alphaspirit - stock.adobe.com
From Russian disinformation, state surveillance and police stop and seizure powers, to Facebook and WikiLeaks data-sharing issues, here are Computer Weekly’s top 10 national security stories from the past year.
This in-depth investigation by Duncan Campbell caused international ripples when it revealed that a 39-year-old computer programmer, living in a modest red brick house in Darlington in North East England, was the driving force behind Kremlin-inspired propaganda that led directly to the doors of the White House.
The claims led to US president Donald Trump asking then CIA director Mike Pompeo to investigate allegations circulated from Britain that the Russian government was not responsible for the cyber attacks, and that they could be proved to be an “inside job”, in the form of leaks by a party employee. This was the opposite of the CIA’s official intelligence findings.
Following a gruelling five-year legal battle, Lauri Love, the 34-year-old computer specialist with Asperger’s syndrome, won his case against extradition to the US.
The lord chief justice, Lord Burnett, ruled that extraditing Love to the US – where he faced detention in jail pending trials in up to three US states – would be oppressive to his physical and mental health.
The court instructed the Crown Prosecution Service to prosecute Love in the UK, but 10 months later, no charges have been brought, leaving Love at continued risk of extradition if he leaves England or Wales. Meanwhile, Love is planning a career in IT security.
Legal action by non-government organisation Privacy International has exposed gaps in the oversight and regulation of the intelligence services’ use of interception and electronic surveillance.
In September, Britain’s most secret court found that the pressure group had itself become the victim of unlawful surveillance.
MI5 told the court it had discovered in an audit that its analysts had unlawfully stored intercepted data from the group in the “workings area” of its computer systems.
In another significant ruling, the European Court of Human Rights in Strasbourg ruled that the UK’s mass surveillance programmes did not “meet the quality of law” and were not capable of limiting “interference” to that “necessary in a democratic society”, leading to further pressure for reforms of the Investigatory Powers Act, also known as the snoopers’ charter.
Investigatory powers commissioner Adrian Fulford began an investigation into potential security risks after it emerged that GCHQ had granted external IT contractors access to its most sensitive databases.
The disclosures raised questions over whether the electronic intelligence gathering agency, GCHQ, has adequate security measures in place to prevent contractors unlawfully viewing or leaking sensitive information, such as intercepted data on people’s internet and telephone communications.
Computer Weekly, using public information and evidence from security experts, analysed the potential risks, and identified the key questions that the Investigatory Powers Commissioner’s Office (IPCO) would need to address.
Fulford has yet to report publicly.
In October, the independent reviewer of terrorism legislation called for greater clarity over the use of Schedule 7 stops, which allow police to question people and copy data from their mobile phones and computers at ports and airports without reason for suspicion.
The measure has caused controversy, particularly among Muslims, who argue they are singled out disproportionately for questioning when they travel – a fact borne out by government statistics – with many facing repeated stops whenever they travel abroad.
Max Hill, who has now taken a new post as director of public prosecutions, told Computer Weekly that he had concerns about the measures and would like to see “a bigger, meatier code of practice” in place.
In an extraordinary piece of political theatre, the House of Commons’ serjeant-at-arms arrested the CEO of a US software company and frog-marched him to Parliament, where he was told he would face imprisonment unless he handed over documents on Facebook, in breach of a US court order.
The chairman of the House of Commons digital, culture, media and sport (DCMS) committee, Damian Collins, responded bluntly to complaints from Facebook, in an effective rebuke to US government attempts to impose US laws beyond US borders. In the UK, he said, Parliament had jurisdiction and the US courts had none, before defiantly publishing the seized documents.
Facebook is fighting on a different front in the Republic of Ireland, in a case originally brought by Austrian lawyer Max Schrems that has been running for so long, it has almost become part of the establishment.
One of the points at issue is whether organisations in Europe are breaching their customers’ privacy by sharing their data with the US, where it can be harvested by America’s National Security Agency (NSA).
The case shows no sign of reaching a conclusion soon.
Scottish Police accessed personal data from hundreds of mobile phones and SIM cards without informing the public what would happen to their phones and their data.
The force, which faces investigation from the office of the UK’s data protection watchdog, the information commissioner, has been accused of using its equipment to access sensitive data held on suspects and witnesses without warrants.
Following Computer Weekly’s publication of the story, Police Scotland set up an external group of experts to advise it on human rights and privacy issues.
MEP Marietje Schaake has campaigned for years in Europe to ban the export of surveillance equipment to countries with poor human rights records.
In an article for Computer Weekly, she explains the dawning realisation among Europe’s parliamentarians that the technology used to surveil and suppress protesters during the Arab Spring had been supplied by European companies.
MEPs voted for new restrictions on the export of surveillance equipment, including devices for intercepting mobile phones, hacking computers, circumventing passwords and identifying internet users.
A legal case will test whether the Metropolitan Police is required to confirm or deny it has corresponded with the US Department of Justice over three senior current and former members of WikiLeaks – including two UK citizens – whose personal emails were secretly handed over by Google on the orders of a US court.
In a remarkable move, lawyers from the Information Commissioner’s Office appeared to suggest that there is a live police investigation against Wikileaks in the UK during a hearing in a freedom of information tribunal in December, but that has yet to be confirmed. The Metropolitan Police did not turn up to defend its case and may face criticism for failing to do so.