Subject: CN=www.mi5.gov.uk, OU="Member, VeriSign Trust Network", OU=Authenticated by VeriSign, OU=Terms of use at www.verisign.co.uk/rpa (c)05, O=MI5 Security Service, L=London, ST=London, C=GB

Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.", O=VeriSign Trust Network

Serial Number: 5BD3 998F 7FFC 7F10 E1AF 83C6 A91C 6028

Valid from: 16-Apr-2009 01:00:00 BST

Valid Until:16-Apr-2012 00:59:59 BST (EXPIRED)

Public Key: RSA (4,096 bits)

SignatureAlgorithm: SHA1withRSA

SHA-1 Fingerprint: BA:02:E2:20:5A:4E:96:31:0B:47:8E:07:EF:DF:D8:3D:47:9C:C3:AE

MD5: A4:BA:FA:B5:81:71:F5:39:6F:BE:52:75:6F:02:9E:1D

Why was a new Digital Certificate not installed last week ?

Since the MI5 website re-directs to an SSL / TLS https:// only version, they have effectively created a Denial of Service attack on themselves.

This Connection is Untrusted web browser warnings do not give the impression of professional competence and respect for confidentiality, which potential users of their
Reporting Suspected Threats web form should expect..

None of these websites are vital to the running of the country, especially not on a Saturday evening on a Bank Holiday weekend, when nobody is visiting them, but they are symbolic targets.

The organisers of this supposed "hactivism" were some self appointed faction under the hydra headed #Anonymous twitter hive mind.

See the Twitter hashtag #OpTrialAtHome

The "justification" they claimed was to somehow "support" the controversial Extradition cases of Gary McKinnon, Richard O'Dwyer and Chris Tappin, something which they have not achieved..

Nevertheless these people declared the event a success and then, on the Sunday, they threatened to do the same to the GCHQ website , starting at 8pm GMT on Saturday 14th April 2012.

This "news" has been reported by IT trade publications and picke dup by the national newspapers and broadcast media, especially following the arrests of a couple of teenagers in the West midlands, who may be the vaguely associated with the #teampoison attacks on the Metropolitan Police Anti-terrorism hotline.
(misreported by the "hackers" and far too many other online "news" sources as somehow being MI6 the Secret intelligence Service, who have nothing to do with any public hotlines whatsoever)

As with MI5 and the MI6/SIS websites, only http://www.gchq.gov.uk is valid, not http://gchq.gov.uk on its own

A few hours before the announced attack time, the default GCHQ web page started to be re-directed down a level to:

http://www.gchq.gov.uk/Pages/homepage.aspx

At about 19:40 BST i.e. 18:40 GMT British Telecom , on whose servers this public website appears to be running, put a temporary 302 redirect to e.g.

http://213.121.151.40/TPpRO/c3aba573/43de84c1/www.gchq.gov.uk/

instead of the previous IP address of http://195.171.165.115 which was advertised ahead of time on a Twitter Twitpic graphic:

http://twitpic.com/97d6yn

Note the ambiguous slogan: "Fight Online Privacy" - are the anonymous organisers / manipulators behind this DDoS attack actually on the same side as GCHQ - both of them appear to be fighting against your right to online privacy.

Note also the inevitable confusion - many of the "script kiddies" and gullible journalists will not have read the announcement properly and will assume that 8 PM British Summer Time is somehow the same as 8pm Greenwich Mean Time. (9pm BST)

Much more seriously, the published comment on this web page is actively encouraging the "hactivists" to download a scritpt kiddy "point and click" Denial of Service attack tool called "High Orbit Ion Cannon" - hence the "pew pew pew - fire your Laz0rs" instructions to the exploited cult followers.

There are no warnings whatsover about the fact that participating in this DDoS attack or even just downloading the HOIC tool is a criminal offence in the UK, with up to ten years and two year in prison respectively.

See the control freak Labour government's amendments to the Computer Misuse Act 1990 which came into force in October 2008 and which claims worldwide legal jurisdiction:

• 3.Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc. - up to 10 years in prison for paricipating in the DDoS attack

• 3A.Making, supplying or obtaining articles for use in offence under section 1 or 3- up to 2 years in prison for downloading the HOIC tool
  

The timing of these DDoS attacks appears to have been deliberately (or utterly incompetently) chosen to minimise any political impact on the Government or civil servants i.e. on a Saturday evening when nobody in the Government department concerned is likely to have anyone ringing up to complain that their website is unavailable, and well past the print run deadlines for the Sunday newspapers.

If people want to protest by accessing a Government website, then they should be able to, but they must also be made aware of the risks of legal prosecution and potential punishments.

The fact that the organisers of these attacks have not done so, smells of Entrapment by Agents Provocateurs, perhaps like the notorious #Sabu, who are under the control of an intelligence or law enforcement agency and who are actually helping to jusify the repressive Communications Capabalities Development Programme being promoted by the securocrats in Whitehall to the bumbling Coalition politicians.
.

20:05 BST - the GCHQ website seems to be running smoothly

Minister's letter fails to answer key questions

The text of the letter is published by the ConservativeHome blog:

http://conservativehome.blogs.com/files/mayclarkeletter.pdf (.pdf)

It really is shocking how little detailed grasp of the technological and social impact Government Ministers and MPs seem to have.

The Special Political Advisors / spin doctors who draughted this letter seem to have deliberately omitted key features of the both the Communications Data Development Programme and of the Green Paper on Justice in this briefing letter to MPs.

HOUSE OF COMMONS

4 April 2012

Dear Colleague

There has been a lot of press coverage in recent days about two of our key policies to maximise public protection: on communications data capability and the Justice and Security Green Paper. We are committed to maintaining national security and protecting the public in the face of changing circumstances whilst continuing to honour our commitment to protect civil liberties.

1. Communications data capability

The need to act

Communications data - information such as who called whom and at what time - is vital to law enforcement, especially when dealing with organised crime gangs, paedophile rings and terrorist groups. It has played a role in every major Security Service counter-terrorism operation and in 95 per cent of all serious organised crime investigations. Communications data can and is regularly used by the Crown Prosecution Service as evidence in court.

But communications technology is changing fast, and criminals and terrorists are increasingly moving away from landline and mobile telephones to communications on the internet, including voice over internet services, like Skype, and instant messaging services. Data from these technologies is not as accessible as data from older communications systems which means the police and Security Service are finding it increasingly hard to investigate very serious criminality and terrorism. We estimate that we are now only able to access some 75% of the total communications data generated in this country, compared with 90% in 2006. Given the pace of technological change, the rate of degradation could increase, making our future capability very uncertain.

We estimate that we are now only able to access some 75% of the total communications data generated in this country, compared with 90% in 2006.

Politicians may be easily fooled by statistics, but we are not.

Theresa May and the Home Office need to publish the actual evidence and assumptions on which they have based these figures.

One place where these figures should have been available from, but they are not, is from the censored Annual Report of the Interception of Communications Commissioner.

That is why, in the Government's Strategic Defence and Security Review, published in 2010, we said we would "introduce a programme to preserve the ability of the security, intelligence and law enforcement agencies to obtain data and to intercept communications within the appropriate legal framework."

We therefore propose to require internet companies to collect and store certain additional information, like who an individual has contacted and when, which they may not collect at present. The information will show the context - but not the content - of communications. So we will have for internet-based communications what we already have for mobile and landline telephone calls.

It is simply not technologically possible to obtain the "certain additional information, like who an individual has contacted and when" from social networking websites like Facebook or Twitter, without Intercepting the Content of these web based services

Safeguarding civil liberties

When we published the Defence and Security Review, we also made clear that we would "put in place the necessary regulations and safeguards to ensure that our response to this technology is compatible with the Government's approach to information storage and civil liberties." In seeking to ensure our law enforcement agencies continue to retain capabilities to protect us from harm, civil liberties will be respected and protected.

The data will be stored by the industry to enhanced standards which we shall set and which will be overseen by the Information Commissioner. The data will be available only to designated senior officers, on a case-by-case basis, authorised under the Regulation of Investigatory Powers Act (RIPA), and the process will be overseen by the Interception of Communications Commissioner. It will be available only if it is necessary and proportionate to a criminal investigation.

If sufficiently "juicy" or "newsworthy", such material has been handed over for free or sold to politically favoured media journalists or sold corruptly to private investigators / information traders , many of whom are former police or intelligence agency employees.

It is also sent, without any effective safeguards whatsoever, to foreign governments.

The majority of the data will be retrospective not real time (an exception might be the tracking of a communications device during a terrorist operation or kidnapping) and will be used as part of an investigation to identify key facts, including as evidence in courts.The police and other agencies will have no new powers or capabilities to intercept and read emails or telephone calls and existing arrangements for interception will not be changed. We envisage no increase in the amount of interception as a result of this legislation.

So what ? The new proposals have nothing to do with the existing system of email and phone interception.

The new proposals will try to extend this existing flawed RIPA regime to social media like FaceBook and Twitter, to Voice over IP telephony, video conferencing and chat like Skype orthe various Instant Messaging protocols, to search engine searches like Google and to Peer to Peer filesharing like Bittorrent

The impression being given is that this snooping will only be available for terrorism or serious crime investigations, but the exisiting RIPA allows Communications Data to be grabbed for much less serious alleged crimes as well.

Differences with Labour's proposals

Despite what has been claimed by some, this is very different to the scheme proposed by the last government. They wanted to build a Big Brother database with all communications data held in one place by government. Under our proposals, there will be no government database and the data recorded will be strictly limited and regulated and will be destroyed after a year.

The data will not be stored by the police or government but by communications service providers who already store some of this data for their own business purposes and under the EU Data Retention Directive. They will be paid by government for this service. But the costs incurred are a fraction of those we would face if we had to try to find an alternative way of developing the very significant evidence that this data provides us; indeed there is no like-for-like alternative.

Labour's original proposals were for a centralised database, which they then changed to a distributed database held by the Communications Service Providers, after their Intercept Modernisation Programme had been ridiculed by everyone who was expected to make it work in practice.

The Conservative / Liberal Democrat Government's vague plans for Communications Data Development programme sound identical in practice to those discredited Labour fantasies.

We have already made changes to limit who can access communications, and how they can access it, and we intend to make further changes in future. Local authorities will now have to get a magistrate's approval to see communications data and they will not be permitted to see more than simple data, such as subscriber to a mobile phone.

There are some clauses in the so called Protection of Freedoms Bill, which is still not on the statute books, over a year after it was introduced.

It is therefore a lie to claim that they have "already" done anything or that "Local authorities will now have to get a magistrate's approval" - these legal powers have not yet been been passed into law, let alone commenced !

We intend to ensure that all departments who can get access to any data will only be able to do so under one legal framework, set out in RIPA.

The previous Labour government lied about doing this as well.

Instead they let the arrogant Department for Social Security / Department for Work and Pensions abuse their "legacy" powers i.e. Section 109B of the Social Security Administration Act 1992 (as amended by the Social Security Fraud Act 2001) passed after RIPA, to grab Communications Data for free, without having to pay the nominal processing fee of around £15 to £25 pounds for a targeted Name and Address Subscriber request form British Telecom etc. and without having to undergo any RIPA training or to submit to even the cursory RIPA Interception of Communications Commissioner oversight scheme.

The importance of forcing junior bureaucrats to actually get their bosses and accounts departments to sanction the auditable expenditure of public money, when they make such Communications Data snooping requests cannot be overemphasised. It is effectively the only mechanism which prevents excessive demands for "all Communications Data" in a certain geographic area or during a certain time period from being demanded, over and over again by inexperienced or lazy or corrupt investigators.

As soon as data is slurped "in bulk, in real time" into secret, unaccountable databases for "data mining", then the risks of corruption, abuse and false positives ruining the lives of innocent people, at great expense, without actually catching any more criminals as a result, increases dramatically.

Access to communications data will be overseen by the Interception of Communications Commissioner. So this is not, as some have tried to suggest, a transfer of power from the judiciary to the state.

There is currently no judicial involvement at all (the secretive Interception of Communications Commissioner and the Intelligence Services Commissioner are both retired senior Judges, but they do not approve or decline any Interception warrants (rubber stamped by a Secretary of State or an anonymous senior civil servant)

The police and Security Service will not be able to intercept the content of calls and emails, except as now when it is necessary and proportionate as part of an investigation relating to serious crime or national security, and only when they have obtained a warrant signed by a Secretary of State.

A balanced approach

For the first time in more than a decade, we have a government that respects civil liberties.

The previous Labour control freak government used to claim that they also "respected civil liberties", but they literally used Orwellian newspeak to redefine the meaning of such words.

It is up to the Coalition government to prove through action, not just words, that they are really different from their Labour predecessors.

We have abolished ID cards, cut back government databases and limited pre-charge detention. But we must not allow the internet to become an unpoliced space, with criminals
free to go about their business with abandon.

The Government's Strategic Defence and Security Review - in which we announced our intention to update communications data capability in October 2010 - can be found here.

Green Paper on Justice and Security

The Government also faces a problem with challenges to executive decisions, for example when it refuses British citizenship or excludes from the UK an individual believed to be involved in activities which threaten national security. These decisions are made on the basis of sensitive intelligence. In judicial reviews of such decisions, again, there is no statutory basis for closed material procedures to be available to the court. This means the Government is unable to fight the case and may have to allow British citizenship to an individual believed to be engaged in terrorism-related activity, for example, because the courts have no secure forum to handle the appeal process.

How many times has such a refusal of British citizenship ever happened ?

There is no problem if there is some actual prima facie hard evidence, of actual terrorist activity against British interests.

If all there is is "intelligence" consisting of unfounded rumours, gossip, anonymous denunciations, false positive identifications etc. then this should rightly be ignored by a Court , just like Hearsay "evidence" for exactly the same common sense reasons.

The recent MI5 investigation into Ekaterina Zatuliveter, showed how incompetent and superficial such "investigations" can be.

That case also shows that there already is a "secure forum to handle the appeal process" "national security" and Immigration and British citizenship executive decisions - the Special Immigrations Appeals Commission (SIAC)

Our proposals

These examples illustrate the compelling case for changing the current rules so that these sorts of cases can be properly heard in a Closed Material Proceeding (CMP) by a judge, where a judgment can be reached on the basis of all

The circumstances in which a CMP would be triggered would be exceptional and rare. They will not apply at all to criminal proceedings and would only apply in compensation cases, or other civil cases based on highly sensitive intelligence material.

The proposals in the Green paper also attempt to "nobble" the Inquests into deaths caused by the Police or by UK or Foreign Military forces, especially by USA "friendly fire".

The Daily Mail is claiming today, via some anonymous Whitehall briefing, that this aspect of the Green Paper, which is not mentioned in this letter, may perhaps be dropped:

Climbdown on secret inquests: Victory for the Mail's open justice campaign

Alongside these proposals to extend judicial scrutiny over Government actions, we also want to give Parliament greater powers of scrutiny by increasing the status, remit and powers of the Intelligence and Security Committee. One option in the Green Paper is for the ISC to be made a statutory Committee of Parliament, to allow it to hold public evidence essions and to give it the power to require information from the security and intelligence agencies.

Spy Blog has been following the inadequate scrutiny provided by the Intelligence and Security Committee for years.

The overall effect is that the Security Service will be more accountable to Parliament and to the courts than at present and that more sensitive evidence will be considered by courts than is possible now.

The Green Paper can be found here.

https://update.cabinetoffice.gov.uk/sites/default/files/resources/green-paper_1.pdf (.pdf)

Further information

We will listen to those who have made suggestions as we develop our plans. If you require any more information, please do get in touch with our PPSs Edward Timpson MP and Ben Wallace MP.

Theresa May Kenneth Clarke

Where is the important topic of Intercept as Evidence for use by either the prosecution or defence in Court (currently forbidden by the Regulation of Investigatory Powers Act 2000 section 17 exclusion of matters from legal proceedings), which is entirely relevant to both the CCDP and CMP proposals ?

The Sunday Times has published a rather meagre front page article on the Coalition government's revival of Labour's All Your Internet Are Belong To Us snooping plans:

Instead of just passively waiting for another NuLabour style fait accompli, please contact your local MP and / or join or support cross party groups like NO2ID Campaign or the Open Rights Group

Sunday Times
Sunday 1st April 2012

Government to snoop on all emails
David Cracknell

David Cracknell used to have several "anonymous" sources within Government and was briefed "off the record" by Whitehall spin doctors

Is the poor quality of this article the result of the anti-Murdoch press "cover your own backsides" attitude which now prevails in Whitehall , following the "phone hacking" / corruption scandals which closed the News of the World and which are tainting even the Sunday Times ?

The government is to expand hugely its powers to monitor email exchanges and website visits of every person in Britain.

