How relevant is the Investigatory Powers BIll to preventing a Bataclan style massacre in London

The attacks in Paris yesterday give a terrible topicality to debate over the Investigatory Powers Bill and the issues I raised yesterday. I have already received interesting feedback on some of the questions that need to be clarified for the legislation to achieve its supposed objectives but the news from Paris raises a core question of priority:

Is it more important to retain more data for longer or to give the security services and law enforcement more rapid access to analyses of the data that is already available?

Amazon, BT, CGI, Experian, Fujitsu, Google, HP, IBM, Microsoft, Paypal, Vodafone and others routinely analyse massive volumes of traffic in real time to run their own businesses or on behalf of customers, including to detect potential crime (particularly fraud and impersonation) as it is attempted.  At the time of the London Riots the mobile operators offered real time feeds (including of decrypted traffic) to the police in far less time than it would have taken to organise requests under RIPA. The police were unable to handle the volume of information on offer. They lacked both the people and the technology. Even were we not facing a massive shortage of the relevant skills, (subject for another blog), they are unlikely to ever get the necessary budgets to have such facilities on hot standby.

The time has come to take the recommendations in the EURIM-IPPR study on partnership policing rather more seriously – albeit updated for the decade that has passed since.

That study used the story of the FBI US response to the Love Bug to make the case for the large scale programmes of cyber reservists, specialist constables and community support officers and other forms of volunteer support, that we still have not got.

With 48 hours the FBI claimed to have 400 agents working on the Love Bug. In fact there were approximately 40 FBI employees supporting nearly 400 information security staff employed by EDS, IBM and others, working on the issues from company workstations. The latter were now wearing their “hats” as military reservists or part-time law enforcement officers, having been “mobilised” into their wartime/emergency command and control positions: The zig-zag career path of Rear Admiral Grace Hopper helps illustrate the US approach. [I had similar ambitions as cold war reservist working in the computer industry but was persuaded to drop them by my future wife after the sinking of HMS Fittleton. [ICL would not let me take two weeks off immediately before year end and I knew the radio operator who drowned in my place alongside the CRS who taught me morse].

But today we also need processes to call on the cloud computing resources of industry to analyse the data already available, in time to “make an operational difference”.
 
The core objective of the Investigatory Powers Bill should not be to just retain more data for longer in case it might be useful. it should be to enable industry and academic experts, operating under “appropriate governance” to use Corporate, Commercial and University computing facilities to do that for which law enforcement (and even GCHQ) will never have sufficient budget – to identify threats in time to respond effectively, not just investigate afterwards.  

That raises questions of governance, probity and impartiality that are far trickier than the meaning of “judicial oversight” or “communications data”. At this point I ask whether we are serious about finding “answers” or merely playing expensive “displacement activity” games.

I will stop there because I do not know the answer. I know what I think it should be – but my brain begins to hurt when I try to think through the consequences.  

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Re: Your Comments Yesterday.

To protect victims, block fraud, recover the proceeds of crime and thus make the Internet a safer place for all.

Tim Cook has already stated that back-door create tragic consequences and vulnerabilities, yet very few people are listening to what he's saying.

As Reuters reported last week, the administration “is drawing up plans” to give securocrats “full access to a massive database that contains financial data on American citizens and others who bank in the country, according to a Treasury Department document.”

That Treasury plan would give secret state apparatchiks, including those ensconced at CIA, NSA and the Pentagon free reign to rummage through the Financial Crimes Enforcement Network’s (FinCEN) massive database of “suspicious activity reports” routinely filed by “banks, securities dealers, casinos and money and wire transfer agencies.” The FBI and DHS already have full access to that database under the Orwellian USA Patriot Act.

This is nothing new, what the administration is desperately trying to hide and now make legal is the fact that they have already been doing exactly this under the auspices of a project known as One.

The CIA created the Office of National Estimates in the 1970's which later morphed into the national security agency - Also known to hackers as The One.

The back-door into those systems exist's and has done for years "Obama’s Financial Crimes Enforcement Network Protects Bank Fraud and Insider Trading!"

Please see:

http://www.irishtimes.com/news/lucent-reportedly-under-investigation-for-fraud-1.374052

http://www.nytimes.com/2004/05/18/business/technology-lucent-fined-25-million-by-sec-in-fraud-case.html

The insider trading has been allowed to continue unabated for years, there is indeed a back-door into Windows, Apple, Linux & BSD.

The back-door is the Bell-Southern Database known as Plan9 from outer space with heavy connections to the central intelligence agency. On the Wikipedia page it lies saying this software was released to universities in 1992 and later the general public in 1995. It is a widely unknown and little used "hackers" operating system. It was originally under a restrictive Lucent "non-public" License and was most certainly not available to universities and the general public it has only recently been open sourced under the "General Public License" (GPL) in an attempt to cover it up.

"I am the beginning. I am the end. I am the emissary. But the original time I was on the Planet Earth was 34,000 of your years ago. I am the balance. And when I say "I" - I mean because I am an emissary for The Nine. It is not I , but it is the group - We are nine principles of the Universe, yet together we are One."

The Nine made it's first appearance at the Round Table Foundation and can be clearly seen in the snowden leaks under the code-name Roundtable.

https://theintercept.com/document/2015/09/28/exploiting-foreign-lawful-intercept-roundtable/

Nothing about these intercepts is lawful, they have been leveraging this Operating System for numerous years to conduct insider trading fraud on a massive scale utilising the RSA Key's from the ICANN and IETF database's. There treasure-map is CAIDA running AS-Core clearly displayed on there own office wall inside an emulated Linux environment (linuxemu) with no RSA keys inside it's operating environment or it's kernel.

So when you say: "To protect victims, block fraud, recover the proceeds of crime and thus make the Internet a safer place for all!" Then I say, "and how do you proceed when your own government are the criminals who have been involved in insider securities trading fraud for more than 30 years?"

Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close