Thursday, 19 November 2015
"And part of establishing deterrence will be making sure that whoever attacks us knows we are able to hit back.
We need to destroy the idea that there is impunity in cyberspace.
We need those who would harm us to know that we will defend ourselves robustly. And that we have the means to do so.
This is the fifth element of the plan.
Thanks to the investment that we have made during the last Parliament, just as our adversaries can use a range of actions against us, from the virtual to the physical, so we are making sure that we can employ a full spectrum of actions in response.
We reserve the right to respond to a cyber attack in any way that we choose.
And we are ensuring that we have at our disposal the tools and capabilities we need to respond as we need to protect this nation, in cyberspace just as in the physical realm.
We are building our own offensive cyber capability – a dedicated ability to counter-attack in cyberspace.
We have built this capability through investing in a National Offensive Cyber Programme.
The Programme is a partnership between the Ministry of Defence and GCHQ, harnessing the skills and talents of both organisations to deliver the tools, techniques and tradecraft required for the UK to establish a world class capability." 'via Blog this'
Monday, 16 November 2015
GABRIELLE GUILLEMIN: I would be curious to hear from Chris Marsden who is Professor at Sussex University of what he thinks of the debate in United Kingdom when the investigative powers bill was published recently.
Much greater minds have contributed to my contribution this morning. I spoke to Jon Crowcroft who is a professor at Cambridge, and many other academics who are deeply involved in trying to explain to Parliamentarians about what is involved. Two people you should read. First and I almost take this draft bill as kind of the final insult, kind of postmortem insult, to Casper Bowden who has been one of the heroes of this debate. He died in July of this year. He wrote about the compatibility of mass surveillance with the European Convention on the Human Rights and he has been advising the European Parliament on this for 15 years. The second is my coauthor on our book where we talk about default encryption. His name is Ian Brown and he is a professor at Oxford. And if you have read anything by Ian and Casper, you will be much more educated than with what advice I have given today."
Friday, 11 September 2015
For the first story, the British obtained the ciphertext of the telegram from the Mexican commercial telegraph office. The British knew that the German Embassy in Washington would relay the message by commercial telegraph, so the Mexican telegraph office would have the ciphertext. "Mr. H", a British agent in Mexico, bribed an employee of the commercial telegraph company for a copy of the message. (Sir Thomas Hohler, then British ambassador in Mexico, claimed to have been "Mr. H", or at least involved with the interception, in his autobiography.) This ciphertext could be shown to the Americans without embarrassment. Moreover, the retransmission was enciphered using cipher 13040, so by mid-February the British not only had the complete text, but also the ability to release the telegram without revealing the extent to which the latest German codes had been broken—at worst, the Germans might have realized that the 13040 code had been compromised, but weighed against the possibility of United States entry into the war that was a risk worth taking.
Finally, since copies of the 13040 ciphertext would also have been deposited in the records of the American commercial telegraph, the British had the ability to prove the authenticity of the message to the United States government.
As a cover story, the British could publicly claim that their agents had stolen the telegram's deciphered text in Mexico. Privately, the British needed to give the Americans the 13040 cipher so that the United States government could verify the authenticity of the message independently with their own commercial telegraphic records, however the Americans agreed to back the official cover story. The German Foreign Office refused to consider a possible code break, and instead sent von Eckardt on a witch-hunt for a traitor in the embassy in Mexico." 'via Blog this'
Friday, 10 July 2015
Obituary: Caspar Bowden, a fearless privacy pioneer
The world’s privacy advocates are reeling over the loss of one of their most influential and feared campaigners, Caspar Bowden, who has died of cancer. His fierce and combative evangelism for online privacy over two decades and surgical analysis of complex surveillance legislation raised the standard of commentary that influenced advocacy groups at home and abroad.
I had the honour and the pleasure of becoming a close friend and co-conspirator of Caspar. It wasn’t always easy – he held high expectations of his colleagues, who could often experience his wrath whenever they dared to negotiate with “the bastards” (whoever they happened to be at the time). The archaic American expression “ornery” could well have been invented for Caspar Bowden, as his opponents well knew.
In conferences and meetings where officials and ministers appeared there was frequently what became known as the “popcorn moment”, when Caspar would stand up and, from the back of the hall, clear his throat and launch into a devastating critique that would utterly destroy the credibility of his opponents. Within two years, ministerial staffers were routinely calling me to find out whether Caspar would be in the audience. No better tribute could ever be awarded to any campaigner.
Caspar joined the mainstream privacy world in 1997 during the Scrambling for Safety encryption event that I organised at the London School of Economics, and soon after he co-founded the Foundation for Information Policy Research (FIPR), which became the most astute think-tank in Britain in the field of surveillance.
At the time Caspar chaired Scientists for Labour, an organisation which at the time believed that the Labour Party (which had been elected to government only 18 days earlier) would actually respect scientific advice. The reams of dangerous and intrusive legislation the Labour government subsequently passed caused him to ditch this fantasy. In the years since Caspar appeared to abandon all faith in parties, taking pride in comparisons with TV character Mr MacKay in the comedy series Porridge, who famously said: “I have a job to do and, whatever else I am, I’m firm but fair. I want you to know that I treat you all with equal contempt”.
