CircleID

Admittedly, I'm a not Johnny-come-lately with regards to surveillance, intelligence, telecommunications, network security, law enforcement, and a cross-pollination of all-of-the-above.

I actually have a very colorful background of working within all of the aforementioned disciplines — at one time or another — either through the U.S. Military, U.S Government contractors, private industry, etc.

And, in fact, I still have professional interactions with each of these industries on a daily basis.

And oddly enough, I am a card-carrying member of the ACLU, and I believe in balance. I think that is a fair statement. That certainly should not be a badge of dishonor.

And unfortunately, I am not generally "shocked" very often by much of the abuses being perpetrated on unwitting Internet users, both by supposedly "trusted" entities (e.g. Democratic Governments, ISPs, etc.)

So now that I have equivocally prefaced this issue, I am still occasionally shocked by the brazen attempts by governments to attempt to either (a) side-step privacy conventions altogether (and use some altogether ridiculous justification), (b) violate their own previously established legal conventions (again using some altogether twisted reasoning), or (c) attempt to circumvent emerging technology altogether, because they are so woefully behind in a technical Arms Race with forces they believe are a threat to their "national security".

In fact, we hear this line of reasoning so often these days that it becomes "du rigeur" — is not questioned, and for the most part, we are saddled with poor policy, sub-par technology implementation, or violations of personal privacy and the fundamental rule of law.

This exact "perfect storm" of issues appears to be occurring in the UK, for various reasons, some of which I understand (but vehemently disagree with), and others which completely baffle me.

The latest news out of the UK, is that the Top Dog at MI5 thinks that VoIP services pose a risk to national security. Really:

The danger with online calls, said spy chief Jonathan Evans, was that they do not result in telephone bills, which are key evidence documents in prosecutions. This meant it would be much easier for terrorists to make the calls and eventually escape prosecution if they are tried for criminal offences.

Of course, this is nothing more than a justification to begin intercepting all IP traffic, regardless of content¹.

This follows on the heals of an announcement from the Home Office that UK Police services now have a green light to "hack" remote computers to gain intelligence, etc., without a warrant, and that the UK Government is also moving ahead with a "Black Box" technology effort to capture & store all Internet traffic, e-mail, browsing histories, etc. — and farming it out to private industry, to add insult to injury.

These revelations also come with an admission that they will mostly have little effect on serious crime.

Wow. You really can't just make this stuff up. Reality is more bizarre than fiction, and sometimes more scary.

- ferg

¹ Of course, I know that U.S. citizens are not immune from similar, unscrupulous behavior by it's own government — they're just better at keeping it secret. Okay, I'm kidding. Not really.

Caveat: These are my opinions, of course, not those of my employer.

By Fergie, Advanced Threats Researcher, Emerging Threats & Operational Intelligence. Visit the blog maintained by Fergie here.

Related topics: Access Providers, Cybercrime, Policy & Regulation, Privacy, Security, Telecom, VoIP