70 comments

[ 3.8 ms ] story [ 151 ms ] thread
The British are so strange. This kind of abuse of power would never be contemplated by American authorities.
As a Brit who finds this sort of thing completely scary/abhorrent, I often wonder what it is about our culture that makes this so. I think a big part of it is the class-system, which has its roots in feudal structures from millennia past, and is still very much alive and well today. We all grow up to develop an innate sense of class (I look up to him, I look down on him etc.), and for the majority of people, they do trust the upper classes. The royal family has approval ratings through the roof, we have an Etonian PM and largely Etonian cabinet. We just don't have the same distrust that most countries seem to have. On the ground, this comes across as "well it's probably for the best, they know what they're doing", when trying to discuss matters like these.

Also, I'm assuming there's an injunction out about this - can't find it reported anywhere in the UK press.

As a fellow Brit, I find your ability to appreciate sarcasm lacking :)
The UK has never had to deal with a truly oppressive government, at least not within anything like living memory.

There's also the problem that nobody outside of the software engineering community really understands what the tech can do, or what GCHQ is capable of. My mother's primary comment on the whole thing was, "well we're much too boring to spy on" and that's a sentiment you see a lot. It reflects a misunderstanding of how cheap it is to create robotic law enforcement on top of the 5-eyes infrastructure.

> "well we're much too boring to spy on"

Have you asked her why her government feels that it is necessary to spy on her if she is so boring?

I think the narrative is that the government doesn't spy on her. They also would probably say that they take in the fire hose and only access the communications of the bad guys™
The Snowden story was vast and limited to the Guardian. In the UK the other media outlets didn't cover it at all, or actively attempted to undermine the reporting (e.g. with stories planted by the British government that were carefully worded to sound like they were from Snowden even if they weren't).

The vast majority of people have not read any of the Snowden leaks and have no idea what they contained beyond "the government spies a lot". So the concept that they might be targeted themselves is just unimaginable to them.

> There's also the problem that nobody outside of the software engineering community really understands what the tech can do (...)

I think that's the main problem.

The IPB is all about allowing GCHQ and other government agencies to collect all the data they want, but we shouldn't be worried because there will be "safeguards" against the data being accessed arbitrarily.

Those of us who are more technically minded realize that's a false distinction, but most don't.

In fact all non-establishment groups - CND, anti-nuclear power protesters, anti-globalisation protesters, trade unions, animal rights activists, UK's own Occupy movement, anarchists, even worthy intellectual left-leaning blogs, and so on - were and are routinely infiltrated and manipulated.

There's nominal press freedom, in that it's possible to call politicians rude names.

But if your movement or leaders become powerful enough to have a hope of influencing policy and to challenge establishment cash flows and power relationships, expect some blow back.

Fortunately the non-establishment groups sometimes infiltrate and manipulate the establishment too [1].

[1] http://www.theguardian.com/politics/2015/oct/17/jeremy-corby...

Highly unlikely this happens very often at all. Counter-intelligence by the FBI (the primary intel agency dealling with domestic political organizations) is very thorough. It would take an extremely skilled person to get through their interviews, background checks, mandatory polygraph tests, etc.

The FBI are the best trained people in the world at eliciting information from people unwillingly/unknowingly - which is enough of a barrier on it's own.

This was news about a year ago. I presume it's in Computer Weekly because the current bill is trying to close some gaps in the Wilson doctrine that were exposed at the time.
I thought that Wilson doctrine turned out to be nothing? GCHQ said they never respected it and always spied on MPs?
That's correct. But MPs thought that it should mean something so they've amended the bill accordingly. That's what's going through Parliament now.
> Also, I'm assuming there's an injunction out about this - can't find it reported anywhere in the UK press.

Does this actually reveal anything new? It was previously known that GCHQ were logging email messages, and MPs use email. The story does not suggest that MPs email are exposed to greater scrutiny.

The headline in every paper should be "Government fails to use email encryption". If the email is not encrypted it could be read by foreign governments, criminals, or the tabloid press. Implying that an email is less secure because it travels outside the UK is ridiculous. It was never secure in the first place!

Bear in mind that MP's correspondence with their constituents is being hoovered up as well. Yes @gov.uk to @gov.uk could be encrypted but constituent to MP email is in some ways more sensitive to GCHQ snooping. The solution remains political.
> we have an Etonian PM and largely Etonian cabinet

This is about money and class. It takes a lot of family money and a sense of extreme security (which comes from class) to tell your son - "Hey, you should become a politician." And for the kid... who knows what kind of mindset it required? Arrogance, winners mentality, thick skin...

The kids I grew up with never had those ideas put into their heads. Hell, most of the kids I grew up with, the parents thought I was bonkers for wanting qualifications, one of the mums told me "In our family, we don't bother with exams and all that rubbish."

I hope you're being sarcastic?

