DRAFT: Hello big brother, can we play a new game?

Social-Netork-Analysis-3-300x242The information within this article is subject to what is known in the United Kingdom as DA (Defence Advisory) Notice. This means the media including the BBC have been officially requested by UK defence officials to not distribute information regarding the things in this article. So even though this is news – you won’t really hear about it. I figured that might make for an interesting opening.

Talking about spy-related things isn’t really my motivation for writing this article. For a long-time I’ve often thought the following about big brother: What would happen if we took 50% of the spy resources for 10 days and dedicated the mass surveillance technology to suck up and hoover every citizens good ideas, solutions and answers to lots of problems. We have this huge system for communications monitoring – all of this machinery used for criminal, spy and threat analysis – but what if we found this extra application for it? It’s suprising who has really good ideas, these people rarely have their voice heard or find their ideas crossing the paths of the right people. This technology could do that! – Just a thought! 🙂

A month or so ago I got into a conversation with a client regarding the recent ‘leaks’ about the extent of government surveillance on the internet and how it is done. He said it would be really interesting for me to lay it out for non-technical people. So I thought I’d give it a go.

It seems to be a pretty new topic for most people, but being one of these young people that reads of obscure blogs and websites, I’ve always heard of things like carnivore, echelon and tempest – various methods to monitor people’s use of digital communications. With that said I’ve grown up from a very early age assuming surveillance happens and I can see the reasons why it does and I’ve always subscribed to the theory that as long as there is free speech – I’m comfortable with it if it’s a genuine reliable, cost efficient and proven way to prosecute criminals that produce victims or to pre-empt acts of aggression from anyone.

My view about digital surveillance is that the UK is the biggest electronic spy machine on the planet. The UK is a smaller place than the US and people usually think this is a US issue – but because the UK is smaller – the media is more manageable so the topic is mentioned very little on the mainstream information sources. This isn’t because people are not concerned, that those involved are not concerned – there is just a legal structure in place to restrict information regarding certain topics. If you are in any doubt about the UK having the biggest brother – remember that tourists are surprised how many CCTV cameras are in our streets – we don’t even notice them anymore.

SO WHO IS THIS BIG BROTHER?

GCHQ means ‘Government Communication Headquarters’ and this department of the UK government is what became of the world war 2 codebreakers at Bletchley Park in the present age of the internet. In 2004 they moved into a brand new office known as the donut in Cheltenham, and they have been extremely busy. I’ve always been interested in encryption, I wrote some of my own encryption approaches for my personal data, solved the GCHQ encryption challenge back in 2001 and was invited to an interview but I declined because the pay isn’t great and I lived in Cambridge, I really didn’t like the idea of agreeing to live either in Cheltenham or London forever.

GCHQ are experts in the area of communications. This includes finding communications, gathering communications, translating communications into meaningful information and analyzing information to make conclusions and ‘guestimates‘ for actionable recommendations.

A request for communications could be for a multitude of reasons, including:

  1. To look inside the communications of someone suspected of organising serious crime.
  2. Back-checking a persons communication to work out a threat risk and known associates.
  3. Obtaining information on the plans of competitors of UK businesses to protect valuable business contracts (saving jobs, tax income, critical industries etc – The collapse of the processed foods industry has been one of the recent things with serious security issues preventing it’s discussion in the broadcasted house of commons).
  4. Keeping a long-standing eye on communications for particular persons or content that is important to tell a human about.

WHY IS EVERYONE SO BOTHERED ABOUT OUR OWN GOVERNMENT ‘THE GOOD GUYS’ LOOKING AT OUR INFO?

It must be mentioned that US spies (American civil servants and private contractors) also have access to part(s) of GCHQ databases and it is estimated that this totals 850,000 of them …yes thats right – 850,000 snoops who work for the US. The issue here is that foreign workers have sworn oaths to their own government. The data protection act is supposed to stop information leaving EU borders, but does a US person have to follow UK legal frameworks? There are suspicions that governments spy on each others civilians to get around legal frameworks but the proof is yet to reveal itself. I’m personally more concerned about non-British citizens handling my data, especially through a project known as STONEGHOST – which is a private computer network setup between the UK, USA and Canada for sharing information.

SO HOW DOES BIG BROTHER WORK? HOW IS HE BORN OR CREATED?

I first want to make a distinction that spied on means ‘handled’ in my books. If people hear their communications are being monitored – they think of humans listening to them with a feeling of persecution or intense scrutiny. The reality is that it is done by a computer, computers are not perfect just like their creators and if you live the average normal life with no ties to people of interest, no human is likely to see or hear your communications. I focus on the United Kingdom here, but the general approach is exactly the same in any country around the world on how a big brother is born:

Step 0 – Making sure it is legal to spy on you

There is something called the ‘Data Retention Directive’ which is a rule  requiring every European Union country to store the telecommunications data of it’s citizens for six months and to destroy in after 24 months – this came into effect in 2007 in the UK but before that the same kind of deal was under RIPA (Regulation of Investigatory Powers Act 2000). Officially this is to make sure there is a copy of data that police departments can then use as evidence with a warrant in a legal case.

