GCHQ uses Cyber Techniques Outlawed in US

Uploaded on 2015-06-16 in NEWS-News Analysis, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

dink_cartoon_gchq_snoop_big.jpg?x=648&y=429&crop=1

In a fresh legal claim filed at the Investigatory Powers Tribunal (IPT), the campaign group calls for an end to the harvesting of information about those who have no ties to terrorism and are not suspected of any crime.
The IPT is the judicial body that hears complaints about the intelligence services and surveillance by public organisations. The tribunal has received dozens of submissions in the wake of Edward Snowden’s revelations about interception of Internet traffic by the US National Security Agency (NSA) and Britain’s GCHQ.

The latest claim is partially aimed at highlighting a disparity between US and UK surveillance practices that has emerged, Privacy International (PI) points out, following divergent responses by legislators in Washington and Westminster.

The passing of the USA Freedom Act last week curtailed so-called “section 215” bulk collection of phone record metadata – information about who called whom, and timings, but not the content of conversations. It was a victory for the libertarian cause and a restriction of state surveillance powers.

By contrast, UK privacy campaigners say, parliament’s Intelligence and Security Committee (ISC) has confirmed that GCHQ is still collecting datasets relating to “a wide range of individuals, the majority of whom are unlikely to be of intelligence interest.”

The coalition government also passed the emergency Data Retention and Investigatory Powers Act (DRIPA) last summer to preserve powers that would otherwise have been undermined by a European Court of Justice judgment. Two prominent MPs, Labour’s Tom Watson and the Conservative David Davis, were in the London high court recently challenging the legislation’s legitimacy.

Commenting on PI’s new claim, its deputy director Eric King said: “Secretly ordering companies to hand over their records in bulk, to be data-mined at will, without independent sign-off or oversight, is a loophole in the law the size of a double-decker bus.
“That the practice started, and continues, without a legal framework in place, smacks of an agency who sees itself as above the law. How can it be that the US is so much further ahead on this issue? With the USA Freedom Act now passed, the equivalent NSA power has now been curtailed before the debate this side of the pond has even begun.
“Bulk collection of data about millions of people who have no ties to terrorism, nor are suspected of any crime, is plainly wrong. That our government admits most of those in the databases are unlikely to be of intelligence value… shows just how off-course we really are.”

PI says bulk data sets retained by intelligence agencies may include a great variety of information, including telephone and Internet records, credit reference reports, medical records, travel records, biometric details and even loyalty card schemes. Their claim also calls for the destruction of “any unlawfully obtained material”.

A YouGov poll commissioned by Amnesty International released last week showed 56% of UK adults believed that Snowden, who worked for the US National Security Agency up until 2013, should have revealed classified information exposing US and UK government monitoring activities.

GCHQ always makes a clear distinction between intrusive “mass surveillance”, which it insists it does not undertake, and “bulk interception” of electronic communications, which says is necessary in order to carry out targeted searches of data in pursuit of terrorist or criminal activity.

In response to an earlier IPT ruling earlier this year, GCHQ said: “By its nature, much of [our] work must remain secret. But we are working with the rest of government to improve public understanding about what we do and the strong legal and policy framework that underpins all our work.”
Guardian:  http://bit.ly/1G7Lvf8

« ‘Don’t Risk IT – Cyber Secure IT’
Russia Hacked The German Parliament »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Metasploit

Metasploit

Metasploit penetration testing software helps find security issues, verify vulnerabilities and manage security assessments.

Cyber Triage

Cyber Triage

Cyber Triage is an automated incident response software any company can use to investigate their network alerts.

InnoSec

InnoSec

InnoSec is a software manufacturer of cyber risk management technology.

Magal Security Systems (Magal S3)

Magal Security Systems (Magal S3)

Magal Security Systems is a leading international provider of integrated solutions and products for physical and cyber security, safety and site management.

Ravelin Technology

Ravelin Technology

Ravelin prevents chargebacks, fraud, and account takeover. Machine learning and human insight combine for highly accurate fraud detection and prevention.

Elemendar

Elemendar

Elemendar Artificial Intelligence reads cyber threat reports written by humans and translates them into industry-standard, machine-readable and machine-actionable data.

Area 1 Security

Area 1 Security

Area 1 is the only Pay-per-Phish solution in cyber security. And the only technology that blocks phishing attacks before they damage your business.

Aristi Labs

Aristi Labs

Aristi Labs provides comprehensive security solutions to help businesses protect data and intellectual property, minimizing downtime and maximizing productivity.

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.

International College For Security Studies (ICSS)

International College For Security Studies (ICSS)

ICSS India offers technical education to students, clients and partners in IT Industry by our well qualified, certified and experienced trainers.

Plante Moran

Plante Moran

Plante Moran is a leading audit, tax, consulting, and wealth management firm. Areas of consulting expertise include cybersecurity.

Factmata

Factmata

Factmata is an social and news media monitoring and analytics product that uses AI to identify and track narratives online, highlighting those most likely to cause brand harm or misinform the public.

CodeLock

CodeLock

Codelock is a patent-pending solution that continuously provides software security at the code level, while providing advanced management insights with performance metrics and data analytics.

Chainguard

Chainguard

Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard are on a mission to make the software supply chain secure by default.

Technology Innovation Institute (TII)

Technology Innovation Institute (TII)

TII is a UAE-based research center that aims to lead global advances in AI, robotics, quantum computing, cryptography and secure communications and more.

Kong

Kong

Kong - powering the API world. Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.