NSA was caught snooping in a Supreme Court justice's data. (I think it was before he was on the Supreme Court, but nonetheless.) I find it unlikely that they're not intercepting American legislators' data, along with everyone else's.

FYI yes, this is (to a Brit) an obvious and classic case of obvious, deep, dry sarcasm.
Brit here. Another interesting angle/reflection is that if this was happening in China then there would be a shitstorm here..
The Chinese directly sensor and tell you what you can and can't do. In "democratic" countries anything that changes the status quo or stands up to power puts you at risk of being targeted; maybe you'll end up in a relationship with a state official or maybe you'll be goaded by someone into breaking the law. Maybe you'll never be able to trust anyone ever again.
There are many things that are curious in the UK legal system. This week, a guy has been sentenced to 30y in jail for gun trafficking. I'm not condoning gun trafficking but in my book smuggling is much more venial offense than rape or murder, and smuggling items that are not even illegal in countries like the US. I am sure many murderers took a lot less than that.

http://www.bbc.co.uk/news/uk-36446462

> There are many things that are curious in the UK legal system. This week, a guy has been sentenced to 30y in jail for gun trafficking [...] items that are not even illegal in countries like the US

If you tried to smuggle this:

http://ichef.bbci.co.uk/news/624/cpsprodpb/0B22/production/_...

and this:

http://ichef-1.bbci.co.uk/news/624/cpsprodpb/11A62/productio...

into the USA, you'd be facing about 630 years in jail, not 30.

My point is that you wouldn't even need to smuggle it in the US, like you wouldn't even need to smuggle alcohol in the UK or pot in California.
We do things differently here. As a result, we have only had one mass shooting incident in the last 20 years. Our per-capita murder rate is about 1/4 that of the US. We had three fatal police shootings last year, one in 2014 and none in 2013.

You might not like it, but we do. Our system of gun control is overwhelmingly popular.

http://data.worldbank.org/indicator/VC.IHR.PSRC.P5 http://www.inquest.org.uk/statistics/fatal-police-shootings

I don't want to make it another gun control debate, but I do not think it is the prohibition of weapons that make shooting rares. Drugs are equally prohibited and are by no mean rare. Everyone has an assault riffle at home in Switzerland and I have never heard of a mass shooting there. I think it's more a behavioral thing than a gun law thing.
This may well be true. However, it's better to have a behavioral problem without guns than a behavioral problem with guns widely and easily available.
A drug dealer cannot legally import automatic firearms into the US.

The only way they could be imported is by a licensed dealer, for sale to the military or law enforcement.

It's likely you just meant to make a more generalized comparison of the laws, but most people wanting to import the weapons in that article into the US would need to smuggle them.

Alcohol is routinely smuggled into the UK.
Someone smuggling heroin into the US would expect a sentence of at least 30 years. We happen to think that automatic weapons are at least as dangerous as heroin.
I think smuggling is a less serious crime than murder.
Would you be happier if they had been convicted of attempted murder.
Smuggling weapons that will surely be used for crimes including murder, and likely enabling many more murders than the smuggler is personally capable of?
And if the guns are used in a Charlie Hebdo style massacre or a stade de france style attack?

America is lucky in that its home grown terrorists have ben to be blunt a bit crap.

A gun being smuggled into the UK is only going to be used by a criminal (and by criminal, I mean they're committing violent crimes other than ownership of a gun) for killing someone - a gun smuggler, therefore, is providing a killer with a murder weapon with full knowledge of what it's going to be used for.
I'm not sure if you were being sarcastic or not, but they most likely are:

http://security.blogs.cnn.com/2014/01/04/nsa-wont-say-whethe...

And let's not forget this one:

http://www.theguardian.com/world/2014/jul/31/cia-admits-spyi...

I'm not sure why people still give spy agencies the benefit of the doubt, when they are almost always caught with lying. Skepticism for what spy agencies have to say should be the default in everyone's minds, especially in policians' minds. Unfortunately, those very same politicians who are supposed to "oversee" the spy agencies are the ones cheering for them the most.

This coming to light is a good thing, because the MPs will finally be scared enough to do something pro-privacy and stop all the anti-encryption nonsense.
Yeah. It will be fixed by making it illegal to access politicians data. They need privacy.

Normal people need security, so this clearly doesn't apply to them.

/s

If you read down a bit, you'll notice that that's exactly what they're calling for: increased protections for "MPs, lawyers, and journalists."

This is like when Diane Feinstein was shocked and appalled that the CIA hacked the computers being used to investigate them.

Politicians are either not intelligent enough to understand that they've given away include their own privacy in their Faustian pact, or... Well, we're already too far gone.

Assuming ignorance, the politicians are the first natural domestic targets of a surveillance apparatus.

How do they not realize that?

