11 March 2010: The Intelligence and Security Committee's Annual Report for 2008-2009 was laid before Parliament today by the Prime Minister. A copy of the Report can be found here. A copy of the Government Response to the Intelligence and Security Committee's Annual Report 2008-2009 can be found here.

The Committee has issued an accompanying Press Release, which can be found here.

These Annual Reports are not an adequate mechanism for holding the secret intelligence agencies to account, either for their waste of public money, or for how well they are doing their job.

See:

• The Register: GCHQ loses Top Secret laptops - And struggles to recruit net experts - by Chris Williams

• BBC : A snapshot of spies and their accountability by Gordon Corera
  

Perhaps there is some good reason for the 8 month publication delay of this supposedly Annual 2008 - 2009 report , but since nobody trusts Gordon Brown not to lie by omission, we assume that there was some sort of petty political reason for the unnecessary delay.

Dr. Kim Howell's, the outgoing Labour chairman of the Intelligence and Security Committee, who will not be standing for re-election at the forthcoming General Election, seems a bit frustrated with the

"We also sent our Annual Report for 2009-10 to the Prime Minister on Friday 5 March 2010.
This is a shorter report, given the duration of the Parliamentary year, however it covers some
fundamental issues.

[...]

We have been assured by the Prime Minister that this Report will also be published in good time before the debate next week.

This is an opportunity for Gordon Brown to show his respect or contempt for Parliament and the British public.

We would like to be proved wrong, but we assume that Gordon Brown will break this promise to Kim Howells.

The debate on the Intelligence and Security Committee Report is scheduled for this Thursday 18th March 2010.

On past performance, we expect a few paper copies this 2009 - 2010 report to have been made available a few minutes before, or perhaps even during this debate, in the Vote Office, giving MPs and others no time to read and analyse it beforehand.

We doubt if it will be published on the web until after the debate in the Commons.

Here are a few points which stood out for Spy Blog, when reading this censored ISC report:

The Magistrates Court bail hearing hearing is adjourned until Thursday 25th March 2010.

The Western Morning News (which covers the West of England, including Devon, where Daniel Houghton's family is based) reports:

Spy case delay over secrets clearance
Saturday, March 13, 2010, 10:00

A FORMER MI6 spy charged with trying to sell top secret files to a foreign country has not been able to brief his lawyers because they do not have security clearance to speak to him.

Daniel Houghton, whose family live in Holne, near Ashburton, Devon, and who studied graphic design in Exeter, remains in custody and cannot apply for bail until lawyers are given clearance.

Houghton, 25, is accused of attempting to sell confidential electronic files, including memory sticks and a laptop hard drive detailing MI5's intelligence-gathering techniques.

However, his lawyers and the legal team prosecuting him, found they would be in breach of the Official Secrets Act and could be charged with breaking the law themselves if they went ahead with the case.

This is suspiciously odd.

Previous Official Secrets Act trials have not needed specially cleared defence and prosecution lawyers.

Surely a Judge can be trusted to decide what secret evidence to include or exclude from an Official Secrets trial ?

Prosecutions under the Official Secrets Act need the consent of the Attorney General, so has she changed the rules, without any Parliamentary scrutiny or debate ?

Why are Crown Prosecution Service lawyers chosen for an Official Secrets Act case somehow not to be trusted ? Perhaps this media report is a bit misleading

"security cleared" lawyers are not necessary for the more serious charge (with a longer potential prison sentence) against Daniel Houghton under the Theft Act.

[...]

Piers Arnold, prosecuting, outlined the dilemma during a brief hearing at City of Westminster Magistrates' Court.

He said: "What the joint proposal is today is that the matter be put off for a period of two weeks with a view to carrying out the relevant security clearance procedures for the defence so they are in a position to take full and mindful instructions from their client."

Michael O'Kane, defending, said: "In order to get instructions from Mr Houghton with a view to ascertaining whether a full bail application can be made, we would be falling foul of the Official Secrets Act and exposing him to further offences as well as ourselves."

District Judge Timothy Workman adjourned the case until Thursday March 25, when a bail application is expected to be made.

[...]

How can the defence lawyers be prosecuted under the Official Secrets Act, when their conversations with their client are supposedly Legally Privileged ?

Why do the lawyers, on either side, need full access to all the secret information allegedly being sold, simply for a bail hearing ?

Who will security vet the Judge in the case ?

"security vetting", is obviously no guarantee of any sort, since many other accused spies in the past have had a very high "security clearance", which proved to be worthless.

There is no legal basis, under the Official Secrets Act 1989, for any exemptions from prosecution for anybody, even if they actually do have a "security clearance", something which is not mentioned at all in the wording of the Act.

There is still no mention of why Houghton is not being prosecuted under the Terrorism Act section 58.

There is still no mention of which country's intelligence agency Houghton is accused of thinking that he was selling the top secrets to.

However to make sense of these often very technical documents, you need a lifetime of relevant expertise.

Have a look at this well researched and fascinating website, by a retired British nuclear weapons programme engineer:

Brian Burnell's British / US nuclear weapons history at http://nuclear-weapons.info

Here is an example of the sheer engineering elegance and precision which British engineers and scientists used to be capable of, over 50 years ago:

The Orange Herald spherical warhead installed in the centre section frame of a Blue Danube casing prior to the Operation Grapple tests at Christmas Island. Although smaller at approx 36 inches diameter than the Green Grass warhead of Violet Club at 45 inches, the Green Grass warhead would appear to be very similar. A notable difference would be the 72-lenses of the Green Grass implosion system, derived from the Green Bamboo design, unlike this photograph showing 32 lenses and detonators. The Blue Danube derived firing switch (the large circular item attached to the frame at top left) is clearly seen, with the firing cables leading to each detonator also clearly visible. Because the timing of the firing signal was so important, each cable was of exactly identical length, with duplicated cables to the nearest detonators having to be coiled. The nose and tail units of the casing fix to the large circular frame of the modified Blue Danube casing. Photo: MoD

Apart from the "Rubber bag full of steel ball bearings" alleged safety mechanism, some of the most powerful British weapons relied on trust in human beings, rather than technical safeguards e.g.

