents revealed by Snowden also shows that a GCHQ information security assessment listed “investigative journalists” as a threat in a hierarchy alongside terrorists or hackers.

Now we can see what moves legislators to take swift action against domestic surveillance. It all depends on who's being targeted. A long-held "gentleman's agreement" that GCHQ would not spy on members of Parliament (with an exigent circumstances exception, naturally) was found to be not legally-binding by the UK's surveillance oversight tribunal. Today, a panel, headed by Mr Justice Burton, made declarations that the Wilson Doctrine applies only to targeted, and not incidental, interception of Parliamentary communications, but that it has no legal effect, save that in practice the Security and Intelligence Agencies must comply with their own guidance. The Wilson doctrine, implemented by prime minister Harold Wilson in November 1966, lay down the policy of no tapping of the phones of MPs or members of the House of Lords, unless there is a major national emergency, and that any changes to the policy will be reported by the prime minister to Parliament.

Once the Parliament members discovered they too could be subjected to GCHQ's "blanket surveillance," they moved quickly. MPs are to hold an emergency debate on the Wilson doctrine, amid fears the convention designed to prevent politicians' communications being spied upon is "dead". [...] Shadow Commons leader Chris Bryant led a successful application in the Commons for an emergency debate in response to Wednesday's judgment. The debate has been allocated up to three hours on Monday, October 19. When it's just the general public and foreign citizens of dozens of nations, politicians generally agree there's a "debate" to be had over dragnet surveillance. The debate then takes place with minimal input from those affected and tends to include large amounts of terrorist fear-mongering and quibbling over how much exactly national security agencies should be allowed to get away with. (As much as possible, usually. Especially when the fear-mongering side has the floor.)

When it's those up top discovering they, too, might be subject to the same surveillance they've inflicted on the rest of the nation (and foreigners who have been granted no rights whatsoever), they step all over themselves in their haste to "debate" the side of the issue that states they should continue to be excepted from the laws that apply to everyone else.

UK's High Court found the rushed Data Retention and Investigatory Powers Act (DRIPA) to be illegal under the European Convention on Human Rights and EU Charter of Fundamental Rights, both of which require respect for private and family life, as well as protection of personal data in the case of the latter. DRIPA was challenged by two members of Parliament (MPs), Labor's Tom Watson and the Conservative David Davis, who argued that the surveillance of communications wasn't limited to serious crimes, that individual notices for data collection were kept secret, and that no provision existed to protect those who need professional confidentiality, such as lawyers and journalists. DRIPA was pushed through in three days last year after the European Court of Justice ruled that the EU data retention powers were disproportionate, which invalidated the previous data retention law in the UK. The UK High Court also ruled that sections 1 and 2 of DRIPA were unlawful based on the fact that they fail to provide precise policies to ensure that data is only accessed for the purpose of investigating serious crimes. Another major point against DRIPA was that it didn't require judicial approval, which could limit access to only the data that is strictly necessary for investigations.

DRIPA passed in only three days, but the Court allowed it to continue for another nine months, to give the UK government enough time to draft new legislation. Although this almost doubles the time in which this law will exist, it might be better in the long term, as it gives the members of Parliament enough time to debate its successor, without having to rush yet another law fearing that the government's surveillance powers will expire. This court ruling arrived at the right time, as the UK government is currently preparing the draft for the Investigative Powers Bill (also called Snooper's Charter by many), which further expands the government's surveillance powers and may even request encryption backdoors. It also joins other recent reviews of the government's surveillance laws that called for much stricter oversight done by judges rather than the government's own members. "Campaigners, MPs across the political spectrum, the Government's own reviewer of terrorism legislation are all calling for judicial oversight and clearer safeguards," said James Welch, Legal Director for Liberty, a human rights organization.

Canada’s electronic surveillance agency has secretly developed an arsenal of cyberweapons capable of stealing data and destroying adversaries’ infrastructure, according to newly revealed classified documents. Communications Security Establishment, or CSE, has also covertly hacked into computers across the world to gather intelligence, breaking into networks in Europe, Mexico, the Middle East and North Africa, the documents show. The revelations, reported Monday by CBC News in collaboration with The Intercept, shine a light for the first time on how Canada has adopted aggressive tactics to attack, sabotage and infiltrate targeted computer systems. The latest disclosures come as the Canadian government debates whether to hand over more powers to its spies to disrupt threats as part of the controversial anti-terrorism law, Bill C-51.

Christopher Parsons, a surveillance expert at the University of Toronto’s Citizen Lab, told CBC News that the new revelations showed that Canada’s computer networks had already been “turned into a battlefield without any Canadian being asked: Should it be done? How should it be done?” According to documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden, CSE has a wide range of powerful tools to perform “computer network exploitation” and “computer network attack” operations. These involve hacking into networks to either gather intelligence or to damage adversaries’ infrastructure, potentially including electricity, transportation or banking systems. The most well-known example of a state-sponsored “attack” operation involved the use of Stuxnet, a computer worm that was reportedly developed by the United States and Israel to sabotage Iranian nuclear facilities. One document from CSE, dated from 2011, outlines the range of methods the Canadian agency has at its disposal as part of a “cyber activity spectrum” to both defend against hacking attacks and to perpetrate them. CSE says in the document that it can “disable adversary infrastructure,” “control adversary infrastructure,” or “destroy adversary infrastructure” using the attack techniques. It can also insert malware “implants” on computers to steal data.

According to one top-secret NSA briefing paper, dated from 2013, Canada is considered an important player in global hacking operations. Under the heading “NSA and CSEC cooperate closely in the following areas,” the paper notes that the agencies work together on “active computer network access and exploitation on a variety of foreign intelligence targets, including CT [counter terrorism], Middle East, North Africa, Europe, and Mexico.” (The NSA had not responded to a request for comment at time of publication. The agency has previously told The Intercept that it “works with foreign partners to address a wide array of serious threats, including terrorist plots, the proliferation of weapons of mass destruction, and foreign aggression.”) Notably, CSE has gone beyond just adopting a range of tools to hack computers. According to the Snowden documents, it has a range of “deception techniques” in its toolbox. These include “false flag” operations to “create unrest,” and using so-called “effects” operations to “alter adversary perception.” A false-flag operation usually means carrying out an attack, but making it look like it was performed by another group — in this case, likely another government or hacker. Effects operations can involve sending out propaganda across social media or disrupting communications services. The newly revealed documents also reveal that CSE says it can plant a “honeypot” as part of its deception tactics, possibly a reference to some sort of bait posted online that lures in targets so that they can be hacked or monitored.