GCHQ uses Cyber Techniques Outlawed in US

dink_cartoon_gchq_snoop_big.jpg?x=648&y=429&crop=1

In a fresh legal claim filed at the Investigatory Powers Tribunal (IPT), the campaign group calls for an end to the harvesting of information about those who have no ties to terrorism and are not suspected of any crime.
The IPT is the judicial body that hears complaints about the intelligence services and surveillance by public organisations. The tribunal has received dozens of submissions in the wake of Edward Snowden’s revelations about interception of Internet traffic by the US National Security Agency (NSA) and Britain’s GCHQ.

The latest claim is partially aimed at highlighting a disparity between US and UK surveillance practices that has emerged, Privacy International (PI) points out, following divergent responses by legislators in Washington and Westminster.

The passing of the USA Freedom Act last week curtailed so-called “section 215” bulk collection of phone record metadata – information about who called whom, and timings, but not the content of conversations. It was a victory for the libertarian cause and a restriction of state surveillance powers.

By contrast, UK privacy campaigners say, parliament’s Intelligence and Security Committee (ISC) has confirmed that GCHQ is still collecting datasets relating to “a wide range of individuals, the majority of whom are unlikely to be of intelligence interest.”

The coalition government also passed the emergency Data Retention and Investigatory Powers Act (DRIPA) last summer to preserve powers that would otherwise have been undermined by a European Court of Justice judgment. Two prominent MPs, Labour’s Tom Watson and the Conservative David Davis, were in the London high court recently challenging the legislation’s legitimacy.

Commenting on PI’s new claim, its deputy director Eric King said: “Secretly ordering companies to hand over their records in bulk, to be data-mined at will, without independent sign-off or oversight, is a loophole in the law the size of a double-decker bus.
“That the practice started, and continues, without a legal framework in place, smacks of an agency who sees itself as above the law. How can it be that the US is so much further ahead on this issue? With the USA Freedom Act now passed, the equivalent NSA power has now been curtailed before the debate this side of the pond has even begun.
“Bulk collection of data about millions of people who have no ties to terrorism, nor are suspected of any crime, is plainly wrong. That our government admits most of those in the databases are unlikely to be of intelligence value… shows just how off-course we really are.”

PI says bulk data sets retained by intelligence agencies may include a great variety of information, including telephone and Internet records, credit reference reports, medical records, travel records, biometric details and even loyalty card schemes. Their claim also calls for the destruction of “any unlawfully obtained material”.

A YouGov poll commissioned by Amnesty International released last week showed 56% of UK adults believed that Snowden, who worked for the US National Security Agency up until 2013, should have revealed classified information exposing US and UK government monitoring activities.

GCHQ always makes a clear distinction between intrusive “mass surveillance”, which it insists it does not undertake, and “bulk interception” of electronic communications, which says is necessary in order to carry out targeted searches of data in pursuit of terrorist or criminal activity.

In response to an earlier IPT ruling earlier this year, GCHQ said: “By its nature, much of [our] work must remain secret. But we are working with the rest of government to improve public understanding about what we do and the strong legal and policy framework that underpins all our work.”
Guardian:  http://bit.ly/1G7Lvf8

« ‘Don’t Risk IT – Cyber Secure IT’
Russia Hacked The German Parliament »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Identity Theft Resource Center (ITRC)

Identity Theft Resource Center (ITRC)

ITRC is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.

Digital Forensics Inc (DFI)

Digital Forensics Inc (DFI)

Digital Forensics Inc. is a nationally recognized High Technology Forensic Investigations and Information System Security firm

SharkGate

SharkGate

SharGate provide a cloud-based website security solution to protect websites from being hacked.

NXO France

NXO France

NXO is an independent leader in the integration and management of digital workflows with services covering digital infrastructures, communications & collaboration, and security.

Digital Innovation Hub Slovenia (DIH)

Digital Innovation Hub Slovenia (DIH)

DIH Slovenia is a central hub providing services to grow digital competencies in areas including robotics, IoT, cyberphysical systems and cybersecurity.

Tyler Technologies

Tyler Technologies

Tyler Technologies is a leading provider of end-to-end information management solutions and services for local governments.

Shevirah

Shevirah

Shevirah specializes in products for automated mobile and IoT device vulnerability assessment, penetration testing, and mobile security awareness training.

Sealing Technologies (SealingTech)

Sealing Technologies (SealingTech)

SealingTech is a leader in cutting edge research, products, engineering, and integration services in the Internet of Things, Edge, Machine Learning, Artificial Intelligence, and Cloud.

Cisco Systems

Cisco Systems

Cisco helps seize the opportunities of tomorrow by proving that amazing things can happen when you connect the unconnected.

Telesign

Telesign

Telesign connect, protect, and defend online experiences with sophisticated digital identity and programmable communications solutions.

ThreatDefence

ThreatDefence

ThreatDefence provides innovative SIEM, SOC-as-a-Service, and proactive cyber defence solutions to MSP’s and Enterprises.

Vertex Cyber Security

Vertex Cyber Security

Vertex provide Cyber Security Services to small to large businesses including Advise, Consulting, Adding Security Partnership, Penetration Testing, ISO 27001-2 and Audits.

Radius Technologies

Radius Technologies

Radius Technologies is trusted by progressive SMEs to deliver world-class cloud, IT solutions, IT and data security, and telecoms systems.

BTQ Technologies

BTQ Technologies

BTQ is a global quantum technology company focused on securing mission critical networks.

Mogwai Labs

Mogwai Labs

Mogwai Labs deliver cutting-edge penetration tests, security assessments and trainings, to safeguard your applications, networks and cloud environments from cyber threats.

Dynamic Standards International (DSI)

Dynamic Standards International (DSI)

Dynamic Standards International is a global standards development organization which develops certifiable ‘dynamic standards’ that pace with fast-evolving landscapes.