WE.177:

Strike Enabling keyset at the Bristol Aero Collection, Kemble airfield. The hexagon (Allen) key inserted into the centre of each dial to set the burst and drop conditions. The yellowish barrel-shaped object is a gripper device used to grip and remove a cover over the keyhole while wearing NBC gloves. (157) Photo: Brian Burnell.

[...]

Only one key was needed to activate the weapon preparatory to a strike.

There was no dual key system manned by two keyholders. There were no secret code numbers or secret code words. There was only one officer holding one key.

The insane logic of the nuclear arms race threw up some astonishing weapons, to specific threats (real or imagined). somehow the designers and promoters of these weapons systems (US, UK and Soviet) managed to ignore their wider practical or ethical drawbacks.:

e,g, the Davy Crockett (US) and the identical Wee Gwen (UK):

Wee Gwen was a British project name for a small, lightweight, low yield unboosted fission warhead intended for a British Army version of the US Davy Crockett close support infantry weapon. The US Army's Davy Crockett spigot mortar was available in two versions, either vehicle mounted, or a lighter model as a manpack, which broke down into three major components, each light enough to manpack. It was for use very close to the front line by the infantry, and was probably the first known use of a neutron weapon, designed to kill and incapacitate enemy troops by neutron and gamma radiation, rather than by blast and heat, although at the time the warhead was designed for use as an anti-aircraft warhead, the concept of battlefield use of neutron warheads had not yet evolved.

[...]

The W-54 warhead's small size and weight was noted by other prospective users, and it was adapted for use with the Davy Crockett spigot mortar and a manpacked ADM (Atomic Demolition Munition and landmine) both for use by the US Army.

[...]

Studies showed that in order to detonate these nuclear weapons safely, but close to friendly front-line troops, the best choice of yield was 10-20 tons. A greater yield was not especially useful, since the killing power of the weapon used against advancing enemy troops in armoured vehicles and in the open was greater by neutron and gamma emission than by the more conventional effects of heat and blast. (14) Armoured troops in particular were mostly unaffected by blast on the scale of this weapon, but armour provides little protection from radiation emissions of Wee Gwen, casualties would be unlikely to survive longer than 36 hours. Enemy troops in the open at up to 70 yards (64m) would have loss of co-ordination within one minute, be incapacitated and death would follow within 36 hours. A 10 ton yield warhead could be detonated as close as 600 yards (550m) to friendly troops.

[...]

While the weight of the fissile core is not known, and may never be known, a reasonable estimate is a minimum of 4 kg, and possibly much more.

Note that enemy troops who have received an incapacitating or lethal dose of radiation will still usually be able to fire their weapons and kill some or all of the troops being "defended" by such "frontilne" atomic weapons.

The chances of "friendly fire" or "blue on blue" casualties from such weapons which were not capable of being be accurately aimed, appear to be huge.

We suspect that the various terrorist groups who were active in the 1950's and 1960's were perfectly well aware of the potential of such devices, so the interest of al-Queada in acquiring or building such devices is nothing new, no matter what the "climate of fear" propaganda claims.

If today's terrorists did somehow manage to acquire even such a "small" fission weapon, the UK and US authorities would no doubt panic and attempt to evacuate or disrupt a vastly larger area than the "safe radius" for friendly troops specified by the designers of these weapons.

Spycatchers trap MI6 man 'trying to sell secrets'

A former MI6 spy has been accused of trying to sell "top secret" intelligence files to a foreign government for £2m.

By Duncan Gardham, Security Correspondent
Published: 5:12PM GMT 03 Mar 2010

Daniel Houghton, 25, was caught in a sting operation after allegedly approaching a foreign intelligence agency offering to sell them information he had collected while working for the Secret Intelligence Service, known as MI6.

The files, which belonged to the domestic security service MI5, allegedly related to the capabilities of the security and intelligence services and the techniques they have developed to gather intelligence, sources said, and were labeled "top secret" and "secret."

Houghton, who worked for MI6 between September 2007 and May 2009, allegedly telephoned the foreign intelligence service three months after leaving MI6 to try and arrange a deal.

He telephoned a "foreign intelligence service" and expected not to alert the UK counter-intelligence units ??

But undercover MI5 officers, known as "spy catchers", met him in February to view the material on his laptop and allegedly negotiated a price of £900,000, while recording the meeting with hidden listening devices.

If the alleged "top secret" documents really deserved that level of classification, then some people and organisations would be willing to pay much more than that.

Houghton allegedly told them he had downloaded the information onto a number of CDs and DVD disks which he then copied onto a secure digital memory card of the type used in cameras.

He also allegedly told the undercover MI5 officers that he had copied material onto a second memory card which he had hidden at his mother's home in Devon.

They arranged to meet him again at a central London hotel where he allegedly showed them the material on a laptop and then handed over two memory cards and a computer hard drive.

Sources said he was allowed to leave the hotel room with £900,000 in a suitcase before he was arrested as he waited for a hotel lift by plain clothes officers from the Metropolitan Police Counter Terrorism Command.

It is understood Houghton told them: "You've got the wrong man."

Police have conducted a series of raids since the arrest on Monday at Houghton's shared flat in Hoxton, east London and at his mother's home, a farm house in Holne, near Newton Abbot in Devon.

They are understood to be looking for any copies of the material he may have downloaded and any other material he may have stolen.

Sources said they had found additional hard copies of material marked "top secret," "secret" and "restricted."

[...]

According to The Press Association etc

The two detailed charges he is facing are: Between September 1, 2007 and May 31, 2009 within the jurisdiction of the Central Criminal Court he stole property, namely a number of electronic files containing techniques for intelligence collection, belonging to the British Security Service. Contrary to section 1(1) Theft Act 1968.

The other charge is that on March 1, 2010 within the jurisdiction of the Central Criminal Court, being a person who has been a member of the security and intelligence services, without lawful authority he disclosed articles relating to security or intelligence, namely a number of electronic files containing techniques for intelligence collection, which were in his possession by virtue of his position as a former member of the British Secret Intelligence Service. Contrary to section 1(1) Official Secrets Act 1989.

