I doubt the components are backdoored by default in stock hardware. More likely, GHCQ was worried that other nations (China, Russia, etc.) were targeting Guardian journalists in an effort to gain access to the Snowden cache. As such, GHCQ probably was simply taking extra precautions in the event that hostile intelligence agencies had installed implants into the Guardian's hardware. Or perhaps, GHCQ/NSA had installed the implants themselves to monitor the journalists, and then wanted to destroy the evidence. See the leaked ANT catalog for an idea of the types of hardware implants that SIGINT agencies have developed.
It was previously my job (for 3 years) to investigate security breaches and destroy devices. You are almost uncannily correct.
>I doubt the components are backdoored by default in stock hardware. More likely, GHCQ was worried that other nations (China, Russia, etc.) were targeting Guardian journalists in an effort to gain access to the Snowden cache. As such, GHCQ probably was simply taking extra precautions in the event that hostile intelligence agencies had installed implants into the Guardian's hardware.
This is it in a nutshell, and, legislation states they had to physically destroy the devices. It was not optional. It was the law. There is absolutely nothing more to it.
> [Edit to Add]
Believe me, I have destroyed the brand new iDevices of senior Government personnel because they plugged it into a classified network to charge it for less than a minute. The law is the law. I actually had a wall of digital devices we had drilled, degaussed etc etc. The Guardian were treated the same way we treated everybody. I had my phone confiscated cause I stupidly did the same thing at the start of my career. shrug
There really is no story here which makes the cloak and dagger theories even more funny. It is almost cargo cult-ish. Some guys at Cheltenham will be rolling in the aisles reading these comments.
> [Legislation Guidance for those asking]
You can Google and read the statutes and policies yourself.
>> Once the classified material had been confirmed, security operators were then legislatively bound to destroy or other render unusable the material in question.
The legislation which required all reasonable and necessary measures are contained within the Official Secrets Act 1989, the National Security Strategy, the Data Protection Act and the Regulation of Investigatory Powers Act 2000 with detailed policy guidance promulgated to intelligence operators via HMG Information Assurance Notes (1/2 (SPF)) and, more importantly, HMG Information Assurance Note 5 and the Joint Services Publication 440 which governs counter-compromise measures.
Ultimate responsibility for HMG security policy lies with the Prime Minister and the Cabinet Office. Departments and Agencies, via their Permanent Secretaries and Chief Executives, must manage their security risks within the parameters set out in the framework, as endorsed by the Official Committee on Security (SO).
All HMG employees (including contractors) have a collective responsibility to ensure that government assets (information, personnel and physical) are protected in a proportionate manner from terrorist attack, and other illegal or malicious activity.
The loss or compromise of such Critically Important Assets would have a severe, widespread impact on a national scale and Departments must work with the National Technical Authorities and the Cabinet Office to ensure they are afforded appropriate levels of protection.
[EDIT TO FURTHER ADD]
I have posted the links to 7 policy and legal frameworks. If you cannot find these documents or you are still asking then frankly, you are too fucking stupid to trying to analyse the law or most other things.
People on HN are not your legal secretary. You not being able to find something is not proof of it's absence.
This may well be the policy, but applying it outside of the government organisation is seriously problematic - it gives the government the right to destroy evidence of crimes.
There were reports that US govt ended up destroying desktop PCs because the users had seen Snowden reports on the CNN website. At the time that suggested the prospect of using this as a denial-of-service attack; inject classified material into enough places and the government is legally obliged to either destroy its own IT infrastructure or stop looking at the internet.
Would broadcasting classified material on TV give the government the right to seize and destroy every PVR in the country?
Those of us old enough to remember "Gerry Adams has his words spoken by an actor because we're not legally allowed to broadcast him speaking on TV" know how ludicrous this kind of speech control can get.
You are not wrong. I did two years of law school and my initial reaction was one of incredulity.
However, I can only repeat what I have said all along; regardless of the stupidity or the flaws - it is still the law. Classified material stored on insecure devices results in the device being destroyed to prevent further breaches.
In regards to the CNN reports etc - the US has a history of reacting disproportionately to events. See Hugh Miles book Al Jazeera for some truly frightening examples including the bombing of an Al Jazeera office in response to the allegation AQ were receiving coded news messages. To which the Pentagon responded "Oops. Must have been a mistake...we swear. Thank God you were not in there, you might be next time."
I am biased but I like to think the UK has taken a very scalpel-like and proportionate response to the whole situation.
David Miranda, come with us for a minute. Would you like a lawyer? No. OK. We need your laptop. OK you are free to go. Safe flight.
Guardian. Hi, we need those laptops. If not we can get a warrant for the whole building. Laptops destroyed. OK. Carry on as normal and let's all get back to work, us silo-ing information and you trying to un-silo it.
^^ In a nutshell.
I mean, think about it, how do you think this situation would have been handled in Russia, China, North Korea, Saudi Arabia, Iran or even East Germany back in the day. You think there would have even been a discussion, an option?
Apart from your attempts at trolling out of the conversation (East Germany, really?), this is ludicrous, sorry:
>David Miranda, come with us for a minute.
A 9-hour-long "minute", that was.
>Would you like a lawyer? No.
Afaik, he was not given any chance to contact a lawyer -- the anti-terrorism legislation used does not require it. Which is a disgrace in itself, but hey, it's our UK gov -- illiberal at the best of times.
>OK. We need your laptop.
Yeah, private property of a foreign citizen they had no right
to, seized while in-passage through an airport safe-area, and (iirc) not even handed back.
And this tops it:
>regardless of the stupidity or the flaws - it is still the law.
Law enforcement is always executed with a degree of discretionality. Strictly speaking, the average citizen breaks the law every day multiple times for the silliest reasons, but he doesn't get prosecuted. When stupid laws are enforced, it's the duty of a citizen to question why and to react if the answer is unsatisfying. In this case, you probably find the answer satisfying and I don't.
A stupid, illiberal law was enacted in a stupid, illiberal way by a stupid, illiberal government for stupid, illiberal purposes (and it didn't even work, considering they still don't know what Snowden got).
You really are pushing your own version of events there aren't you? He was offered a lawyer and he refused, confirmed by him in his own appeal and gosh, not 9 whole hours - oh the horror!
Schedule 7 Anti-Terrorism has been now been improved (at the request of the Home Secretary ironically) to reduce the maximum time and provide for legal counsel as standard. Yes. We are so illiberal we voluntarily reduce our legislative powers.
Are you seriously suggesting that the United Kingdom should not stop and detain foreign nationals who are carrying our Top Secret data and then relieve them of that data?
:-) Good one.
I find it satisfying that a Brazilian civilian travelling through the UK was stop, detained and relieved of British property and then allowed to go freely on his way without further incident. I find that an absolute masterpiece of Government restraint in a highly charged situation.
To sum up -
>>Law enforcement is always executed with a degree of discretionality.
That's an interesting word. I assume you mean discretion or one of it's derived terms.
>> Afaik, he was not given any chance to contact a lawyer
You know nothing Jon Snow. <joke> But seriously, he was offered a lawyer and he felt so threatened that he refused one.
>> Foreign national <snip> no right to seize property etc
The High Court ruled the authorities could examine the seized material for the defence of national security.. It was perfectly within the law according to UK judges. If you don't want your items seized, don't transit UK classified material.
> You really are pushing your own version of events there aren't you?
You mean, unlike you? Ye gods. He was not offered a lawyer by any traditional meaning of the phrase. He was offered a stooge selected by the very same people interrogating him and implying he might be a terrorist. When he asked for his own lawyer, that's when he was refused, rather shooting a hole in the idea that he would have been given good representation if he'd gone with the so generous British offer.
> We are so illiberal we voluntarily reduce our legislative powers.
These powers were reduced because of the overwhelming evidence that they were being abused: like by detaining people involved in journalism using powers intended for terrorism. Don't try and spin this as the UK being so awesome and democratic. We passed a stupid law that was repeatedly abused by people living in some kind of reality distortion field, and that's why the powers had to be reduced - despite the natural inclinations of many Tories.
> Are you seriously suggesting that the United Kingdom should not stop and detain foreign nationals who are carrying our Top Secret data and then relieve them of that data?
Whaa? Yes, of course he's seriously suggesting that. Your post speaks volumes about how disconnected you seem to have become from basic common sense. Miranda was working on data that had already been leaked to multiple journalists around the world and was going to go public no matter what. This fact was already public at the time. You can't "take back" information that was deliberately leaked to multiple journalists - at that point under any sensible set of rules the information would cease to be classified, because you can't classify something that's public knowledge.
I'm blown away that you find the British government's oafish response a "masterpiece". Let's see what it achieved, shall we?