Under plans expected to be announced in the Queen's speech next month, internet companies will be told to install thousands of pieces of hardware to allow GCHQ, the government's eavesdropping centre, to scrutinise "on demand" every phone call made, text message and email sent and website accessed in real time.

They already have this legal power which does not require any sort of judicial warrant, under the notorious Regulation of Investigatory Powers Act 2000. All that GCHQ needs is a "catch all" Warrant or Certificate signed by a Secretary of State i.e. normally, in their case, the Foreign Secretary William Hague.

This introduced the legal power to install "black box" snooping hardware at the major Telecommunications companies and Internet Service Providers, overseen by the Technical Advisory Board.

The amount of money the the Labour government was willing to pay for this snooping infrastructure was a paltry sum, which is why it took so long for any agreement with the ISPs. N.B. the interests and priorities of ISPs and Telecomms companies are not the same as those of their customers.

The volume of internet data flowing today is orders of magnitude more than that envisaged back in 2000, so If the new plan is to really going to install "thousands of pieces of hardware", then this plan will cost billions of pounds.

An effort by Labour to introduce a similar law was shelved in 2006 after fierce opposition from the Tories, Liberal Democrats and pri­vacy campaigners.

The useless Jacqui Smith threatened us with a Communications Data Bill, but that was in 2009, not 2006

While the new law would not allow GCHQ to monitor the content of communica­tions without obtaining a warrant, it would permit the intelligence agency to trace whom a person or group had contacted, when, for how long and how often.

That is no different from the existing RIPA law then

Members of the Internet Service Providers' Associa­tion, which represents more than 200 businesses including BT, Virgin Media and Google, were given some details of the proposals last month and were alarmed by what they were told.

So why does this Sunday Times article not mention the Communications Capabilities Development Programme (CCDP), which is what the ISPs were briefing other journalists on last month ?

See Spy Blog: Whitehall risks public and internet industry revolt against their secretive Communications Capabilities Development Programme (CCDP) internet and phone snooping plans

A senior industry official said: "It's mass surveillance.
The idea is that the network operator should effectively intercept the
communications between, say, Google and some third party

"the network operators are going to be asked to put probes in the network and they are upset about the idea ... It's expensive, it's intru­sive to your own customers, it's very difficult to see it's going to work properly and it's going to be a nightmare to run legally."

The association said: "It is important that proposals to update government's capabili­ties to intercept and retain communications data... are proportionate, respect freedom of expression and the privacy of users."

Why doesn't the Sunday Times name the "senior industry official" or even the "Internet Service Providers' Associa­tion" spokesman ?

Under the current law, companies must keep records for some traditional types of phone and electronic commu­nication for a year.

Hold on, the European Union Data Retention regulations e.g.

The Data Retention (EC Directive) Regulations 2009

are about forcing ISPs and Landline and Mobile Phone companies to keep Communications Data unnecessarily, which they would otherwise have been obliged to delete under the Data Protection Act, since they themselves no longer have any legitimate use for it, especially if the internet or mobile phone bills have been pre-paid. Data Retention is not about access to such retained data.

The new legislation would extend this provision to cover a much wider field, including social media sites such as Facebook and Twitter and online video games.

Perhaps the Sunday Times is actually writing about CCDP then.

N.B. CCDP is not not just a GCHQ project (which has its own "Mastering the Internet" investment programme) but is being "coordinated" by the technologically inept Home Office.

It is not physically possible to get Communications Traffic Data form foreign based social media websites like FaceBook or Twitter without actually using techniques such as Deep Packet Inspection and perhaps even Man-In-The-Middle Attack SSL / proxies i.e. it requires actual Interception of the Content of these websites to do this.

The only countries which attempt to do this at the moment are repressive regimes like Iran, China, Saudi Arabia etc.

Dominic Raab, a Tory MP who has campaigned for civil liberties, said: "If over-zealous officials are trying to resuscitate Labour's flawed paln for 'big brother' monitoring, ministers need to nip this in the bud."

MI5 and GCHQ have been lobbying hard for the wider powers which, they believe, are a crucial tool to combat terrorism and serious crime.

Serious Crime is not within the remit of either GCHQ or MI5

The Police cannot cope properly with the vast amount of data they already gather, so why will "searching for a needle in a haystack, by throwing in several more haystacks", be cost effective ?

There is no evidence that holding 6 month or 1 year old Communications Data of hundreds of millions of innocent people in the European Union, has been of any use in catching criminals or terrorists. Where it has been of use, e.g. in the recent Toulouse serial killer / extremist case, the Communications Data has been very recent and the searches have been narrowly targeted to a suspects known phones or email addresses or to a victim's web advert etc.

At present GCHQ can use probes to monitor the content of calls and emails sent by specific individuals who are the subject of police or security service investigation, provided it has ministerial approval.

For "ministerial approval" read "ministerial or senior official rubber stamp"

There should actually be independent Judicial warrants for such intrusive interception surveillance, not rubber stamping by politicians.

The Home Office said it would introduce new legislation "as soon as parliamentary time allow" but stressed that the data to be monitored would not include content.

Why does the Sunday Times not name this anonymous Home Office spokesman ?

Which part of the phrase "Deep Packet Inspection = Interception of Content" does the Home Office not understand ?

Have all the civil servants and SPADs who embarrassed themselves and the Home Office over the BT / Phorm scandal now been promoted to other jobs, leaving their inexperienced "generalist" replacements to magically formulate "policy" without any technical experience or knowledge ?

Incredibly this article does not really mention Mobile Phones and especially Mobile Phone Location Data.

This, like other forms of Communications Data is available via automated gateway computer systems to authorised Police and Intelligence Agency investigators, but it is meant to be narrowly targeted and proportionate, under a combination of the Regulation of Investgatory Powers Act 2000 (which permits such agencies to make such requests) and the Data Protection Act 1998 (which exempts the Telcos and Mobile Phone Networks and ISPs from prosecution for handing such data over to them)

Is this Sunday Times article, a high quality briefing / leak by Whitehall mandarins ?

Is it safe to interpret the omissions like Soviet era Kremlinologists, and read between the lines that some of the previously evil plans which have been touted, have been watered down ?

Our opinion is that no, this is a flawed article, which has either had many important details removed by the editors for front page space reasons, or which is being deliberately deceitful by omission.

Unfortunately, as is so often the case with today's "news" industry, this article has been re-published by , for example, the Press Association, with even fewer important technical and legal details:

The Independent
Sunday 01 April 2012

Expansion of GCHQ internet monitoring proposed

Gavin Cordon

[...]

The Home Office confirmed that ministers were intending to legislate "as soon as parliamentary time allows".

"It is vital that police and security services are able to obtain communications data in certain circumstances to investigate serious crime and terrorism and to protect the public. We need to take action to maintain the continued availability of communications data as technology changes," a spokesman said.

Why does the Independent not name this anonymous "spokesman" ?

"Communications data includes time, duration and dialling numbers of a phone call, or an email address. It does not include the content of any phone call or email and it is not the intention of Government to make changes to the existing legal basis for the interception of communications."

[...]

Note the (deliberate ?) omission of Mobile Phone Location Data in this alleged definition of Communications Data. This does not include Tweets or Facebook "likes" , which do require interception of the content of a web browsing session (also deliberately not mentioned ?)

David Davis, one of the few Conservative MPs who stood up for civil liberties when in opposition to Labour, has rightly criticised this plan in this BBC video clip, in which he does mention some of the things omitted by the Sunday Times:

Email and web use 'to be monitored' under new laws

However, we are not sure where the "retention for 2 years" comes from and despite the mention of "magistrates and courts", none of that has applied since 2000 - the only "warrants" are those rubber stamped by politicians or officials for Interception, and "self authorised" requests by the Police and Intelligence Agencies. There is no involvement of independent Judges or Magistrates at all in the UK, with either electronic (or postal) communications Interception or with Communications Data or with Intrusive Surveillance (planting of bugging or tracking devices, use of Confidential Human Intelligence Source informants etc.)

Not only are all drivers snooped on all of the time, day and night and at weekends (even when there is no Congestion Charge to pay), but the photos and number plate / time / date / ANPR checkpoint location data is handed over, in secret, in bulk, in real time, to theMetropolitan Police and to other "national security" agencies , both in the UK and in foreign countries like the USA, thanks to the Ministerial Certificates signed by the then (useless) Labour Home Secretary Jacqui Smith.

