Spy Blog - SpyBlog.org.uk

Protection of Freedoms Bill: CCTV / ANPR regulation at last, but not for National Security or on Motorways etc.

Sat, 12 Feb 2011 09:20:19 +0000

There is a lot to digest in the Conservative / Liberal Democrat coalition government's

which seeks to undo some, but not all of the damage inflicted on our freedoms and liberties and on the public purse, by years of neglect, bureaucratic red tape, technological and financial incompetence and the authoritarian "Must Pretend To Be Seen To Be Doing Something To Appease The Tabloid Newspapers" legislation and schemes dreamed up by discredited previous Labour government politicians and their "revolving door" apparatchiks and bureaucrats.

Hopefully, if time and other commitments permit, Spy Blog will try to comment on most of the provisions of this Bill.

An acid test of the Labour party since its election defeat will be how it scrutinises and enhances our freedoms and liberties through its Parliamentary scrutiny of this Bill. If it cannot even identify the weaknesses in this Bill and cannot successfully press the Government for positive changes, or it simply moans about "cuts" or just parrots the authoritarian lines fed to it by the control freaks hiding in the secrecy of Whitehall, then it will continue to be an object of hatred and derision. Given the make up of the Shadow Cabinet, the prospect of anything but dismal failure by the Labour party is slim.

Spy Blog originally started out online in 1996 (under the then Tory government) campaigning for a level playing field of legally enforceable, national regulations and standards for the even then unacceptable growth in unregulated CCTV surveillance cameras intruding on personal privacy and security in public and private spaces.

Although many years too late, it is welcome to see a start in this direction with the Statutory Code of Practice / Surveillance Camera Commissioner scheme proposed in the

Protection of Freedoms Bill Part 2 Regulation of surveillance Chapter 1 Regulation of CCTV and other surveillance camera technology

CCTV is not just about cameras but about linked Databases and Software

This Bill fails to acknowledge the fact that Closed Circuit Television is no longer just about Analog CCTV surveillance cameras and VHS analog tape recordings, but it is mostly about Digital Cameras and cross referenced, cross linked Computer Databases and Telecommunications Infrastructures. They also now work in multiple parts of the electromagnetic spectrum, not just in the visible light part of it.

The Code of Practice and the Surveillance camera Commissioner should have powers and budgets to deal with complaints and abuses about these technologies, which are already available or under development today.

There is a mention of one form of Software enhancement ot CCTV surveillance, that of Automatic Number Plate recognition, but other attempts at Software enhancements such as Facial Recognition databases, Lip Reading software (which can snoop on conversations out of earshot but in sight) , Gait biometrics (how individual people walk or run) , multi-spectral e.g. thermal Infra Red imaging (e.g. snooping on private houses, from the road or from the air, which seem to be radiating "too much" heat, and then kicking the door in, searching for illegal cannabis growing hydroponics systems) are ignored.

There is no mention of the various "See through Clothes" / "See through walls" spy camera imaging systems, which must also be nationally regulated.

Statutory Code of Practice does not cover all public bodies

Although it applies to Local Authorities , Police Forces and Police Authorities, this Bill does not apply to Whitehall Central Government Departments or their Agencies .

Why not ?

Surely the Bill, which specifically mentions Automatic Number Plate Recognition (ANPR) should also apply to the Highways Agency and the profusion of cameras and public and private sector ANPR systems e.g. the thousand of TrafficMaster ANPR cameras, on Motorways and A roads, as well as those operated by Local Authorities on minor roads ?

Motorway Road Works now routinely use SPECS camera systems to enforce the 50 mph speed limit, by taking ANPR images of all vehicles entering and leaving the road works and then calculating the average speed over the measured distance. What happens to the millions of such images taken each year, logging the time and date and location of millions of innocent motorists. Surely these should not be excluded from regulation by this Bill, because they are not operated by either the Police or a Local authority but by the Highways Agency ?

Transport for London controversially hands over all of its CCTV footage, from the London Congestion Charge and London Green Emissions Zone ANPR cameras, video feeds from its Traffic Cameras and from those on the London Underground "In real time, in bulk" to the Metropolitan Police for "national security" secret data mining and trawling, not just for any specific, targeted investigation. The notorious Labour Home Secretary Jacqui Smith signed a Ministerial Certificate exempting this data from the Data Protection Act. Why does this Bill not correct that vast extension of the Database Surveillance State ?

What about the CCTV / ANPR within the National Health Service or in Schools or Universities ?

What about Private Sector properties which are actually public or semi-public spaces like shopping centres, sports arenas , cinemas or theatres etc. ?

What about Factories and Offices and other private sector workplaces ?

Why are any of these CCTV / ANPR systems exempt from this Bill ?

National Security

There is no mention of the use or abuse of CCTV and ANPR Cameras and databases by the Intelligence Agencies or the Military Armed Forces.

National Security must not be glossed over or left to an obscure section in the the as yet unwritten Code of Practice.

There should be explicit provisions in the text of the Bill for authorising the temporary use of CCTV cameras and ANPR systems for "national security" directed or intrusive surveillance.

Where there are permanent "national security" CCTV / ANPR systems e.g. at Airports or Sea Ports and Fright Container Terminals etc. , they must be regularly inspected and reported on. If they are to act as a deterrent to criminals, spies and terrorists. The Surveillance Camera Commissioner must publish annual statistics as to their effectiveness.

If this highlights potential weaknesses and failings e.g. CCTV systems which are poorly maintained due to "budget cuts", a fact which which may conceivably be "of use to a terrorist" etc., then so be it.

It should be the duty of those running such systems to ensure that there is adequate management resources and budgets to tighten up any such loophole as son as they are found. Keeping them secret from the public, but almost certainly not secret from insiders and terrorists or espionage agents, is the worst possible way of running such schemes and any managers of such schemes should be named and shamed and prosecuted for misfeasance in public office if they persist in doing so.

Any such "national security" permissions should only be temporary and should have to be re-applied for and re-authorised every 6 months, just like RIPA interception warrants.

Remember that the controversial Project Champion ANPR / CCTV system involving the planned use of hundreds of cameras to create an electronic ghetto / political activist mass surveillance monitoring scheme, in a couple of areas of Birmingham with a large Muslim minority (but also snooping on the innocent majority of people of all religions and races) . This was a "counter terrorism" funded scheme which was sneaked in as a supposed "normal policing" anti-crime measure, inflicted on the local Police and Local Authority.

These extra "national security" scrutiny provisions should also apply to any systems commandeered or volunteered for use for "national security" purposes which are not wholly owned or operated by the Police or the Intelligence Agencies e.g. by Local Authorities or by private sector security monitoring companies.

Surely the Surveillance Camera Commissioner should have to give his temporary permission for any such, hopefully more narrowly targeted schemes ?

See Through Your Childrens' Clothes Imaging Cameras

See through your clothes passive millimetre wave or Backscatter X-ray or TeraHerz or Ultra Wide Band imaging systems should also be covered by this Bill - they certainly produce CCTV style images.

The use of such "see through your children's clothes 'perv scanner'" technologies should be confined to high security areas like Prisons and not permitted as general snooping systems, especially not in secret, on the public (including children) in the street.

There should be criminal penalties for such abuse.

Aerial Reconnaissance drones

The Surveillance Camera Commissioner must also have powers to regulate to prevent the abuse of the ever cheaper Aerial Reconnaissance drones and robot devices, which are being hyped up in the run up to take a share of the massive London 2012 Olympic Games security budget.

Surveillance Camera Commissioner

The role of the Surveillance Camera Commissioner appears to be the usual "jobs for the boys" sinecure based on the failed attempts to pretend that there is proper public scrutiny of the sometimes necessary state intrusions into our privacy, thorough the RIPA Commissioners, and without even the limited power and budget of the Information Commissioner.

Even the experienced and cynical observers of the UK Surveillance Database State who are regular readers of Spy Blog have difficulty in even naming, let alone trying to contact any of these secretive UK Commissioners.

These RIPA Commissioners may well be excellent people, former High Court Judges, but their roles and powers are deliberately crippled and they do not inspire any confidence amongst the general public, most of whom have never heard of them, let alone know how to contact them, a useless waste of time, since they refuse to deal with complaints from the public.

The Surveillance Camera Commissioner should be given the budget and manpower to employ technical experts as well as administrators and lawyers. The failure to do so has crippled the effectiveness of the Information Commissioner's Office, so this should not be repeated in this new role.

The Surveillance Camera Commissioner must be given the resources to interact with the public and have the power to investigate their complaints. The failure to do this has been a major failing of the RIPA Commissioners scheme i.e. the Interception of Communications Commissioner, the Chief Surveillance Commissioner, and the Intelligence Services Commissioner .

It is unclear what overlap and rivalry there will be between the Surveillance Camera Commissioner, the Chief Surveillance Commissioner, the Intelligence Services Commissioner and the Information Commissioner.

It is extraordinary and hypocritical that whilst another section of the Protection of Freedoms Bill relaxes the control of the Secretary of State / Whitehall department over the budgets and staff approval of the Information Commissioner's Office, yet that outdated model is exactly what is being proposed for the new Surveillance Camera Commissioner, thereby fatally compromising the independence and trustworthiness of the office right from the outset.

The Protection of Freedoms Bill should explicitly include the Surveillance Camera Commissioner as a public body under the Freedom of Information Act, for precisely the same reasons as the Information Commissioner's Office is already subject to it - it meets all the criteria for inclusion in the List of Public Bodies as it will have been set up by an Act of Parliament.

It is an ongoing scandal that the RIPA Commissioners , who have also been created by an Act of Parliament are still not yet classed as Public Bodies for the purposes of the Freedom Information Act.

Why has this Protection of Freedoms Bill not corrected this bit of authoritarian Labour party / Whitehall smoke and mirrors ?

Central registration of CCTV camera systems

One of the stupidest wastes of Police resources is the never ending scramble, going door to door, to find and then "seize as evidence" any CCTV camera footage in a particular area, after a high profile assault, rape, murder, kidnapping or terrorist attack.

Such footage is less and less useful, as time passes after the incident, so any delays in finding such footage are critical.

In a country where every receive only Television set has to have an Annual Television Licence fee paid, it is very surprising to many foreign visitors, that the CCTV camera snooping systems require no such Fee and no local or national registration,

Why does this Bill not mandate the creation of such Local CCTV registers, through the simple inclusion of any CCTV camera system on the exterior of any building, as part of the Local Authority Planning process, which already covers the erection of signs, ventilation pipes and Satellite dish aerials etc. of a similar size and visual impact as CCTV "Death Star" domes ?

Why is there no mandatory (or even suggested) Data Retention period for CCTV video footage, before it is overwritten on tape or on magnetic disk ? It would be trivial to insist on this as part of the CCTV Licence Application, provided that different classes and sizes of systems were sensibly accommodated. A home security CCTV system should not be expected to hold weeks or months of images online, whilst that run by the Police in a City Centre should have the budget to do so.

Census 2011 - snooping on your place of work, even if you are a secret agent etc.

Wed, 09 Feb 2011 07:39:53 +0000

The Census 2011 media hype is starting to ramp up with this Press Release:

Employees need to know their workplace postcode

where the Office for National Statistics reiterate their bureaucratic desire to snoop on your job / workplace address.

The Census 2011 Questions for England and Wales (.pdf) demand answers about "availability for work" in the past month, treating everyone as if they were all signing on to the dole at the local "Job Centre". They also ask:

33 In your main job, are (were) you:

an employee?

self-employed or freelance without employees?

self-employed with employees?

34 What is (was) your full and specific job title?

35 Briefly describe what you do (did) in your main job.

36 Do (did) you supervise any employees?

Yes

No

37 At your workplace, what is (was) the main activity of your employer or business?

38 In your main job, what is (was) the name of the organisation you work (worked) for?

Write in the business name
Or tick: No organisation, for example, self- employed, freelance, or work (worked) for a private individual

[...]

40 In your main job, what is the address of your workplace?

Write in the address. If you work at or from home, on an offshore installation, or have no fixed workplace, tick one of the boxes below

Mainly work at or from home

Offshore installation

No fixed place

These will not be contentious questions for many people, but for tens of thousands of people, the existence of such a National Database will represent a threat to their personal security or a threat to national security.

The Census 2011 Personal Information data is only Protectively Marked to almost the lowest category i.e. RESTRICTED, but such information like the entire listing of the Names, Date of Birth, Home Addresses, relationship details of Family Members, Job Titles, Employer's Name, Address, Postcode should be classified as SECRET or even TOP SECRET, when it applies, as it does to all UK based members of groups like:

MI5 Security Service
MI6 Secret Intelligence Service
GCHQ,
DIS Defence Intelligence Staff
Special Forces like the SAS
Military personnel
Police Officers
HMRC investigators
Serious Organised Crime Agency officers
Prison Officers
Judges
Prosecutors
Undercover Confidential Human Intelligence Sources
People living under Witness Protection Schemes
Women hiding from their abusive or violent partners or stalkers
Key personnel who have access to the controls to the Critical National Infrastructure e.g. senior staff at a nuclear power station etc.
Pharmaceutical Research and Development scientists harassed by animal extremists.

All of these groups and others, normally attempt to keep their Home Addresses or the fact that they work for a particular organisation secret, due to real or imagined threats to their personal security.

The insistence by the ONS on a Job Titles, Employers Address, Location(s) and Post Code(s) etc. effectively tags such personnel to foreign intelligence agencies, crime gangs, terrorists and to stalkers within the bureaucracy..

e.g. Postcodes for

GCHQ at Cheltenham, Gloucestershire - GL51 0EX
MI5 the Security Service at Thames House, London - SW1P 1AE
MI6, Vauxhall Cross, London, SE1 1BD
Sizewell B Nuclear Power Station, Suffolk, IP16 4UR
Huntingdon Life Sciences research laboratories, Alconbury, Cambridgeshire - PE28 4HS

These Census 2011 Questions even fall foul of the former Labour government's controversial "thought crime" legislation e.g.

Terrorism Act 2000 section 58 Collection of information

and

Terrorism Act 2000 section 58A Eliciting, publishing or communicating information about members of armed forces etc

This applies to current and former members of the armed forces, police constable and members of the intelligence services, even ones who have been dismissed from service.

Astonishingly, Section 58A is not going to be amended or repealed as promised before the General Election, according to the Conservative / Liberal Democrat Coalition Government's Review of counter-terrorism and security powers

Section 58A is as yet untested in the Court, however section 58 has been used to send several people to prison who had only collected some personal Information about one single soldier, so it must also apply to those who seek to collect, collate and concentrate such "potential death list" data on all of the people in the UK whose occupations put them and their families at real or imagined risk of violence from foreign spies, serious organised criminal gangs or terrorists.

Both sections have a "reasonable excuse" defence, but that only comes into play after your life has been ruined by being arrested (possibly at gunpoint in a dawn raid, where there is a real risk of getting shot), photographed, fingerprinted and DNA sampled, then charged under Terrorism legislation, thereby blacklisting internationally you for the rest of your life, even if you are acquitted or the charges are dropped.

If the hundreds of thousands of people in the categories listed above are not prosecuted for refusing to fill in a Census Form, or for not filling it in as accurately or as fully as the Office for National Statistics demands, then why should any of the rest of us be forced to do so either, if we feel strongly about particularly intrusive Census Questions ?

The Census 2011 press release:

Employees need to know their workplace postcode

Businesses throughout England and Wales are being asked by the Office for National Statistics (ONS) to make sure that their employees know the postcode of their place of work so that they can record it on their 2011 Census questionnaires in March.

Knowing their workplace postcode is a key piece of information that feeds into the overall picture of life in England and Wales. Details of where people live, where they work and how they travel to their place of employment provide important statistics for transport planning and other strategic decisions.

The address and postcode of the employer is one of a number of questions contained in the census questionnaire about jobs, place of work, hours of employment and methods of travel to work. Answers to these questions help to build a profile of the economy of England and Wales and provide the foundation for other labour market and economic statistics published by ONS.

Note that the ONS makes no provision for simply filling in, say only the first 4 digits of the Post Code, which would be more than adequate for such planning purposes,.

Why should we let them be so unnecessarily intrusive ?

In the 2001 Census, nearly 8 per cent of questionnaires did not include a workplace postcode. In some parts of the country, the figure was as high as 18 per cent and large number of calls were taken by the census contact centre from people who were unsure about their work address.

8 per cent must be about 2 million questionnaires.

How many of those people were prosecuted for not filling in a "workplace postcode" ?

Possibly none of the 38 prosecutions since 2001 were only for this.

Deputy 2011 Census Director, Pete Benton, said, "While everyone is likely to know their own postcode at home, many won't know the postcode of their workplace.

"As well as asking for an employer's name, the questionnaire also asks for an address and postcode. While the internet makes it easier to look it up, not everyone has access to the web so we are asking all employers to make sure that their staff have the right information to enable them to complete this section of the questionnaire."

As well as underpinning the planning of public services, census statistics are also used extensively by the private sector. Information on such things as the skill and age profile of the workforce and where people live can help businesses to decide where to place new offices, factories and other places of work and what training they need provide for their employees.

So that would be the very definition of "excessive data collection" then: the collection of extra detailed information which is not directly relevant to an individual's daily life.

Dr Adam Marshall, Director of Policy at the British Chambers of Commerce said, "Businesses need this information to be able to make the right investment decisions. Census statistics can affect plans for business expansion and new industry, so it is worth making sure staff know their postcodes before completing these surveys.

From a purely selfish, profit centred, perspective, why should an established business make it easier for new competitors to start up, or for old ones to expand ?

All the relevant information about home addresses and work addresses is already known by the Government regarding the vast numbers of people who work in the public sector. Each Government department could collate and anonymise and transparently publish this information about itself on its own website or on a shared transport planning website.

"Having the right transport infrastructure in place is part of this overall picture and something as simple as making sure that your employees know their workplace postcode can really help this process."

Previous Census data has not succeed in producing "the right transport infrastructure", in the past, due to all of the other political and financial factors, so why should it be any different with the Census 2011 ?

There is an unacceptable cost to personal privacy and security, because the Census Questions are too detailed and too intrusive .

Remember, that for the England and Wales Census 2011, there is no longer any guarantee that your Personal Sensitive Information will not be handed over, on pain of up to 2 years in prison under the Census Act 1920, in secret, to a vast array of Government agencies and others, as a result of the wide ranging Exemptions introduced by the former Labour government's Statistics and Registration Service Act 2007 section 39. Confidentiality of personal information

Census Day is 27 March 2011 and more information is available from www.census.gov.uk
-Ends-

For further information, images and interviews:

Press Hotline: 01329 447654

Email: 2011censuspress@ons.gsi.gov.uk

Visit: www.census.gov.uk/2011press

Twitter: www.twitter.com/2011censuspress

Sukey - peaceful protest App without any mobile phone network Communications Data or Traffic Data anonymity

Sat, 29 Jan 2011 23:36:50 +0000

Some University College London students and others, have been trying out their Web 2.0 skillz by producing a smartphone App and Location Based Services web map called Sukey, in support of the student / anarchist protests, which are nominally about the Conservative / Liberal Democrat coalition Government financial cutbacks, due to the appalling state of the economy, which was ruined by the incompetence of the previous Labour government.

"Sukey" is meant to be a pun on the nursery rhyme "Polly put the kettle on, Sukey take it off again"

"Kettling" is the police jargon for the controversial tactic of surrounding crowds of peaceful protesters and preventing them from dispersing and going home for several hours, even when they are fed up with the protest. Demonstrators are also photographed and video surveilled and attempts are made to gather names and addresses from those who are ignorant of their legal rights not to do so unless actually arrested.

Despite making bold claims about the "security" of Sukey e.g. "Sukey is safe" and "Your data is safe with Sukey" here is nothing about any mobile phone anonymity techniques which might pose some problems to securocrats and their automated Single Point of Contact systems for grabbing Communications Traffic Data and Subscriber Details from mobile phone network companies

There is not even any basic advice about (not) taking anything but untraceable, disposable mobile phones to a demonstration or protest.

http://sukey.org/summary

Sukey
A tool for non-violent demonstrations.

Which, if it actually works, can also be easily misused by others.

Objective

To keep peaceful protesters informed with live protest information that will assist them in avoiding injury, in keeping clear of trouble spots and in avoiding unnecessary detention.

The application suite gives maximum information to those participating in a demonstration so that they can make informed decisions, as well as to those following externally who may be concerned about friends and family.

It should make full use of the crowd in gathering information which is then analysed and handed back to the crowd.

Success Criteria

The success of the project will be measured by user feedback according to the primary and secondary success criteria listed below.

Primary

Keeping people safe on demonstrations.

Anyone can use it.

Ensuring protesters are kept informed of the official demonstration route together with en-route amenities (eg WiFi, Toilets, Tube stations, First Aid, Coffee shops, Payphones etc).

Secondary

Provide a live viewing platform for interested parties not at the demonstration.

Which will also provide a Communications Data analysis and data mining opportunity for UK police and intelligence agencies, foreign intelligence agencies and corporate spies.

Key Elements of Solution

1. How we can help you to help each other

Website

Inform and educate.

Find out what is going on as it happens.

No matter what happens, sign up to the free SMS system.

SMS text messages are never free of charge.

Who is paying for this ?

What's in it for the user?

What are you getting?

Stay informed and make the right decisions during the demonstration.

Avoid trouble spots and risking injury.

Get live demonstration news as it happens.

Allow political organisers and manipulators to track the progress of the demonstrations they have organised, remotely, at a safe distance.

Allow political organisers and manipulators to feed false information to the police etc. and to manipulate some or all of the demonstrators into creating diversions to allow either peaceful media stunts or violent attacks, unhindered by the police etc.

Allow the forces of law and order / repression, yet another intelligence source to help to track the demonstrations they are policing or repressing, remotely, at a safe distance.

Why contribute information?

Help other peaceful demonstrators.

Provide an accurate view of events as they happen.

Accurate ? Just the facts, with all of the facts, with no political bias at all ?

Even large , well funded media organisations and the police are not capable of doing that.

Show what goes on in protests.

We exist to support decisions - be a part of it.

2. Sources of information

Information sources

Information crowd sourced from demonstrators out on the street.

Text

Photos

Video

The Sukey website urges people to publish digital photos to Twitpic and / or Flickr, but
it does not provide any of the easily available automatic software tools or even any advice, about removing or anonymising some or all of the Exif meta data embedded in such images, which can and will be used to help hunt down protesters and to prove that the photographers were present at a particular location and time.

None of the #sukey tagged photos on Twitpics, for example, appear to have had their Exif metadata removed, there are a couple examples of photos published from HTC Desire HD and HTC Wildfire phones

Up to the minute information from social and traditional media.

Other Options

3. Information Presentation

Simple to use, uncluttered display

Must have a degraded version for lower spec phones

Must show freedom of movement and support fast decisions

4. Back End Data Processing

Use of Swarming Algorithms

It seems unlikely that existing Swarming Algorithms which simulate animal behaviour in unconstrained free air or water space, can be directly applicable to the behaviour of crowds of humans

Computer simulation modelling of the various permanent and temporary barriers to movement across all of the streets and protest target buildings of central London, is far harder than the existing state of the art studies and simulations of people flows in comparatively simple and well controlled sports stadia or airports or railways stations etc.

Use location data to detect freedom of movement

Presumably the mean Twitter and Google GPS data rather than GSM or 3G mobile phone cell transmitter Location Based Services data and triangulation.

Prioritisation of Messaging and Reports to and from crowd

Coalesce multiple reports of same event

Exactly the classical real time Command and Control problems faced by those who are policing such demonstrations.

There seem to be some reports that Sukey.org might be using the open source crisis mapping tool SwiftRiver to try to achieve this.

Must process footpaths and open spaces - not just roads

5. Security

User Security

No user identifiable data to be stored. Ever.

Regular User Security reviews throughout build

Encrypt locations on data requests

This is all very misleading !

This encryption of cannot do anything to hide the Communications Traffic Data cell phone Location Based Data Services and Subscriber Details ,which are controlled by the mobile phone networks and third party companies like Twitter and Google.

Such Communications Traffic Data is automatically handed over to the police and intelligence agencies, without any Court Order or Judicial Warrant of any sort, under the Regulation of Investigatory Powers Act 2000 Part 1 Chapter II Acquisition and disclosure of communications data

Neither the student protesters nor the Sukey App developers and operators have any control over this at all..

Neither do they have any control over the Google Latitude system, which they are encouraging people to sign up their smartphones to, and then to allow Sukey.org to track via Google Maps. What difference does any Sukey.org encryption make, when Google retains all your data and then sells or gives it law enforcement or intelligence agencies as requested ?

Encryption Keys to be generated either by users or automatically and undiscoverable by team.

Junk all identifiable data from Apache logs

System Security

Protected from DDOS and seizure

Hacksafe

Multiple routing options

Multiple servers/server locations

Multiple resilient, secure computers and communications infrastructure cost money.

Who is paying for this ?

Who exactly is in charge of the Sukey system ?

The "Security overview" page is partly re-assuring, but also rather worrying.

http://sukey.org/securit

Sukey is safe

At the very earliest stages of building Sukey we had a meeting where we divided the team into groups. The groups were: Data Input, Data Processing, Presentation, Security. In other words, security has been a key issue right the way through Sukey's design and build and has received as much focus as any of the more visible aspects of the project.

The team members involved on the security side are a mix of commercial information security experts and computer nerd under/post graduates who love nothing better than a complex algorithm. One of our key team members has technical commercial data security patents in his name and has provided information security consultancy to IBM, Lockheed Martin, and to the NHS.

All data received by Sukey is anonymised using secure encryption that is known to be unbreakable in less than 10 years using current computer technology. The process we use ensures that we can't decrypt any personal identifiers in the information sent to us. Even with a court order.

Attention to detail on security has been a hallmark of the project â€" both person identifiable security and the overall security and resilience of the Sukey service against infrastructure attack or failures.

Your data is safe with Sukey.

Is it really ?

The use of encryption does not automatically mean anonymity for users of or contributors to Sukey.org.

Following It would be much more reassuring if the Sukey.org people mentioned exactly which encryption algorithm they were using, instead of making speculative claims about its alleged strength. The fact that they have not done so gives rise to the suspicion that they have attempted to write their own encryption software, an approach which is fraught with danger for the users of Sukey.org.

What is wrong with using standard AES 256 encryption via a TLS session, especially for data which will be out of date in less than an hour after which it should be securely deleted from computer memory and never needs to be stored on a computer hard disk at all ?

it would be more impressive, if the Sukey.org team with their "attention to detail" had actually demonstrated their commitment to the use of strong encryption, by running a https:// session encrypted version of the Sukey.org website . However there is currently no Digital Certificate installed.

Similarly, there is no published PGP Public Encryption and / or Digital Signing Key available either, only Google gmail accounts, which are vulnerable Mutual legal Aid law enforcement requests

It looks as if the Sukey.org team need to be reminded that "Even with a court order." is irrelvant in the United Kingdom, - no court order is needed by the Police for access to Communications Data ( which must be Retained for at least a year) and none is required for Cryptographic Keys either.

The Regulation of Investigatory Powers Act 2000 Part III Investigation of electronic data protected by encryption etc. does not require a Poice constable to get the prior permission of any Court, before serving a Section 49 Notice on someone , forcing them to hand over their cryptographic de-cryption keys , or the de-crypted plaintext. A Court only comes into play if and when you are deemed to have refused to comply with such an order, when you are facing up to 5 years in prison or up to 10 years in prison if the magic words "national security" are mentioned.

It will be interesting to see if the Sukey.org team does actually release its software source code to the public as it has promised, whilst it works on an improved version for the next protest.

Until they do so, you should avoid using the Sukey.org App and website, from anything except an anonymous mobile phone, unless you wish to attract Police , Intelligence Agency and corporate surveillance onto yourself and your family, friends and business associates,

If Sukey is not (yet) suitable for the streets of London, then it would be positively dangerous to deploy it or anything similar, in trouble spots like Tunisia or Egypt etc.