* Nothing of value was obtained from Miranda.
* It triggered international outcry from journalists around the globe, making Britain look stupid and illiberal on the world stage.
* It pissed off Miranda's partner who then prioritised GCHQ related information for release.
* It confirmed what most people already suspected or knew: that the British intelligence apparatus will happily classify anyone as a terrorist if it suits them, regardless of how dangerous they actually are (in this case: not at all).
* It means in future journalists working on stories that might embarrass the British government will simply avoid British airports, resulting in the same media coverage with the added bonus that it looks like the UK doesn't care about freedom of the press.
The law being ignorant and stupid is no defence of the law. The whole setup desparately needs to be changed.
Russia, China, North Korea, Saudi Arabia, Iran or even East Germany back in the day
Is that on a motivational poster inside GCHQ? "Not as bad as the Stasi"? Talk about low expectations; don't you think we might aspire to something a little better than "not as bad as North Korea"?
The question for me is why they choose to destroy some chips and not others. I could guess about what makes a chip destroy worthy and another chip not destroy worthy, but I'd like some groundtruth.
It would be useful to have entire list of what they have destroyed, but these three listed components are:
keyboard controller - random chinese ASIC that probably contains MCS51 core and some kind of non-volatile memory (with no meaningful way to ascertain whether it is flash or mask ROM) => it is data storage device
"trackpad controller" - actually serial flash that trackpad controllers apparently boots from => data storage device
"inverting controller" (seriously, wtf? :)) - simple analog chip which probably contains <1k transistors, but it's datasheet says it is "programmable" (by means of few external resistors, so it does not actually store any data), and was probably destroyed in order to destroy everything that stores data or is "programmable".
My point in this case is that LT3957 does not even contain any embedded firmware. There even is a block diagram in it's datasheet that consists of few opamps, about 20 logic gates and few blackboxes that does not do anything complex (I assume that each such blackbox is not more than about 20 transistors).
[edit: the "seriously, wtf?" comment has to do with naming it "inverting controller", not with it's destruction]
I think the best explanation is that they just destroyed one chip on each PCB, maybe more on larger PCBs. If your goal is to make the device non-operational that's not a bad approach.
> I have posted the links to 7 policy and legal frameworks. If you cannot find these documents or you are still asking then frankly, you are too fucking stupid to trying to analyse the law or most other things.
> People on HN are not your legal secretary. You not being able to find something is not proof of it's absence.
This is needlessly baity. You know the nMes of the legislation and you should have just included those names. Otherwise you are requesting tens of thousands of people to make many websearches to get that information. That feels obstructive and evasive.
Calling people fucking stupid is decidedly suboptimal and peoe will downvote for that.
Not just somebody, but a self-proclaimed former spook.
A bit further down this thread you can see how one of his counter-arguments consisted of telling someone his Android book had terrible reviews. What's funny about this is that it fits neatly with one of JTRIG's purposes of destroying reputations.
Although he did such a hilariously bad job of trying to destroy someone's reputation, I doubt he's anything other than a troll.
But now that I think of it, he did succeed in derailing a big part of this thread, so maybe he knows what he's doing.
Oh my word - your mind is in paranoid overdrive right now.
1. Never proclaimed I was a spook or a spy. Not once, anywhere.
2. If I did proclaim I was a spook and was indeed a JTRIG sockpuppet that would make me a pretty fucking terrible secret provocateur wouldn't it?
3. A poster attacked my writing so I responded with the Amazon reviews calling his own writing terrible. Pretty sure he destroyed his own reputation with his book long before this thread. He could have just linked to the Reddit without criticising my writing.
4. If you can find a factual error with 1-3 then post it.
If they thought it had been compromised by someone other than themselves, wouldn't destroying specific chips rather than destroying the computers entirely leak more information about the information they had though?
Don't get me wrong, I'm not saying you're wrong. Just seems odd, is all ^_^;
That's a very nice detailed line-by-line confirmation that they were doing their job to the letter of the law. But you make no comment on the notion that the UK may have modified these devices to spy on the Guardian and needed to destroy the evidence. Of course that isn't your job, and because it would probably be illegal (IDK UK law about that) you couldn't prove it either way. Just sayin'
If you bring your American laptop into an American secure facility and plug it into a secure network, it then becomes part of the secure network, and you cannot take it back.
You also shouldn't get anywhere near the secure network without being told about this.
