Search the Community

Privacy International (PI) is calling on people to sign up to be part of a mass request for confirmation they have been spied on by Five Eyes spy agencies and to demand the removal of captured information. Would-be signatories are being asked to submit their name and email address to the organisation, which will then pass them on to Britain's Investigatory Powers Tribunal tasked with determining if the sharing of NSA-intercepted material with the UK's GCHQ spy agency was illegal. The requests would cover a prodigious amount of data numbering billions of records hoovered up by the NSA and shared with the GCHQ until December last year. PI will not reveal if agencies other than the NSA collected data, and would cover only that shipped to the GCHQ. This could conceivably include data captured by any Five Eyes agency and shared with the GCHQ via the NSA. The offer came on the heels of the tribunal's ruling this month in favour of Privacy International that the mass funnelling of intelligence information between Britain and the United States was illegal prior to December. That decision made on the grounds that rules governing the exchange were secret opened an avenue for users to request the tribunal examine and notify if their data was illegally obtained and, if found in breach, for the information to be destroyed. The British charity dubbed the ruling a "major victory against the Five Eyes" group of nations which includes Australia, New Zealand and Canada, and said it was possible only due to the flurry of NSA leaks from Edward Snowden. "Through their secret intelligence sharing relationship with the NSA, GCHQ has had intermittently unrestricted access to PRISM - NSA's means of directly accessing data and content handled by some of the world’s largest Internet companies, including Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple," deputy director Eric King said at the time. "GCHQ's access to NSA material therefore makes up the large bulk of all surveillance material handled by the security services; some ex- GCHQ staffers estimated that 95 per cent of all signals intelligence material handled at GCHQ is American. "The extraordinary implications of [the] judgement is that all historical sharing of raw intelligence between NSA and GCHQ took place without an adequate legal framework, and thus was unlawful." The Tribunal will likely be swamped if the campaign takes off. Probes could trawl records collected from NSA programmes UPSTREAM, CO-TRAVELLER, and DISHFIRE, the former having intercepted some 160 billion records from its top five programmes in one month alone. Privacy International said requests could take years to be fulfilled. New requests could be made to discover the data collected by individual agencies to current day if the charity was successful in its appeal with the European Court of Human Rights against the decision that the data shared between the US and UK spy agencies was kosher due to the policies of the arrangement being made public as a result of the legal action Source

As Ars has previously reported, documents passed to journalists by former National Security Agency contractor Edward Snowden have shown that the NSA and its British counterpart agency, the GCHQ, have exploited privacy "leaks" in mobile applications (including Rovio's Angry Birds) to track individuals of interest. A new document recently published by Der Spiegel provides further details on just how much the GCHQ was able to extract from mobile data to keep tabs on those it targeted for surveillance. The British agency used a program referred to as BADASS to suck up data emitted from Angry Birds and other apps, and the information was so granular, analysts could even track how well (or poorly) a person was doing playing. BADASS is an acronym for "BEGAL Automated Deployment And Survey System," and the system pulled in data from GCHQ and NSA network taps identified as mobile analytics and advertising traffic. Among other things, this data included Google "pref" cookies (such as those used by Ars to identify users in our own passive network surveillance testing with NPR) and Flurry application analytic data used by developers to track usage and performance of their mobile apps. User location data and activity could also be monitored based on the data stream, allowing analysts to pinpoint an active user within minutes, according to the GCHQ presentation from 2011. Much of this data was easily tracked because the mobile apps did not encrypt data in transit, leaving data exposed to anyone who might be able to monitor the network. That's still the case for many of these analytics and advertising services. Source

Telecoms security has been in and out of the headlines for almost two years now, ever since patriot/traitor/hero/villain (delete as your opinion dictates) Edward Snowden revealed the PRISM campaign and the rest in 2013. We've since learned that GCHQ has a pretty tight grip on the communications flowing around the UK and the rest of the world. So you'd think the folks at the top at GCHQ and the government would be adept at keeping their own comms secure. Not so, it seems. Sneak was amused to read that David Cameron received a prank phone call from someone who managed to bypass the switchboard security (the mind boggles as to how) and was given the mobile phone number of the head of GCHQ, Sir Robert Hannigan. Cameron explained that the hoax call took place while he was out for a walk, and was told, presumably by a government switchboard operator with a heavy case of 'Sunday afternoon lull', that he was being put into a conference call from Hannigan. Cameron, however, was not taken in and said he was immediately suspicious when the caller said sorry for 'waking him up' at the start of the call. Sneak knows politicians are often characterised as lazy, feckless types, but even he wouldn't have thought Cameron was in bed at 11am on a Sunday. "I thought that was strange as it was eleven o'clock in the morning," Cameron said, with James Bond-like calm. He then confirmed that he ended the call without revealing any national security information, such as Trident's tactical nuke launch codes, his inner thigh measurements or the location of the Holy Grail. Phew. Source