N.B. mobile phones actually require quite a bit of effort to initially obtain and maintain in an untracked, anonymous state.

See our website http://ht4w.co.uk. Hints and Tips for Whistleblowers etc. which covers some basic mobile phone anonymity techniques, removing Exif meta data from digital images, and some other anonymity techniques.

Prime Minister David Cameron re-affirms the Wilson Doctrine with a a single "No"

Fri, 28 Jan 2011 00:42:19 +0000

HC Deb, 24 January 2011, c35

Members: Surveillance
Prime Minister
Written answers and statements, 24 January 2011

Jonathan Edwards (Carmarthen East and Dinefwr, Plaid Cymru)

To ask the Prime Minister whether there have been any changes to the Wilson doctrine since May 2010.

David Cameron (Prime Minister; Witney, Conservative)

No.

Technically this one word answer is a re-affirmation of the Wilson Doctrine, espoused by the then Labour Prime Minister Harold Wilson in 1966, that no Member of Parliament's telephone shall be tapped, unless there is a major national emergency, and that any changes to this policy will be reported by the Prime Minister to Parliament.

No doubt some Downing Street apparatchik thought that he was being clever by draughting this one word "No" Parliamentary Answer, but the political effect is to make David Cameron appear as arrogant and uncaring about our freedoms and liberties, as his control freak Labour predecessors Tony Blair and Gordon Brown.

Back in 1966, most people did not have direct dial international phone lines, let alone facsimile machines or mobile phones or the internet.

The Wilson Doctrine has been re--affirmed by every Prime Minister since Harold Wilson, and has been extended to cover Peers of the House of Lords as well as Members of Parliament in the House of Commons. It is also meant to cover mobile phones and computer telecommunications.

There is no reason why it could not or should not be extended to cover the elected Members of the Scottish Parliament, the Welsh Assembly, the Northern Ireland Assembly and the European Parliament.

All of these are democratically elected by the same British electorate who lend their power to the Parliament in Westminster.

The Wilson Doctrine is not meant to help financially or morally corrupt or treacherous politicians hide their crimes and scandals, but it is vital to give the right signals to the electorate, that their communications with their elected representatives will not be snooped on by the Government, especially when they are complaining about Government policies or are whistleblowing and exposing the incompetence or wrongdoings of Government bureaucrats.

Interestingly, it was left to a Welsh Nationalist MP to ask this important question about the Wilson Doctrine.

It is unsurprising that the authoritarian and incompetent Labour party. the so called Official Opposition", could not be bothered to ask any Questions about the Wilson Doctrine and the safeguarding of the communications of their constituents, presumably because of their own appalling record in creating the current, out of control, database surveillance snooper state.

Instead, there are several disgraced or disgraceful Labour figures who seem more concerned about the News of the World voice mailbox interception scandal.

Why did they not raise such anti-Rupert Murdoch claims when they were Government Ministers ?

If these Labour politicians were so inept with basic mobile phone security (i.e. changing the default voicemailbox pass code and not leaving any sensitive voicemail messages whatsoever) with their private mobile phones, then how many Government secrets have they betrayed to foreign intelligence agencies and criminal gangs etc.via their official Government issue mobile phones ?

Home Office: Review of counter-terrorism and security powers

Fri, 28 Jan 2011 00:16:40 +0000

We will have plenty of criticism of the Home Office's reluctant
Review of counter-terrorism and security powers,hopefully sometime this weekend.

Here is a copy of the

Review of counter-terrorism and security powers - findings and recommendations (PDF file - 428kb)

for those of you who do not want to give the Home Office website (and the US owned , commercial Sitestat OnClick web tracking / snooping system which they employ) your IP address and web browser details etc.

Intelligence Services Commissioner, Rt. Hon. Sir Mark Waller appointed early, announced late

Thu, 27 Jan 2011 22:59:02 +0000

Why was the announcement of the appointment of the new Intelligence Services Commissioner, Rt. Hon. Sir Mark Waller only made 3 weeks after he took office ?

HC Deb, 20 January 2011, c53WS)
Intelligence Services Commissioner

Prime Minister

Written answers and statements, 20 January 2011

David Cameron (Prime Minister; Witney, Conservative)

In accordance with section 59 of the Regulation of Investigatory Powers Act 2000, I have agreed to appoint the right hon. Sir Mark Waller as Intelligence Services Commissioner from 1 January 2011 to 31 December 2013.

All the RIPA Commissioners are retired senior High Court Judges and they are usually appointed for 3 years at a time.

Why was this Written Ministerial Statement only published on 20th January 2011, when the appointment had already been in effect for the previous 3 weeks ?

Could the Prime Minister and his securocrat advisors really not recruit a successor to the previous Intelligence Services Commissioner before Christmas 2010 ?and announce the appointment Sir Mark Waller was to take over the role ?

What does this imply about the Rt. Hon. Sir Peter Gibson ?

He was originally appointed by Tony Blair as Intelligence Services Commissioner from 1st April 2006 to 31st March 2009. and was the re-appointed by Gordon Brown: to serve from 1st April 2009 to 31st March 2012

Why has his tenure been cut short by 15 months ?

Does this mean that he is in poor health ?

What about the Administrative Inquiry into the alleged complicity of the UK intelligence agencies with torture and "extraordinary rendition" of British nationals and residents, which Sir Peter Gibson was appointed to chair by Prime Minister David Cameron, on 6th July 2010 ?

Are there so many allegations or so much prima facie evidence of complicity in torture by the intelligence agencies, that Sir Peter Gibson can no longer fulfil both roles at the same time ?

Census 2011 press release on Lockheed Martin - ONS still pretending that they will not hand over your Sensitive Personal Data to anyone else

Sat, 15 Jan 2011 23:19:49 +0000

There are only 69 days left before the mandatory United Kingdom Census on Sunday 27th March 2011

The Office for National Statistics has issued a misleading Press Release which seeks to allay the understandable public fears about what the risks are to their Sensitive Personal Data in regard to the involvement of he massive United States defence contractor Lockheed Martin.

The management executives of Lockheed Martin are obviously in no position to refuse any requests for demands for confidential UK census data data by US Government agencies, out of patriotic duty and for fear of threats to their huge multi-billion pound US Government contracts.

14 January 2011

2011 Census and Lockheed Martin UK

The Office for National Statistics (ONS) carries out the Census in England and Wales. ONS is using a number of specialist companies to provide specific services for the census. The contract for processing the census questionnaires is not with the Lockheed Martin USA.It is with Lockheed Martin UK which is a UK based subsidiary. The contract was awarded in August 2008 to Lockheed Martin UK as it offered the best value for money in an open procurement scheme, carried out under European law.

There is an exemption under European competition law for public contracts which allows Governments not to open tenders to foreign companies, for systems which have "security" implications.

The contract has created around 1,500 jobs in the UK.

The contract is for £150 million, so that is £100,000 per job created in the UK.

Surely there are much cheaper job creation schemes than that ?

Security safeguards for census data

Concerns expressed about the possibility of the US Patriot Act being used by US intelligence services have been addressed by a number of additional contractual and operational safeguards. These arrangements have been put in place to ensure that US authorities are unable to access census data.

All data processing will be carried out in UK - no data will leave or be held at any point outside the UK;

That is hard to believe, especially for the Still Secret Online Completion Census 2011 Web Site

The current http://www.census2011.gov.uk website tries to hand over your IP address and Web Browser details etc. to the US based company Google, by sneaking in Google Analytics javascript into their home page:

<script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-3503239-21"); pageTracker._trackPageview(); } catch(err) {}</script>

Is the Office for National Statistics really so technically incompetent that it cannot analyse its own webserver logfile statistics ?

All data is the property of the ONS and only UK/EU owned companies will have any access to personal census data.

No ! It is our data as individual citizens and residents of the UK, it does not belong to the the ONS !

It is intolerable for the ONS or any other Government department to falsely claim exclusive ownership of people's names or addresses or familial relationships or religious beliefs or any of the other answers to the intrusive Census Questions.

Which part of "Only I Own My Own Name" etc. do these bureaucrats not understand ?

The only people who have access to the full census dataset in the operational data centre will be ONS staff.

Misleading weasel words.

What about partial census datasets rather than "the full census dataset" ?
What about once data is copied and sent out of the "operational data centre" ?
What about the Approved Researchers ?

No Lockheed Martin staff (from either the US parent or UK company) will have access to any personal census data.

Surely Lockheed Martin staff will have access to the census form optical character reading software and databases ?

ONS will control system access rights to all data systems;

So what ?

That is not in itself, any guarantee that your Sensitive Personal Data will not be copied and shared without your consent.

Existing law already prevents the disclosure of census data - it is a criminal offence to disclose personal census data and is punishable by a fine and/or up to two years in prison.

No !!

This gives the misleading impression that somehow our Sensitive Personal Data can never be handed over individually or in bulk to anybody else apart from ONS staff.

See

Statistics and Registration Service Act 2007 section 39. Confidentiality of personal information

(1) Subject to this section, personal information held by the Board in relation to the exercise of any of its functions must not be disclosed by--

(a) any member or employee of the Board,
(b) a member of any committee of the Board, or
(c) any other person who has received it directly or indirectly from the Board.

[...]

(4) Subsection (1) does not apply to a disclosure which--

(a) is required or permitted by any enactment,
(b) is required by a Community obligation,
(c) is necessary for the purpose of enabling or assisting the Board to exercise any of its functions,
(d) has already lawfully been made available to the public,
(e) is made in pursuance of an order of a court,
(f) is made for the purposes of a criminal investigation or criminal proceedings (whether or not in the United Kingdom),
(g) is made, in the interests of national security, to an Intelligence Service,
(h) is made with the consent of the person to whom it relates, or
(i) is made to an approved researcher.

There is also a "get out of jail free" provision for any ONS bureaucrats or sub-contractors under the amendments introduced by the Census Confidentiality Act 1991:

1 Unlawful disclosure of information
In section 8 of the [1920 c. 41.] Census Act 1920 (penalties), the following subsections shall be substituted for subsection (2)--

[...]

(4) It shall be a defence for a person charged with an offence under subsection (2) or (3) to prove--

(a) that at the time of the alleged offence he believed--

(i) that he was acting with lawful authority; or

[...]

i.e. this data can and will be handed over, without penalty, to:

the 56 geographical and 8 non-geographical UK Police Forces

the three UK Intelligence Agencies (MI5, MI6 and GCHQ), the Department for Work and Pensions,

private investigators working for the DWP hunting down "benefits cheats",

Her Majesty's Revenue and Customs tax investigators,

approved Insurance Industry "anti-fraud" investigators / private investigators,

the Home Office Borders and Immigration Agency,

the Serious Organised Crime Agency (either for domestic investigations into Serious Crimes, or for these and also for minor investigations if requested by a Foreign Law Enforcement agency under Mutual Legal Assistance treaties,

Lawyers in civil Court Cases e.g. for Divorce or Libel or Copyright Infringement etc.,

Local Authority Trading Standards departments,

Local Authority Environmental Health departments

etc. etc. etc.

N.B. none of these organisations should be allowed to have access to Census Data, if the idea of the census is to be comprehensive and inclusive of those groups in society who have every reason to fear and distrust the bureaucracy.

All census employees and contractors working on the census sign a declaration of confidentiality to guarantee their understanding and compliance with the law.

What exactly is the text of this "declaration of confidentiality" ?

Independent checks by an accredited UK security consultancy of both physical and electronic security are carried out for ONS.

Which "accredited UK security consultancy" has been given this contract ?

-ENDS-

For further information, images and interviews:

Press Hotline: 01329 447654

Email: 2011censuspress@ons.gsi.gov.uk

Visit: www.census.gov.uk/2011press

Twitter: www.twitter.com/2011censuspress

Will any mainstream media journalists bother to question the ONS about these issues, or will we have to do it instead ?

BBC anonymous briefing on Surveillance Orders planned replacement for Control Orders

Wed, 12 Jan 2011 07:37:35 +0000

The phrases "the BBC learns" or "the BBC understands that" or "Whitehall sources" etc. are euphemisms for an "off the record" a "leak" / briefing by a Whitehall spin doctor, not for revelations by a worried whistleblower.

The BBC and other mainstream media should refuse to publish such anonymous briefings about changes to Government policy. There should be a named official Government spokesman and Minister who takes the credit or blame for the policy announcement. If the final details of Government policy have not yet been decided, then they should say so and invite comment and advice from the public and outside experts, who know at least as much as they do about the issues.

This particular the media spin is about the hugely controversial "Control Orders" scheme, which , like so many "security" policies introduced by the inept and authoritarian former Labour government, has been both a practical disaster and a propaganda victory for our enemies, through the destruction of our basic freedoms and fundamental human rights i.e. exactly what they are trying to achieve.

The Home Office or the Prime Minister's Office should simply announce their new proposals officially, as a public consultation, on a website, for everyone to see and comment on, before they are implemented.

Given the appalling scheme which Labour produced in secret, there is no excuse for repeating the same mess, with slightly different variations.

The BBC often claims to be independent of the British government, but that is not the impression given by this report:

11 January 2011 Last updated at 19:25

Control orders: BBC learns detail of replacement regime

The coalition plans to replace control orders with a new range of restrictions to keep terror suspects under surveillance, the BBC has learned.

One working title for the new curbs is "surveillance orders".

[...]

The BBC understands the new orders would give the security services the power to:

* ban suspects from travelling to locations such as open parks and thick walled buildings where surveillance is hard

If the BBC were actually doing a proper job of investigative journalism, instead of just parroting the Government line, they would have asked how exactly is this stupid idea is possible to enforce.

Are MI5 and the Police really going to compromise their Surveillance Sources and Methods, by revealing exactly where "surveillance is hard" for them ? Unlikely.

Does this mean that the fabled airborne Surveillance Drones are useless for enforcing such "Surveillance Orders" ?

Does "thick walled buildings" include the London Underground Tube system or concrete car parks ?

* allow suspects to use mobile phones and the internet but only if the numbers and details were given to the security services

The existing Control Orders were incapable of preventing this, so the new "Surveillance Orders" will be just as useless.

Are the Controllees really likely to be ignorant of Mobile Phone interception and location tracking ?

* ban suspects from travelling abroad

Presumably none of the existing Control Orders aimed at British citizens have yet done so, since this would be a direct challenge to our fundamental human right of freedom to travel, which would require Derogation from the European Convention on Human Rights making the United Kingdom morally equivalent to totalitarian regimes like North Korea.

Remember, these are not bail conditions, where someone can be forced to surrender their Passport, these Orders are applied to people who have not been charged or convicted of any crime. Just because they have been used sparingly so far, is no excuse for creating a legal infrastructure of repression which can easily be used against other political or religious dissidents or opponents in the future.

* ban suspects from meeting certain named individuals, but limited to people who are themselves under surveillance or suspected of involvement in terrorism

Under the planned new orders, the security services would lose the power to impose overnight curfews, force suspects to phone into a monitoring company every time they entered or left their homes and lift the ban on them using mobile phones and the internet.

They would also lose the power to force suspects to live in a particular location, known as "relocation orders", or limit the visitors to their homes

Giving secret policemen and bureaucrats the power, without arrest, charge or conviction, to force your relocation to somewhere more administratively convenient for them, is indistinguishable from the legal power to set up Concentration Camps.

Tagging

However, one detail that appears to remain unresolved is over the future of tagging.

This will no longer be used to enforce a curfew by informing the authorities whether or not a suspect is at their home.

But some in government are pushing for the security services still to have the power to tag suspects simply so they can keep tabs on them by knowing if they are no longer sleeping regularly at one particular address

Who exactly are these "some in government" ?

Have they been lobbied by the security industry companies who have or are bidding for multi-million pound contracts electronic tagging services to the criminal justice system ?

N.B. former Labour Home Secretary John Reid gets £50,000 a year from the foreign owned multinational G4S (which took over the Group 4 Security and Securicor brands in the UK) to act as a "consultant".

The BBC has also learned that the government is drawing up tough new anti-terror laws that could be rushed through Parliament after a major terrorist incident - in case the new surveillance orders proved inadequate in the face of increased threat levels.

Whitehall sources said the draft legislation would - if enacted - give the police and the security services effectively the same powers they have now under existing control orders.

The so-called Terrorism Prevention Orders would be put before Parliament if the heads of the three intelligence agencies and the home secretary agreed there was a national emergency.

No ! There are already plenty of Emergency Powers available under the Civil Contingencies Act 2004. In what way are those draconian, Henry VIII powers in any way insufficient ?

Rushing through repressive terrorism legislation after a single "major terrorist incident" is utterly wrong - look at the creepy, authoritarian, badly draughted legal mess that Labour in the UK and the Republicans in the USA made with the hodge podge the Anti-terrorism, Crime and Security Act 2001 or the PATRIOT Act.

Any such proposed legislation should be published and debated, now, so that everyone is clear on the fine details before it is ever needed.

But shadow home secretary Ed Balls said that the process had "descended into a shambles" as ministers struggled to find a way of keeping the coalition united.

"With daily leaks, briefings and counter-briefings, this is a chaotic and disorderly way in which to decide national security policy," he said.

Why didn't the BBC point out that that is exactly the modus operandi of the previous Labour government and that Ed Balls was himself a prime abuser of anonymous leaks and briefings ?

2011 Census press and social media "incident" media spin preparations

Mon, 03 Jan 2011 15:02:50 +0000

The 2011 Census is rapidly approaching on Sunday 27th March 2011 and the Government bureaucracy is preparing its media spin and propaganda campaign:

Have a look at this Census 2011 Press centre page: Local Press resources, updated 27th November 2010

[...]

Media incident guidelines

The 2011 Census press team has established a comprehensive media handling and issue tracking process. The press team will focus its resources on national and regional press, TV and radio. However, certain events and local press enquiries could mean that you want some support. Possible scenarios are:

Negative local media coverage: If you become aware of any negative local media coverage about the 2011 Census which may affect return rates or could damage the reputation of the 2011 Census and/or ONS, please contact your local census area manager or ACLM.

Difficult press enquiries: Press enquiries can be passed on to your 2011 Census area manager if:

you do not feel confident that you have enough information to satisfy a specific journalist request/enquiry

the journalist asks for an official ONS comment

the journalist is looking for information outside your area

you are unsure of the angle the journalist is taking - or suspect they may take a negative line

Other events: If ever something happens that you think could become a media issue, please call your 2011 Census area manager to talk it through.