EDIT: By "secure" I mean "classified/secret/top secret"
Yep. You've signed many contracts agreeing to that by the time you're allowed to access anything secure.
At a prior job, we used to joke about "TOP SECRET cupcakes": once you brought them into the SCIF, they could never be taken back out.
While Snowden, WikiLeaks, and others are demonstrating that every country may be a leaky ship information wise, the scale of the USG information security apparatus is absolutely amazing, especially if you've also gotten to see how some smaller countries do it.
And as a visitor you must hand over all you electronic devices (which are locked away and given back to you on exit) before going beyond reception.
Years ago I interviewed at hunting's (a List X arms manufacturer) and the interviews where done in a separate room adjacent to reception you never even went inside the plant.
You don't even need a source for that its common sense, if you want a source try to find the CIA/NSA/GCHQ employee handbook or whatever material they give to new users.
Its the same idea that malware operators test out mobile malware in faraday cages so that the malware can't jump devices.
Believe me, if I was a spy I would have more important things to worry about than bringing some reason to a debate on Hacker News.
The intelligence community is staffed with literally millions of people who are not spies. TOP SECRET clearance for contractors in the USA alone are >1million
This is the equivalent of me wandering into a debate on the Royal College of Physicians and try to argue the merits of certain healthcare policies.
Let's take you at your assessment - I am a 'fake' spy. Haven't I, even as a fake, demonstrated a breadth of knowledge on the intelligence apparatus that you could only dream of?
What exactly is it you think you are bringing to this discussion?
As for there being no laws; are you just ignoring the posters that have worked in similar US, Australian and International departments who say exactly the same laws exist?
I was using "spy" as an informal shorthand for "member of the intelligence community". Perhaps "spook" would have conveyed this better.
So no, I don't think you are an actual spy. I don't think you've "demonstrated a breadth of knowledge on the intelligence apparatus that you could only dream of" either.
Are you accusing the other posters who confirm similar laws in the USA and Australia of lying as well or do you concede that they exist?
Shorthand for a member of the community is just 'analyst'.
Spook/Spy is a pop culture reference to a very specific role in the intelligence community.
To give you some context about the thing that you think you know about.
>> The United States Intelligence Community (I.C.) is a federation of 17 separate United States government agencies that work separately and together to conduct intelligence activities considered necessary for the conduct of foreign relations and national security of the United States. It includes intelligence agencies, military intelligence, and civilian intelligence and analysis offices within federal executive departments.
>> The Washington Post reported in 2010 that there were 1,271 government organizations and 1,931 private companies in 10,000 locations in the United States that are working on counterterrorism, homeland security, and intelligence, and that the intelligence community as a whole includes 854,000 people holding top-secret clearances.
That is just the USA. That does not take in the 5 EYES Community (UK, CAN, NZ, AUS) or the rest of Europe (FR, DEU, IT, DK etc)
And you think that none of these places legally destroy magnetic media that contains compromised classified information?
I gather the UK equivalent is "HMG Infosec Standard 5"? The above link is not particularly informative, but it did have this gem on page 166:
Disposal of media
Disposing of media in a manner that does not draw undue
attention ensures that previously sensitive or classified
media is not subjected to additional scrutiny over that
of regular waste.
Control: 0378; Revision: 2; Updated: Sep-11;
Applicability: G, P, C, S, TS; Compliance: must;
Authority: AA
Agencies must dispose of media in a manner that does not
draw undue attention to its previous sensitivity or
classification.
Assuming the British system operates on similar principles, I'm not sure how this clause squares with having your media disposal effort splashed across the Internet and subject to scrutiny by Privacy International. :-)
(1)Where a Crown servant or government contractor, by virtue of his position as such, has in his possession or under his control any document or other article which it would be an offence under any of the foregoing provisions of this Act for him to disclose without lawful authority he is guilty of an offence if—
(a)being a Crown servant, he retains the document or article contrary to his official duty; or
(b)being a government contractor, he fails to comply with an official direction for the return or disposal of the document or article,
or if he fails to take such care to prevent the unauthorised disclosure of the document or article as a person in his position may reasonably be expected to take.
(2)It is a defence for a Crown servant charged with an offence under subsection (1)(a) above to prove that at the time of the alleged offence he believed that he was acting in accordance with his official duty and had no reasonable cause to believe otherwise.