• Does this imply that the authorities have no proof as to exactly when Houghton is alleged to have stolen the secret and top secret documents and have just bracketed his entire period of employment with MI6 ?

This case shows that trusted employees, even of MI6 the Secret Intelligence Service, can use easily concealed USB flash memory devices to smuggle out secret documents from supposedly heavily guarded buildings or computer networks.

This should be of interest to other, more honourable and less corrupt whistleblowers - see our Hints and Tips for Whistleblowers Technical Hints and Tips for protecting the anonymity of sources for Whistleblowers, Investigative Journalists, Campaign Activists and Political Bloggers etc.

However, this case also shows a lack of professionalism by the wannbe corrupt spy, who seems to have revealed rather too much personal information about himself and his family to his supposed "foreign intelligence agency" customers. Meeting them in person a hotel room in London (rather than in a foreign country), not making use of Dead Letter Drops or encryption and expecting to simply walk away with £900,000 in cash in suitcase (without being robbed or murdered) after handing over the secrets , seems rather arrogant, naive, and obviously illegal.

• Did Houghton work on a joint MI6 Secret Intelligence Service and MI5 Security Service operation ?

• if not how did he have access to MI5 secrets when working for MI6 ?

• Why did he leave the employment of MI6 last year ?

At the age of 25, he must have started stealing secrets only a year after leaving the University of Birmingham. Given the six months or more it can take for recruitment and Developed Vetting (DV) security vetting clearance, he must have started stealing secret stuff almost immediately that he had access to it.

According to the Daily Mail: Ex-MI6 agent appears in court charged with trying to sell top secret files 'for £2million'

Born in Holland, Houghton has dual British-Dutch nationality and is fluent in English and Dutch. Educated at Dartmouth Community College in Devon where his family live in nearby Holne, Houghton studied graphic design at Exeter College.

At Birmingham University, he studied computer interactive systems, achieving top marks which brought him to the attention of the security services

• Did he hack in to their supposedly secure computer systems from the inside ?

We doubt that Daniel Houghton was employed as an "agent" or as a "spy" i.e. a Covert Human Intelligence Source (usually foreign but also within the UK) as the mainstream media headlines claim.

• Was he employed as an Intelligence Officer or was he employed to work on their Information Technology systems ?

• Which "foreign intelligence agency" did he think that he was betraying and selling the secrets to ? There really is no good reason for keeping that a secret from the British public.

• Was he working alone, or did he have accomplices ?

Why the Theft Act 1968 but not the Terrorism Act 2000 section 58 Collection of information ?

1. The Official Secrets Act 1989 section 1 (1) carries a penalty(defined in section 10 Penalties of "only" up to 2 years in prison and / or a fine (per offence), is obviously applicable to a former member of MI6.

2. Unless Houghton was stupid enough to steal and to hand over the original CDs, DVDs or the computer hard disk, which physically belonged to his former employer MI6, then how does the Theft Act 1968 apply ?

   There would be no need for all the civil Copyright legal cases, if somehow, a mere digital copy of information or data could be misinterpreted as Theft as defined by the Theft Act 1968 section 1

   (1)A person is guilty of theft if he dishonestly appropriates property belonging to another with the intention of permanently depriving the other of it;

   [...]
   

   This cannot apply to digital copies of the information or documents - it can only apply to the originals or master copies on physical media or hardware.

   The theoretical maximum of up to 7 years in prison is for major thefts of property or money.

3. Why is Daniel Houghton not also facing a Terrorism Act 2000 section 58 Collection of information charge, which attracts a penalty of up to 10 years in prison ?

   Surely "top secret" MI5 "intelligence gathering techniques" is obviously "information of a kind likely to be useful to a person committing or preparing an act of terrorism" ?

   This is a catch all offence which does not require proof of any actual terroristic intent, only knowledge of the fact of its potential usefulness to terrorists.

   These documents, if accurately reported above, would be much more useful to terrorists, than the stuff which several people are in currently in prison for, which they downloaded from the internet.

Anonymous briefing before Court Reporting Restrictions apply

It is also worth questioning why the authorities seem to have anonymously briefed Duncan Gardham, the Security Correspondent of the Daily Telegraph in so much detail ?

This report (and our blog analysis of it) comes before any media reporting restrictions have been ordered, as Daniel Houghton is not yet facing trial by jury.

This seems to be a feature of recent national security trials - the accused is found guilty in the mainstream media, well before he faces an Judge and Jury, on the basis of anonymous leaks from nameless Whitehall bureaucrats, given to selected, favoured mainstream media journalists.

N.B. if the UK Government or legal system authorities want bloggers not to comment on a trial in progress, then they will have to inform us directly via email or through a comment posting, or through a prominent online public announcement that there are actually reporting restrictions in place and the details of exactly what they cover. We are reasonably intelligent, but not psychic.

Those of you taking an interest in this, or similar cases, should download and save your own copies of any relevant newspaper or blog articles to your own (secure and encrypted ?) computer systems, since the online versions could easily be be censored through secret injunctions or takedown notices, or just the threat of expensive legal action.

See FOIA disclosure regarding HMRC tax record special categories

Remember that HMRC lost / misplaced the sensitive personal details of the entire Child Benefit database - names, addresses, details of children, National Insurance Numbers and some bank account details, affecting over 23 million people - every family in the UK.

There is no excuse for a "two tier" system - everyone's tax records should be secure from targeted or casual snooping, regardless, not just those of "Special Category" members of the Soviet style nomenklatura who have flourished under this authoritarian and secretive Labour government, and who far outnumber the people who are genuinely under the highest threat of violence, if their sensitive personal details are snooped on or leaked or lost or stolen.

The best way to reduce such security risks, is to vastly simplify the bureaucratic and over complicated taxation system, and to ensure that HMRC obeys the principles of Data Minimisation, and does not collect and store excessive amounts of personal data on individual citizens in the first place.