For all emergencies requiring urgent communication with the 2011 Census press team in Titchfield, please call the 2011 Census Press Hotline:
01329 447654

2011 Census press officers are available on this number 24 hours a day. This is a press hotline and should only ever be used in an emergency.

A 24 hour a day census media spin hotline, to counter journalists who are merely "suspected" of "taking a negative line"

This is in itself, highly suspicious - what exactly are they trying to hide ?

The 2011 Census campaign includes activities to monitor and engage appropriately with social media. The viral nature of social media calls for extra care whenever your team is representing the 2011 Census in social media, Please observe our guidelines to avoid a social media crisis.
If you are at all unsure, please contact us at 2011censusLAcomms@ons.gov.uk for advice.

Will this "social media monitoring and engagement" manage to detect this blog post and its corresponding tweet ?

Response statements

Should the national press raise an issue that could cause public concern, damage the reputation or success of the 2011 Census, and require correction/clarification, we may publish an official response/position statement on the 2011 Census website, www.census.gov.uk/2011press. We will send you an email alert whenever these are published on the press centre. A detailed explanation of the background, research and consultation involved in developing the 2011 Census questions is available on the ONS website.

Are there any journalists or social media commentators who would like to test this spin system with some "Negative local media coverage" or "difficult press enquiries" or issues "which may raise public concern" ?

See our previous Spy Blog article United Kingdom (England & Wales) Census Day - Sunday 27th March 2011 - will you boycott the intrusive, snooping questions ?

Some Questions to Ask:

The outsourcing of the Census data processing to the United States defence contractor Lockheed Martin, whose company officers and executives have no choice under the US Patriot Act but to allow US Government agencies to snoop on our unredacted, not yet anonymised Census data . What proof is there that US employees or citizens will have no access to our Census Data ?
The mysterious, secret, Census 2011 Online Completion website, which will be available from March 5th 2011.

Why is there no preview URL for the public and media to check the "look and feel" and functionality ?

What strength of SSL / TLS Digital Certificate and cryptographic algorithms will be employed, if any ?

What proof is there that the data will not be shipped from the webserver to back end servers unencrypted ?

Will the web forms attempt to force you to answer every Question, even if you want to leave something blank ?

Will the website employ web bugs and foreign based Google tracking cookies (like the Census 20111 website does, for no good reason)

What Communications Data logfile tracking will there be ? This would be a bonanza for Google or other tracking cookie systems if they are in place.

What measures exactly are in place to prevent the "Census Online Completion" website from grinding to a halt, due to entirely predictable peak demand, as we have seen with previous Office of National Statistics historical census websites and with the HMRC self assessment tax return website etc. ?

What proof is there that there will not be Another Massive Data Loss Disaster involving CDs, DVDs, USB memory devices, laptop computer losses or thefts, as we have seen with HMRC and the Ministry of Defence etc. ?

Can census takers and the Census board be prosecuted under the Terrorism Act 2000 section 58A Eliciting, publishing or communicating information about members of armed forces etc, which applies, without any exceptions, to all current and former members of the intelligence agencies, military personnel or police constables?

Will the Census contain accurate lists of the names, home addresses, workplace addresses, job titles and sensitive personal data details of all the UK based employees of MI5 the Security Service, MI6 the Secret Intelligence Service, GCHQ, the Defence Intelligence Staff, members of the Special Forces (e.g. the Special Air Service (SAS) or Special Boat Squadron (SBS) or the Special Reconnaissance Regiment (SRR) ) or the Metropolitan or West Midlands or Thames Valley Police Counter-Terrorism Command, the National Extremism Tactical Coordination Unit (NETCU) etc ?
Will these groups of secret civil servants be prosecuted for not filling in the Census Form completely and accurately ? If not, then what legal basis is there for any exemption for these secretive people or for others like Judges, or Prison Warders or people in Witness Protection Schemes etc. ? There is none in the census legislation as it stands.

Most importantly, what about the fact that the old legal protections against the sharing of Sensitive Personal Data defined in the Data Protection Act 1998 Part 1 section 2 Sensitive personal data on religion, health , sexuality etc.collected during the Census have now been abolished. ?

What proof is there that our confidential sensitive personal data will not be shared with the intelligence agencies, the police, the immigration authorities, the tax authorities, foreign governments or private sector companies now that such sharing is exempt from the 2 years in prison penalty under the old Census Act 1921, by virtue of the wide ranging exemptions which were sneaked into the Statistics and Registration Service Act 2007 section 39. Confidentiality of personal information ?

An alleged Russian spy in Parliament, but still no re-affirmation of the Wilson Doctrine by Prime Minister David Cameron

Mon, 27 Dec 2010 09:14:17 +0000

Has the Wilson Doctrine now been broken or abandoned ?

We find it impossible to believe that there can have been any MI5 Security Service espionage investigation into the activities of the Russian Ekaterina "Katia" Zatuliveter, the former Parliamentary researcher / assistant to Mike Hancock, the Liberal Democrat MP for Portsmouth South, without any demands for telephone or email Interception or for Communications Data Traffic Analysis.

The fact that she had access to the MP's Parliamentary email and telephones, means that there is a grave danger of "collateral damage" snooping on the correspondence between the MP and his Constituents.

Given how little information the Ministry of Defence actually provides to Members of Parliament and the public, there should have been no risk of any secrets being handed over to Russian intelligence services, even in regard to his work as a member of the Commons Defence Select Committee.

This MP's constituency encompasses Portsmouth, so he may well be in supposedly private correspondence with the families of Royal Navy personnel suffering from hardship or Ministry of Defence bureaucracy, or with whistleblowers exposing incompetence within the the Navy or MoD. This is may actually be of more of interest to Russian intelligence agencies than any public, on the record, Parliamentary Questions or Select Committee on Defence questions he may have asked about the UK nuclear deterrent etc.

Prime Minister David Cameron has still not made any statement re-affirming and ideally extending the Wilson Doctrine, against the "tapping of telephones", internet connectivity etc.of Members of the House of Commons and Peers of the House of Lords.

According to this "unwritten constitution" convention, the Prime Minister David Cameron is supposed to inform the House of Commons and the public, if there have been changes to the Wilson Doctrine.

Even his control freak Labour predecessors Tony Blair and Gordon Brown reluctantly and with bad grace did so, in response to Parliamentary Questions from the then Opposition. They slowly expanded the original Wilson Doctrine to cover all electronic communications used by MPs (most of which like fax, email or mobile phones had not been invented back in 1966 when the then Labour Prime Minister promulgated the Wilson Doctrine)

It is a measure of the ongoing betrayal of our civil liberties and freedoms by the Labour party, even now that they are out of power and are pretending to have changed the incompetence, control freakery, corruption, spin and lies, which lost them the election, that they have not bothered, or perhaps have not dared, to to ask any Questions about the Wilson Doctrine.

Liberal Democrat MPs did used to ask about the Wilson Doctrine, but the likes of Norman Baker and Vince Cable are now Government Ministers and are avoiding this issue.

The new Intelligence and Security Committee cannot be trusted to investigate this matter, since despite our warnings, it now includes the authoritarian Labour apparatchik, the expenses scandal disgraced Hazel Blears, who has proven that she cannot be trusted with secret information. If a civil servant had been as lax as Hazel Blears,they could have been prosecuted under the Official Secrets Act 1989 section 8 Safeguarding of Information, not just once, but twice.

The House of Commons Standards and Privileges Committee is supposedly investigating the the latest attempts to re-open the old News of the World tabloid mobile phone voicemail "blagging" scandal, in so far as it may have affected some MPs. However, given the fact that the Police and the Crown Prosecution Service are not proceeding with any new charges, this Committee of very obscure backbench MPs, will probably dither and do nothing.

If they had any proper sense of public duty, they would be loudly demanding a re-statement of the Wilson Doctrine from the Prime Minister, in order to ensure the privacy and anonymity of communications between elected Parliamentary representatives and their Constituents, but they have so far failed to do so.

Lack of any espionage charges against Zatuliveter.

It seems unlikely that there is any hard evidence against Ekaterina Zatuliveter, since she was not arrested and held in a high security prison back in August when she was stopped at Gatwick Airport.

As an "agent of influence", she is obviously not in the same league as any number of Russian or former Soviet empire billionaires with links to the Kremlin, who have had socoal and business contacst with British politicians of all parties.

She was arrested only in early December and held for a week in the notorious, but low security, Yarl's Wood Immigration Detention Centre, before being allowed bail.

That sort of administrative detention without charge implies almost no actual hard evidence against her whatsoever

She has not been charged with Espionage or even under the Official Secrets Act or under any of the catch all Terrorism "thought crime " laws.
.
Tit for tat expulsion of Russian and British diplomats

However, supposedly on an unrelated matter, at almost the same time as Zatuliveter was being arrested, the British Government expelled a Russian diplomat from the Russian Embassy in London on 6th December 2010.

The Russians have taken their time and have also expelled a British diplomat from Moscow on 16th December 2010 in reprisal.

HC Deb, 21 December 2010, c165WS
UK/Russia Embassies
Foreign and Commonwealth Affairs
Written answers and statements, 21 December 2010

William Hague (Secretary of State, Foreign and Commonwealth Affairs; Richmond (Yorks), Conservative)

On 10 December we requested that the Russian embassy in London withdraw a member of their staff from the UK. This was in response to clear evidence of activities by the Russian intelligence services against UK interests.

Russia responded on 16 December by requesting the removal of a member of our embassy staff in Moscow. We reject any basis for this action.

Both staff members have now been withdrawn.