See the previous Spy Blog articles:

• More secrecy over the London Congestion Charge and Low Emission Zone CCTV and ANPR spy cameras - data on innocents handed over to USA spooks - April 2008

• Home Secretary Jacqui Smith cripples the Data Protection Act regarding the London Congestion Charge ANPR Mass Surveillance scheme October 2007
  

Today the Guardian / Observer reports that:

Private data on British drivers will be stored offshore

Secret move by IBM, which runs London's congestion charge, will allow access to sensitive DVLA information

Daniel Boffey, policy editor
The Observer, Sunday 18 March 2012

The government has secretly agreed that the "particularly sensitive" personal data of all 43 million drivers in the UK can be contracted offshore to India in a move that will allow the private firm running London's congestion zone to cut costs and make more money.

Unecessary risks to our "particulary sensitive" personal data is bad, but this should not to be confused with the Data Protection Act 1998 section 2 Sensitive Personal Data, none of which should be collected by the London Congestion Charge at all, but which probably is, if you are registered disabled etc.

Data from the Driver and Vehicle Licensing Agency, including addresses, dates of birth and registration plate numbers, along with credit card details, will now be accessible to staff outside the UK following a review by ministers.

Since many people pay the Congestion Charge via mobile phone, these phone numbers willalso now be at increased risk of abuse.

Which Coalition Government Minister signed off on this privacy unfriendly policy ? Was it Justine Greening, Theresa Villiers, Mike Penning (all Conservatives) or Norman Baker (Liberal Democrat) ?

Why has this unecessary risk to Londoners privacy and security not been vetoed by the Mayor of London Boris Johnson, who is supposed to be in control of Transport for London ?

The prohibition was rescinded after IBM, which runs the congestion charge zone for Transport for London (TfL), lobbied for a change. The company has been repeatedly fined since it took over the contract from Capita in 2009, making the £60m deal less profitable than it had hoped.

The Labour party supporting C(r)apita (the former boss of which Rod Aldridge "loaned" the Labour party £1 million) failed to run the scheme as budgeted for. It was meant to provide £60 million a year "profit" to be used to improve the rest of London's transport infrastructure, but it never did and Ken Livingstone simply handed them extra cash and increased the daily charge, reneging on his election promises (quelle suprise).

However the move to relax the rules around the sensitive data, which has not been publicly announced, raises concerns in the build-up to the London 2012 Olympics about the increased risk of fraud.

It is understood that a risk assessment carried out within IBM has also identified a potential threat to London's reputation should the changes lessen the ability of staff to deal with problems in the congestion zone IT systems. It also warned of the risk to the security of sensitive data.

The move also appears to contradict ministers' recent insistence that they would resist any work on government contracts going abroad.

The transition allowing staff abroad access to the data is expected to be completed by 18 May. An internal email sent by IBM's commercial manager earlier this month, and seen by the Observer, says: "Since go live, TfL has directed that we retain within the UK certain support roles with access to data that they considered particularly sensitive... TfL has recently completed a risk assessment with the DVLA and the Department for Transport and has concluded that they no longer require this additional level of control... As a result we have commenced a transition exercise to manage the changes to our support organisation over the next three months."

If some people's data is considered to be "particularly sensitive" and is not to be allowed out of the UK, then why should any of it be put at risk ?

[...]

A DVLA spokesperson said: "All IT systems must be managed to the same standard as if they were in the UK. We will ensure that all appropriate controls for data protection are in place."

The DVLA have an appalling record on data protection - they have allowed millions of driver motoring test records to be sent to the USA and they have sold vehicle keeper names and addresses for as little as £2.50 a time to private sector companies , including those run by criminals

Given the amount of public money at risk, it has reluctantly had to publish the vague tender document in the Official Journal of the European Union.

The Guardian has published Key extract of contract note for bidders for police services

Instead of concentrating on uncontentious areas to potentially save money on, such catering or motor vehicle maintenance, they have idiotically included a list of "services" which impinge on what should be the core functions and duties of the Police, whilst at the same time not actually promising the private sector that an unspecified number of these service areas are not actually up for being privatised.

The activities involved are covered by the 'Police Activity Glossary' (PAG), which identifies the activities each police force conducts. Bidders should note that not all these activities will necessarily be included in the final scope, and that each police force will select some activities from these areas where they see the best opportunities for transformation. A revised version of the PAG is as follows

Without a clear definition of exactly what they want, is it any wonder that billions of pounds of public money is wasted by public bureaucrats when awarding contracts to the private sector ?

• Assure Service - Manage performance, maintain professional standards, assure compliance, manage risk, provide legal services
• Bring Offenders to Justice - investigate crimes, detain suspects, non-judicial disposal, develop cases, support prosecution
• Deal with Incidents - Respond to incidents, manage scenes of incidents, investigate incidents, manage major incidents, support victims and witnesses
• Lead Service - Support the Leadership of the organisation to develop strategy, policy and plans, manage change, and manage partnerships
• Manage Public Engagement - Patrol neighbourhoods, manage public relations, manage customer relationships, report on performance, manage contact
• Manage Resources - Manage suppliers, manage finance, manage people, manage ICT, manage fleet and livestock, manage equipment, manage facilities
• Protect the Public - Manage high risk individuals, improve communities, protect vulnerable people, disrupt criminal networks, manage planned operations, protect vulnerable places, manage licensing, manage road safety

The only vaguely acceptable area on this list for the use of private sector partners is the "Manage Resources" activity.

West Midlands Police have also been spinning nonsense like "front line services will be preserved" or "the Chief Constable will still be accountable" etc.

West Midlands Police Explore The Value of Business Partnership to the Police Service

The regular, sworn Police constables, are barely trusted by the public to conduct do these tasks competently, honestly and impartially, why should anyone trust a private company to do so at all ?

What profit motive is there for a private company to actually reduce crime and therefore the the need for their services ? N.B. the same can be asked of any of the public sector Police bureaucracy as well - they have no effective interest in reducing their own budgets and empires either.

What public accountability is there for when, not if, things go badly wrong with a private sector contractor, which inevitably must look to its own profits first, before any "public service" ethos comes into play.

The Association of Chief Police Officers (the publicly funded, but unaccountable private company whose current or former members might might well be tendering for "Lead Service" activity contracts ) has weighed in with a Press Release:

ACPO comments on private companies taking a role in the delivery of policing

[...]

While there are a number of tasks in a criminal investigation, such as gathering CCTV evidence or checking phone records, which do not necessarily need to be done by a police officer, the investigation itself would always be overseen by a police officer in much the same way as a doctor oversees treatment of a patient although other healthcare professionals carry out particular tasks

Yes these tasks such as "checking phone records" absolutely must be done only by proper Police constables. Private sector companies or even civilian police employees should not be trusted with access to such potentially sensitive personal data.

Abuses of Communications Data by Police officers are already bad enough - letting presumably lower paid civilian workers or private sector company employees have access to these systems will make it even easier for "News of the World" / private investigators style abuses

Can being interviewed by a mainstream news media journalist put your life in danger ?

The BBC website has an interesting video clip, presumably from Reuters, judging by the copyright logo, which can be viewed via the BBC iPlayer:

How Syrian activists have become citizen journalists

1 March 2012 Last updated at 16:02

Two Syrian activists have spoken about how they have become citizen journalists in their bid to get footage of the government crackdown out of the country.

Speaking from the town of Al Qusair, near the border with Lebanon, the men, who gave their names as Mohammad and Abu Abdallah, said slow internet speeds were hampering their efforts.

However for about 5 seconds , about 1 minute into the video clip there is a shocking
potential betrayal of Sensitive Personal Data, which could be used by the Syrian dictatorship to help to hunt down these activists exact current location or identities.

These Syrian activists (three people shown, only two speaking) are not hiding their faces or voices from the camera, but that is still does not excuse either Reuters or the BBC, for failing to recognise the potential anonymity, privacy , security and personal safety dangers of filming and broadcasting / publishing online, the unique and easily trackable MAC Address of a Mobile Phone obviously used by these activists.

[MAC address censored by Spy Blog in the image above]

JoikuSpot is a smartphone applet which allows the (slow and expensive) mobile phone internet connection of a Nokia mobile phone to be "tethered", thereby sharing it out to local personal computers etc. via the (faster, free) WiFi Wireless Networking built into the phone handset.

By default (unless the mobile phone application software and / or the phone settings are amended) the MAC Address of this mobile phone WiFi Access Point includes the mobile phone handset in its WiFi SSID (Service Set identifier) the "name" of the WiFi network spawned from this phone.

