UK Archives - Page 5 of 24

Remembrance Sunday Thoughts

General, History, Politics No Responses »

Nov 102013

Today (at least it is when I’m writing this) is Remembrance Sunday in the UK; traditionally a day to commemorate the sacrifice of ordinary men in the two world wars.

I did not watch the ceremony at The Cenotaph, or attend any of the more local ceremonies, although I have in the past. But one thing that is a noticeable change since my childhood – there is a much greater emphasis on the sacrifices made by our armed forces in all wars up to and including the present.

Fair enough; I don’t have a problem with commemorating the war dead from any war, but the the armed forces already have a day – Armed Forces Day – and Remembrance Sunday is special. It is special because it remembers the two world wars when ordinary men were called to service in their droves; whereas other wars involved soldiers, sailors, and airmen who had chosen to be shot at for a living.

Before WWI, there was nothing like Remembrance Sunday despite all the wars that the UK fought before – nothing for the Boer War, the Crimean War, the Napoleonic Wars, and nothing before. There were war memorials constructed – as a resident of Portsmouth, I can visit an unusually large number, but as for national ceremonies … excluding the burial of heros such as Nelson, they had to wait until after WWI.

Perhaps we need to move the Armed Forces Day to next to Remembrance Sunday to more clearly distinguish between the two days.

Perhaps we also need to make the commemorations somewhat less military in nature – encourage those whose relatives served in the two world wars to attend in place of them. After all the number of world war veterans is dwindling; it won’t be too long before none of them are left, and it would be a great shame to leave Remembrance Sunday to the politicians and the present-day military.

Who Decides What Public Inquiries Should Take Place?

General, Politics No Responses »

Sep 292013

Who decides whether or not to hold a public inquiry? The government of course, and they usually make their decision on the cost of a public inquiry.

But it is rather convenient when a public inquiry delves into embarrassing subjects such as :-

the Bloody Sunday inquiry which took place 25 years after the event.
the Iraq Inquiry.

Never mind the fact there has been no public inquiry into political corruption after the MPs expenses scandal. Which all goes to show that we cannot trust the government to investigate themselves. Or the police: Look at how hard people have had to work at getting at the truth behind the Hillsborough disaster.

Or in other words, we cannot trust the government to determine whether public inquiries should be held, nor the scope of those inquires. Whilst the government usually does reasonable work in setting up public inquiries, and the reason for refusing to establish public inquiries is down to cost, it is not unreasonable to plan for the worst case scenario where a future government may refuse to establish an inquiry to conceal their own bad deeds.

As such the decision of what public inquiries should proceed should be in hands of a third party. An independent third party with no past or present politicians, senior policepersons, etc. Essentially a panel of the powerless.

Are We Living In A Police State?

Politics No Responses »

Aug 192013

No.

Anyone who thinks so needs to read a bit of history on what life was like in real police states.

But on a day when news of an incident where a journalist was detained for 9 hours and his electronic media confiscated, we do have to ask ourselves whether we are headed in that direction. And whether we really want to go in that direction.

David Miranda was held under anti-terrorist legislation – specifically schedule 7 – in what was clearly an attempt at harassment for publishing stories embarrassing the UK and US governments. Now the victim here is clearly a journalist, and whilst it is possible for a journalist to be involved in terrorism, I really rather doubt this one has time to be particularly active at this time. This is a high profile case, but how many of the 61,145 other suspects detained under schedule 7 last year were detained for non-terrorism purposes?

Anti-terrorism legislation is very powerful, and whilst it may be justified to tackle terrorism, it certainly must not be used for other purposes. And in this case it was.

And undoubtedly we will have some sort of review of the case, a lot of noise, and very little action. It’s almost certain that the police who detained David Miranda will escape scot free, or with a notional slap on the wrist, and not with a prison sentence that they deserve.

The NSA and GCHQ Are Spying On Us …

Security No Responses »

Jun 082013

Which is news how exactly? Spying on us is what the NSA and GCHQ are for.

Over the last day or two, we have been hearing more and more of the activities of the NSA (here) and GCHQ (here) spying on “us” (for variable definitions of that word). Specifically on a programme called PRISM which monitors Internet traffic between the US and foreign nations, but not on communications internal to the US.

Various Internet companies have denied being involved, but :-

They would have to deny involvement as any arrangement between the NSA and the company is likely to be covered by heavyweight laws regarding the disclosure of information about it.
It’s also worth noting that they have asked the company executives whether they are involved in PRISM, but not asked every engineer within the company; it is doubtful in the extreme that any company executive knows everything that happens within their company. And an engineer asked to plumb in a data tap under the banner of national security is not likely to talk about it to the company executive; after all the law trumps company policy.
The list of companies that have been asked, and have issued denials is a list of what the general public think of as the Internet, but in fact none of the companies are tier-1 NSP; whilst lots of interesting data could be obtained from Google, any mass surveillance programme would start with the big NSPs.