Step 1 – Accessing your raw communications like naughty IMPS

The British government has direct access to the telecoms infrastructure that provides all internet and phone communications in UK borders – this is done via British Telecom. Every other internet provider still uses BT’s equipment to move your communications data around. Big companies like BT are legally obliged and paid  rather well (£Billions) to install computer equipment to aid monitoring of information flow. The government has devices/filters attached to the cables before they enter these big companies buildings. This was done under a UK government project called the IMP (Interception Modernization Programme) which was planned in 2007. Whatever route communication travels in the UK – at some point it passes through equipment that is designed to take a copy of it. If you look at your modem, that cable coming into your house that plugs into it – leads physically directly to the big brother machinery at the end of the line. Government doesn’t spy on your computer, there is no need when your computer is using ‘their’ well tapped infrastructure as the middle man to move your data. This means all phones, faxes, emails, website transactions (facebook, hotmail etc) come under this without ever having to bug your computer or phone. This is why even postal services are always managed at the government level. The same thing is done in regards to international spying using radars and intercepting undersea cables but the focus here is within the UK.

Step2 – Copying your communications

Every bit of information sent to the internet or received from the internet via your internet connection in the UK is cloned/duplicated/copied to a store so that computers can look at it. It doesn’t mean you are important, this is done automatically. It is ‘buffered’ which means temporarily stored for three days at the moment. This comes under a project called ‘Tempora’ or sometimes also referenced as MTI (Mastering the Internet). Three days is long enough to analyse your data to decide if it’s relevant to current computerised curiosity or not – because it’s too much processing to process every bit of information in ‘real-time’ – there is always a back-log for non-priority traffic which still holds value.

Step 3 – Analysing your communications

If you speak on the phone these days, it can be turned into text by a computer – it dictates as you talk to text which is then analysed just like an e-mail might be. The general way in which phone communication is analysed is with something known as a dictionary system or keyword system. This is a huge list of trigger words which your communication can be checked against. When a certain number of keywords are detected, or the contextual algorithms consider you a match to some project that owns the trigger words – the communication is flagged for analysis and moved into a database. A person in the relevant department (at for example GCHQ) who is the case officer for communications for those types of flagged communications then checks to see if its actionable or irrelevant. What happens after this is anyone’s guess – but the general consensus in theory is that if you are a bad guy with a stick in your hand – it’s going to be placed up your bottom.

Analysis is a word with a lot of meaning in this context as there is such a large amount of different information to consider. Maybe it’s just a list of associations, or maybe a psychological profiling based on the movies you watch, what you talk to friends about or the weird fetishes you think are private. A quick view of an analysis of my own facebook activity looks like this (and to protect the privacy of my friends, this is the tip of what is possible):

An actual analysis of my facebook data:

An actual analysis of my facebook data.

‘Nobody is listening’ isn’t the same as ‘no computer is listening’:

Product Name Description How do we know?
IMP (INTERCEPTION MODERNISATION PROGRAMME) Planned in 2008, this was essentially the installation of the equipment on the UK’s telecommunications infrastructure backbone to allow the easy monitoring of all data flow with a cost of at least £2 Billion. There was an announced privacy group hearing in UK parliament July 01 2009 regarding this project.
PRISM A term used to describe the collective machinery of computers and software used to capture and data-mine the information of users on the internet. Officially it’s creators are the American NSA. I doubt it was the actual first mention, but the document leaks of the US intelligence contractor Edward Snowden gave the mainstream media it’s first screenshots of documents showing the programmes logo and information sources (social media, email etc)
TEMPORA / MTI (MASTERING THE INTERNET) A UK surveillance project that ‘buffers’ the entire internet going in and out of England. This means every single one and zero flying through UK internet infrastructure is copied and recorded to a database that officially keeps it for 3 days for analysis. Officially it is a secret, but US spy Edward Snowden leaked official documentation naming the project to the Guardian Newspaper (reporter: Glenn Greenwald).
CARNIVORE Created from US Navy software, Carnivore is digital collection software that would be installed into ISP’s computer systems to allow a ‘tap’ of someone’s data flow (their home modem for example). It was known to be running in 1997 and discontinued in 2005. It was open knowledge and mentioned by officials in 2000 when they had to defend it’s use to privacy groups in the senate etc.
STONEGHOST A network designed to share information between UK, USA and Canadian allies. Unknown, but there was a high-profile oath breaker in the Canadian Navy who sold information regarding the programme to Russian intelligence sources.

Talking about spy-related things isn’t really my motivation for writing this article. For a long-time I’ve often thought the following about big brother: What would happen if we took 50% of the spy resources for 10 days and dedicated the mass surveillance technology to suck up and hoover every citizens good ideas, solutions and answers to lots of problems. We have this huge system for communications monitoring – all of this machinery used for criminal, spy and threat analysis – but what if we found this extra application for it? It’s suprising who has really good ideas, these people rarely have their voice heard or find their ideas crossing the paths of the right people. This technology could do that! – Just a thought! 🙂

Advertisements

What do you think? Leave me ideas and feedback now:

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s