We remain open to a more productive relationship with Russia, as with any other country, on the basis of respect for our laws.

Both sides claim that there is no link with the Ekaterina Zatuliveter, case, but then both sides are professional liars and media spinners, so it it is hard to believe them.

6th December 2010 London Diplomatic List for the Russsian Embassy in London

London Diplomatic List published on 6th December 2010 (.pdf) lists the following Russian diplomats in London:

Identity Cards Act now repealed - a victory over the "Big Brother" mass surveillance Database State

Tue, 21 Dec 2010 23:39:34 +0000

In this bleak winter, on the darkest day of the year, when even the Moon was eclipsed, there was a small glimmer of hope for the future:

The Identity Cards Act 2006 has now been repealed, with the Royal Assent of the Identity Documents Act 2010

21 Dec 2010 : Column 1090

House resumed.

Royal Assent

9.49 pm

The following Acts were given Royal Assent:

Consolidated Fund Act,

Identity Documents Act,

Loans to Ireland Act.

House adjourned at 9.49 pm.

However, as Phil Booth of the cross party NO2ID Campaign rightly says:

Statement on the Royal Assent to the Identity Documents Act 2010

"NO2ID^[1] is, of course, glad to see with the passing of the Identity Documents Bill the death of the ID Cards scheme and the monstrous National Identity Register that it created.

However, while NO2ID welcomes evidence that all copies of the Register are being destroyed ^[2], powers retained from the original Identity Cards Act still allow the Home Secretary to potentially enact the same enforced data-sharing across government that NO2ID has campaigned against from the beginning ^[3]. To dismantle the ID Cards scheme but leave powers it rested upon in place leaves the people of Britain vulnerable to a resurrection of the scheme.

Also, with biometric identity cards for the UK now a thing of the past, it is a shame that residents and workers from outside the EEA must undergo the same experience and are being used to justify the continued existence of much of the technical infrastructure of ID cards: the Biometric Residence Permit ^[4] remains in place, unchanged. Do the principles that led to the scrapping of ID cards for EU citizens not apply to those other legal residents?

This partial abolition is an excellent first step, but the Government should now take the courage to override the deep laid bureaucratic plans, and finish the job. NO2ID will not stop until the database state powers that would allow mass surveillance and official trafficking in personal information are erased for good."

[...]

1. NO2ID is the UK-wide non-partisan campaign against ID cards and the database state. See http://www.no2id.net/dbstate for a list of database state initiatives that NO2ID is actively opposing.

2. To include physical destruction of any device that had stored the register or its contents: http://www.no2id.net/newsblog/2010-11/how-id-card-database-will-be-destroyed

3. To wit, the enforced sharing of your full name and any other names by which you are or have been known; your gender; your date and place of birth; your biometrics (which could still include your fingerprints); the address of your principal place of residence in the United Kingdom; the address of every other place in the UK or elsewhere where you have a place of residence; the times at which you were resident at different places in the UK or elsewhere; your current residential status and all previous residential statuses; information about numbers allocated to you for identification purposes and about the documents to which they relate - which could mean your driving licence, National Insurance or even your NHS number. We note the latter was specifically *excluded* from the 2006 Act.

4. Variously billed by the Home Office as "ID cards for foreigners" as if it were part of the National Identity Scheme, but in fact introduced under the UK Borders Act 2007.

Spy Blog has been involved in the technical and political and moral opposition to the apallingly authoritarian and bureeaucratic compulsory, centralised biometric database, the National Identity Register from the beginning back in 2002 when the ide first oozed out of the Home Office under the multiply disgraced Labour Home Secretary David Blunkett.

Hopefully any attempt to re-introduce such an evil scheme will will be seen as electtoral poison by politicians of all parties, but only if readers of Spy Blog and supporters of NO2ID remain constantly vigilant and vocal in their opposition to any attempts to further destroy our fundamental freedoms and liberties,

No politician or bureaucrat should be allowed to pretend that there are easy technological magic fixes to difficult social and political problems. They must not be allowed to waste our taxes on centralised national databases, which simply cannot be made both secure and actually usable.

Alternatives to WikiLeakS, which no longer caters for ordinary whistleblowers - OpenLeaks, BrusselsLeaks, BalkanLeaks, WikiSpooks, Cryptome, IndoLeaks

Sun, 12 Dec 2010 12:51:44 +0000

The controversial WikiLeakS.org website (no longer the current website, this now only redirects to a partial mirror of the original website) is still no longer accepting any submissions of leaked documents from ordinary, local or regional whistleblowers.

They and their mainstream media collaborators, have instead, been busy milking the vast amount of secret information which seems to have come from the imprisoned, but as yet unconvicted, low level US Army intelligence analyst in Iraq, Bradley Manning and they have survived various legal and illegal attacks on their computer and internet infrastructure as a result.

There is a new WikiLeakS.CH website which now boast over 1600 mirror websites, the setting up of which has , incredibly, been done by getting gullible people to send off an unencrypted web form with the volunteer's computer login and password details, in the clear, for various government agencies, ISPs and criminals to snoop on and intercept .

Neither WikiLeakS.CH nor any of its mirrors is running any working, leaked document submission system, so the news that a new website, called OpenLeaks.org is set to launch on Monday is quite interesting,

However so are the other alternatives such as BrusselsLeaks.com, or BalkanLeaks.eu, or WikiSpooks.com, or the comparatively venerable Cryptome.org, or the Indonesian IndoLeaks.org

Anybody thinking about using any of these websites to contact journalists, or to upload whistleblower leak documents, should firstly take some or all of the anonymity and security precautions which you can find at our website ht4w.co.uk - Technical Hints and Tips for protecting the anonymity of sources for Whistleblowers, Investigative Journalists, Campaign Activists and Political Bloggers etc.

Some Spy Blog Questions, Analysis and Opinion on these whistleblower websites:

Intelligence and Security Committee - who exactly are the members ? How can they be contacted securely and anonymously ?

Sun, 14 Nov 2010 16:30:13 +0000

Why is membership of the Intelligence and Security Committee being kept secret from the pubic ? There has been no official public announcement by Prime Minister David Cameron, except for the appointment of Sir Malcom Rifkind as chairman back on 6th of July ?

Both Houses of Parliament appear to have rubber stamped, without holding any debates or any public confirmation hearings, a list of candidates, but have these people actually been appointed or not ?

The ISC is the only (feeble) mechanism of supposedly public oversight of these powerful vested interests, whose bureaucratic empires are such a potential threat to our freedoms and liberties.

Intelligence and Security Committee -- Membership Motion House of Lords debates, 26 October 2010, 3:05 pm

Moved By Lord Strathclyde

That this House approves the nomination of Lord Butler of Brockwell as a member of the Intelligence and Security Committee.

Motion agreed.

Lord Butler of Brockwell , who sits as a Cross Bench Peer, is a former Whitehall Sir Humphrey, who the intelligence agencies have experience with, as he was chosen to conduct the Butler Review (.pdf) which highlighted some of the intelligence and political failings in the in up to the invasion of Iraq in 2003, especially regarding the alleged "weapons of mass destruction" which were never found, and the "sexed up" intelligence dossiers.

Whether this experience means that he is good at discovering if the intelligence agencies are deliberately or inadvertently misleading the Intelligence and Security Committee remains to be seen. He will probably be an improvement over the extremely partisan and authoritarian "double dipping" Labour peer and Member of the Scottish Parliament, Lord.Foulkes of Cumnock.

Again, this may be a nomination, but the actual decision to appoint him to the Committee is one which is made only by the Prime Minister, David Cameron, who has failed to make any public announcement confirming any members of the ISC, except for his initial appointment of the former Conservative Foreign Secretary Sir Malcolm Rifkind as chairman, back in July.

The other still as yet unconfirmed candidates put forward by the House of Commons are:

Hazel Blears (Labour - please not her!!), Sir Menzies Campbell (Liberal Democrat) , Mr Mark Field (Conservative), Paul Goggins (Labour) , Mr George Howarth (Labour), Dr Julian Lewis (Conservative)

i.e. there is nobody with any experience of large information technology projects (which the intelligence services have spent and, seemingly wasted, hundreds of millions or billions of pounds of public money on)

Similarly, apart from perhaps Paul Goggins (who was exiled to Northern Ireland as Minister) there is nobody with any experience of alienated minority communities. Hazel Blears actually managed to further alienate minority communities when she was Minister for Communities and Local Government !

See the previous Spy Blog article - Hazel Blears and Sergeant Flanderka - "tension monitoring" i.e. snooping on local communities.

These are two of the most important areas which the ISC should be forensically investigating the performance of the intelligence agencies, on behalf of the wider public.

See: Proposed Intelligence and Security Committee appointments - do *not* let Hazel Blears anywhere near the ISC !

Since the dispute with Gordon Brown's Cabinet Office and Number 10 Downing Street apparatchiki, over political interference with and contempt for the ISC under the previous Labour chairman Dr Kim Howells, there Intelligence and Security Committee.no longer appears on the Westminster Parliament Committees web pages at all.

Incredibly, the Cabinet Office web page about the ISC now points to a Central Office of Information web page, which is hosted by Google ! See http://isc.independent.gov.uk

Why should the webserver logs of visitors to this ISC web page be automatically available o foreign governments and companies ? What about the Google cookie tracking profile of whoever is maintaining this Google Docs web page ? If they do not log out of their Google account and delete or block the tracking cookies, then they will be handing quite a bit of intelligence information to Google and therefore to the US government and intelligence agencies.

For now, the Cabinet Office is still hosting, the previous public versions of the Intelligence and Security Committee reports online - you should probably download these now (remember to use Tor or some other method of confusing their Communications Traffic Data analysis) , before they disappear due to "budget cuts".

This new Intelligence and Security Committee needs to prove to the public that it really is independent, otherwise they may as well save the tax payer some money and not bother to pretend to oversee the work of these powerful bureaucracies.

One step in that direction would be to set up confidential whistleblower contact arrangements, to allow and members of the public and especially also patriotic or aggrieved intelligence agency insiders,or from commercial companies supplying the military / intelligence / security bureaucracy, to contact the Intelligence and Security Committee, without being snooped on by, or tipping off, the UK (or foreign) intelligence agencies.

They should have an ISC website with an SSL/TL encrypted web contact form, independent of Cabinet office and a public contact email address, which is also independent of any government department or agency e.g.
chairman@isc.x.gsi.gv.uk.

They should also publish and maintain a PGP Public Encryption Key.

There should also be a 24 hour 365 days a year telephone answering machine and a mobile phone number for SMS text messages, and a postal address.

Prime Minister David Cameron should also re-affirm the Wilson Doctrine, which forbids UK intelligence agencies from snooping on the communications of Members of the House of Commons or Members of the House of Lords, something which unlike every other Prime Minister since 1966, he has still failed to do.

Sign the ORG petition against the revival of the Labour "zombie policy" of the "Interception Modernisation Programme" by the Coalition Government

Tue, 02 Nov 2010 21:41:33 +0000

Open Rights Group - Petition against the renewal of the Interception Modernisation Programme

The Open Rights Group has a Petition for you to sign, however, we strongly suggest using an Open Proxy or Tor etc. to hide your real IP address.when you sign this petition online.

The government has announced that it will be spending up to £2 billion into new ways to snoop on email and web traffic.

This Kafka-esque "Intercept Modernisation Plan", was stopped near the end of the last government, but was quietly revived in the 2010 Spending Review (read more here). While billions of pounds are being slashed from education, welfare and defence, the government plans to waste vast sums trying to snoop on our emails and Facebook communications.

We need to tell the government to stop this wasteful, intrusive plan for wholesale snooping on our daily lives. 7281 people have signed so far

Please sign our petition - and tell your friends

Dear David Cameron, Nick Clegg and Theresa May,

I do not want the government to try to intercept every UK email, facebook account and online communication. It would be pointless - as it will be easy for criminals to encrypt and evade - and expensive, costing everyone £2 billion. It would also be illegal: mass surveillance would be a breach of our fundamental right to privacy. Please cancel the Intercept Modernisation Plan.

Be very clear, Spy Blog believes that any low level public servant, or their senior Sir Humphrey Appleby / Yes Minister masters, whether they are in the Police or in the Intelligence Agencies ,should be prosecuted for Misfeasance in Public Office if they fail to investigate actual terrorist or serious organised criminal gangs or conspiracies.

We fully support narrowly targeted Interception and Data Preservation (NOT mandatory Data Retention)) aimed at terrorists, spies and serious organised criminal gangs.

However, if such bureaucrats dare to promote the re-introduction of the evil Labour government's wasteful Interception Modernisatrion Programme<, they should be named and shamed and ridiculed and sacked, for wasting public money in harsh economic times.

We totally reject as unworkable, counter-productive and liable to actually help recruit terrorists etc., any attempt at Mass Surveillance or Mass Telecommunications Traffic Data Retention and / or Analysis, especially if this is done in secret.

We had thought that disgraced former Labour Home Secretary Jacqui Smith's weasel worded "Interception Modernisation Programme" had been abandoned by the Whitehall apparatchiki as unworkable (as everyone with any real world internet or mobile phone technical knowledge or experience told them) , but, it seems that the Conservative / Liberal Democrat Coalition government has been tricked and bamboozled into reviving this "zombie" policy, under the aegis of the National Security Strategy.

The ORG petition only highlights "government snooping on every email and Facebook message and web chat", but the reality of a re-introduction of the IMP pipe dream would be far more extensive and far more intrusive than this, including Mobile Phone Cell based Location Data to physically track the movements of you or your children in near real time, without any "reasonable suspicion" that you were actually involved in a Serious Crime (defined by the Regulation of Investigatory Power Act 2000, section 81 General Interpretation, subsection (3) (a) , as one which a first time offender, might expect a Prison Sentence of 3 years or more - typically drug smuggling or terrorism etc.)

a) that the offence or one of the offences that is or would be constituted by the conduct is an offence for which a person who has attained the age of twenty-one (eighteen in relation to England and Wales] and has no previous convictions could reasonably be expected to be sentenced to imprisonment for a term of three years or more;

Needless to say it would mostly be innocent people. or knuckle dragging stupid criminals, who could be easily caught by other means, who would be the targets of such a scheme. Any competent professional criminals, foreign intelligence agents (spies) or sophisticated terrorists would easily avoid it.

We have bot seen any evidence to dissuade us from the view that any such IMP scheme would be open to widespread abuse for political or personal reasons, or that vast amounts of the data would not be lost or handed over in bulk to insecure foreign governments, without any mechanisms for error correction and financial compensation for the inevitable cock ups and gross errors.

In the worst cases, too many innocent people's lives will be put in physical danger or their family lives and career prospects will be ruined, as a result of futile, inaccurate, automated false positive / false negative attempts at "data mining" in secret.

There is also the very real danger that such a database will be abused for purely political reasons, to help snoop on, or harass innocent political opponents of the current or future government.

Do not think that simply signing this online petition is enough.

Please also lobby your Members of Parliament or other elected representatives (in Westminster or in Scotland or Northern Ireland ore Wales or in Europe) - contact them via WriteToThem.com

"Identity fraud costs UK £2.7billion every year" - unsubstantiated propaganda from the "National Fraud Authority" quango

Tue, 19 Oct 2010 23:26:47 +0000

We have always been, rightly, sceptical about the various propaganda claims about the annual figures for the financial value of alleged "identity theft / fraud" in the UK.

These were abused by the previous Labour government in their farcical attempts to "justify" their repressive, mandatory, centralised biometric database National Identity Register scheme (which, as planned, would have been useless against online web or phone based frauds).

See previous Spy Blog articles:

Andy Burnham's "£1.7 billion identity fraud" figure is as false as the previous £1.3 billion one
Evening Standard: Andrew Gilligan demolishes the £1.3 billion identity fraud hype

"Identity Fraud" does NOT "cost the UK £1.3 billion a year"

The National Fraud Authority is "an executive agency of the Attorney General's Office":

Why exactly does the Attorney General require any "executive agencies" whatsoever ?

This Labour government Quango has come out with this highly controversial, misleading and unsubstantiated claim that:

Identity fraud costs UK £2.7billion every year

18 October 2010

New figures from the National Fraud Authority [NFA] estimate that every year in the UK identity fraud costs more than £2.7billion and affects over 1.8million people. [18 October 2010]

[...]

Notes to Editors

[...]

7. £2.7billion cost. Source: NFA. £1.9bn is estimated to be direct losses and £0.8bn is indirect losses, that is costs incurred by organisations preventing, detecting and investigating ID fraud as well as costs incurred by individuals trying to resolve instances of ID theft. This figure does not include the cost to the UK resulting from newly created fictitious identities or from corporate ID fraud
.
[...]

That generalised assertion is the sum total of their "evidence" !

Note that there is not even the discredited breakdown of guesstimate figures into categories such as "missing trader intra-community" (MITC) fraud" or "telecommunication" or "money laundering" or "insurrance fraud" which were abused in precious Government headline figures for "the annual cost of "identity fraud / theft" in the UK.

if you were to actually believe this "2.7 billion pounds a year" figure, then you should be asking why the precious Labour government and current Coalition one, have utterly failed in their anti-fraud policies, despite unprecedented national and international financial snooping powers.

If this "2.7 Billion per year" figure is true, then why is it over twice the £1.3 billion a year figure trumpeted by the Homer Office in 2005, only 5 years ago ?

The NFA has been existence for 6 years, so it has therefore totally failed in its mission to reduce or prevent "identity fraud". Surely such an ineffective publicly funded organisation should be a prime candidate for the the planned "bonfire of the quangos" ?

We will be contacting

For more information please contact:
sarah.garrett@attorneygeneral.gsi.gov.uk
020 3356 1034

and "Dr Bernard Herdan, Chief Executive, National Fraud Authority" who

has been ... Chief Executive at the Driving Standards Agency, Criminal Records Bureau and UK Passport Service.

(i.e. three of the worst "database state" offenders under the precious Labour government !)

to see if they can justify their controversial claims with any hard evidence.

Also on the Executive board of the NFA is one of the architects of the National Identity Register scheme

Stephen Harrison
Director of Enforcement

[...]

Since 1993, Stephen worked in a number of roles in the Home Office including the redesign of the organisation structure and programme governance for security planning for the Olympic and Paralympic Games, Director of Policy at the Identity and Passport Service, delivering IT-enabled business improvements in the criminal justice system and three years as Private Secretary to the Home Secretary covering criminal policy and the prison and probation services.

Back in 2003, Stephen Harrison was, Head, Identity Card Policy Unit at the Home Office - he infamously could not, or would not, give an estimate of the cost of his scheme, not even to the nearest billion pounds, when giving evidence to the Home Affairs Committee.