Categories and Numbers, excluding those subject to the s23 exemption or the s44
exemption

As at April 2008

Class of individual	Number of records*
HMRC staff [for reasons of propriety]	95,000
Certain [e.g. criminal justice] investigators in Govt depts; certain members of the police and judiciary	25,600
Protected for personal reasons: eg transsexuals,Gender re-assigned cases, domestic abuse and witness protection cases	24,500
Ministers of the Crown, Elected representatives, researchers and certain former Elected representatives	8,120

^* We believe that in the majority of cases the number of records will equate to the number of individuals in a category, but there is a small possibility that they may include more than one record for a few individuals.

[...]

[The records of "celebrities" are not protected by additional safeguards.]

Note that by far the largest group, larger than all the rest combined, to whom this "Special Category" status of extra "safeguards" for their tax records is accorded, are HMRC staff themselves !

What exactly does [for reasons of propriety] mean ?

Some possible further FOIA request questions:

• Why are "researchers" of Elected Representatives given "special category" status". Presumably the context of the use of that term implies political or parliamentary "researchers", employed by Elected Representatives, presumably Members of Parliament (646 MPs) at the Westminster House of Commons, rather than, say, biomedical researchers who are targets for harassment or violence by animal extremists.

• Does "Elected Representatives" include Members of the European Parliament (72 UK MEPs 741 in total), Members of the Scottish Parliament (129 MSPs), Assembly Members (60 AMs) of the National Assembly for Wales and the Members of the Legislative Assembly (108 MLAs) in Northern Ireland Assembly ? Does it also cover County, Local and Parish Council Elected Members ?

• The figure of 8,120 seems very high for just current Elected representatives since the figure above add up to only 1684 (only 1015, if only UK MEPs are counted) and "certain former" Elected Representatives.

• What about non-elected Representatives i.e. Members of the House of Lords ?

  The various Labour Lords who have been appointed as unelected, unaccountable Ministers, do seem to qualify.

• Will HMRC reveal the list of "Special Employers", in general terms ?

• It is noticeable that the vast majority of Military or Police or Prison Officer personnel are not given any "Special category" protection, even though their names, addresses and family details are of significant interest to terrorist and foreign intelligence agencies and serious organised criminal gangs etc.

• Who is the current "head of SSD (Special Section D)", and what are his / her contact details ?

• Is there a secure and confidential means of contacting Special Section D, without involving the main HMRC postal, telephone and internet infrastructure ?

See our previous article: Sir Joseph Pilling appointed as National Identity Scheme Commissioner - how can a former Whitehall "Sir Humphrey" be "independent" of the Home Office ?

and also the NO2ID discussion forum:

http://forum.no2id.net/viewtopic.php?t=31032

See this FOIA request: Recruitment process for Identity Commissioner

The Identity and Passport Service (IPS) spent £42,077.24 on recruitment consultants and £8,826.35 on advertising for this post. The job was publicly advertised in the Sunday Times on 18 January 2009, as well as via the Cabinet Office Public Appointments website and the Odgers Ray and Berndtson website. 20 people applied for the post, and six of them were interviewed - after which Sir Joseph, who had not applied and was not interviewed, was 'phoned up out of the blue, at home, by his former bosses at the Home Office and offered the job.

Sir Joseph Pilling
Office of the Identity Commissioner
1st floor, 30 Millbank
c/o Millbank Tower
21-24 Millbank
London
SW1P 4QP

Email: enquiries@identitycommissioner.gsi.gov.uk

N.B. using a UK Government .gsi.gov.uk email address means that any email correspondence to the Identity Commissioner e.g. a "leak" or a complaint from a Home Office or Identity and Passport Service whistleblower or a complainant, could be tracked and intercepted, without any need for any RIPA authorisations at all.

The Identity Commissioner should publish a PGP Public Encryption Key, to help establish a secure channel for whistleblower leaks and complaints, which the Home Office should not be tempted to try to snoop on. This would also demonstrate to the public that the Identity Commissioner understands some basic data security, privacy and personal anonymity issues, which are relevant to the National Identity Scheme.

Website: http://www.identitycommissioner.org (why is this not a .UK registered domain name ?)

Office of the Identity Commissioner - Annual Report 2009 (PDF - 179Kb)

See the cross party NO2ID Campaign for powerful opposition and analysis of this wretched scheme.

Some highlights from this "Annual" report, which only covers the last 3 months of 2009:

His latest domain name registrar and web hosting company , the giant Network Solutions has censored the entire site by removing the cryptome.org and cryptome.com domain names from their DNS, and placing the domain under a "Legal Lock", after having been served with a Digital Millennium Copyright Act (DMCA) takedown notice, alleging copyright infringement of a Microsoft document.

Domain ID:D7496146-LROR
Domain Name:CRYPTOME.ORG
Created On:25-Jun-1999 14:58:29 UTC
Last Updated On:24-Feb-2010 18:47:18 UTC
Expiration Date:25-Jun-2011 14:58:29 UTC
Sponsoring Registrar:Network Solutions LLC (R63-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT HOLD
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED

There is no excuse for censoring thousands of other web pages, from a major website, simply because there is a civil legal dispute (this is not a criminal matter) regarding one of them.

You can read the full story and other cryptome.org content via

http://cryptome.org.uk/

which currently points to

http://cryptomeorg.siteprotect.net/

This sort of censorship, without any fair trial in Court, is exactly the sort of thing we have to fear from disgraced, unelected, Labour Cabinet Minister Peter Mandelson's wretched Digital Economy Bill - see the Open Rights Group for the latest news on this.

UPDATE:

We are happy to report that the censorship of Cryptome.org has ended, after less than 24 hours.

The disputed document is again available:

http://cryptome.org/isp-spy/microsoft-spy.zip Microsoft Global Criminal Spy Guide February 20, 2010 (1.6MB)

This probably now out of date document (circa 2008) is full of strange concepts for United Kingdom "Communications Service Providers" with mention of Subpoenas or Warrants signed by Judges etc.

