RSS FeedBlogs

Unscrewing Security

Alec Muffett

RSS FeedSubscribe to this blog
About Author
Alec Muffett

Alec Muffett is a veteran security geek who believes strongly in common sense, full disclosure, defence in depth, privacy, integrity, simplicity and open source. He is an independent consultant, writer, and speaker specialising in security education.

Surveillance? The Liberal Democrats aren't supporting it...

The Home Office wants to log with whom you communicate, wherever and however, just in case you're naughty - but the Liberal Democrats object...

Article comments

It's been a good few months for surveillance, its practitioners and its supply industry - barnstorming industry conferences, massive media coverage of technology and puff pieces on government projects stateside ... oh, wait, is this meant to be covert? Oops.

James Bamford - famous in security circles for lifting the lid on the NSA - wrote a huge piece in WiReD about the National Security Agency's intention to turn Salt Lake City into an enormous datacentre; Forbes provides an executive summary:

In his just-published cover story for Wired, Bamford lays out the NSA's plans for a vast new facility in Bluffdale, Utah that aims to become a storage and analysis hub for the record-breakingly massive collections of Internet traffic data that the NSA hopes to gather in coming years not from just foreign networks, but domestic ones as well.

The story adds confirmation to what the New York Times revealed in 2005: that the NSA has engaged in widespread wiretapping of Americans with the consent of firms like AT&T and Verizon. But more interestingly and more troubling in the eyes of many who value their privacy it details the Agency s plans to crack AES encryption, the cryptographic standard certified by the NSA itself in 2009 for military and government use and until now considered uncrackable in any amount of time relevant to mortals.


The $2 billion data center being built in Utah would have four 25,000 square-foot halls filled with servers, as well as another 900,000 square feet for administration.

It will use 65 megawatts of electricity with an annual bill of $40 million, and incorporates a $10 million security system.

Here in the UK civil-rights activists and digital-rights nerds[1] are looking carefully at the Communications Capabilities Development Programme (CCDP) which promises to provoke some interesting debate over the next few months.

CCDP began in 2006 under New Labour as the Interception Modernisation Programme (IMP) - the goal of which was to create a big centralised database of who talked to whom using phones, SMS, and the Internet; it died under allegations of infeasibility and cost; a LSE study priced it at £12bn, a factor of 6x the publicly cited figures.

IMP has now been resurrected under the coalition as CCDP and its revised goal is to create a big decentralised database of who talked to whom using phones, SMS, the Internet and social media. This is clearly a different proposition to IMP - for instance there's a whole extra letter in the acronym, and it addresses the likes of Facebook.

Two weeks ago Liberal Democrats in their hordes descended upon Gateshead for their spring conference and albeit the big media coverage was about the NHS the vote immediately following was on civil liberties. The conference unanimously passed an amendment by Reading LibDem activist Dr Jenny Woods which binds LibDem policy to inhibit legalisation or deployment of interception technologies that blanket the UK populace:

a) ensuring that there shall be no interception of telephone calls, SMS messages, social media, internet or any other communications without named, specific and time-limited warrants;

b) guaranteeing that any communications data kept by service providers in accordance with the EU Data Retention Directive are kept securely by the service providers, and that they be only released to government bodies with strict and strengthened safeguards;

c) ensuring that service providers are not mandated by law to collect communications data by any method that would also provide access to content information, unless specifically authorised by a warrant;

d) ensuring that service providers are not mandated by law to collect third-party communications data for non-business purposes by any method;

e) renegotiating the EU Data Retention Directive and changing how it is implemented into UK law, to provide a better balance towards privacy.

Unlike the other main parties what a LibDem conference decides is binding upon policy, and although its phrasing is weaker than it might have been - leaving room to quibble about whether logging the fact of a communication is "interception" in the same way that logging its content would be[2] - this amendment's becoming policy should shake the discussion up a bit.

Liberal Democrats are outnumbered 57 to 306 by the Tories; with Labour's dibs on IMP it seems doubtful to me that their votes alone would be enough to stop what the Home Office wants to achieve in the all-forgiving name of security.

So it would be best if the public found out more about CCDP, and raised the matter with their own MPs, then?

Follow me as @alecmuffett on Twitter and this blog via the RSS feed.

[1] disclosure: including myself.
[2] not to mention the open question of whether it is possible to separate communications fact from content at all in certain internet protocols


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *