GCHQ uses Cyber Techniques Outlawed in US

Uploaded on 2015-06-16 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

dink_cartoon_gchq_snoop_big.jpg?x=648&y=429&crop=1

In a fresh legal claim filed at the Investigatory Powers Tribunal (IPT), the campaign group calls for an end to the harvesting of information about those who have no ties to terrorism and are not suspected of any crime.
The IPT is the judicial body that hears complaints about the intelligence services and surveillance by public organisations. The tribunal has received dozens of submissions in the wake of Edward Snowden’s revelations about interception of Internet traffic by the US National Security Agency (NSA) and Britain’s GCHQ.

The latest claim is partially aimed at highlighting a disparity between US and UK surveillance practices that has emerged, Privacy International (PI) points out, following divergent responses by legislators in Washington and Westminster.

The passing of the USA Freedom Act last week curtailed so-called “section 215” bulk collection of phone record metadata – information about who called whom, and timings, but not the content of conversations. It was a victory for the libertarian cause and a restriction of state surveillance powers.

By contrast, UK privacy campaigners say, parliament’s Intelligence and Security Committee (ISC) has confirmed that GCHQ is still collecting datasets relating to “a wide range of individuals, the majority of whom are unlikely to be of intelligence interest.”

The coalition government also passed the emergency Data Retention and Investigatory Powers Act (DRIPA) last summer to preserve powers that would otherwise have been undermined by a European Court of Justice judgment. Two prominent MPs, Labour’s Tom Watson and the Conservative David Davis, were in the London high court recently challenging the legislation’s legitimacy.

Commenting on PI’s new claim, its deputy director Eric King said: “Secretly ordering companies to hand over their records in bulk, to be data-mined at will, without independent sign-off or oversight, is a loophole in the law the size of a double-decker bus.
“That the practice started, and continues, without a legal framework in place, smacks of an agency who sees itself as above the law. How can it be that the US is so much further ahead on this issue? With the USA Freedom Act now passed, the equivalent NSA power has now been curtailed before the debate this side of the pond has even begun.
“Bulk collection of data about millions of people who have no ties to terrorism, nor are suspected of any crime, is plainly wrong. That our government admits most of those in the databases are unlikely to be of intelligence value… shows just how off-course we really are.”

PI says bulk data sets retained by intelligence agencies may include a great variety of information, including telephone and Internet records, credit reference reports, medical records, travel records, biometric details and even loyalty card schemes. Their claim also calls for the destruction of “any unlawfully obtained material”.

A YouGov poll commissioned by Amnesty International released last week showed 56% of UK adults believed that Snowden, who worked for the US National Security Agency up until 2013, should have revealed classified information exposing US and UK government monitoring activities.

GCHQ always makes a clear distinction between intrusive “mass surveillance”, which it insists it does not undertake, and “bulk interception” of electronic communications, which says is necessary in order to carry out targeted searches of data in pursuit of terrorist or criminal activity.

In response to an earlier IPT ruling earlier this year, GCHQ said: “By its nature, much of [our] work must remain secret. But we are working with the rest of government to improve public understanding about what we do and the strong legal and policy framework that underpins all our work.”
Guardian:  http://bit.ly/1G7Lvf8

« ‘Don’t Risk IT – Cyber Secure IT’
Russia Hacked The German Parliament »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

A10 Networks

A10 Networks

A10 Networks is a leader in application networking, helping organizations of all sizes to accelerate, optimize and secure their applications.

Verlingue

Verlingue

Verlingue (formerly ICB Group) is a leading corporate insurance broker providing Insurance, Risk Management and related advice to businesses and private clients.

Sysmosoft

Sysmosoft

Sysmosoft specializes in providing highly secured telecommunication solutions for mobile devices for companies requiring protected access to sensitive data remotely.

Shift Technology

Shift Technology

Shift Technology provides insurance companies with an innovative SaaS solution to improve and scale fraud detection.

ZenMate

ZenMate

ZenMate is a Virtual Private Network services provider offering secure encrypted access to the internet.

SmartCyber

SmartCyber

SmartCyber is a company specializing in custom IT projects and Cybersecurity.

C5 Capital

C5 Capital

C5 Capital is a specialist investment firm that exclusively invests in the secure data ecosystem including cybersecurity, cloud infrastructure, data analytics and space.

Cyentia Institute

Cyentia Institute

The Cyentia Institute is a research & data science firm with a mission to advance knowledge in the cybersecurity industry.

GELLIFY

GELLIFY

GELLIFY is the first innovation platform dedicated to the high-tech B2B market, supporting start-ups and companies.

ISA Security Compliance Institute (ISCI)

ISA Security Compliance Institute (ISCI)

ISCI, a not-for-profit automation controls industry consortium, manages the ISASecure™ conformance certification program for industrial automation and control systems.

National Cybersecurity Agency (ACN) - Italy

National Cybersecurity Agency (ACN) - Italy

The ACN is the National Authority for Cybersecurity in Italy. the Agency promotes public-private initiatives to strengthen the national cybersecurity and resilience posture.

Cybernatics

Cybernatics

Cybernatics is inspired by bringing together best-in-class innovations around Cybersecurity and Analytics. We offer tailored enterprise solutions to safeguard your organisations best interests.

Access Venture Partners

Access Venture Partners

Access Venture Partners are an early stage VC firm investing in bold founders and helping every step of the way. Areas we give special focus to include cybersecurity.

ProvenRun

ProvenRun

ProvenRun is a leading provider of trusted software solutions with extensive expertise and an unwavering commitment to security.

Autobahn Security

Autobahn Security

Autobahn Security is a growing team of 80+ experts from 25+ nationalities, established in 5 countries. We’re working hard to make Autobahn Security the No. 1 solution for improved hacking-resilience.

XBOW

XBOW

XBOW brings AI to offensive security, augmenting the work of bug hunters and security researchers.