None of these apply here in the UK where such Communications Traffic Data is automatically requested via the "Single Point of Contact" using the Regulation of Investigatory Powers Act 2000 and Data Protection Act 2000 section 29 requests

Such requests / demands are self authorised in secret by the hundreds of government organisations with the power to do so.

We suspect that Microsoft and other US based ISPs would be horrified by the European Union and United Kingdom governments' mandatory Data Retention laws, which require data log file retention for a year.

There is a confirmatory nugget of information in the document:

4. In Site IP/Time/History Row
a. The Site IP/Time/History table is not updated if the user logs in again from the SAME IP address to the SAME Microsoft
site. It only shows the FIRST login of the LAST day for the user, from the same IP and to the same machine.
b. There are many cases where end user IP address is hidden by ISP proxy server. SIS shows the IP address of ISP proxy server, instead of real end user IP address. So for the individual user information you can approach the ISP.
c. The table is limited to only the last 10 MS SITE and IP combinations.

You do know about the Tor onion routing proxy server cloud, don't you ?

Will anyone now "leak" the equivalent policy document for Network Solutions ?

Departmental Internet
Home Department
Written answers and statements, 1 February 2010

Hansard source (Citation: HC Deb, 1 February 2010, c80W)

Chris Grayling (Shadow Home Secretary, Home Affairs; Epsom & Ewell, Conservative)

To ask the Secretary of State for the Home Department how much his Department spent on its website in 2009-10.

Alan Johnson (Home Secretary; Kingston upon Hull West & Hessle, Labour)

The Home Office website is

www.homeoffice.gov.uk

The amount spent on the main site and Home Office sub-sites is forecast to be £762,000 for the 2009-10 financial year.

£762,000 a year !!

The taxpayer is being ripped off ! What exactly are they wasting over three quarters of a million pounds a year on ??

Apart from
www.homeoffice.gov.uk

the sub-sites include:

http://www.crimereduction.gov.uk - Crime Reduction
http://inspectorates.homeoffice.gov.uk/hmic - HM Inspectorate of Constabulary
http://www.ips.gov.uk - Identity and Passport Service
http://www.imb.gov.uk - Independent Monitoring Boards (why is this not paiid for by the Ministry of Justice which is now supposed to be in charge of Prisons)
http://police.homeoffice.gov.uk - Police
http://press.homeoffice.gov.uk - Press Office
http://scienceandresearch.homeoffice.gov.uk - Science and Research
http://security.homeoffice.gov.uk - Security
http://commercial.homeoffice.gov.uk - Supplying the Home Office
http://drugs.homeoffice.gov.uk - Tackling Drugs, Changing Lives
http://www.ukba.homeoffice.gov.uk - UK Border Agency

It is unclear if the supposedly independent Agencies, Quangos and NDBPs pay for their own websites out of their own, separate Home Office budgets or not. e.g. the Association of Chief Police Officers, the The Association of Chief Police Officers in Scotland , the Security Service MI5, the Office of the Chief Surveillance Commissioner etc. etc.

The Press sub-website in particular is useless. It simply does not provide an up to date or even out of date but complete archive of even Home Office Press releases sent by email and fax to the mainstream media.

We were astonished by how little work the >over 64 staff in Home Office Press Office appear to do, if you go by their online web (in)activity.

We suspect that 60 Press Officers produce rather more than the meagre one or two Press releases a week which appear on the Press or Main home Office websites.

Surely the Home Office does not treat Press releases as if they were national security secrets ?

Unless and until they publish all their Press release, Media Briefings, "lines to take" etc. on their website, in an easily searchable format i.e. HTMl web pages, RSS aggregation feeds etc., then they will always be seen as trying to spin / manipulate the media and to always be dishonestly hiding something from the public.

See our Freedom of Information Act request of just over a year ago:

Home Office: Press Office output for week of Mon 9th Feb 2009 ?

All the other sections of the Home office website , are also very static, and the existing documents could be published and indexed automatically from the Microsoft Office originals, for virtually no extra cost at all.

We repeat - what exactly are they wasting £726,000 a year of our money on ?

Retired UK Ambassador Charles Crawford points out, on his blogoir blog, the difference between faked or cloned UK Passports, and fraudulently obtained genuinely issued ones:

Hamas Killing: Cloned Or Fraudulent Passports

1 Real blank passports, misused: in secure British government locations in the UK and overseas are piles of 'blank' passports in serial number order, waiting to be issued. Procedures are in place to check regularly that the stocks of blank passports match the lists of passports printed and despatched to each location to await issue.

I have done some of these checks myself in Embassy strong-rooms. It would be relatively easy for a corrupt UK official to steal a few of these blanks to pass on to gangsters/KGB/Mossad, but the risk of detection would be very high since sooner or later it would be spotted that issuing numbers were out of sequence with stock-lists and production/despatch-lists.

2 Real passports of real people, misused: the killers could have managed to get hold of real, properly issued passports of real people and alter and then use them for their own purposes. This would have to be done very well for it not to be detected, although having observed for myself the meticulously microscopic and ingenious efforts of teenage boys to alter dob on ID cards to win under-age access to Warsaw nightclubs, that presumably is no problem. The original owners would have to be left with an almost perfect copy of their passports to avoid suspicion. Too complicated?

3 Fake passports of real people, original identities kept: the killers borrowed a number of real passports of real people, then copied and altered them for their own purposes but retained the purported identity of the original owners. If that was done in this case, why would the serial numbers be incorrect?

A day after Dubai police announced the names of the Irish suspects as Gail Folliard, Evan Dennings and Kevin Daveron, a spokesman for Ireland's Department of Foreign Affairs said: "We are unable to identify any of those three individuals as being genuine Irish citizens.

"Ireland has issued no passports in those names."

The passport numbers had the wrong number of digits and did not contain letters as authentic passports do, he added.

4 Fake passports of real people, new identities: the killers took a number of real passports of real people, then copied and altered them for their own purposes but added new names and manipulated the photographs to create new identities.

Some combination of 1-4 above: maybe this was done for operational reasons (a hurried job, and/or the killers could not acquire enough passports in any one category and/or wanted to mix 'n' match to reduce the risk of detection and/or later muddy the waters).

