Google Compute Engine - Cloud Computing & Customer Held Encryption Keys / Red Herrings

Google has just done something that’s going to annoy the US and UK governments Business Insider     Alastair Stevenson, Business Insider     Jul. 29, 2015, 11:15 AM    2 UK Prime Minister David Cameron is not going to like this. Google has rolled out a security service for its business customers that could put a serious downer on the UK government’s plans to increase law enforcement’s surveillance powers. The service was revealed by Google product manager Leonard Law in a blog post and is currently in beta form. It will let businesses running the company's Google Compute Engine create their own encryption keys. Encryption is a security technology that scrambles digital information using specialist mathematics. It makes it so only people in possession of a specific unlock key or password can read the encrypted information. Google’s move may not sound like a big deal to people outside the technology community, but the implications for the move are pretty massive. What the Google Compute Engine is Google’s Compute Engine is the basis of the company's cloud computing platform. Cloud computing is a special type of technology that uses a network of remote servers hosted on the internet to run computer processes traditionally done on a device’s internal hardware. In theory, this means cloud computing customers can get high-powered computer performance, or run complex tasks beyond normal hardware’s capabilities without having to buy lots of equipment. As well as Google, which uses the tech to power many of its own services, such as YouTube, numerous big-name companies including Coca Cola, Best Buy, Rovio, Avaya and Ocado also use the Compute Engine. How it links to government surveillance The widespread use of Google’s cloud tech means it handles vast amounts of  user data. Data running through the platform can include things like customer records, account information and, at times, the user's geographic location. PRISM documents leaked by Edward Snowden in 2013 revealed intelligence agencies, such as the NSA and GCHQ, have been siphoning vast amounts of web user information from Google's cloud platform – as well as many other cloud service providers. The move makes sense, as the Compute Engine’s large customer base lets the agencies collect data from multiple companies and services from one central source. A game of cat and mouse Google already encrypts services running through its Compute Engine by default. This partially protects customers as it means agencies like the NSA or GCHQ cannot read the data without knowing which encryption key was used. However, the tactic is not foolproof, as the NSA and GCHQ can use legal requests, such as letters sent under the US Foreign Intelligence Surveillance Act (FISA), to force Google to unlock or hand over unencrypted copies of the data. This issue was set to get even worse in the UK and US as both governments have hinted at plans to make it easier for law enforcement and intelligence agencies. Law enforcement agencies within the US have been lobbying for the US government to control business use of encryption since the PRISM leaks emerged. FBI director of counter-terrorism Michael Steinbach warned lawmakers that strong encryption technology allows terrorists "a free zone by which to recruit, radicalize, plot and plan," in June. UK prime minister David Cameron has hinted at plans to hamper the use of encryption. Cameron told Parliament he wants to "ensure that terrorists do not have a safe space in which to communicate," on June 6. How companies having their own keys will hamper surveillance Experts within the security community have argued that Google’s move will cause problems for the UK government’s plans. FireEye global technical lead Simon Mullis explained to Business Insider this is because it will make it so Google won’t be able to decrypt the data, even if ordered to. “Essentially the access to, ownership and management of the keys used to encrypt all data within Google Cloud is now handled by the end-customer," he said. "[This will] make it harder for any external agencies such as law enforcement or intelligence services to gain access to the decrypted data as there are fewer parties [people able to unlock the data] involved.” As a result, if law enforcement wanted access to the encrypted Compute Engine data, they would have to mount individual requests to each customer, a practice that would slow their surveillance operations. Business Insider has reached out to the UK Prime Minister's press team for comment on how custom encryption keys will impact Cameron's plans. Google is one of many technology companies working to fight the UK and US government’s surveillance plans. A group of 140 companies, including Google, Microsoft, Apple and Facebook, sent an open letter to President Obama in May urging him to reject the encryption proposals, fearing they would damage the US economy. Apple CEO Tim Cook claimed law enforcement’s hostility towards encryption is dangerous in June. SOURCE http://www.techinsider.io/google-has-offered-compute-engine-customers-advanced-encryption-powers-2015-7 --------------------- COMMENT 'Terrorists' is the big stick / leverage go-to for governments to demand access. If I were a company, I would prefer complete control of my own data.  Relying on cloud computing doesn't appeal, even though it may be cheaper.  And why would you trust any company that can unencrypt your data?  But I guess the advantage might be in passing the buck.  As in, if data is compromised, you can maybe blame it on the third party cloud host & they get lumped with compensation payouts? This is a good companion article regarding encryption offerings:   The Red Herring of Digital Backdoors and Key Escrow Encryption Bill Blunden EXTRACTS By concentrating on key escrow the CEOs of Silicon Valley are able to conjure up the perception of an adversarial relationship with federal agencies. This is absolutely crucial because tech companies need to face the public wearing a white hat. In the aftermath of the PRISM scandal, where C-suite types were caught colluding with the government on a first-name basis, American executives are frantically trying to convince people on behalf of quarterly revenue that they’re siding with consumers against spying. An interesting but fundamentally flawed narrative, given how much economic espionage the government conducts and how much spying corporate America does. Who do you think benefits from this sort of mass surveillance? All told it’s likely that private sector involvement henceforth will transpire off stage. Far removed from the encryption debate. Rather than forgo the benefits of aggressive spying, CEOs will merely conceal their complicity more deeply while making lots of noise for rubes about encryption. In this sense zero-day bugs offer the added benefit of plausible deniability. That is, backs doors based on zero-day bugs are vital spy tools that masquerade as mere accidents. Only fitting, one might conclude, as spies and magicians are kindred spirits performing artful tricks that beguile more susceptible members of the audience. http://www.counterpunch.org/2015/07/29/the-red-herring-of-digital-backdoors-and-key-escrow-encryption/ I really like this guy's articles.