(3)In subsections (1) and (2) above references to a Crown servant include any person, not being a Crown servant or government contractor, in whose case a notification for the purposes of section 1(1) above is in force.
(4)Where a person has in his possession or under his control any document or other article which it would be an offence under section 5 above for him to disclose without lawful authority, he is guilty of an offence if—
(a)he fails to comply with an official direction for its return or disposal; or
(b)where he obtained it from a Crown servant or government contractor on terms requiring it to be held in confidence or in circumstances in which that servant or contractor could reasonably expect that it would be so held, he fails to take such care to prevent its unauthorised disclosure as a person in his position may reasonably be expected to take.
TL;DR: if you have sensitive information (and you know it is sensitive, and have not been given it by someone with access who expects you to keep it secret) and do not return or destroy it as you are asked you are committing a criminal offence.
I expect the storm of downvotes to arrive any time now.
Don't bring rational thought to this thread rcxdude.
Great TL;DR by the way.
> TL;DR: if you have sensitive information (and you know it is sensitive, and have not been given it by someone with access who expects you to keep it secret) and do not return or destroy it as you are asked you are committing a criminal offence.
ZenPro must be lying because he referenced publicly available legislation and discussed the rationale behind destroying Guardian magnetic media. No one involved in the Intelligence Community would do such thing.
Thank God Edward Snowden leaked all those documents.
If you have evidence of me being a Walter Mitty by all means publish it. :-) I would love to see the evidence that mitigates my entire career, genuinely.
Go ahead. For each evidence you publish I will upload 1 x Annual Report and a link to 1 x professional publication in my own name and links to the intelligence reports I wrote which were later published on Wikileaks during the Afghanistan disclosures.
On a different tangent, I would be interested in hearing your personal views on having your own (classified) words put out into public - how did you feel when you found out? Worried about being taken out of context? Proud that despite the leaks there was demonstration of professionalism / reasonableness out there? Pissed off? None of the above?
Apart from people like Edward Snowden of course. They signed no such agreements obviously.
However, to demonstrate the breadth of your naiveté in your little witch hunt - here is the first line of that document you linked to.
ensure they are appropriately protected; support Public Sector business and the effective exploitation of information; and meet the requirements of relevant legislation and international / bilateral agreements and obligations. It applies to all information that government collects, stores, processes, generates or shares to deliver services and conduct business, including information received from or exchanged with external partners.
This is nothing to do with the Official Secrets Act. We disseminate these documents freely and at industry conferences to ensure List X companies are in compliance and also because the Intelligence Services have a vested interest in ensuring our economic and commercial IT infrastructure is robust. So struck out on the Official Secrets Act claim. Let us see how you do in reviewing policy...
You will find on Page 15 the extant legislation that I referred to in my original post above. So far so credible. It is almost like the intelligence operators were obeying that law or something...
...oh wait, the very next page.
This document should be read in conjunction with the detailed standards and guidance set out in the HMG Security Policy Framework (SPF).
Pretty sure I said that in my original post.
And then the gem of gems - Page 18. Destroy / sanitise to prevent
retrieval and reconstitution followed by Guidance about the management and handling of security incidents is available in the SPF documents 'Security
Breach Management' and 'Leaks Procedural Guidance' Relevant ICO guidance should also be consulted.
You are 0 for 2 there. Thanks for playing though. That's what happens when you attempt to position yourself as someone qualified to question a process you have neither been trained or educated in.
You will also find above this comment 4 other HN posters who confirm that US and Australian security procedures are the same and another poster confirming that the procedures are the same for civilian IT engineers working in commercially sensitive environments.
I think you've misunderstood. There's no witch hunt from this end. You seem to be interpreting questions as personal attacks and lashing out. Others are responding to that appropriately.
I know which paragraph of which publication you're referring to but it's protectively marked and as such neither of us will be posting it on here. That's where the Official Secrets Act comes in to it.
But you know full well it exists and you know full well I am right. Those lads had no option when they walked into the Guardian. It is also on Wikileaks.
That was the original argument before the sub-threads and vote gaming started.
You'll get downvoted now for complaining about downvoting; you were originally downvoted for spoiling the narrative. If you want to inject pragmatism into conversations about Internet surveillance, suck up the downvotes and grey text as a sign that you're doing something right.
[1] I posted the link to the AMA on HackerNews. Stop acting like you "uncovered" it. It's in my submissions. I also don't think a single one of my replies on that AMA counts as a Derp - if you do, please post the replies in particular. I had a number of PM's from Redditors saying they thought it was actually very clear and interesting.