Charles Crawford's points apply equally well to the older non-biometric Passports, which were apparently used in Dubai, as well as to the newer International Civil Aviation Organization (ICAO) compliant "biometric" ones, since these only currently contain a digitised image of the passport photograph and what is written on the face of the passport, and do not yet contain any fingerprint or iris scan biometric identifiers.

Facial Recognition is pretty useless at a passport control checkpoint, where there are lots of variations in ambient lighting etc. The UK Passport Service and some other foreign government equivalents do try to use it on their centralised digitised Passport Photo databases (which is why there are stupid rules on the size of such photos, in which you are now forbidden to smile), to try to spot obvious multiple applications in different names, but this is hardly an infallible automatic system - it needs plenty of experienced human facial recognition effort as well.

Prime Minister Gordon Brown has mumbled something about an "urgent inquiry" into the affair, although we suspect that he is secretly pleased at the further embarrassment of his potential rival for the leadership of the Labour party, the useless Foreign Secretary David Milband, whose Jewish family background does not seem to have helped the UK in diplomatic relations with Israel..

According to The Guardian, it seems that the Serious Organised Crime Agency (SOCA) is responding to Mutual Legal Assistance (MLA) requests from the Dubai police and Interpol, regarding the UK Passports in question.

SOCA inherited the role of being the first port of call for foreign MLA request from one of its now defunct predecessor organisations NCIS (the National Criminal Intelligence Service, not to be confused with the popular TV action drama about the US Naval Criminal Investigative Service).

However, in spite of their secrecy and lack of public accountability, SOCA are unlikely to progress very far with what should perhaps be a counter-intelligence or counter -terrorism investigation, neither of which are their areas of frontline expertise.

The media coverage of "fake" or "stolen" UK "identities" reminds us of our Freedom of Information Act Request to the Metropolitan Police Service (rejected on the spurious grounds of requiring a "real" name !)

Operation Maxim - breakdown of statistics of United Kingdom versus Foreign passports seized

It is interesting that our opinions are supported by the majority of people questioned for this representative opinion poll, who are worried and mistrustful of the Government and others who snoop on them routinely and unnecessarily, but that is not something to celebrate.

Over the past 19 years, the JRRT has commissioned regular State of the Nation polls.

The 2010 poll found:

• 53 per cent of those asked thought ID cards a bad or very bad idea, compared with only 33 per cent who opposed them in the 2006 poll.
• The numbers also rose for people worried about the government holding data on them, from 53 per cent to 65 per cent.

[...]

Contrary to what people in the Home Office might like to think, this latest State of the Nation poll shows that the public have now made up their minds about ID cards - and they think they're a bad idea.

"And it's not just ID cards. Across the board, we have found people are becoming increasingly hostile towards any government initiative that involves collecting, storing and sharing their personal information.

Concerns about civil liberties, alongside the government's disastrous record in looking after people's data, have contributed to a clear hardening of attitudes against the database state.

"It's no surprise therefore that a demand to scrap ID cards and roll back the database state is one of the most popular issues being voted on at www.power2010.org.uk/vote - and look set to be a central part of our major nationwide campaign at the next election

'People are worried by the power of the state. They want more say in the decisions that affect them, their families and their communities. And they want a stronger Parliament that can hold government to account.

The specific questions asked, and the summary results of the poll are available below, and, eventually, on the JRRT and Power 2010 websites:

]]> http://p10.hostingprod.com/@spyblog.org.uk/blog/2010/02/20/jrrt-state-of-the-nation-opinion-poll-on-privacy-and-the-database-state---we-are-unha.html http://p10.hostingprod.com/@spyblog.org.uk/blog/2010/02/20/jrrt-state-of-the-nation-opinion-poll-on-privacy-and-the-database-state---we-are-unha.html Sat, 20 Feb 2010 16:25:04 +0000

Power 2010

POWER2010 is funded by the Joseph Rowntree Charitable Trust and the Joseph Rowntree Reform Trust and supported by a wide range of individuals and organisations.

This cross party political campaign is actually gathering feedback from the public, as to what needs to be changed in the smug, complacent, incompetent, borderline corrupt and cruel British political system.

The current unpopular and inept Labour government is still trying to pretend that they are somehow "great reformers", with the weedy Constitutional Reform and Governance Bill, which has been hijacked by the MP's expenses scandal, thereby missing the opportunity for some real reforms.

The five most popular ideas following the vote will become the POWER2010 Pledge and the focus for our nation-wide campaign at the next election.

Election campaign

The aim is for as many people as possible to sign the Pledge and then take it to the candidates in their constituency, by writing to them, calling them, and attending local hustings, public meetings and MPs' surgeries.

Hopefully the issues which make it onto the Power 2010 Pledge list will be used to influence the mainstream media agenda and to pin down the detailed policies and promises of individual prospective candidates and political parties in the forthcoming General Election, and to punish them at the ballot box, if they are evasive or fail to come up with sensible arguments against these ideas.

There is still time (voting closes in a couple of days on 22nd February) to register your online vote for:

Why is there any need for regulation in this area at all ? The existing Acceptable Use Policies of all UK website operators, for example, already means that there are no public "terrorist websites" operating from servers within the United Kingdom.

If the intention is to somehow stop impressionable people from falling into the clutches of terrorist recruiters, then this is already as effective as it will ever be.

If people are already moving within extremist circles, then private websites, especially those hosted abroad, are beyond the competence and legal jurisdiction of the Home Office or the UK Police.

Any attempts to "disrupt" these systems, such as those hosted in, say China, could easily be interpreted as "cyber war", which would damage the UK economy far more than the slight, temporary effect that "disruption" of such sites would have on the terrorists. It would also remove the opportunity for covert surveillance of such "honeypots" for intelligence gathering purposes.

It now turns out that this inept Labour Government's scaremongering and controversial Terrorism Act 2006 section 3 Application of ss. 1 and 2 to internet activity etc.. internet censorship powers, which relate to section 1 "Encouragement of terrorism" and / or section 2. "Dissemination of terrorist publications", have never actually been invoked.