Obviously this could be used to help track down the physical location of the Syrian activists hideout (either directly by triangulating from the WiFi signals from the named WiFi Access Point SSID, or by cross referencing the phone's MAC Address with Mobile Phone records). If any of these activists , or anyone else, is arrested and found to be in possession of this particular phone, then the BBC / Reuters will have provided prima facie evidence against them of their involvement in this "underground news" organisation (i.e. "foreign spies" so far as the dictatorship is concerned)

Surely this breaks, probably through ignorance and carelessness, rather than malice, the BBC's Guidelines on Fairness and Anonymity ?

6.4.12

Effective obscuring of identity may require more than just anonymity of a face. Other distinctive features, including hair, clothing and voice may need to be taken into account. Blurring rather than pixellation, which can be reversed, is the best way of ensuring anonymity in pictures. When disguising a voice, using a 'voice-over' by another person is usually better than technically induced distortion, which can be reversed, but audiences should be told what they are hearing.

To avoid any risk of 'jigsaw identification' (that is, revealing several pieces of information in words or images that can be pieced together to identify the individual), our promises of anonymity may also need to include, for example, considering the way a contributor or source is described, blurring car number plates, editing out certain pieces of information (whether spoken by the contributor or others) and taking care not to reveal the location of a contributor's home. Note that, in some circumstances, avoiding the 'jigsaw effect' may require taking account of information already in the public domain.

We may need to disguise the identity of international contributors to meet our obligations of anonymity or if their safety may be compromised. Third party websites may reproduce our content globally without our knowledge or consent.

See also : BBC Editorial Guidelines - Anonymity Guidance

There is also nothing about the dangers broadcasting or the internet publishing of such screen shots of computer credentials in the Reuters Handbook of Journalism either.

However the Detainee Inquiry has been shut down before it even got started formally, even after 18 months delay, supposedly because of the suspiciously lengthy and ineffective Metropolitan Police Service and Crown Prosecution Service investigations into old allegations and the effect of the "smoking gun" documentary evidence discovered in Libya last autumn.

In order to probe exactly how potential witnesses and whistleblowers to the Detainee Inquiry might be protected from vengeful secret bureaucrats, Spy Blog requested, under the Freedom of Information Act 2000, the full, detailed text of the latest draft(s) (or the final version) of the promised undertakings from the Attorney General and the Cabinet Secretary and the heads of the intelligence services.

These Undertakings were promised by Prime Minister David Cameron when he set up the Detainee Inquiry over 18 months ago: The Prime Minister's Letter to Sir Peter Gibson 06 July 2010 (.pdf)

See the Spy Blog - FOIA request blog for the text of these FOIA disclosures:

Detainee Inquiry "undertakings" by the Attorney General and the Cabinet Secretary

Attorney General's Office disclosure

Attorney_General_to_Detainee_Inquiry_03Nov2011.pdf

This seems to be a reasonable level of legal immunity, especially for criminal offences which the Attorney General himself decides whether to prosecute or not e.g. Official Secrets Act cases.

The Detainee Inquiry is not a Tribunal or Court of Law (despite being chaired by a retired senior Judge) and it was not set up as an inquiry under the Inquiries Act 2005 and so it has no legal power to compel any witnesses to give evidence,

How can it can enforce any prosecutions for giving, or conspiring to give it any "false evidence", which the Attorney General's undertaking explicitly does not give immunity for ?

Cabinet Office disclosure

Sir_Gus_O_Donnell_letter_21Nov2011.pdf

As expected by Spy Blog, the Cabinet Office letter by the then Cabinet Secretary Sir Gus O'Donnell (now Lord O'Donnell of Clapham) and its "overarching principles" seem suitable for protecting witnesses who are current or former intelligence agency staff members who espouse the official line e.g. by treating evidence given within the Terms of Reference of the Detainee Inquiry, as having been given "lawful authority" for the purposes of the Official Secrets Act 1989 section 7 Authorised disclosures

However the letter does not really provide the necessary guarantees for any whistleblowers who might contradict their current or former bosses.

Neither is it clear what whistleblower guarantees the vast array of private military contractors, defence industry suppliers and sub-contractors etc. who are not civil servants, but who will fear that their security clearances and government contracts could be at risk if they make allegations, or provide evidence which contradicts the official intelligence agency briefing positions, which those agencies might have provided to the Detainee Inquiry or which they might do so to a future inquiry.

There is no explicit prohibition on using the self authorised legal powers, human and technological resources available to each intelligence agency, to prevent them from snooping on the members and staff of the Detainee Inquiry itself (and their friends and families), so as to try to obtain advance notice of the identities of potential whistleblowers and the information or evidence which they might be offering to the Detainee Inquiry.

Spy Blog correspondence with the Detainee Inquiry

Spy Blog letter to the Detainee Inquiry re: lack of whistleblower anonymity protection and immunity from prosecution - August 2011

Reply from the Detainee Inquiry, regarding anonymity protection for whistleblowers, surveillance targeting against the Inquiry itself etc. - September 2011

The Open Rights Group has a useful wiki about CCDP and its predecessor schemes.

They also have a Petition against the CCDP for you to sign.

Dear David Cameron, Nick Clegg and Theresa May,

I do not want the government to try to intercept every UK email, facebook account and online communication. It would be pointless - as it will be easy for criminals to encrypt and evade - and expensive. It would also be illegal: mass surveillance would be a breach of our fundamental right to privacy. Please cancel the Communications Capabilities Development Plan.

It is almost as if the out of touch politicians and bureaucrats in Downing Street, Whitehall and Marsham Street have not bothered to notice the recent public and internet industry backlashes against legislative attempts to further snoop on and inconvenience innocent internet users, such as the SOPA bill in the USA or the ACTA treaty in the European Union (which this Coalition Government, shamefully, did not veto), which only served the private interests of lobby groups and not the wider interests of the general public.

Why have none of the Whitehall policy advisors learnt anything from the amount of ridicule, that their unworkable and repressive knee jerk reaction, to somehow ban or censor the use of mobile phones and social network messaging systems, after they were used by some, but not all of the rioters in August last year ? Exactly the same systems were also used, by more sensible people, simultaneously with the riots, to help innocent people stay away from riot affected areas and to help to organise the cleanup of the damage.

With the Government's utter failure to make out any evidence based business case for further intrusive legislation, they risk a public backlash which could limit their existing, overbroad, easily abused powers, with which they already fail to catch terrorists or serious organised criminals with, under the controversial Regulation of Investigatory Powers Act 2000, but which appear to have been corruptly used to snoop on celebrities and innocent people at the behest of certain mainstream media news organisations.

NO2ID press release: Home Office prepares to announce total surveillance plan

Guy Herbert, General Secretary of NO2ID said:

It looks like the Home Office is setting out to leapfrog China and gain the UK an unenviable position as the most monitored society in history. The automatic recording and tracing of everything done online by anyone - of almost all our communications and much of our personal lives, shopping and reading - just in case it might come in useful to the authorities later, is beyond the dreams of any past totalitarian regime, and beyond the current capabilities of even the most oppressive states.

This Daily Telegraph report is what seems to have re-ignited this weekend's outcry against this scheme:

Phone and email records to be stored in new spy plan

Details of every phone call and text message, email traffic and websites visited online are to be stored in a series of vast databases under new Government anti-terror plans.

By David Barrett, Home Affairs Correspondent

9:00PM GMT 18 Feb 2012

Landline and mobile phone companies and broadband providers will be ordered to store the data for a year and make it available to the security services under the scheme.

The databases would not record the contents of calls, texts or emails but the numbers or email addresses of who they are sent and received by.

For the first time, the security services will have widespread access to information about who has been communicating with each other on social networking sites such as Facebook.

Direct messages between subscribers to websites such as Twitter would also be stored, as well as communications between players in online video games.

The Home Office is understood to have begun negotiations with internet companies in the last two months over the plan, which could be officially announced as early as May.

The Home Office appears to be showing its usual contempt for the general public and for our fundamental rights of privacy and free association, by only bothering to consult with tame "communications industry" representatives, who have no commercial interest in protecting the public's privacy, so long as they do not have to pay for the data retention and snooping equipment themselves.

[...]

A Home Office spokesman said: "It is vital that police and security services are able to obtain communications data in certain circumstances to investigate serious crime and terrorism and to protect the public.

Unless those "certain circumstances" are very, very tightly controlled, with criminal penalties which can be used against any Government official or agency or private sector sub-contractor who abuses them, we will expect the worst.

Access to Communications Data should no longer be allowed to be self authorised, a judicial warrant should be obtained first.