Britain - Illegal MI5, MI6 & GCHQ Spying on Parliamentarians

SOURCE http://www.theguardian.com/uk-news/2015/jul/23/intelligence-agency-policies-fail-protect-mps-spying-mi5-mi6-gchq Intelligence agency policies 'failed to protect MPs' from spying In the last year MI5, MI6 and GCHQ have followed eight different policies governing the interception of parliamentarians communications, court told Caroline Lucas: MPs need to communicate in private with constituents and whistleblowers Caroline Lucas argues there is a strong likelihood her communications have been intercepted. Photograph: Daniel Leal-Olivas/PA Ian Cobain Thursday 23 July 2015 23.42 AEST Last modified on Thursday 23 July 2015 23.45 AEST The UK’s intelligence agencies have been operating unlawful surveillance policies that have failed to adequately protect the confidential communications of members of parliament, a court has heard. Officers of MI5, MI6 and GCHQ have been operating under eight different policies in the last 12 months alone, the Investigatory Powers Tribunal (IPT) heard on Thursday. Most of these policies have failed fully to comply with the law, or with the 50-year-old political convention known as the Wilson doctrine that was thought to prohibit the agencies from eavesdropping on MPs or members of the House of Lords, Ben Jaffey, counsel for the Green party parliamentarians Caroline Lucas and Lady Jones told the IPT. The Wilson doctrine is named after the former Labour prime minister Harold Wilson, who told the Commons in November 1966 that parliamentarians would not be spied upon and that if this policy needed be changed for national security reasons, the PM would announce this in due course. Lucas, Jones and former Respect MP George Galloway argue there is a strong likelihood that their communications have been intercepted as a consequence of the surveillance programmes exposed by the CIA whistleblower Edward Snowden. The IPT – a secretive court that hears complaints about the UK’s intelligence agencies – is being asked to confirm that the Wilson doctrine has force in law. The parliamentarians also say that agencies have breached the European convention on human rights. Some elements of the government’s defence against the legal challenge are being kept secret and the court is likely to sit in camera, with the public and media excluded, if it comes to consider evidence of actual surveillance of MPs and peers. Jaffey told the IPT that MI5 operated one policy governing the interception of parliamentarians’ communications from April 2012 to September 2014, when it was rewritten after Lucas and Jones lodged their challenge. It was rewritten again last February after government lawyers drafted their “open response” – or non-secret defence – to the claim. David Miliband, when foreign secretary, authorised an MI6 policy which allowed the agency to intercept parliamentarians’ communications without the prime minister being notified, the IPT was told. This policy was rewritten last February, bringing it closer in wording to the MI5 policy. GCHQ’s policy was rewritten in March this year and again three months later. Jaffey said the various policies “fail fully to comply with the law and they fail to comply with public statements as to safeguards”. It was not the parliamentarians’ case that MPs and members of the Lords should never be intercepted, he said, and there may be exceptional national security grounds for doing so. However, MPs needed to be able to communicate in private with constituents and whistleblowers. He said: “Strict safeguards to protect parliamentary communications are an important bulwark for the protection of the public interest.” Although the Wilson doctrine requires the prime minister to make a statement if the policy were to be reversed, all three agencies were operating internal policies that did not require them to inform prime ministers that they were intercepting MPs’ communications, the IPT was told. These were changed only once Lucas and Jones embarked upon their challenge. When GCHQ rewrote its policy last month, it did so in a way that removed all protection for communications data and for members of the devolved parliament and assemblies in Scotland, Northern Ireland and Wales. Lucas and Jones argue that intercepts which capture the communications of parliamentarians should require the authorisation of a judge. SOURCE http://www.theguardian.com/uk-news/2015/jul/23/intelligence-agency-policies-fail-protect-mps-spying-mi5-mi6-gchq Caroline Lucas Jenny Jones, Green Party (Baroness Jones of Moulsecoomb)  George Galloway, fmr Respect Party  Is the government spying on politicians? ‘Blanket surveillance’ probed in court hearing  Prison staff have recorded 3,150 prisoner calls to MPs and downloaded 280 for playback since 2006. http://www.rt.com/uk/310579-government-spying-politicians-surveillance/ --------------------- COMMENT UK's a creepy surveillance state & the conduct of its spy agencies provides further justification for whistleblower publishers, I would think.

Australia Appoints Former GCHQ Director to Cybersecurity Review Panel

Former British radio spy joins cyber security review by The Mandarin 20.04.2015 Iain Lobban    The former chief of Britain’s GCHQ, Sir Iain Lobban, will help shape Australia’s response to cyber security threats. He joins BCA head Jennifer Westacott and others in providing advice to the government’s Cyber Security Review. The former head of British signals intelligence, Sir Iain Lobban (pictured), has been appointed to the Cyber Security Review’s independent panel of experts, the Australian government announced on Saturday. Lobban, who was director of the UK’s Government Communications Headquarters or GCHQ between 2008 and 2014, “will be extremely valuable to the review as we shape Australia’s strategy to better protect Australia’s networks from cyber attack”, said Prime Minister Tony Abbott in a statement:     “Australia faces real and growing cyber threats. By 2017 more than nine out of 10 Australians will be routinely online and Australian businesses and consumers benefit from the opportunities that an interconnected world delivers.     “Since I announced the government’s cyber security review late last year, the Australian Cyber Security Centre has responded to 164 incidents involving government agencies and helped businesses respond to 2981 incidents. There are many more incidents that businesses have managed themselves.” The Cyber Security Review aims to set out ideas on how the government, industry and academia can better work together to make Australia’s online systems and internet-connected networks more resilient against cyber attacks. Lobban joined GCHQ in 1983 and performed a range of jobs there before joining the board in 2001. That same year he was a participant in the British Cabinet Office’s Top Management Programme, a four week intensive programme for senior managers from the public and private sectors who are likely to reach the highest level within business and government. Other members of the panel include the CEO of the Business Council of Australia, Jennifer Westacott; Chief Security and Trust Officer at Cisco Systems in the United States, John Stewart; the Chief Information Security Officer at Telstra, Mike Burgess; and the Director of the International Cyber Policy Centre at the Australian Strategic Policy Institute, Tobias Feakin. So far, the review team has talked to over 140 large and small organisations across Australia and overseas. After a series of delays, the Cyber Security Review is now expected to be completed near its original goal of mid-2015. The review will: Ø     update the Government’s cyber security priorities; Ø     provide a view on the cyber threats and risks Australia faces; Ø     clarify the Government’s role in cyber security for Australia, including how this contributes to the protection of critical infrastructure; Ø     describe how Government and industry can best team up to defend ourselves jointly from those who want to harm us in cyber space; Ø     outline an improved approach on Australia’s engagement with international cyber security forums, to further Australia’s interests and cement our leadership on cyber security; and Ø      recommend practical initiatives to improve Australia’s cyber security, for Government consideration. http://www.themandarin.com.au/30763-former-british-spy-appointed-cyber-security-review-panel/?pgnc=1 LOOK-UPS Australian Strategic Policy Institute think tank established in 2001 still receives most of its funding from govt (but claims to be 'independent') purpose:  role of developing ideas on Australia's defence & strategic policy options & helping to inform the public Executive Director = former Deputy Secretary in Dept of Defence {prior to that:  Major General (Retd) Peter Abigail} {first Director was Hugh White, now Professor of Strategic Studies at Australian National University} [Wikipedia] PANEL Business Council of Australia ('BCA') - reps big business* Cisco Systems United States - multinational, sells networking equipment Telstra Australian Strategic Policy Institute - govt think tank former GCHQ:  Iain Lobban *BCA - 2009 - called for taxes to be increased on consumer goods but halved for corporations; wants to increase GST while dropping corporate tax.  Cisco hardware -  NSA backdoor firewalls have the ability to be compromised by the NSA. firmware implant for both the ASA and PIX devices called JETPLOW can be deployed on a firewall target with an exfiltration path to the NSA’s Remote Operations Centre note:  all US networking devices are required by law to have surveillance capabilities built-into them Cisco stated that it does not work with the US govt. https://www.certificationkits.com/cisco-asa-5500-series-compromised-by-nsa/ http://en.wikipedia.org/wiki/Cisco_Systems NSA’s ANT Division Catalog of Exploits for Nearly Every Major Software/Hardware/Firmware 12/29/2013 SPIEGEL http://leaksource.info/2013/12/30/nsas-ant-division-catalog-of-exploits-for-nearly-every-major-software-hardware-firmware/ Getting a bit late for me.  Might have to come back to this tomorrow to read the 'NSA ANT Division Catalogue of Exploits ...' article. Don't know what to think of the panel.  Big business and the government are well represented.  The public doesn't seem to be represented, although unidentified 'organisations' have been consulted. The Business Council of Australia sound a nasty, self-interested lot.  LOL [ Rushed.  No time to adjust formatting ]

UK - Privacy International - Surveillance Industry - Surveillance General

Meet the privacy activists who spy on the surveillance industry by Daniel Rivero Illustration by Shutterstock, Elena Scotti/Fusion April 6, 2015 http://fusion.net/story/112390/unveiling-secrets-of-the-international-surveillance-trade-one-fake-company-at-a-time/ LONDON– On the second floor of a narrow brick building [...] Once he’s infiltrated the trade show, he’ll pose as an industry insider, chatting up company representatives, swapping business cards, and picking up shiny brochures that advertise the invasive capabilities of bleeding-edge surveillance technology. Few of the features are ever marketed or revealed openly to the general public, and if the group didn’t go through the pains of going undercover, it wouldn’t know the lengths to which law enforcement and the intelligence community are going to keep tabs on their citizens. “I don’t know when we’ll get to use this [company], but we need a lot of these to do our research,” Omanovic tells me. (He asked Fusion not to reveal the name of the company in order to not blow its cover.) The strange tactic– hacking into an expo in order to come into close proximity with government hackers and monitors– is a regular part of operations at Privacy International, a London-based anti-surveillance advocacy group founded 25 years ago. Omanovic is one of a few activists for the group who goes undercover to collect the surveillance promotional documents. “At last count we had about 1,400 files,” Matt Rice, PI’s Scottish-born advocacy officer says while sifting through a file cabinet full of the brochures. “[The files] help us understand what these companies are capable of, and what’s being sold around the world,” he says. The brochures vary in scope and claims. Some showcase cell site simulators, commonly called Stingrays, which allow police to intercept cell phone activity within a certain area. Others provide details about Finfisher– surveillance software that is marketed exclusively to governments, which allows officials to put spyware on a target’s home computer or mobile device to watch their Skype calls, Facebook and email activity. The technology buyers at these conferences are the usual suspects — the Federal Bureau of Investigation (FBI), the UK’s Government Communications Headquarters (GCHQ), and the Australian Secret Intelligence Service– but also representatives of repressive regimes —Bahrain, Sudan, pre-revolutionary Libya– as the group has revealed in attendees lists it has surfaced. At times, companies’ claims can raise eyebrows. One brochure shows a soldier, draped in fatigues, holding a portable device up to the faces of a sombre group of Arabs. “Innocent civilian or insurgent?,” the pamphlet asks. “Not certain?” “Our systems are.” The treasure trove of compiled documents was available as an online database, but PI recently took it offline, saying the website had security vulnerabilities that could have compromised information of anyone who wanted to donate to the organization online. They are building a new one. The group hopes that the exposure of what Western companies are selling to foreign governments will help the organization achieve its larger goal: ending the sale of hardware and software to governments that use it to monitor their populations in ways that violate basic privacy rights. The group acknowledges that it might seem they are taking an extremist position when it comes to privacy, but “we’re not against surveillance,” Michael Rispoli, head of PI’s communications, tells me. “Governments need to keep people safe, whether it’s from criminals or terrorists or what it may be, but surveillance needs to be done in accordance with human rights, and in accordance with the rule of law.” The group is waging its fight in courtrooms. In February of last year, it filed a criminal complaint to the UK’s National Cyber Crime Unit of the National Crime Agency, asking it to investigate British technology allegedly used repeatedly by the Ethiopian government to intercept the communications of an Ethiopian national. Even after Tadesse Kersmo applied for– and was granted– asylum in the UK on the basis of being a political refugee, the Ethiopian government kept electronically spying on him, the group says, using technology from British firm Gamma International. The group currently has six lawsuits in action, mostly taking on large, yet opaque surveillance companies and the British government. Gamma International did not respond to Fusion’s request for comment on the lawsuit, which alleges that exporting the software to Ethiopian authorities means the company assisted in illegal electronic spying. “The irony that he was given refugee status here, while a British company is facilitating intrusions into his basic right to privacy isn’t just ironic, it’s wrong,” Rispoli says. “It’s so obvious that there should be laws in place to prevent it.” PI says it has uncovered other questionable business relationships between oppressive regimes and technology companies based in other Western countries. An investigative report the group put out a few months ago on surveillance in Central Asia said that British and Swiss companies, along with Israeli and Israeli-American companies with close ties to the Israeli military, are providing surveillance infrastructure and technical support to countries like Turkmenistan and Uzbekistan– some of the worst-ranking countries in the world when it comes to freedom of speech, according to Freedom House. Only North Korea ranks lower than them. PI says it used confidential sources, whose accounts have been corroborated, to reach those conclusions. Not only are these companies complicit in human rights violations, the Central Asia report alleges, but they know they are. Fusion reached out to the companies named in the report, NICE Systems (Israel), Verint Israel (U.S./ Israel), Gamma (UK), or Dreamlab (Switzerland), and none have responded to repeated requests for comment. The report is a “blueprint” for the future of the organization’s output, says Rice, the advocacy officer. “It’s the first time we’ve done something that really looks at the infrastructure, the laws, and putting it all together to get a view on how the system actually works in a country, or even a whole region,” says Rice. “What we can do is take that [report], and have specific findings and testimonials to present to companies, to