[1] "Whatever your Android programming level is, this book is a complete waste of time and definitely doesn't worth a single penny. "
[2] "I am an avid Oreilly fan. I write software in a number of different languages and environments. This has got to be the absolute worst coverage of android I've seen. It was less informative than the books covering beta releases. There are typos, not just normal sentence typos but method signatures in the examples. I feel pretty ripped off having bought this book."
One of the worst rated books in O'Reilly history it seems. Congratulations. If you want to get into personal attacks Zigurd let's do it, let's get the rulers out and do some measuring. Derp derp.
[2] The AMA was cancelled because I redacated the names of individuals from my documents (Managers etc) so the Reddit Team decided it was not valid since it could be forged. That's fair enough, it's their platform and I was not willing to provide any other than my assessment reports. I can provide you the email chain if it bothers you that much and you present a compelling enough reason to want to verify it. However some very diligent Redditors actually did find my full details and contacted me to continue the ama offline.
EDIT TO ADD: It was all very friendly and the AMA Team kicked the concept around for a over a week before they said that the evidence was not in line with their guidelines of total transparency. One of the guys actually apologised shrug. At no point was there the insinuation of lying.
[3] Unless you can counter my citations of the law with evidence that they are false then your opinion ranks a little bit below that of my daughter and she is not even 5. Last time I checked RIPA, Data Protection, HMG Security Framework were all perfectly readable right here on the internet and the Joint Service Publications were viewable under certain circumstances.
I would expect better from you than this ridiculous cheap shot making me out to be some sort of liar when we have never met and you don't know me. You could have even messaged me on Reddit with your concerns. Hell, I have the same username.
Would you mind furnishing us with your experience of UK Legislation and the UK intelligence community?
"I think ZP is lying about his national security claims"
"Prove it"
"Here's a thread where it looks to me like he's bluffing"
"Well, your book on Android has poor reviews"
--------------------
I'm not passing opinion on whether you are telling the truth about intelligence or not, but I'm honestly puzzled what his book reviews have to do with anything.
If you feel someone is attacking you, hit the flag button, or message the mods. (I admit I'd have to google up how to message the mods.) Do not attack them back.
Backdoors being engineered into stock hardware is unlikely. A large number of people would have to be involved in this engineering process, and all of them would have to stay quiet about it. This does not seem realistically feasible to me.
I'm not sure. It depends on how it's done. Poisoning the intended schematics would probably be discovered, although I'm not entirely convinced by that, but It seems it would be almost trivial to introduce hardware MITM components which would be invisible and go unnoticed by most people in the fabrication process.
Yes, but it's not about going unnoticed by most people. For a thing like that to stay quiet, it would have to be unnoticed by all people involved. This seems probabilistically very unlikely to me as the number of people involved in the process grows...
In the last year we did see Linux on HD controllers and SD cards, so I do not think that they need to be backdoored by default, but a exploitable keyboard controller seems to be possible.
I doubt the components are backdoored by default in stock hardware.
Evidence? Links? Data?
All you have is speculation. Once, you could argue "no reason to worry, what evidence do we have that spy agencies are using every possible avenue to spy on everyone they conceivably could spy on" - but now we've had considerable evidence to that very effect.
There is a possibility that GCHQ knows these chips are storing data without users knowing it.
It's equally possible that GCHQ isn't sure that they aren't storing data (double negative, I know). Or that GCHQ wants to be sure nobody at the Guardian was savvy enough to sneak data on to these chips.
I'm not suggesting one or the other is more likely, I really wouldn't know. I find it more interesting that they felt the need to do this, when really the only assurance they have that the documents are destroyed is the word of the Guardian's employees. Other than someone speaking up, there's no way for anybody to actually know if there are other copies floating around.
I think the second possibility is much more likely. If it was the first, they wouldn't have tipped their hand, given that the guardian staff would have been among those users.
It sounds like there are 3 plausible reasons. (1) they had compromised those components and were trying to clean up after themselves (2) they were afraid someone else had compromised them (3) intentional misdirection.
If the GHCQ knew that these components were easily compromised, they would have bugged them themselves given their interest in the material on those machines.
4) They were on a power trip and looking to destroy things for the sake of it, just to make some point. 5) Extending their "field time" for personal reasons, e.g. because it pays really well. 6) The people in question were just completely clueless about hardware.
It seems to me that they simply destroyed everything that contains the word "programmable" in it's description, including switching regulator that is "programmed" by choice of external resistor.
Well it could be misdirection but id argue that they have better ways to spread misinformation than doing it on exactly this OP.
Also they most certainly dont want people to speculate if they use such methods or not, especially on possible stock hardware on a large scale, therefore I dont see much logic in that scenario.
What we do know thanks to the Snowden files is, that they indeed install stealthy espionage equipment in seemingly uninteresting components (by intercepting mail orders for example). Not just to monitor keystrokes, etc but also to manipulate the PRNG (looking at you power converter).
The fact that some of those destroyed components are actually related to espionage relevant parts (such as keyboard, touchscreen, etc), rings some alarm bells at least.
Maybe they were indeed afraid that the systems were compromised but if so, why only destroy specific components and not just the whole thing?
Its top secret material after all and the protocols for safely destroying it are ridiculously strict. How could they be sure that there are no further compromised components which might survive?
The way I see it, I would tend to your first scenario.
Perhaps they were looking for common attack vectors/device modification surfaces, rather than looking for specific information there.
For example, perhaps the GCHQ have reason to believe that Chinese spys were bugging keyboards and mice sent to journalists and their companies. So they removed the chips that they knew could possibly be bugged and took them home for further inspection?
If they could prove that the Guardians computers were already compromised by Chinese spys, and that the guardian was holding top secret sensitive information on them... GCHQ could skewer the Guardian publicly for releasing state secrets to China.
The purpose of the exercise was only partly to destroy any potential storage, but also to intimidate the Guardian. Having an air of fake mystery to irrational actions just adds to the effect.
If the whole thing was too easy the capacity for that intimidation would have been greatly reduced, and leaving it hanging allows paranoid people to latch on to stuff while giving GCHQ the air of having preserved some secrets, when their instructions were probably get rid of certain components, for sure, but randomly do some other stuff for confusion to cover exactly what it was we did have to get rid of.
Nope. There is absolutely no intimidation whatsoever and reports by the Guardian journalists confirm that the GCHQ engineers were simply resigned to an extremely common and boring task. They joked about the futility of it as I understand.
> Days later Oliver Robbins, the prime minister's deputy national security adviser, renewed the threat of legal action. "If you won't return it [the Snowden material] we will have to talk to 'other people' this evening." Asked if Downing Street really intended to close down the Guardian if it did not comply, Robbins confirmed: "I'm saying this."
In what universe does "we will shut down your company if you don't obey" not qualify as intimidation?
I suppose you could say that the police "intimidate" criminals by threatening to arrest them as well but it would make no more sense than you are making. Like a parent "intimidates" a child by grounding them instead of throwing into the street to fend for themselves.
The Government had a legal case, they offered the Guardian a solution which was quicker and less disruptive to their business.
Is your argument that the should not have compromised and just launched a case to have the Guardian shut down immediately? Is that your argument?
Because if not then you have very little evidence to say the Government were not being reasonable.
In a reasonable country with the rule of law, it's always safe to tell the police to go away and come back when they have a warrant.
According to you, the law mandated that this equipment be destroyed. The correct way for the government to handle this would be to ask, and if they object, come back with a court order. With the court order in hand, you destroy the equipment.
Threatening to destroy the entire company when they haven't even violated the law yet is absolutely intimidation.
Imagine, for example, that you've been pulled over in your car by the police. They ask if they can search your car for drugs.
You can say yes, of course. Then they'll search, and if they find anything, you'll go off to jail.
Here in the US, at least, you can also say "no". At this point, the officer can either let you go, or if he has sufficient cause to carry out a search against your wishes, he can detain you and carry out the search.
All well and good so far. The problem is when you say "no" and the police officer says, "If you don't let me search this car, I will put you in prison." Any threat by law enforcement of punishment beyond what the law actually provides for what you've actually done is intimidation.
Let us have the laptops or we detain you and search everything.
The Guardian. OK. You can have them.
Is exactly the same as your example of reasonable policing for a vehicle search. > Here in the US, at least, you can also say "no". At this point, the officer can either let you go, or if he has sufficient cause to carry out a search against your wishes, he can detain you and carry out the search.
Apparently it is not exactly what happened, because the government was threatening to shut them down. Your scenario does not include anything like that.