HL Deb, 10 February 2010, c168W

Terrorism: Internet
House of Lords
Written answers and statements, 10 February 2010

Baroness Warsi (Shadow Minister (Community Cohesion and Social Action), Communities and Local Government; Conservative)

To ask Her Majesty's Government how many times the police have used powers under section 3 of the Terrorism Act 2006 to seek the removal or modification of unlawful terrorist-related material from the internet in each of the last six months.

Lord West of Spithead (Parliamentary Under-Secretary (Security and Counter-terrorism), Home Office; Labour)

The Home Office and ACPO (TAM) have set up a new unit, the Counter Terrorism Internet Referral Unit (CTIRU), which was launched in a pilot capacity on 1 February 2010. The CTIRU is responsible for the co-ordination and execution of voluntary and Section 3 take-down notices. Further details on the CTIRU, including statistics regarding take-downs, will be available in due course.

To date, the preferred route for removing potentially unlawful terrorist content is through informal contact between the police and the internet service provider. This approach has proved effective. As a result, it has not been necessary to use the formal powers given under the Terrorism Act 2006 to seek the removal or modification of unlawful terrorist-related material from the internet.

Note the creation of Yet Another Unaccountable Bureaucratic Quango, the Counter Terrorism Internet Referral Unit (CTIRU)

The legal powers under the Terrorism Act 2006, were, typically, and totally unnecessarily, made available to any Police Constable, no matter how ill trained, or ignorant of the internet or of free speech or religious freedom issues.

Why did the original legislation not restrict these legal power only to members of a properly trained unit, dedicated full time to the task, as, hopefully the CTIRU now is ?

Before the Terrorism Act 2006, UK based internet and telecommunications companies always cooperated voluntarily with the Police, and they appear to have done so since.

Before the Terrorism Act 2006, foreign based internet companies had no obligation to cooperate and neither do they now.

What was the point of it all ?

Why not simply repeal this Act, with no loss in effectiveness whatsoever against real terrorists, and thereby nullifying somewhat, the propaganda victory which these repressive powers handed to the terrorists ?

Digital Economy Bill 2009 seeks to crush UK Internet Domain Registry industry with bureaucratic red tape and unfair legal costs

was almost correct in its analysis of just how appallingly badly draughted clauses 18 to 20 of the notorious twice disgraced, unelected, Labour Minister Mandelson's Digital Economy (destruction of) Bill was, as originally published:

HL Deb, 26 January 2010, c1394

Digital Economy Bill [HL]
House of Lords debates, 26 January 2010, 9:15 pm

Lord Young of Norwood Green (Government Whip (technically a Lord in Waiting, HM Household); Labour)

[...]

I turn to the amendments in question. Following representations made by the industry, the Government realised that the scope of the domain name provisions in the Bill could have unintended consequences.

Unintended Consequences of proposed legislation, which obviously damages the UK Economy, should be a Resignation Matter for this incompetent Labour Government's First Secretary of State, Secretary of State for Business, Innovation and Skills, President of the Board of Trade i.e. the pompously titled Peter Mandelson - Baron Mandelson, of Foy in the County of Herefordshire and of Hartlepool in the County of Durham.

Having so many newly created long titles does not mean that anyone should show any respect or deference to this scheming "champagne socialist" Labour politician, who appears to spend more time enjoying the luxury hospitality of dodgy foreign billionaires, than that of to his supposedly "working class" Labour supporters.

Specifically, the definitions in Clause 18 as currently drafted would bring any organisation or company in the UK that runs its own name server within the scope of the powers-that was not intended.

We did not initially spot the enormous significance of this, but thankfully other people did in time !

This would have meant hundreds of thousands of companies, organisations and individuals who run their own Domain Name Servers, even just for their own private networked computers not directly connected to the internet, being defined as a "domain name registry".

Similarly, the UK-based domain name registry operations of some third countries are also caught. Again, that is not what the Government had in mind when they proposed this draft legislation.

We certainly spotted this evil aspect of the Bill, which would have forced or encouraged these companies to flee from the United Kingdom to less bureaucratic, less potentially legally risky legal jurisdictions, almost anywhere else in the world.

This would also have lead to expensive international court cases, and probably trade sanctions against the UK, due to what would be seen as the UK Government's attempt to nationalise the intellectual property of foreign sovereign countries, whose top level internet domain names are just as important to them, as the .UK name space is to us.

It is still very wrong, that the Bill still includes the concept that a Manager appointed by Mandelson or his successors, supposedly in circumstances to defend a crisis affecting the national security of the entire UK digital economy, is to have his arbitrary fees paid for by the "property" of the domain registry on which he has been inflicted. This includes the legal costs of any Court action taken by the domain name registry against the Government or its appointed Manager "cuckoo", a process which is , effectively, nationalisation by the Government.

If these legal powers are, as claimed, really only reserve powers for times of national crisis, then they should be paid for by the public purse. What else are the Government's emergency financial reserves meant to be used for ?

The threat of such an unknown potentially very expensive financial burden is, thankfully, now much reduced, because the Government has yielded to the furore which it's incompetent Clauses 18 to 20 has stirred up, by adding the word "qualifying" in front of "domain name registry" or "registry".

In theory any company or organisation or individual could still be designated as "qualifying", but this would be much more likely to be successfully legally challenged, than the original, universal without exception, wording.

Another example of the clueless incompetence, or the last minute rush, of the original draughting of this Bill is the fact that the Government has also had to amend the wording "internet portal addresses" to "internet protocol addresses" !

See the Tech and Law blog for a marked up copy of the Digital Economy Bill. showing the changes from the original

Why is British legislation not always marked up with such changes like this officially ?

there are still plenty of other controversial aspects of this Digital Economy Bill, centered of Copyright and the collateral economic and social damage to families and businesses likely to be caused by the unfair internet disconnection enforcement measures vaguely outlined in the Bill.

These are likely to breach various fundamental human rights see Lillian Edwards Open Rights Group blog entry HL Committee on the Digital Economy Bill.