Unfortunately the GCHQ has a ton of blackmail material on all of those MPs to shut them up if they get too loud.
This is the only motivation that has ever mattered for domestic surveillance in any nation: control.
As said by an MP in the article, the solution is simply to add special protections for politicians.
Democracy these days seems to be more and more illusory. I'm willing to bet these same MPs will help make the IP Bill become law, anyway.
Gosh, this is absolutely shocking. Anyway, who fancies a cup of tea and a war in the Middle East.
According to her e-mails and public statements, I believe you are speaking about Hillary Rodham Clinton.
(comment deleted)
Shadow government is shadowy. Lawmakers with nannies are toothless... Lawmakers with overlords are nothing.
What if there are terrorists in parliament? How will the security agencies be able to find them if they are allowed privacy?
Sarcasm alert! (I hope)
There have been MP's caught spying and its surprising that no congressmen or senators haven't.
(comment deleted)
What, you don't remember that time when they said "when privacy violations happen, it is not an “active intrusion” because the analyst reading or listening to an individual’s communication will inevitably forget about it anyway"?

That's oversight you can take to the bank!

It's surprising to most Yanks, but Britain is the most heavily surveilled western country. It's much worse there it is in the US. (So far.)
Actually it's a common trope. That and the idea that much of England and Europe have been conquered by slavering Muslim hordes intent on instituting Shari'a. The second is more due to American tabloids
What, the National Enquirer? Weekly World News? I'm not an avid reader, but I can't recall any articles about Norbert Hofer in those publications...
This is a dreadful article, and the title is deeply misleading.

Literally the only information this article contains is that MPs use Office365 and MessageLabs.

That they've felt the need to clarify, right at the end of the article:

    > Computer Weekly also points out that we have not made
    > any suggestion in this story that GCHQ “routinely
    > reads” MPs’ emails. 
I would say that is exactly the suggestion that the verb "accesses" makes.
So you are suggesting that accessing metadata about emails (senders, recipients, subject) is by no mean relevant? I think in 90% of the email traffic, the content can pretty much be inferred from the subject, and that's intended, it is meant to refer precisely to the most important point of the email. And the sender/recipient/other emails give you the context. In my book that pretty much qualifies to accessing emails.
No, I'm suggesting that we already knew the NSA and GCHQ were doing mass data collection.

The article headline - and its very existence - suggests that politicians were being targetted, or there was some suggestion that GCHQ agents are reading politicians email in particular. That the published had to clarify (at the end, ad views already banked) that they didn't mean the emails are being read tells you that the article is woefully unclear.

Neither is true: all the article actually says is that digital communication in the UK is being collected for possible future analysis, and because parliamentarians are in the UK, their data is included.

Next up: ALL POLITICANS ARE TIME-TRAVELLERS[1]

1: They can go forward in time at the same speed as everything in their immediate vicinity

You can argue that it is a way to spin it, but if the aim is to make politicians react, I don't think it's bad to tell them: all emails, including yours, are monitored.
Politicians frequently say that they're only looking at metadata and they only want to monitor metadata.

If you want to persuade them that it's a bad idea to gather metadata you need to focus on that. Creating bullshit scare headlines that aren't true allow them to dismiss it as fearmongering.

> The article headline - and its very existence - suggests that politicians were being targetted, or there was some suggestion that GCHQ agents are reading politicians email in particular.

And that's important because there have been occasions in the past when certain MPs were being surveilled by the security services.

If it was happening today there'd probably be some ructions. (because somehow MPs think their email is more important than my email.)

Yes, that would be ridiculous. It is fully automated. Only communications with specific attributes are routinely inspected.
I'm not sure it's all that misleading, what I got out of the article was that there was apparently an explicit law (Wilson doctrine) in the UK designed to prevent spy agencies from spying on political officials. But now that they have begun using cloud services, etc, the doctrine has been quietly rendered irrelevant because of routing technicalities.
But surely this is a tiny fraction of the email traffic? Chances are anyone sending an email from a gmail to a yahoo address, the email will not even transit through the UK, and if it does it will pass through encrypted. The spam and commercial emails are more likely to be unencrypted, but even then chances are an amazon order confirmation to a gmail address will not even transit through the UK. So outside of PRISM-like pull methods, this mass monitoring is becoming increasingly toothless, isn't it?

[edit] and I am unfairly picking on amazon. I just checked, they do use TLS on their mailer. Let's stay Eurostar, ebuyer or disqus who do not seem to have heard of TLS.

So there are two problems:

A) There's reason to believe commonly used encryption is broken. The Snowden documents suggested VPNs in particular had been poorly set up, which allowed their encrypted traffic to be sniffed. There will be more things we currently believe to be encrypted and are not

B) Session cookies and tracker cookies make it easy for your HTTP requests to be linked back to you

HTTP? I am talking about email traffic.
I trust GCHQ more than some MPs.