Pages

Friday, March 14, 2014

MP note on Don't Spy on US

My MP, Nicola Blackwood, tells me she has written to William Hague to draw his attention to the Don't Spy on Us campaign.
"Dear Mr Corrigan,

Many thanks for your email about the ‘Don’t Spy on Us’ campaign. I apologise for the delay in my response.

I certainly appreciate that is an issue you feel strongly about, and I have taken the time to read your submission to the Intelligence and Security Committee’s inquiry. I understand your position that there is no balance to be struck between the individual right to privacy and the collective right to security, as privacy and security are not opposites. As discussed in our previous correspondence, I do firmly believe that our intelligence agencies do vital work in tackling terrorism and international crime.

The various levels of checks and balances that exist to hold our security services to account cannot be overstated, and as previously discussed these include oversight mechanisms by  Secretaries of State, the Interception of Communications Commissioner and the Intelligence Services Commissioner, and through Parliament via the Intelligence and Security Committee. One further level of accountability here that I have not discussed with you previously and I feel is worth noting here, is the strict operation of GCHQ within the Regulation of Investigatory Powers Act (RIPA). The Office of Surveillance Commissioners analyse GCHQ’s activity in detail, and also some of the codes of practices that the agencies have in place to ensure their adherence to RIPA.

I know that you have previously been unsatisfied with the response you have received from the Minister on this issue, but I have written to the Secretary of State for Foreign and Commonwealth Affairs, the Rt Hon William Hague MP, to discuss this specific campaign and to ask for a response to the concerns you have raised below. I shall of course pass any response I receive on to you in the usual way.

I will certainly keep your views on this subject in mind when considering the issue again in the future, and of course I intend to follow any further developments on this carefully. I also look forward to further announcements on the progress of the Committee’s inquiry into privacy and security, I understand the next stage will be the provision of oral evidence.

Thank you again for taking the time to contact me on this.

Kind regards
Nicola"
 I've replied.
"Nicola,

Thanks for getting back to me and for taking the time to read my response to the ISC.

As before, I don’t dispute that our intelligence agencies do vital work in tackling terrorism and international crime. However, they will do that work more effectively under a targeted data preservation regime rather than a suspicionless mass surveillance regime. Rather ironically this is one area where government ministers’ mantra of getting more from less actually applies.

We do differ in our relative positions on the checks and balances on the security services. If these had been effective as you have come to believe we would not have evolved the mass surveillance measures now operated by the security and intelligence services. As for RIPA, it’s widely accepted now on all sides to be out of date. You can drive a coach and horses through the loopholes in the RIPA regulations and the intelligence services basically do.

Finally for now, thanks for taking the time to write to William Hague about the Don’t Spy on Us campaign.

Regards,

Ray
On the week of the World Wide Web's 25th anniversary, we've learned  How the NSA Plans to Infect “Millions” of Computers with Malware. A couple of weeks ago it was revealed that GCHQ have been collecting millions of Yahoo webcam images via their OpticNerve system.

The mass surveillance stories flowing from the Snowden revelations keep coming. These are fundamentally, as Cory Doctorow put it so eloquently in his Guardian article earlier this week, matters of public health and societal wellbeing because so much of what we do these days involves the internet. 

The Don't Spy on Us campaign believe -
"Our campaigning is having an impact. The main political parties are edging towards reform of surveillance laws. We can't take anything for granted though. We have to keep pressing for change."
I would add that we need to keep pressing for public understanding and engagement. Concern about mass surveillance is still very much a minority sport in the UK.

Lib Dems conference motion on digital bill of rights

The text of the Liberal Democrats spring conference policy motion on a digital bill of rights is below (c&p from their Spring conference agenda p64-67).
"10.45 Policy motion
Chair: Sal Brinton (Vice Chair, Federal Conference Committee)
Aide: Sandra Gidley
F19 A Digital Bill of Rights
Cambridge
Mover: Tim Farron MP
Summation: Dr Julian Huppert MP (Co-Chair, Parliamentary Party Committee
on Home Affairs, Justice and Equalities)

Conference believes:

i) Monitoring or surveilling people without suspicion is alien to our
traditional British values.
ii) That systematic surveillance of people’s communications and
online activities undermines a number of fundamental human rights,
including the right to respect of private life and correspondence,
freedom of expression, of association, of conscience and of religion;
that these rights are essential in safeguarding the democratic
principles of our society; and that any interference with these rights
must be necessary and proportionate.
iii) That our online communication and behaviour should be treated with
the same respect and legal due process that we expect for our offline
communication and behaviour.
iv) Government-supported filtering of the internet will prevent people
from accessing legitimate information and educational resources,
whilst giving parents a false sense of security.
v) That the indiscriminate harvesting and storage of the communications
and metadata of people without suspicion is incompatible with our
liberal and democratic principles, and has the potential to cast a
chilling effect on free speech and free association.
vi) Whilst there are legitimate concerns surrounding national security,
such concerns must not be invoked simply as a pretext to undertake
blanket surveillance, stifle investigative journalism, or discourage
public debate.
vii) That the work of the intelligence and security services is essential to
the underpinning of a free, fair and open society, and that clear public
agreement as to their remit and the extent of their powers would be to
their benefit as well the country more broadly.