Given the recent European Court of Human Rights judgement about the controversial and widely abused Terrorism Act 2000 section 44 "stop and search" without "reasonable suspicion" legal powers, and, without any measurable positive effect on terrorism, we think that the Home Office and the Information Commissioner's Office are both very wrong in their decision to refuse our modest Freedom of Information Act request.

See European Court of Human Rights Judgment against the Terrorism Act 2000 section 44 stop and search without reasonable cause powers

More comments on this Decision Notice soon, when we have some feedback from our expert friends.

Reference: FS50198733

Information Commissioner's Office

Freedom of Information Act 2000 (Section 50)
Decision Notice Date: 8 February 2010

Public Authority: Address:
The Home Office
Seacote Building
2 Marsham Street
London
SW1P4DF

[...]

Summary

---

The complainant requested copies of all Authorisations for the power to stop and search issued under the Terrorism Act 2000. During the investigation, the request was refined as being for certain information contained within those Authorisations.

The public authority refused to release any information citing the exemptions at section
23 (Information supplied by or relating to, bodies dealing with security matters), section
24 (National security) and section 31 (Law enforcement). The complainant did not contest any information withheld by virtue of section 23.

The Commissioner's decision is that the exemption at section 24(1) is engaged and that the public interest in maintaining the exemption outweighs the public interest in disclosure. He finds that this exemption applies to all the remaining information sought by the complainant so the exemption at section 31 has not been further considered.

The Commissioner has also identified procedural breaches which are outlined in the Notice below. The complaint is therefore partly upheld.

[...]

59. As cited in paragraph 34 above, "... 'national security' means the security of the United Kingdom and its people". The Commissioner is of the opinion that releasing the requested information would cause specific and real threats to national security. He believes that the information could be used by terrorists to support and influence their activity. He therefore believes that any advantages gained by further informing the public would be significantly outweighed by the factors for protecting the public by maintaining the exemption. The complaint is therefore not upheld.

60. As the Commissioner finds that all of the remaining requested information (to
which section 23 does not apply) is exempt by virtue of section 24(1) he has not gone on to consider the exemption at section 31(1 )(a), (b) and (c).

[..]

The decision

---

66. The Commissioner's decision is that the public authority dealt with the following elements of the request in accordance with the requirements of the Act:

• the requested information was properly withheld under the exemption at section 24(1) of the Act.

67. However, the Commissioner has also decided that the following elements of the request were not dealt with in accordance with the Act:

• in failing to provide a response compliant with section 1(1 )(a) within 20 working days of receipt of the request, the public authority breached section 10(1);
• in exceeding the statutory time limit for providing a response the public authority breached section 17(1).

Steps required

---

68. The Commissioner requires no steps to be taken.

Other matters

---

69. Although they do not form part of this Decision Notice the Commissioner wishes to highlight the following matters of concern.

[...]

Information Notice

75. During the course of his investigation, the Commissioner has encountered considerable delay on account of the Home Office's reluctance to meet the timescales for response set out in his letters. The delays were such that the Commissioner found it necessary to issue an Information Notice in order to obtain details relevant to his investigation.

76. Accordingly, the Commissioner does not consider the Home Office's approach to this case to be particularly co-operative, or within the spirit of the Act. As such he will be monitoring the authority's future engagement with the ICO and would expect to see improvements in this regard.

[...]

Download the OCR / edited text of FOIA Decision Notice FS50198733 as a Rich text Format document.

ICO Decision Notice FS50198733 (.rtf)

Europe moves to curtail US data snooping rights

Free access to financial data may end

By John Oates

Posted in Government, 5th February 2010 15:56 GMT

The European Commission has opened a public consultation on whether the US government should continue to get free access to European bank and financial data under the SWIFT agreement.

The US claims it needs access to our bank accounts in order to fight terrorism - it has had free access since shortly after 11 September 2001. But the Civil Liberties Committee of European MPs yesterday recommended the Parliament reject renewal of the treaty; MEPs only recently got powers over external treaties.

This may sound like just hot air from Brussels, but the treaty is up for a vote next Thursday. MEPs want the data protected in the same way as it would be in Europe.

[,,,]

So when a US firm brings data out of Europe it must still follow EU law. This is now extended so that the data is passed on to an outsourcer, that company must also follow EU law.

The consultation documents are here. You have until 12 March to have your say.

Actually, that European Commission Consultation document is much wider and more general and applies to any data transfers involving Governments / national security / transnational border crime investigations etc:

Consultation on the future EU-US international agreement on personal data protection and information sharing for law enforcement purposes [69 KB .pdf]

Consultation on the future EU-US international agreement on personal data protection and information sharing for law enforcement purposes [25 KB .doc]

• If you are answering this consultation as a citizen, please click here to submit your contribution.
• If you are answering this consultation on behalf of an organisation, please click here to submit your contribution.
• If you are answering this consultation on behalf of a public authority, please click here to submit your contribution.

[...]

Responsible service:

Directorate-General for Justice, Freedom and Security
Unit A2 - External relations and enlargement

E-mail: JLS-CONSULT-DP-AGRM@ec.europa.eu

Postal address :

European Commission
Directorate-General for Justice, Freedom and Security
Unit A2 - External relations and enlargement
B - 1049 Brussels

From the metadata of these documents, the author is listed as our old friend Jonathan Faull (.pdf), Director General of the European Commission's Justice, Freedom and Security department since 15 March 2003, with whom we have corresponded in the past

See our blog category archive EU Plans for internet censorship

The Questions which are asked in this short consultation document, are all well and good, provided that they are actually Answered and Implemented properly.

However, there are a few important Questions which are missing - notably in the areas of:

• mandatory Data Security Breach Notification and Public Reporting,
• mandatory use of strong Encryption to protect such data transfers in transit and storage,
• the principle of Data Minimisation,
• Data Retention and Destruction policies,
• applying the same principles and protections for transfers between countries within the European Union as between any EU state and the USA,
• the publication annually of how much public money is being spent on such data transfers, so that we can gauge whether they are cost effective or not.

See our comments below: