Open Enterprise

RSSSubscribe to this blog
About Author

Glyn Moody's look at all levels of the enterprise open source stack. The blog will look at the organisations that are embracing open source, old and new alike (start-ups welcome), and the communities of users and developers that have formed around them (or not, as the case may be).

Contact Author

Email Glyn

Twitter Profile

Linked-in Profile


Time for Offensive GCHQ to Defend Itself in the Courts

Article comments

One of the greatest mysteries surrounding the revelations by Edward Snowden of massive, global surveillance is the muted response of the British public. There seems to be little outrage that our communications are being monitored 24 by 7, in a programme that is even worse than the much-hated Snooper's Charter that would have given the authorities far more limited powers. GCHQ, by contrast, seems to have no limits in terms of what it can - or will - do. That has just been confirmed again by the following story from NBC News:

A secret British spy unit created to mount cyber attacks on Britain’s enemies has waged war on the hacktivists of Anonymous and LulzSec, according to documents taken from the National Security Agency by Edward Snowden and obtained by NBC News.

The blunt instrument the spy unit used to target hackers, however, also interrupted the web communications of political dissidents who did not engage in any illegal hacking. It may also have shut down websites with no connection to Anonymous.

According to the documents, a division of Government Communications Headquarters Communications (GCHQ), the British counterpart of the NSA, shut down communications among Anonymous hacktivists by launching a “denial of service” (DDOS) attack - the same technique hackers use to take down bank, retail and government websites - making the British government the first Western government known to have conducted such an attack.

The most surprising - and shocking - element of this story is that it demonstrates that far from being a passive listening post, GCHQ is now an offensive organisation. Worryingly, its "targets" are not deadly terrorists as you might expect given GCHQ's focus, but a few young people - often adolescents - talking big but doing very little.

From the details that we have, there seems to be no presumption of innocence in GCHQ's actions, as it arrogates to itself the role of prosecutor, jury and judge, thus undermining hundreds of years of British legal tradition. And as if that weren't bad enough, the NBC News report claims that political dissidents were hit too - an egregious abuse of GCHQ's capabilities that has nothing to do with its stated duty:

UK citizens today conduct much of their lives over the internet, as do the Government, the Armed Services, Law Enforcement and industry.

For the UK to be safe and successful, the cyber connections and infrastructure we use need to be safe and secure. GCHQ plays a major role in making that a reality using our expertise and experience.

It's hard to square that claim with an organisation that is not only quite happy to undermine online encryption, but also the law, since taking down Web sites is an offence according to the Police and Justice Act 2006. It would be interesting to know how the UK government justifies this flagrant criminality - assuming that it was even aware of what was going on, and that GCHQ has not perhaps gone rogue.

This latest evidence of GCHQ's illegal activities comes at an awkward time for the agency. As Andres Guadamuz points out in an interesting blog post, a recent court case involving Google may well have created a new "tort of misuse of private information", and that, in its turn, might mean that millions of people can now sue GCHQ directly for its spying activities. And then there's this:

GCHQ's mass surveillance spying programmes are probably illegal and have been signed off by ministers in breach of human rights and surveillance laws, according to a hard-hitting legal opinion that has been provided to MPs.

This has direct implications for some of GCHQ's people:

At its most extreme, the advice raises issues about the possible vulnerability of staff at GCHQ if it could be proved that intelligence used for US drone strikes against "non-combatants" had been passed on or supplied by the British before being used in a missile attack.

"An individual involved in passing that information is likely to be an accessory to murder. It is well arguable, on a variety of different bases, that the government is obliged to take reasonable steps to investigate that possibility," the advice says.

It will be interesting to see whether the news that GCHQ is not just passively spying on the British public but actively attacking them is enough to wake people from their current foolish naivety and dangerous complacency. But even if they remain in their stupor, as seems quite likely, at least there may be legal avenues for others to pursue.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Email this to a friend

* indicates mandatory field






ComputerWorldUK Webcast

Advertisement
ComputerworldUK
Share
x
Open