different bodies and parliamentarians, and say this is why we need these things addressed,” adds Omanovic, the researcher and fake company designer. The tactic is starting to show signs of progress, he says. One afternoon, Omanovic was huddled over a table in the back room, taking part in what looked like an intense conference call. “European Commission,” he says afterwards. The Commission has been looking at surveillance exports since it was revealed that Egypt, Tunisia, and Bahrain were using European tech to crack down on protesters during the Arab Spring, he added. Now, PI is consulting with some members, and together they “hope to bring in a regulation specifically on this subject by year’s end.” *** Privacy International has come a long way from the “sterile bar of an anonymous business hotel in Luxembourg,” where founder Simon Davies, then a lone wolf privacy campaigner, hosted its first meeting with a handful of people 25 years ago. In a blog post commemorating that anniversary, Davies (who left the organization about five years ago) described the general state of privacy advocacy when that first meeting was held:     “Those were strange times. Privacy was an arcane subject that was on very few radar screens. The Internet had barely emerged, digital telephony was just beginning, the NSA was just a conspiracy theory and email was almost non-existent (we called it electronic mail back then). We communicated by fax machines, snail mail – and through actual real face to face meetings that you travelled thousands of miles to attend.” Immediately, there were disagreements about the scope of issues the organization should focus on, as detailed in the group’s first report, filed in 1991. Some of the group’s 120-odd loosely affiliated members and advisors wanted the organization to focus on small privacy flare-ups; others wanted it to take on huge, international privacy policies, from “transborder data flows” to medical research. Disputes arose as to what “privacy” actually meant at the time. It took years for the group to narrow down the scope of its mandate to something manageable and coherent. Gus Hosein, current executive director, describes the 90’s as a time when the organization “just knew that it was fighting against something.” He became part of the loose collective in 1996, three days after moving to the UK from New Haven, Connecticut, thanks to a chance encounter with Davies at the London Economics School. For the first thirteen years he worked with PI, he says, the group’s headquarters was the school pub. They were fighting then some of the same battles that are back in the news cycle today, such as the U.S. government wanting to ban encryption, calling it a tool for criminals to hide their communications from law enforcement. “[We were] fighting against the Clinton Administration and its cryptography policy, fighting against new intersections of law, or proposals in countries X, Y and Z, and almost every day you would find something to fight around,” he says. Just as privacy issues stemming from the dot com boom were starting to stabilize, 9/11 happened. That’s when Hosein says “the shit hit the fan.” In the immediate wake of that tragedy, Washington pushed through the Patriot Act and the Aviation and Transportation Security Act, setting an international precedent of invasive pat-downs and extensive monitoring in the name of anti-terrorism. Hosein, being an American, followed the laws closely, and the group started issuing criticism of what it considered unreasonable searches. In the UK, a public debate about issuing national identification cards sprung up. PI fought it vehemently. “All of a sudden we’re being called upon to respond to core policy-making in Western governments, so whereas policy and surveillance were often left to some tech expert within the Department of Justice or whatever, now it had gone to mainstream policy,” he says. “We were overwhelmed because we were still just a ragtag bunch of people trying to fight fights without funding, and we were taking on the might of the executive arm of government.” The era was marked by a collective struggle to catch up. “I don’t think anyone had any real successes in that era,” Hosein says. But around 2008, the group’s advocacy work in India, Thailand and the Philippines started to gain the attention of donors, and the team decided it was time to organize. The three staff members then started the formal process of becoming a charity, after being registered as a corporation for ten years. By the time it got its first office in 2011 (around the time its founder, Davies, walked away to pursue other ventures) the Arab Spring was dominating international headlines. “With the Arab Spring and the rise of attention to human rights and technology, that’s when PI actually started to realize our vision, and become an organization that could grow,” Hosein says. “Four years ago we had three employees, and now we have 16 people,” he says with a hint of pride. *** “This is a real vindication for [Edward] Snowden,” Eric King, PI’s deputy director says about one of the organization’s recent legal victories over the UK’s foremost digital spy agency, known as the Government Communications Headquarters or GCHQ. PI used the documents made public by Snowden to get the British court that oversees GCHQ to determine that all intelligence sharing between GCHQ and the National Security Administration (NSA) was illegal up until December 2014. Ironically, the court went on to say that the sharing was only illegal because of lack of public disclosure of the program. Now that details of the program were made public thanks to the lawsuit, the court said, the operation is now legal and GCHQ can keep doing what it was doing. “It’s like they’re creating the law on the fly,” King says. “[The UK government] is knowingly breaking the law and then retroactively justifying themselves. Even though we got the court to admit this whole program was illegal, the things they’re saying now are wholly inadequate to protect our privacy in this country.” Nevertheless, it was a “highly significant ruling,” says Elizabeth Knight, Legal Director of fellow UK-based civil liberties organization Open Rights Group. “It was the first time the [courts have] found the UK’s intelligence services to be in breach of human rights law,” she says. “The ruling is a welcome first step towards demonstrating that the UK government’s surveillance practices breach human rights law.” In an email, a GCHQ spokesperson downplayed the significance of the ruling, saying that PI only won the case in one respect: on a “transparency issue,” rather than on the substance of the data sharing program. “The rulings re-affirm that the processes and safeguards within these regimes were fully adequate at all times, so we have not therefore needed to make any changes to policy or practice as a result of the judgement,” the spokesperson says. Before coming on board four years ago, King, a 25-year old Wales native, worked at Reprieve, a non-profit that provides legal support to prisoners. Some of its clients are at Guantanamo Bay and other off-the-grid prisons, something that made him mindful of security concerns when the group was communicating with clients. King worried that every time he made a call to his clients, they were being monitored. “No one could answer those questions, and that’s what got me going on this,” says King. Right now, he tells me, most of the group’s legal actions have to do with fighting the “Five Eyes”– the nickname given to the intertwined intelligence networks of the UK, Canada, the US, Australia and New Zealand. One of the campaigns, stemming from the lawsuit against GCHQ that established a need for transparency, is asking GCHQ to confirm if the agency illegally collected information about the people who signed a “Did the GCHQ Illegally Spy On You?” petition. So far, 10,000 people have signed up to be told whether their communications or online activity were collected by the UK spy agency when it conducted mass surveillance of the Internet. If a court actually forces GCHQ to confirm whether those individuals were spied on, PI will then ask that all retrieved data be deleted from the database. “It’s such an important campaign not only because people have the right to know, but it’s going to bring it home to people and politicians that regular, everyday people are caught up in this international scandal,” King says. “You don’t even have to be British to be caught up in it. People all over the world are being tracked in that program.” Eerke Boiten, a senior lecturer at the interdisciplinary Cyber Security Centre at the University of Kent, says that considering recent legal victories, he can’t write off the effort, even if he would have dismissed it just a year ago. “We have now finally seen some breakthroughs in transparency in response to Snowden, and the sense that intelligence oversight needs an overhaul is increasing,” he wrote in an email to me. “So although the [British government] will do its best to shore up the GCHQ legal position to ensure it doesn’t need to respond to this, their job will be harder than before.” “Privacy International have a recent record of pushing the right legal buttons,” he says. “They may win again.” A GCHQ spokesperson says that the agency will “of course comply with any direction or order” a court might give it, stemming from the campaign. King is also the head of PI’s research arm– organizing in-depth investigations into national surveillance ecosystems, in tandem with partner groups in countries around the world. The partners hail from places as disparate as Kenya and Mexico. One recently released report features testimonials from people who reported being heavily surveilled in Morocco. Another coming out of Colombia will be more of an “exposé,” with previously unreported details on surveillance in that country, he says. And then there’s the stuff that King pioneered: the method of sneaking into industry conferences by using a shadow company. He developed the technique Omanovic is using. King can’t go to the conferences undercover anymore because his face is now too well known. When asked why he started sneaking into the shows, he says: “Law enforcement doesn’t like talking about [surveillance]. Governments don’t talk about it. And for the most part our engagement with companies is limited to when we sue them,” he laughs. When it comes to the surveillance field, you would be hard pressed to find a company that does exactly what it says it does, King tells me. So when he or someone else at PI sets up a fake company, they expect to get about as much scrutiny as the next ambiguous, potentially official organization that lines up behind them. Collectively, PI has been blacklisted and been led out of a few conferences over the past four years they have been doing this, he estimates. “If we have to navigate some spooky places to get what we need, then that’s what we’ll do,” he says. Sometimes you have to walk through a dark room to turn on a light. Privacy International sees a world with a lot of dark rooms. “Being shadowy is acceptable in this world.” http://fusion.net/story/112390/unveiling-secrets-of-the-international-surveillance-trade-one-fake-company-at-a-time/ Highlights are for me.  Link to source article for an easier read. Great article.  Not sure I'll remember all of this information. Prior advocacy work: India Thailand Philippines More investigations coming: Kenya Mexico  Colombia   Completed report:  heavily surveilled in Morocco (strong USA ally, with heavy French & Spanish trade, credit and investment). StingRays are used routinely by Chicago Police Dept: Chicago PD seized drug money = first purchases 2005 incl. StingRay surveillance' digital 'hoovers' http://inthesetimes.com/article/17808/who-do-you-protect-who-do-you-surveil  Central Asia report software companies that have not responded: NICE Systems (Israel) Verint Israel (US / Israel) Gamma (UK) Dreamlab (Switzerland) Most of Privacy International legal actions have to do with fighting the “Five Eyes” - ie.  "intertwined intelligence networks of the UK, Canada, the US, Australia & New Zealand." Six court actions in progress currently. Sales to repressive governments include: Bahrain Sudan Libya (pre-revolutionary) Turkmenistan Uzbekistan Egypt, Tunisia & Bahrain - used European surveillance technology (crackdown protesters). European Commission -  has been looking at surveillance export. Expansive surveillance set down by: Patriot Act (USA) Aviation and Transportation Security Act (USA) Intelligence sharing between USA (NSA) and UK (GCHQ) ruled illegal prior 2014 because undisclosed.  However: "Now that details of the program were made public thanks to the lawsuit, the court said, the operation is now legal and GCHQ can keep doing what it was doing." That outcome sounds rather bizarre to me.

Al-Manar: WikiLeaks Founder Assange: Google Working for NSA

ASSANGE WikiLeaks Founder Assange: Google Working for NSA Local Editor Julian Assange WikiLeaks founder Julian Assange made an alarming claim that internet search engine Google is working like an intelligence agency, collecting, storing and indexing the data of its users. Speaking to BBC and Sky News, Assange compared Google to a “a privatized version of the NSA,” referring to the US National Security Agency which was revealed to have been spying on millions of people worldwide by whistleblower Edward Snowden last year. “Google’s business model is the spy. It makes more than 80 percent of its money by collecting information about people, pooling it together, storing it, indexing it, building profiles of people to predict their interests and behavior, and then selling those profiles principally to advertisers, but also others,” Assange told the BBC. “So the result is that Google, in terms of how it works, its actual practice, is almost identical to the National Security Agency or GCHQ,” he said. Assange also went on to say that Google has been working with the NSA since 2002, and is included as part of the defense industrial base as of 2009. “They have been engaged with the Prism system, where nearly all information collected by Google is available to the NSA,” Assange said, adding “at the institutional level, Google is deeply involved in US foreign policy.” Assange, who has been trapped in London's Ecuadorian embassy since June 2012 after being granted asylum, risks being arrested immediately by British police who stand watch outside the embassy should he attempt to leave. http://www.almanar.com.lb/english/adetails.php?fromval=1&cid=31&frid=31&eid=171884

For information on PRISM program, a link to the Wikipedia - here. 

Briefly from Wikipedia:

PRISM is a clandestine mass electronic surveillance data mining program launched in 2007 by the National Security Agency (NSA), with participation from an unknown date by the British equivalent agency, GCHQ.

... The Prism program collects stored Internet communications based on demands made to Internet companies such as Google Inc. under Section 702 of the FISA Amendments Act of 2008 to turn over any data that match court-approved search terms.

Systems:

    PRISM
    ECHELON
    Carnivore
    DISHFIRE
    STONEGHOST
    Frenchelon

Agencies:

    ASD        (Australian Signals Directorate)

    BND       (German)

    CSIS       (Canadian) (Security Intelligence Service)

    CSEC      (Canadian) (Communications Security Establishment)

    DGSE     (French) 

(Direction Generale de la Securite Exterieure/ 

General Directorate for External Security)

    GCHQ  (British)

    GCSB   (NZ) (Government Communications Security Bureau)

    NGIA   (US)  (National Geospatial-Intelligence Agency)

    NSA     (US)  (National Security Agency)

    NRO    (US) National Reconnaissance Office

 
[Agencies listed are matched with subsequent look-ups.] 

UK - Attack on free speech & democracy (Lobbying Act - aka 'Gagging Act') || And GCHQ's John Sawers Interview

UK GCHQ - Sawers ----------------------------------------   Sir John Sawers GCHQ head has a nibble & chat re #Snowden revelations & reforming MI6 - http://goo.gl/4Fnkrv  - he looks shifty to me Ø      Governor of Ditchley Foundation 2 promote international, *especially* Anglo-American relations ... [wikipedia] ... LOL Ø      12 annual conferences/ invitees drawn from senior levels of politics, business, the armed forces, media & academia. Ø      Hey, it's the Who's Who of corporate & US butt-kissers - http://en.wikipedia.org/wiki/Ditchley_Foundation … Ø      Sawers drew up plans to train & equip a Syrian rebel army of 100,000 to overthrow President Bashar al-Assad !! [wikipedia] GCHQ chief's holidays interrupted by " beheadings of two American hostages by Islamist jihadis" .. proceeds to sell need 4 intell @ lunch ----------------------------------------   LOBBYING ACT - aka 'Gagging Act' #UK govt quietly pushed thru Lobbying Act critics claim is highly UNDEMOCRATIC - dubbed 'Gagging Act' - http://on.rt.com/9012gg  > #ukPolitics >anti-lobbying bill passed Fri. UK govt set 2 silence & criminalise dissent 12 mth prior 2 any major election!! - #ukPolitics But electioneering propaganda in newspapers & political parties’ election spending OK.  Bill is de-facto pro-establishment. Ø      Trade Union Congress (TUC) as a “chilling attack on free speech.” --- #ukPolitics ----------------------------------------   COMMENT The way legislation is pushed through -- and the nature of the legislation -- is understandably a concern. With this sort of thing going on, it sure doesn't look like UK's a democracy. For the low-down on the guy that heads GCHQ (until November, I think it is), check out the Financial Times article - here.

Privacy International Lodges Legal Challenge To Official Secrecy Surrounding GCHQ Spying

Privacy International Lodges Legal Challenge To Official Secrecy Surrounding GCHQ Spying Although the scale of the surveillance being carried out by the NSA and GCHQ is daunting, digital rights groups are starting to fight back using the various legal options available to them. That's particularly the case for the UK, where activists are trying to penetrate the obsessive secrecy that surrounds GCHQ's spying activities. Back in December, we wrote about three groups bringing an action against GCHQ in the European Court of Human Rights (ECHR), and how Amnesty International is using the UK's Investigatory Powers Tribunal (IPT) to challenge the spying. Another organization that filed a complaint against the UK government at the IPT is Privacy International. But not content with that, it has now taken further legal action, this time in order to obtain information about GCHQ's role in the "Five Eyes" system, the global surveillance club made up of the US, UK, Canada, Australia and New Zealand: In order to shed light on this secret intelligence-sharing agreement, which effectively binds the Five Eyes as one intelligence agency, Privacy International, represented by Leigh Day & Co solicitors, filed a legal challenge against the British Government in the European Court of Human Rights. Europe's highest human rights court is the most appropriate venue for such an international agreement, and has a strong history of ensuring intelligence agencies are compliant with human rights law. This follows repeated unsuccessful attempts to obtain this information using traditional channels: The challenge comes after Privacy International filed Freedom of Information requests in all Five Eyes countries compelling them to release the details of the agreement, which has a profound impact on the enjoyment and fulfilment of human rights around the world. Governments in the US, UK, Canada, Australia, and New Zealand denied to publish the secret agreement. In the United Kingdom, GCHQ invoked a blanket exemption that excuses it from any obligation to be transparent about its activities. The same exemption was also invoked by the agency when Privacy International asked for mundane information such as GCHQ's cafeteria menu. Privacy International obviously hopes that the ECHR will issue a judgment that the UK government is wrong to withhold the information about how GCHQ operates within the Five Eyes system. The trouble is, even if the ECHR does rule in favor of Privacy International, it's extremely unlikely that the UK government will take much notice. But as a way of ensuring that the spotlight remains on the disproportionate and unconstrained way that GCHQ is spying on citizens in the UK and around the world, it's as good as any. https://www.techdirt.com/articles/20140909/08452028462/privacy-international-lodges-legal-challenge-to-official-secrecy-surrounding-gchq-spying.shtml

Thought this was interesting.

But it looks like the outcome isn't much to look forward to, if the decision of the court can be ignored.

US & GCHQ spy on everyone

Spying on friends: strange bedfellows Thanks to high-tech equipment, the American spy agency, the National Security Agency (NSA), accessed the Mexican president's e-mail domains, which were also used by members of his cabinet. And, no surprise, the domains contained “diplomatic, economic and leadership communications which continue to provide insight into Mexico's political system and internal stability.” Let's take a moment to reflect on the gold mine these NSA guys discovered. After NSA whistleblower Edward Snowden revealed this information every intelligence agency in the world envied their American colleagues. The Mexican president's office, according to the NSA report, was now “a lucrative source” of information. Infiltrating foreign governments is the dream of any spy agency. But only under one unbreakable condition (remember the golden rule of the game): Do not get caught. The NSA got caught in the Mexican job thanks to an NSA worker spilling the beans. And our “gentlemen” diplomats, who are never supposed to know anything about this dirty business, rush to the scene of the crime to do damage control. Whether you engage in old-fashioned spying or high-tech interception, the method has been and always will remain the same: Get as much systematic information about your rivals as you can, categorize the information, do your utmost to confirm its authenticity, evaluate it, and disseminate all available knowledge according to the political goals specifically identified by government. Under direct orders from the government, the main task of any spy agency is simple but clear: to feed the policy-making process with accurate and timely information. [... CONTINUED @ SOURCE ... ] http://www.todayszaman.com/_spying-on-friends-strange-bedfellows_357667.html

Only an extract. Link to article for full.

Found this interesting because I didn't know the US spied on Mexico or that the G20 delegates got spied on by GCHQ.

Holes in NATO’s Cyber Defense Pledge

The Holes in NATO’s Cyber Defense Pledge by William A. Blunden / September 4th, 2014 NATO members are currently meeting in Wales to consider a joint defense agreement which stipulates that a cyberattack on one member would represent an attack on all of them.1 Though the concept of international teamwork may seem appealing at the outset there are at least a couple of issues that officials are [intentionally] neglecting. High-End Anti-Forensics For instance, how can countries mobilize to fend off a cyberattack when they can’t even tell who launched it? Deception is an age-old instrument of spy tradecraft and the Pentagon has been actively working on developing Internet stealth technology for decades. [ ...] Folks, it’s anarchy. Until we mobilize and get our political leaders to outlaw covert ops the government and corporate spies show no sign of letting up. In all probability, as things progress the whole clandestine scene is just going to get worse. This past April Obama openly bragged to China’s leadership that the U.S would be devoting $26 billion to the Pentagon’s cyber trough and expanding the U.S. force to 6,000 so-called “cyberwarriors”.15 Guess where all of that funding goes to? The moral of the story is this: when high-level Pentagon types and think tank pundits start yammering about cyberattacks from Russia or China keep in mind that our security services are neck deep in deception ops directed against their alleged allies. History shows that the American Deep State is constantly in search of new enemies, even if it has to fabricate them,16 and our corporate rulers have no scruples about launching attacks that kill untold thousands of innocent people so that they can boost quarterly profits. [... EXTRACT - FULL @ SOURCE ] http://dissidentvoice.org/2014/09/the-holes-in-natos-cyber-defense-pledge/

This article is a wealth of information.  Everyone gets a mention:

Tor, Ntrepid, WikiLeaks, TAO, GCHQ

Check it out.