The current Interception of Communications Commissioner, Rt. Hon. Sir Paul Kennedy, has no real powers and cannot cope with more than a tiny fraction of the existing email interception warrants and is not consulted at all, on most of the hundreds of thousands of self authorised Communications Data demands for mobile phone records and location data

There is no hope that he can provide any public reassurance whatsover when CCDP extends such Data Retention and snooping to Twitter, Facebook and to online games etc. i.e. systems which are not run by Communications Providers (fixed line Telecommunications, Mobile Phone and Internet Service Provider companies)

We meet regularly with the communications industry to ensure that capability is maintained without interfering with the public's right to privacy.

The commercial interests of the "communications industry" and the pressure applied to them through the threat of losing their Government monopolies and spectrum licences means that they are not the only people who should be consulted about upholding the public's right to privacy.

Where they can get away with it, they also try to exploit the public's communications data privacy for commercial gain.

The Government should be protecting the public from the privacy invasive excesses of the "communications industry", such as Deep Packet Inspection based advertising, not conspiring with them cosily in secret, to further reduce the privacy of millions innocent members of the public.

How many of these "regular meetings" have there been to discuss CCDP ?

How many meetings have there been with civil liberties and privacy or consumer watchdog groups to discuss CCDP ? We suspect that there have been none.

[Time for a few Freedom of Information Act requests to the Home Office to see if they have bothered to "consult" with anyone except the vested interests]

As set out in the Strategic Defence and Security Review we will legislate as soon as Parliamentary time allows to ensure that the use of communications data is compatible with the Government's approach to civil liberties."

c.f. Securing Britain in an Age of Uncertainty: The Strategic Defence and Security Review (808 Kb .pdf)

The Conservative / Liberal Democrat Coalition Government's "approach to civil liberties" is nothing to be proud of. They have yet not reversed, as promised, any of the repressive Labour legislation, apart from the Identity Cards Act.

They still have not sorted out the legislative disasters created by Labour, such as the Extradition Act 2003 or the plethora of repressive but often unworkable or actually counter-productive Terrorism and Serious Crime legislation.

All that can be said of their legislative dithering so far, is that they have not yet made things much worse, with more technically inept, catch-all Labour style legislation.

https://www.mi5.gov.uk/careers/investigative-challenge-quiz.aspx

Spy Blog disagrees with several of the "correct" answers to this Quiz. If these really reflect the MI5 Security Service Intelligence Officer mindset, then there needs to be some retraining as soon as possible.

N.B. if you have gone to the MI5 website, or have arrived at this Spy Blog web page through, say, a Google web search or through Twitter or a blog RSS feed and you have not bothered to take any precautions to hide or fake your computer's IP address and web browser details, cookies etc. from foreign companies and governments, then you should have, in our view, already failed the MI5 Intelligence Officer recruitment procedure.

Discretion is vital. You should not discuss your application, other than with your partner or a close family member.

Unfortunately, we suspect that MI5 still does not take "cyber security" / privacy and anonymity as seriously as it should.

The Quiz need Adobe Flash to be installed on your computer to run and imposes an artificial time deadline,

You can examine the source material and the questions (with the "correct" scores for each option) at your leisure, at our Spy Blog answers - MI5 Investigative Challenge Intelligence Officer Quiz web page.

This fictional scenario involves some alleged foreign intelligence officers operating from their Embassy in London (see the Spy Blog London Diplomatic List archive). However, in real life, Counter-intelligence operations against foreign intelligence officers under "diplomatic cover" in London takes up only a small proportion of MI5's resources compared with Counter-Terrorism..

Their joint statement does not "clear" the officers and agencies concerned of any wrongdoing, which is the propaganda line being spun by say , the Daily Telegraph, it just says that the CPS feels that there is insufficient evidence for the likely prospect of a criminal conviction.

Joint statement by the Director of Public Prosecutions and the Metropolitan Police Service

12/01/2012

This is a joint statement by the Director of Public Prosecutions (DPP) and the Metropolitan Police Service (MPS) dealing with:

(a) the decisions of the CPS not to charge any named individuals in relation to the investigations in Operations Hinton and Iden;

(b) the setting up of an advisory panel for scoping other complaints about ill-treatment by detainees in similar circumstances; and

(c) the decision by the MPS whether to investigate two further cases where allegations of criminal wrongdoing are raised in relation to the alleged rendition of named individuals to Libya and the alleged ill-treatment of them in Libya.

[...]

All concerned have been mindful of the obligation that allegations such as those made in Operations Hinton and Iden must be investigated thoroughly and in accordance with Article 3 of the European Convention on Human Rights.

Article 3 of the European Convention on Human Rights is very short and all encompassing:

No one shall be subjected to torture or to inhuman or degrading treatment or punishment.

Operation Hinton involved the investigation of the alleged involvement of British officials in the ill-treatment and torture of Mr Binyam Mohamed when he was detained in Pakistan between about April and July 2002 and/or when he was detained elsewhere between about July 2002 and early 2004.

Mr Mohamed has never alleged that any member of either the Security Service or the Secret Intelligence Service was directly involved in the torture and ill-treatment he alleges. The investigation has therefore focused on whether there is sufficient evidence to provide a realistic prospect of convicting any member of either Service for offences of aiding and abetting torture, aiding and abetting war crimes and misconduct in public office.

[...]

However, the CPS has also concluded that there is insufficient evidence to prove to the standard required in a criminal court that any identifiable individual provided information to the US authorities about Mr Mohamed or supplied questions for the US authorities to put to Mr Mohamed, or was party to doing so, at a time when he or she knew or ought to have known that there was a real or serious risk that Mr Mohamed would be exposed to ill treatment amounting to torture.

"he or she knew or ought to have known that there was a real or serious risk"

The Crown Prosecution Service appear to be completely out of touch with reality, again.

Intelligence Agencies not only ought to have known exactly which countries and state agencies use torture, but they ought to know exactly where the torture chambers are located and the identities of the torturers and their superiors, because they should be hunting them down, instead of helping them.

If the Intelligence Agencies are claiming to be somehow ignorant of this, then MI5 or SiS officers and their superiors, should be charged with Misconduct in Public Office,
for "wilful neglect or misconduct", since everyone within the UK Intelligence Agencies is supposed to be aware that "torture" or "inhuman or degrading treatment or punishment" is utterly wrong.

Any investigation of the Libyan allegations , which Sir Peter Gibson's Detainee Inquiry had already promised to look into back in September 2011, are now in danger of being spun out for another 4 years by the Metropolitan Police Service and the Crown Prosecution Service.

Ploddingly and bureaucratically, they have announced that they have set up "an advisory panel" to decide whether they should investigate these claims or not. Why have they not already started to investigate before Christmas 2011 ?

Statement by the Inquiry, January 12, 2012

[...]

Following the advice of the joint advisory Crown Prosecution Service and Metropolitan Police Panel, the Metropolitan Police has decided that the allegations raised in the two specific cases concerning the alleged rendition of named individuals to Libya and the alleged ill-treatment of them in Libya are so serious that it is in the public interest for them to be investigated rather than at the conclusion of the Detainee Inquiry.

The Detainee Inquiry Panel will now carefully consider its next steps and the Chairman of the Panel, Sir Peter Gibson, will make an announcement in due course.

Surely it is possible for the Detainee Inquiry to proceed in parallel with any Police investigation ? If they wait for every investigation and court case to finish, before they get formally started, then they might as well all resign now.

Were these kidnappings of individuals and families, none of whom were terrorists who posed a threat to the UK and their "extraordinary rendition" into the hands of torturers in the USA, Afghanistan, Pakistan, Morocco, Jordan, Egypt or Libya etc.
sanctioned by Labour government Ministers under the Intelligence Services Act 1994, section 7 Authorisation of acts outside the British Islands ?

Will Tony Blair and his henchmen like Jack Straw and David Blunkett, try and divert responsibility for British complicity in torture by blaming their civil servant officials instead ?

The Conservative / Liberal Democrat coalition government's hands are not entirely clean either, given that only last year, they firstly accepted the defection of
Moussa Koussa from the Gadaffi regime in Libya and then let him go freely out of their custody. There are plenty of allegations around of his personal involvement in political assassinations, massacres and torture as head of the Libyan intelligence bureaucracy, whose abandoned offices have yielded prima facie evidence of such complicity.