What seems to have been missed is the impact of agreements such as the UKUSA agreement on signals intelligence; the NSA is “hamstrung” (in their eyes) by being forbidden by law from spying on US domestic signals, but they are not forbidden to look at signals intelligence provided by GCHQ and visa-versa. Which gives both agencies “plausible deniability” in that they can legitimately claim that they are not spying on people from their own country whilst neglecting to mention that they make use of intelligence gathered by their opposite number.

There is some puzzlement that PRISM’s annual cost is just $20 million a year; there is really a rather obvious reason for this … and it also explains why none of the tier-1 NSPs have been mentioned so far either. Perhaps PRISM is an extension of an even more secret surveillance operation. They built (and maintain) the costly infrastructure for surveillance targeting the tier-1 NSPs and extended it with PRISM. In particular, the growing use of encryption means that surveillance at the tier-1 NSPs would be getting less and less useful (although traffic analysis can tell you a lot) making the “need” for PRISM a whole lot more necessary.

As it turns out there is evidence for this hypothesis.

But Are They Doing Anything Wrong?

Undoubtedly, both the NSA and GCHQ will claim what they are doing is within the law, and in the interests of national security. They may well be right. But unless we know exactly what they are doing, it is impossible to judge if their activities are within the law or not. And just because something is legal does not necessarily make it right.

Most people would probably agree that a mass surveillance programme may be justified if the aim is to prevent terrorism, but we don’t know that their aims are limited to that. The surveillance is probably restricted to subjects of “national interest”, but who determines what is in the national interest? Just because we think it is just about terrorism, war, and espionage doesn’t mean it is so. What is to stop the political masters of the NSA or GCHQ from declaring that it is in the national interest to spy on those involved with protests against the government, or those who vote against the government, or those who talk about taxation (i.e. tax avoidance/evasion)?

Spying is a slippery slope: It was not so very long a ago that a forerunner of the NSA was shut down by the US president of the day because “Gentlemen do not read each other’s mail.”. But intelligence is a tool that is so useful that more and more invasive intelligence methods become acceptable. It is all too easy to imagine how today’s anti-terrorist surveillance can become tomorrow’s 1984-like society.

That does not means that GCHQ should not investigate terrorism, but that it should do so in a way that we can be sure that it does not escalate into more innocent areas. Perhaps we should be allowing GCHQ to pursue surveillance, but that it should be restricted to a specified list of topics.

Is China The Bad Boy In Cyber Warfare?

Computing, Security No Responses »

May 182013

The strange thing about being involved in information security is the phenomena of cyber warfare.

After all, what does tinkering with computers have to do with real war? Well it depends what all that tinkering leads to, and we simply do not know what would happen in a real war. We are in the beginning of the era when aggressive hacking supports war.

But probably the overwhelming majority of activities labelled as cyber warfare are in fact espionage, or a grey area in between. Any kind of hacking that leads to information disclosure, is espionage rather than warfare. More aggressive hacking – such as writing malware to spin centrifuges into destruction – falls into the grey area between espionage and warfare; it’s too aggressive to be labelled espionage, but isn’t part of a legal war (and yes there is such a thing). In terms of legality, it could well be that such acts are illegal acts of war, but morally justified.

And why is China always the bad actor here? Practically every hacking conference video dealing with cyber warfare drops big hints about the activities of China with little in the way of evidence. There is some evidence that China may be involved in cyber espionage, but as for cyber warfare itself, there is far more evidence for the involvement of the US, Israel, and even the UK; although the rumoured replacement of an Al-Qaeda recipe for a pipe bomb with one for cupcakes doesn’t seem like an act of war, but perhaps an exhibit of the English sense of humour.

Part of the problem is that anyone who reads their firewall logs will find a huge number of attacks coming from Chinese address space. As an example, a quick inspection of the addresses blocked on one of my servers for attempted ssh brute force attacks gives the following table :-

Count	Country Code	Country
255	CN	China
51	US	United States …
29	KR	Korea (South)
19	BR	Brazil
17	DE	Germany
15	IN	India
13	RU	Russia
13	GB	Great Britain
13	FR	France
11	ID	Indonesia

This is not intended to be an accurate reflection of anything other than the number of infected machines trying to brute force accounts on my server.

The high presence of China is an indication of the number of malware infections within China, and the large population of the Chinese. It doesn’t actually say anything about where those attacks originate. Every hacker with enough sense to tie up their shoe laces will be pivoting through privacy proxies, and using armies of infected hosts to send out their attacks. These infected hosts are the ones whose addresses show up in your logs.

Assuming that because these addresses are Chinese means that the Chinese state is behind attacks is faulty logic. There is no reason why the Chinese state hackers (if they exist … although it is almost certain they do) would use Chinese addresses to attack from; they are more likely to be using addresses from the US, Europe, South America, etc. If anything, attacks coming from Chinese addresses indicate :-

Private sector hacking (which is the majority)
Attacks from state groups other than China.

It may well be that China is engaged in industrial scale cyber espionage; it may also be that what people assume are Chinese attacks are in fact other states. After all cyber espionage is probably one of the cheapest ways to get involved; within the means of even the smallest and poorest states.

Older Entries Newer Entries