Conference endorses:

A. The International Principles on the Application of Human Rights to
Communications Surveillance, which emphasise that any surveillance
of citizens by the state must be necessary and proportionate.
B. The United Nations General Assembly resolution on the Right to
Privacy in the Digital Age (A/C.3/68/L.45), emphasising that the same
rights that citizens have offline must also be protected online.
C. The Reform Government Surveillance Principles signed by Apple,
Google, Microsoft, Facebook, Yahoo, LinkedIn, Twitter and AOL,
which call for overhaul of the oversight, accountability and laws
governing government surveillance programmes in order to restore
the balance between security and liberty and to restore public trust in
the internet.
D. Existing Liberal Democrat policy that data belongs by default to the
individual to whom it refers; this ownership of data means that the
individual citizen has a right to access all their own data and, where
reasonable, can decide who else has access.
E. The Deputy Prime Minister’s decision to veto the unworkable and
disproportionate Communications Data Bill.

Conference therefore calls for:

1. The annual release of Government Transparency Reports which
publish, as a minimum, the annual number of user data requests
made by law enforcement, the intelligence agencies, and other
authorities, broken down by requesting authority, success rates, types
of data requested and category of crime or event being investigated.
2. The establishment of a commission of experts to review state
surveillance and all recent allegations from the Edward Snowden
leaks, with specific scope to:
a) Scrutinise relevant legislation including the Regulation of
Investigatory Powers Act 2000, the Intelligence Services Act 1994
and section 94 of the Telecommunications Act 1984.
b) Assess the implications for privacy and internet freedoms of
Project Tempora and other programmes revealed by the Snowden
leaks, and consider alternatives to the bulk collection of data.
c) Review powers, scope, appointment and resources of oversight
committees, commissioners and tribunals.
d) Consider the use of judicial involvement and approval for
surveillance and for access to communications data and
metadata likely to reveal sensitive personal data.
e) Publish its findings and recommendations.
3. The Government to define and enshrine the digital rights of the citizen
to protect from overreach by the state, through:
a) Ensuring that powers of surveillance, accessing data, and
accessing new technologies are not extended without
Parliamentary approval.
b) Ensuring that government does not undertake the bulk
collection of data and only accesses the metadata or content
of communications of an individual if there is suspicion of
involvement in unlawful activity.
c) Ensuring that oversight of government surveillance is
independent, informed, transparent and adequate.
d) Supporting a prompt, lawful and transparent framework for data
requests across jurisdictions and between governments.
4. The Government to accelerate and expand the midata project,
to grant citizens access to all their data in an open digital format,
regardless of which business holds that data, by using powers under
the Enterprise and Regulatory Reform Act 2013.

Applicability: Federal.

Mover of motion: 7 minutes; summation: 4 minutes; other speakers: 3 minutes.
For eligibility and procedure for speaking in this debate, see page 15.
In addition to speeches from the platform, conference representatives will be
able to make concise (maximum one-minute) interventions from the floor during
the debate on the motion; see page 14.
The deadline for amendments to this motion is 13.00, Tuesday 4th March;
those selected for debate will be printed in Saturday’s Conference Daily. The
deadline for requests for separate votes is 09.00, Saturday 9th March. See
page 17."
Just one major note. Although it's fine to see the Lib Dems making an effort on this issue it is disappointing to see the dangerously false notion that there is a mythical "balance between security and liberty" trotted out unthinkingly yet again. This time it's done in endorsing (item C) the not-our-fault-guv-if-only-governments-would-stick-their-unwelcome-noses-out-of-our-er-the-surveillance-business-we'd-all-be-ok corporate behemoths that have facilitated the mass surveillance we are all now subjected to.

Mr Farron and Dr Huppert - thanks for making some effort but can you please stop - I cannot emphasize this strongly enough - stop painting security and liberty (or security and privacy) as opposites. They are fundamentally interdependent. Unless that understanding can be embedded in the DNA of the public debate about this stuff, we won't ever get off the starting blocks to address mass surveillance.

Dear Mr (Branson) Mockridge... about that poor broadband service again...

Open letter to Tom Mockridge, CEO of Virgin Media, (draft originally addressed to Richard Branson before I remembered that Mr Branson sold the company to Liberty Global last year).

Dear Mr Mockridge,

Much though I appreciate the regular opportunity to navigate your Virgin Media broadband service telephone tag maze and engage your stressed call centre staff in friendly conversation, I'm rather busy with other personal and professional things in life at the moment.

Your broadband service which I subscribe to at home has provided a variable wireless connection to my collection of digital devices for several days and has been deteriorating for several months.  Though the connection to the computer directly wired to the Virgin Super Hub has been more or less ok, apart from the odd day or two or threes interruptions to service here and there, the wireless connection to other devices has been erratic and often slow with download speeds slipping below several tenths of a Mbps.

As when I wrote to Richard Branson in October 2012, I'd just like to point out, again, that this is disrupting my family’s work, education, social activities and access to public and commercial services.

Your “check service status” phone line “confirms” that Virgin Media believe/assert “there are no problems” in my area.

Your “check service status” facility on the web - https://my.virginmedia.com/faults/service-status says there is “Good service” in my area.

They are both wrong.

As I believe I explained previously, to Mr Branson when he owned the company, when there are problems it is somewhat irritating if Virgin Media declare/think/pretend there are none.
Your labyrinthine, do-it-yourself (DIY) ‘check and fix your own problems’ approach on the Virgin Media website is quite something.  It assumes customers have the capacity and the skill to hunt down and follow a series of Russian doll like instructions and articles about where you might find instructions which rarely fix anything. This does, however, generate significant angst. I'm at risk of repeating myself here but one of my least favourite activities, when I get home from work, is going through a series of convoluted, difficult to access (via your website or phone helplines) routine processes I know to be futile, in an effort to demonstrate to one of your difficult to access call centre folks that I’ve already tried the stuff on their crib sheet without success.

Your various “helplines” – out of which, these days, positively dance the effusively cheery young woman's recorded voice, seemingly nothing short of delighted to hear from me - are not very helpful. Incidentally the consultantsthat advised your people or your people's people that customers, reduced to having to engage in endless telephone tag about a fault, would have their disquietude quelled by an extravagantly high spirited recorded voicewere wrong.

“Press 1 for…” queuing, canned music, notes that staff are busy (me too) and I'll have to stay on hold for x minutes, opportunities to choose the type of canned music I'd like to hear (my kids thought that was hilarious), more of the excessively upbeat recorded female voice and eventually, at the end of a long wait, connect to a member of call centre staff who can’t help. Apparently I'd been routed to cable services instead of national services. So cable services' Jay therefore had to transfer me to another part of your operation which in its turn can't help because I've been misdirected; so will transfer me to someone who they guarantee, absolutely, this time, will be the right person. None of this is conducive to soothing already fragile customer relations. 

I spent about 40 minutes on the phone yesterday evening and after three false starts got through to a senior technician, Anjan, who seemed pretty stressed and worn out himself. I explained the wifi problem and Anjan declared Virgin could not guarantee a stable wifi connection. Not a promising start and something of a contrast to the response I got from a very helpful lady called Shambhavi when I had an equivalent wifi problem in August of 2013.*

In any case Anjan re-booted the super hub and changed the wireless channel. Neither activity helped. (They didn't the last time I tried them either.) So he said the best thing to do would be to send a technician round to physically relocate the super hub. Now given the super hub has not moved and we haven't acquired or run any extra digital technologies in the past week, I'm skeptical that the notion of physically moving the hub will make any appreciable difference to the erratic wifi connection. Nevertheless I accept that Anjan, as he said, was at the end of a telephone line and couldn't see the relative layout of where the wireless devices were in relation to the hub. 

So I await your technician to work his/her magic next Tuesday between 1 and 6pm . The restoration of my wireless connections to something in the realm consistent usability and the banishment particularly of that irritating video buffering circle to the annals of history will be most welcome, if it can be achieved. I will, by the way, have to miss an important meeting to be at home to accommodate this visit.

To any Virgin Media staff who trip across this open note - if you have, thanks for taking the time to read it thus far. To the Virgin Media call centre staff most of whom are doing your best in the face of problems outside your control - thank you for your efforts and your understanding, when you can muster it up, that I did not call to make your life miserable, merely to ask for an operational service.

To Mr Mockridge - as I said to Mr Branson, when there is a problem with my broadband service – it’s slow and/or down and/or erratic and/or there are power fluctuations on the line – I want Virgin Media to know about it, let me know about it in an accessible communiqué, work hard to fix it asap and deliver a reliable service. I don't want to play telephone tag for hours, days or weeks or go on endless, fruitless Virgin Media website mining expeditions, in an effort to find a temporary DIY patch for the prevailing problem to tide me over until the next disruption.

BT write regularly encouraging me to switch broadband provider.  The series of disruptions in Virgin Media services in the past year alone is causing me to wonder whether that alternative would be more consistently reliable, with the additional bonus of access to BT Sport.

Yours sincerely,
Ray Corrigan

* In August 2013 I was having lots of broadband problems including similar persistent wifi problems to those experienced in recent days. I gathered my energy to phone Virgin Media about it on the 31st of the month, one Saturday morning I didn't happen to be out and about on the Open University trail. After lots of phone tag including getting cut off with a promise to call back I had little confidence in, I actually got a very helpful lady called Shambhavi at the other end of the line. 

She listened to my problem carefully, took the time to understand specifically what the issue was and apologised for the disruptions.  She asked me to check connection speeds on each laptop and wireless device. She did some diagnostics and detected power fluctuations on the cable connecting my house and postcode. She had to go away and do some extra checking and system adjustments and also promised to phone me back within half and hour. 

Guess what? She phoned me back within half an hour!

During the time Shambhavi was off the line doing her system adjustments, one of the laptops acquired a usable wireless connection, presumably due to her remote work on the power fluctuations on the cable. The other laptop still had no connection. She asked me to connect that directly by cable to the Virgin Media super hub, took remote control and did some checks (most of which I had done previously but nevertheless kudos to Shambhavi for being thorough). She thought the laptop might need a wireless driver update but discovered it was already installed. Disconnected the cable to the laptop and wireless was still not working, though it could get a very slow intermittent connection to the BBC site but nowhere else. Connected the cable again. Shambhavi then rebooted the laptop in safe mode and did some more checks. This time when I disconnected the cable the machine did have a working wireless connection. A selection of broadband speedtests showed it running 20 - 40 Mbps, a massive improvement.

Shambhavi then asked that I systematically check the wireless performance of each device. All were in working order. I thanked her for a job well done. 1.5 hours after first calling, my wireless devices were now working and the Corrigan household was back online. 

I had intended to write a blogpost about it at the time to thank Shambhavi publicly and it was remiss of me to take so long about it and only now be prompted to record her professional supportive effective approach when running into a less successful attempt to have my latest Virgin Media troubles fixed. Well done and thank you for that particular morning's work on Saturday, August 31st, 2103, Shambhavi.

A final note to Mr Mockridge and/or any of your sharp suited minders who might stumble across this open letter or filter the associated email - easy access to real caring people in your organisation, like Shambhavi, with the capacity and willingness to listen, diagnose and fix service and technical issues, would do wonders for your customer relations. 

Update Friday 14/3/'13: I had a quick response to my email to Mr Mockridge from Marina, CEO Case Manager at Virgin Media's Chief Executive Office. My email went at 13.38 yesterday and the time stamp on the response is 14.42. I also had a very helpful phone call from Ian in the Virgin Media complaints office this morning (Friday). He suggested that instead of sending out a technician to physically relocate the Virgin Media super hub, since I was skeptical about the efficacy of such an action, that he arrange to send a new generation hub with a better wireless performance. I'll need to install it myself but he said it comes with straightforward instructions. Thanks to Marina for your rapid response and handing the case to Ian. Thanks to Ian for the care you've taken to read and understand my missive, investigate my Virgin Media problems and your all round helpful approach to date. Hopefully the new hub will connect seamlessly and cure the wifi issues we've been experiencing.

Wednesday, March 12, 2014

NSA QUANTUMHAND - NSA disguises itself as a fake Facebook server

The Intercept has published the latest set of NSA documents leaked by Edward Snowden. The story is time is How the NSA Plans to Infect “Millions” of Computers with Malware. To the Facebook users out there who don't really care about this stuff, take a look at this short video:

How the NSA Secretly Masqueraded as Facebook to Hack Computers for Surveillance from First Look Media on Vimeo.

It's a man on the side attack. As Glenn Greenwald and Ryan Gallagher say in the article:
"In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive. A top-secret animation demonstrates the tactic in action.
The documents show that QUANTUMHAND became operational in October 2010, after being successfully tested by the NSA against about a dozen targets.
According to Matt Blaze, a surveillance and cryptography expert at the University of Pennsylvania, it appears that the QUANTUMHAND technique is aimed at targeting specific individuals. But he expresses concerns about how it has been covertly integrated within Internet networks as part of the NSA’s automated TURBINE system.
“As soon as you put this capability in the backbone infrastructure, the software and security engineer in me says that’s terrifying,” Blaze says.
“Forget about how the NSA is intending to use it. How do we know it is working correctly and only targeting who the NSA wants? And even if it does work correctly, which is itself a really dubious assumption, how is it controlled?”"
When asked to comment Facebook said had "no evidence" of QUANTUMHAND activity.

Tuesday, March 11, 2014

Twitter's locked me out again

Twitter has locked me out again. Just as I was about to link to 2 Guardian stories - one each by Cory Doctorow and Christopher Soghoian on Edward Snowden's appearance at SXSW.