It is now over 18 months since the Detainee Inquiry was set up and the promise Undertakings to protect witnesses or whistleblowers from prosecution and / or disciplinary action have still not been agreed or published

Spy Blog has raised with the Detainee Inquiry, the question of Communications data snooping, Interception of Communications and Intrusive Surveillance and recruitment of Confidential Human Intelligence Sources i.e. routine Intelligence Agencies powers and techniques, which could easily be aimed at members and staff of the Detainee Inquiry and their families and friends, by one or all of the intelligence Agencies, trying to identify potential or actual whistleblowers who may not be adhering to the official party line. The self justification for doing so will be on the nebulous grounds of "national security" - to determine if anyone willing to talk, even in secret, to the Detainee Inquiry about the deeds or misdeeds of their colleagues or superiors be trusted any more.

See the previous Spy Blog article: Reply from the Detainee Inquiry, regarding anonymity protection for whistleblowers, surveillance targeting against the Inquiry itself etc.

Were the Metropolitan Police and Crown Prosecution Service teams working on investigations Operation Hinton and Operation Iden targeted in this way ? Given the 4 years it took them to fail to find sufficient evidence and the number of people they were not allowed to interview, it may well be that the Intelligence Agencies were always one step ahead of the investigators, perhaps through the use of such surveillance techniques.

Will the Metropolitan Police investigation into the Libyan allegations, if it ever goes ahead, also be so targeted by the Intelligence Agencies ?

Remember that individual Police officers and investigation teams have, according to evidence given to the Leveson Inquiry, been targeted by News of the World and / or other journalists and private investigators, including the team investigating Downing Street complicity in the "cash for honours" scandal headed by the now politically disgraced Assistant Commissioner John Yates.

It is therefore not fanciful to assume that people within the UK Intelligence Agencies with these secret surveillance powers will use them, or will get their US or European sister intelligence agencies to do so on their behalf against such torture investigations, unless expressly and publicly forbidden to do so .

Any such ban must be public, so that the companies and staff working in telecommunications, internet and postal communications services can recognise illegal requests for Communications Data or the contents of communications and refuse to accede to them.

It is ironic that the person to whom complaints about such abuses of the Regulation of Investigatory Powers Act 2000 by the Intelligence Agencies, if they exist, is the Intelligence Services Commissioner, the post held by Rt. Hon. Sir Peter Gibson until he resigned it early in his tenure to devote himself to the Detainee Inquiry.

The current Intelligence Services Commissioner is Rt. Hon. Sir Mark Waller - see the previous Spy Blog article: Intelligence Services Commissioner, Rt. Hon. Sir Mark Waller appointed early, announced late

When reading this report, you could and should mentally replace the words "MPS" or "Metroplitan Police Service", with "Downing Street" or "Whitehall Department" and especially with "Home Office", "Cabinet Office", "Ministry of Defence MoD", "Security Service MI5", "Secret Intelligence Service MI6" or "GCHQ".

Almost all of Elizabeth Filkin's conclusions and reccomendations for improving the Metropolitan Police's duties of transparency and accountability to the public, whilst protecting the operational security of ongoing investigations and also protecting the personal details of innocent members of the public and junior staff etc., could and should be applied to these other powerful, privilged, yet increasingly untrusted, supposedly public institutions.

The Metroplitan Police Service has been practicing the black arts of media spin and manipulation and their public reputation has suffered as a result.

Favoured access:

3.2.1 Inequality of access

It is felt both internally and externally that the MPS has not given equal access to all parts of the media for a number of years and that certain special relationships have developed selectively.

The kind of off the record nature of it all is actually counter-productive, and if we really want to hold public institutions to account we have to do it in an open, transparent and proper way. But the way they operate is they have the kind of closed press briefings, drinks at the pub - it's a club. Journalists get too close to senior police officers, because you get far more stories if you're nice to them than if you're not. And the result is I think we are quite generally in this industry, too reluctant to write critical pieces, than we were previously.

A Journalist

Trading information and even betraying details about innocent members of the public, in order to about to divert media attention away from embarrasing stories about the MPS themselves:

3.1.2 Trading

I have also been given examples where inappropriate information has been provided to the media, to dilute or prevent the publication of other information which could be damaging to the MPS or senior individuals within it. Of course there can be proper and ethical negotiations with the media to prevent the obstruction of an investigation, harm to
members of the public or the MPS, or to ensure accuracy in reporting. However some negotiations have included unethical placing of material, or offering exclusive stories to the media to bury other information.

"So that if you get the Press Officer who says, well, if I give Reporter 'A' a particular story exclusively, then next week Reporter 'A' will do me a favour. And you've got a direct conflict now between what the public needs and what the Press Officer wants."

Nick Davies, Freelance Journalist

Lack of Transparency, even when there is no justifiable operational need for it:

4.4 TRANSPARENCY

According to some, MPS contact with the media has in the past been characterised by back door briefings through informal and unofficial channels. This view was also reached when MPS communications were the subject of some informal advice from the private sector in 2010. I understand that this offer of help from an outside expert on improving communications with the public was undermined by the threat of negative press coverage.

Some contact will involve trusting the media with confidential information. There will also be occasions when negotiation between the MPS and the media will be necessary to ensure accurate reporting. I am concerned that some may use these proper practices to justify a general lack of transparency both in terms of who has contact with the media and what information they provide. Problems like the trading of information or the apparent closeness of some relationships with the media fuel the perception that the business of dealing with the press is by its nature secretive.

"I think if you spend your whole career working on secretive investigations, and concealing information, things like that, which is really, really important, it just goes to your head somehow, sometimes, and you think that you kind of own this information, and you forget that you're there to serve the public."

A Journalist

[...]

In most circumstances police officers and staff providing information to the media should expect to be named. In some instances it may be appropriate for only their role or position to be published. It should always be the case that the information is attributed to the MPS.

The culture of secrecy and the use of "Anonymous briefings" attributed to "police sources" are as stupid and counterproductive as those attributed to "Whitehall sources"

"I phoned up and said 'I've got some questions here', it was almost as though you were asking for them to release something which is privileged information somehow, it's absolutely not. So I just try back channels now, trying other contacts in the Met, going round the back within the slightly kind of shadowy stuff that you have to do to get data, because the front door doesn't work."

A Journalist

It is clear both from speaking to journalists and politicians, and from media reports even during the time of my review, that use of the word 'police source' can mislead. Every time this phrase is used it implies a leak. I have been told that it is also used in situations where the information comes from a different but related organisation such as the MPA, or as a generic term to try and protect the real provenance of a source. It is also sometimes used where the information has been legitimately and formally supplied by the MPS press office. This is a damaging practice with the potential to create a perception that leaks from the MPS are more widespread than they are.

with this caption

Repin, left, was a regular on the party circuit

The obvious question is who are the other 3 people in the photo ?

It is not unreasonable to suppose that anybody who recognises them, will assume that they could be Russian spies or that they are the alleged British potential recruitment targets of Mikhail Repin.

If you save a copy of the image and look at the EXIF meta data with a tool like ExifTool this reveals:

Comment: Russian spy Mikhail Repin (far left) next to Gennady Vladimirov (yellow tie)..At Russian embassy BBQ 2010

Mr Gennady E. Vladimirov was still listed as a Counsellor, a more senior diplomatic rank than Mikhail Repin who was a 3rd Secretary, in the 30th June 2011 London Diplomatic List, but he is no longer listed in the 29th July 2011 London Diplomatic List

Whether that makes him a spy, or not, is unclear.

However, if you click on the Jason Lewis hyperlink, to see which other stories the award winning investigative journalist (who used to work for the Daily Mail / Mail on Sunday), has published recently, you will see this cropped version of the image just showing the face of Mikhail Repin as a smaller thumbnail image with links to the two versions of the story:

However the EXIF meta data for this image reveals:

CC_emb27_russia13.gif...Michael Repin (Russia), Gennady Vladimirov (Russia), Matt Boyles (BMW Park Lane) and Joey Zegerius (BMW Park Lane)

Matt Boyles describes himself on his LinkedIn profile as Sales Manager at BMW Park Lane

Joey Zegarius describes himself on his LinkedIn profile as Official Embassy and Security Car Specialist at BMW Group International & Specialist Sales Division

Were any BMW employees the targets of industrial espionage by the Russians ?

Did the Daily Telegraph nick the photo of Mikhail Repin from Embassy Magazine ?

The original of this photo appears to have been taken (without any acknowledgement by the Daily Telegraph) from the Court Circuit pages of Embassy Magazine:

Embassy Magazine 27 - Court Circular - Russian BBQ

The scene was set for a perfect summer BBQ - a warm evening, lush gardens of the Russian Ambassador's Kensington Palace Gardens residence, kebabs grilled on hot coals and ice-cold vodka cocktails. No wonder the Russian Ambassador's party is one of the favourite events of the summer!