In 2002 Caspar joined Microsoft’s operation in Europe as chief privacy strategist, but the arrangement was a bad fit. Caspar continued to be outspoken, eventually parting company with Microsoft after he criticised the lack of privacy measures in its software and the firm’s cosiness with US government spooks. Years before Snowden’s revelations about US and UK mass surveillance in 2013, Bowden had already become deeply worried about the relationship between companies and security agencies – with his arguments about the safety of cloud data proven true by the subsequent leaks.
Gus Hosein, executive director of Privacy International and an an old friend and colleague said:
I’m not new to this issue, but whenever I struggle to get my head around the implications of a new policy or technology, I always looked to Caspar. I sought his guidance to navigate it, but I feared what he would say if I came out with something stupid. The future is uncertain enough, but without him it is even more daunting.
Caspar was very accurately described by another close friend and colleague Ian Brown, professor of Information Security and Privacy at Oxford University:
Caspar was a truly unique individual, one of the most passionate, methodical, relentless advocates of any cause I have met. I learnt so much from him as we worked together on and off for nearly 20 years on privacy issues. His forensic analysis of UK surveillance laws, and later European and US legislation, was essential reading for anyone who wanted to understand the implications of some extremely obscure language – including legislators themselves.
Brown believes UK internet users are still benefiting from Caspar’s successful campaign to remove “Big Browser” surveillance powers from the Regulation of Investigatory Powers Act 2000, and to ensure the burden of proof was not put onto individuals who might have actually forgotten passwords later demanded by police. His important reports for the European Parliament will also be key in the long-term decisions made by the EU to protect the privacy of its 500m citizens.
Anyone who knew Caspar understood that he was dogged in his later years by a deep cynicism about progress in privacy. Deeply mistrustful of governments, corporations and even the law, he eschewed mobile phones and came to place his faith almost solely on mathematical solutions, for example by heavily promoting the concept of differential privacy, which attempts to prevent a loss of privacy in situations where details can be inferred from other data.
Perhaps Caspar’s greatest legacy is that, in an age of increasing compromise, he showed us the importance of dogged, non-negotiable persistence. As George Bernard Shaw observed, all progress depends on the unreasonable man. In that respect, Caspar was a beacon of progress.
Thursday, 18 June 2015
These commercial pressures, have changed in the past few years, as large internet companies start relying heavily on serving end-users (search, webmail, social networking). Sadly, these companies have adopted both a business model — ad-based monetization — and a technical architecture — cloud computing — that makes meaningful privacy protection very difficult. In turn the “success” of those architectures has lead to an extreme ease of developing using this model, and an increasing difficulty in providing end-user solutions with appropriate privacy protections — let alone usable ones.
The rise of services has pushed a number of key privacy technologies into not being commercially supported and a key feature, and in effect at best a “common” — with the governance and funding problems this entails. We have recently learned about the systemic under funding of key privacy technologies such as OpenSSL and GPG. Technologies like Tor are mostly funded for their national firewall traversal features, seeing development on anonymity features suffer.
Unlike other commons (health, parks, quality assurance in medicines), the state has not stepped in to either help with governance or with funding — all the opposite. For example, standardization efforts have systematically promoted “surveillance by design” instead of best of breed privacy protection; funding for surveillance technology is enormous compared to funding for privacy technologies, and somehow ironically, a number of calls for funding of privacy technologies are in the context of making surveillance more “privacy friendly” — leading to largely non-nonsensical outcomes." 'via Blog this'
Sunday, 26 April 2015
The documents warn that a lack of action could lead to a "point of no return", where economies are irreversibly tied to a handful of large companies. Examples include the likes of Amazon, Etsy, Trip Advisor, Facebook, and Google.
They are mentioned as having undue power over their sectors of the market and can exclude any company or products they feel like, without evidence, by claiming they breach terms and conditions.
Apparently this could potentially put the whole European economy at risk due to market exploitation.
To tackle this the documents propose that a new "supervision framework" should be put together and do things like ban unfair business practices and prevent internet companies from using their platforms to provide preferential treatment to their own services." 'via Blog this'
Tuesday, 14 April 2015
One such player is the Applied Research Laboratory of Pennsylvania State University. As a Pentagon-designated university-affiliated research center, Penn State's ARL "maintains a special long-term strategic relationship with DoD," the lab brags in an online presentation. That relationship accounts for nearly half the university's research budget—and it includes work on Annapolis's RADIANT GEMSTONE, the only public mention of this highly secretive program:
How excited is the Navy about this new mission? Imagine being the only kid on the block with a shiny new red wagon. The service's admiral in charge of cryptology says the Navy is anxiously crafting "an ordered, sustainable maritime means of realizing military power in cyberspace."
Still: What does that mean? When you can spy on anyone, anywhere, anytime—not just heads of state, but anyone on a cell or a WiFi connection—what do you actually do? More to the point: Who was the Annapolis spying on last year?
We know roughly where it traveled through the "European and Central Command areas of responsibility"—near Iran, Israel, perhaps even Yemen.
We know that its crew briefed those NSA and CIA officials. We know that Parks, his mission accomplished, recently stepped aside and handed command of Annapolis to a "tactical analysis" expert from Submarine Development Squadron 12." 'via Blog this'