Saturday, 22 June 2013

The Penny Drops


GCHQ and the Internet

Doing his best to impersonate a first World War general justifying tactics at the Somme, corporate whore Rockets Riffkind was on Radio 4 this morning. He was responding to the latest leak revealing what GCHQ are doing in our name but without our say. He huffed and puffed about how wonderful the Intelligence and Security Committee was at holding GCHQ to account. We need not worry our pretty little heads about all this nonsense in the papers. Rockets and his fellow corporate whores would subject GCHQ bosses to rigorous scrutiny. Hmmm. 

Britain's spy agency GCHQ has secretly gained access to the network of cables which carry the world's phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA).
The sheer scale of the agency's ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.” Guardian 22/6/13

The implications of what is going on are just starting to sink in. The enormity of the process and the implications for business and personal communication are beginning to be appreciated by business and professional bodies. Ross Anderson, Professor of Security Engineering at Cambridge University made several points in The Guardian yesterday. This was written prior to the publication of the latest leaks. 

“Edward Snowden’s revelations are now causing something of a crisis in the IT industry as its international customers start thinking through the implications. In the past week I've heard of big firms reconsidering plans to spend hundreds of millions on services that would have been hosted in the US, as they start to realise that US agencies might snoop on their data and use it to tip off their competitors. US service firms now fear this will harm their growth, and it's not just Microsoft and Google; many other companies such as Amazon, Salesforce and Rackspace could lose out.

....For years, BTinternet was outsourced to Yahoo. Where can I find a service that will guarantee to keep my confidential data in the UK? The information commissioner can't help: data-protection law has "safe harbour" loopholes designed to allow US service companies to pretend that they follow European Law even when their own government won't let them.....

..many people will fear they're at risk from the US intelligence community even if they're not. Last week I heard from a Greek colleague that a friend of his in Athens was raided by a local security agency, who told him that the Americans had tipped them off after reading his Gmail. That was surely nonsense. But if you're a Greek secret policeman, and a suspect's ex has tipped you off, then blaming the NSA is the perfect cover story. The world's spies and secret policemen treasure their aura of mysterious power, and the paranoia this generates; it helps them to get information out of suspects, and money out of treasuries. 

Web services are leading us to put all our eggs in one basket, and governments everywhere are grabbing for the basket. Visitors to Russia can be forced to disclose laptop passwords at customs; while even less competent governments (like Syria's) simply beat citizens' Facebook and Gmail passwords out of them. And dear Theresa May wants to revive her communications data bill to grant MI5 and the police the same access we now know GCHQ has via the NSA. 

What next? It's time for the British Medical Association, Law Society, Bar Council and other professional bodies to start thinking about the ethics of using cloud-based services for confidential client information.

What next indeed? There are suspicions that there is still a lot more to come. And there are so many reasons not to trust Rocket and his corporate chums who are not so much supine as collusive.

No comments:

Post a Comment