Photo Credit: : PIERRE DE VILLIERS

The original photo image on the Embassy magazine website is called CC_emb27_russia13.gif which ties in exactly with the EXIF Meta Data on the cropped thumbnail image just of Mikhail Replin's face on the Daily Telegraph website.

This Embassy magazine web page also has a photo showing the attendance at the same BBQ event of the Liberal Democrat MP at Simon Hughes, who is also mentioned in the Daily Telegraph story.

Pierre de Villiers is the South African Director of Photography and Multimedia at Embassy Magazine

One of the Premier Partners of Embassy Magazine is, unsurprisingly, BMW International and Specialist Sales

This illustrates the potential threat to anonymity and privacy which even experienced mainstream media organisations like the Daily Telegraph pose, when handling digital images.

See the section on Photo Image Files in Spy Blog's

Technical Hints and Tips for protecting the anonymity of sources for
Whistleblowers, Investigative Journalists,
Campaign Activists and Political Bloggers etc.

http://ht4w.co.uk

Mr Mikhail V. Repin m 3rd Secretary

according to the Daily / Sunday Telegraph

Mikhail Repin: the perfect party guest who was Whitehall spy for the Russians

Russian spy Mikhail Repin was expelled from Britain after he was caught attempting to recruit politicians and senior Whitehall officials as agents.

By Jason Lewis, Investigations Editor

9:00PM GMT 10 Dec 2011

Young, good looking and articulate, he introduced as himself as "Michael" at events at Westminster think tanks and embassy receptions.

A slight accent betraying his foreign roots, the tall, suave, urbane young man mixed easily with politicians, businessmen and policy wonks on the Whitehall drinks party circuit.

But rather than being the fast-track civil servant, defence industry high flier or political adviser that many assumed he was, "Michael" was Mikhail Viktorovich Repin, Third Secretary in the Political Section at the Russian Embassy, and a spy.

Far removed for the caricature image of fictional Soviet agents, Repin had arrived in London in the wake of the murder of dissident former KGB officer Alexander Litvinenko, allegedly on the orders of the Kremlin, after several Russian diplomats had been expelled from Britain.

Within two years he himself had been kicked out of the country following "clear evidence" of spying.

[...]

Repin was part of the political directorate known as "Line PR" and answerable to the most senior spy at the embassy the "Rezident".

His job appears to have been to talent spot potential agents in the political world who were in a position to obtain useful information to give Russia a political or economic advantage.

He set about his task with enthusiasm, attempting to "cultivate" individuals who either currently or in future may be of value to the Russians and quickly came to the attention of MI5 "watchers", from the Security Service's A Branch, tasked with keep Russian diplomats under surveillance.

[...]

Repin left Britain in December 2010. A British diplomat was expelled from Moscow in the now customary tit-for-tat response.

Neither man was named. To do so would break an unspoken "gentlemen's agreement" between the intelligence services in both countries.

Repin's whereabouts are now unknown. His cover is blown and he is unlikely to be given another foreign posting.

There is a second version of the same story online which omits several details:

Russian spy targeted MPs and Whitehall officials

A Russian spy was expelled from Britain after he was caught attempting to recruit politicians and senior Whitehall officials as agents.

By Jason Lewis, Investigations Editor

9:00PM GMT 10 Dec 2011

Mikhail "Michael" Repin, an officer from the Russian foreign intelligence service, the SVR, was thrown out after a surveillance operation highlighted his activities.

Repin, who was officially a Third Secretary in the political section of the Embassy in Kensington Palace Gardens, also approached people with links to British security and defence companies.

[...]

For two years Repin was engaged in talent-spotting British citizens who might provide the Russians with useful intelligence or were connected with someone with access to sensitive information.

[...]

A brief statement from William Hague, the foreign secretary, last December said the Russian embassy in London had been asked to "withdraw a member of their staff from the UK".

The ultimatum was issued "in response to clear evidence of activities by the Russian intelligence services against UK interests," Hague said.

See also Spy Blog - London Diplomatic List archive - Mikhail V. Repin appears on the 6th December 2010 list, but not on the 20th January 2011 one.

Michael Repin was one of the replacements for the 8 Russian diplomats / spies expelled from the Russian Embassy in London in June 2008, after the failed British attempt to extradite or even question Andrei Lugovoi in connection with the astonishing radioactive Polonium murder of Alexander Litvinenko in London.

See Spy Blog analysis of the Russian Diplomats expelled in June 2008 after the Litvinenko Polonium murder

What was the ""clear evidence of spying" ?

Was it actually anything more than the normal Diplomatic cocktail / barbecue party circuit chatter or even attendance at military / intelligence / industrial complex think tank conferences or exhibitions etc ?

Given the weakness of even the secret the "intelligence" supplied by MI5 the Security Service against Ekatarina Zatuliveter in the recent spy deportation debacle, how can can they convince the British public that they should be trusted over Mikhail Repin either ?
Did the "surveillance operation" actually catch Repin making an illicit "recruitment" approach to anyone with access to any real National Security secrets ?

Was there any actual evidence of him operating a Dead Letter Drop or other illicit communications technique ?

By not immediately publishing the names of diplomats / spies expelled from London (regardless of whether they are Russians, Israelis, Iranians, Libyans etc.), the Foreign and Commonwealth Office is only trying to fool the British public, since the foreign press corps, and every other foreign Government, intelligence agency, serious organised criminal or terrorist gang already know such names.

They even try to refuse such information under Freedom of Information Act exemptions, although why these exemptions should be applied to foreigners who are not even in the European Union, is unclear.

See the Spy Blog FOIA request FCO diplomatic expulsions Polonium 210 murder affair category archive.

Has the Daily / Sunday Telegraph decided to break with the "voluntary" Defence Advisory Notice system of mainstream media self censorship ?

Will The Independent or the London Evening Standard newspapers keep silent about this story, given that their proprietor Alexander Lebedev is a former KGB diplomat / spy who was stationed at the Russian Embassy in London ?

Surely it is obvious now even to the most technologically illiterate politicians and Whitehall civil servants, that there is no effective regulation of Communications Data investigation systems.

Communications Data snooping by the Police etc can be a powerful investigative technique, but only when it is clear that it is not being abused.

Public confidence in the use of these techniques has been damaged by allegations (so far without much hard proof) that disreputable tabloid newspapers have been able to gain access to this highly intrusive, private information, which can only have come via corrupt police or intelligence agency or mobile phone network staff.

BBC reports that lawyers in civil cases before Mr Justice Vos have claimed:

http://www.bbc.co.uk/news/uk-15794225

18 November 2011 Last updated at 16:29

NoW hacking victims claim investigator tracked phones

A private investigator was involved in illegally tracking mobile phones, hacking victims have claimed.

Glenn Mulcaire, who was jailed for phone hacking for the News of the World, is linked to the so-called pinging of mobiles and computer hacking, a High Court civil case heard.

Pinging is tightly regulated and restricted to police, security services and a small selection of other bodies.

Mulcaire and News International have yet to respond to the claims in court.

[...]

The allegations were aired at a case management hearing in the civil cases for breach of privacy brought by hacking victims against News International, the owner of the now defunct NoW.

[...]

In July, the Metropolitan Police launched Operation Tuleta, alongside phone-hacking inquiry Operation Weeting, to probe allegations of computer hacking.

Operation Tuleta is examining breach of privacy claims received by police since January.

Sea also the previous Spy Blog article and comments back in July 2011:

NYT: NOTW bought mobile phone location data for $500 a time from corrupt police

N.B. under the Regulation of Investigatory Powers Act 2000, there are no criminal sanctions available against the Police or others who abuse Communications Data, of which Mobile Phone Location Data is a part, although there is a penalty of up to 2 years in prison for illegal Interception of the content of mobile phone voice or data communications, which is what the the News of the two News of the World employees were convicted of back in 2007.

The deliberate loopholes in this lax regime , brought in by the technologically inept yet authoritarian Labour government e.g. the totally ineffective and secretive Interception of Communications Commissioner, have not been tightened up by the dithering Conservative / Liberal Democrat Coalition government,

The proposals to slightly strengthen the roles of the Interception of Communications Commissioner and the Intelligence Services Commissioner and/ or the creation of an Intelligence Services Inspector General outlined in the recent Green Paper on Justice and Security , do not apply to "normal" Police cases.
.