Some people define "reasonable" as not seizing information from journalists, destroying their stuff, offering them choices that include getting shut down...
Edit: How effectively they can cloak themselves in legalism is beside the point.
Edit 2: I'm resisting writing more, because there has to be a Godwin's Law equivalent for when you start quoting dictionary definitions at people. Also I've made more than enough flip remarks that could be used against me by a future authoritarian regime...
Edit the third: I'm sympathetic to your arguments about mundane classified data handling, particularly as [ed: you're] a mundane classified data handler, but I'm afraid government agents fucking with journalists gives me strong feelings of Not Okay.
The Government didn't fuck with Journalists. Journalists tried to fuck with the Government and got owned. Exactly the same way the software engineers of the Valley were being owned by the NSA for years.
That doesn't follow. You don't have to use jackbooted thugs to intimidate someone. Ordering government agents to be sent to a newspaper to destroy information sounds pretty intimidating to me, even if the agents in question are friendly and doing something routine to them.
Is it not intimidation if a gang sends a couple scrawny members to your restaurant to enjoy a pleasant meal the day before your protection payment is due?
Yes, this really clarifies how this may be misplaced paranoia. While I won't ever completely discount extreme paranoia when it comes to government spy agencies, I think this is a distraction from more relevant issues.
"On Saturday 20 July 2013, in the basement of the Guardian's office in Kings Cross, London, watched by two GCHQ technicians, Guardian editors destroyed hard drives and memory cards on which encrypted files leaked by Edward Snowden had been stored."
GCHQ was merely observing to see that the Guardian staff were cooperating. Instructing journalists to remove their 'special storage chips' while leaving others intact would be a breach of operational security. This event was more of a PR move because GCHQ, the NSA, and others had no idea what was going on and had to be seen "doing something", even if it was pointless, absurd, and violated the free speech rights of the newspaper and journalists.
You were so close with this line > GCHQ was merely observing to see that the Guardian staff were cooperating. Instructing journalists to remove their 'special storage chips' while leaving others intact would be a breach of operational security
There is nothing more to it. It is the law. I cannot stress this point enough. Destroying the electronic devices was not optional.
It was not a PR move at all. In testimony the Guardian even admitted it was not a PR move. It was necessary.
EDIT TO ADD: I really don't care if you think I am a shill shrug - that says more about you and your tolerance of new facts than it says anything about me. The source I posted is from The Guardian, about the Guardian with video testimony from the Guardian. It couldn't be further from GCHQ to be honest.
I think most are agreeing that you are someone who is used to following the procedures of a state which habitually engages in surveillance.
I can believe you when you say "this is what had to be done".
The problem is all this seems orthogonal to the actual question asked by the article - "why these chips?"
Another important part of the Snowden revelations is that "no reason to be paranoid" is no longer a good argument. Every revelation has pointed to "everything the agencies might do to spy on, they in fact did do".
So if certain chips attracts the agencies attention, one might legitimately ask "why?"
I don't know anything about the focus on the chips in particular. I never did anything like that in my destruction and I cannot comment credibly on that part of the story.
I can only comment on why the magnetic media had to be destroyed. The how they went about is fair game for people on HN to speculate and question. I am not trying to stop anyone.
I also never said people should not be paranoid. I actually wrote a recent article saying that people should question their intelligence services. However, they also have a responsibility to read the answers that are provided via legislative and parliamentary vehicles.
If the majority of the HN audience were invited to a tour of GCHQ, given free reign to explore and then access to the myriad databases and tools - they would be bored within hours, look up and say
"Now take me to the real secret stuff."
It honestly is not that exciting. It is just a massive bureaucracy with various departments, some of which are doing bleeding edge stuff. When it comes to security it is all very routine and in line with standardised frameworks.
> "It was purely a symbolic act," Johnson said. "We knew that. GCHQ knew that. And the government knew that," He added: "It was the most surreal event I have witnessed in British journalism."
According to Google, the only instance of "'Was it a PR move?' to which he responded. 'No. I wouldn't say that.'" on the entire internet is in your comment. Where did that quote come from?
Here is the classic problem with trial by Google - we cannot verify exactly what you have typed into Google but let us take you at face value and say you cannot find a match.
It is reasonable to assume I have a credible source - after all I have mentioned it alongside a reference several times. You surface skimmed the referenced article and cherry picked the data that you needed without observing the fact the article is based upon a video of the hearing involving the Guardian. They are literally writing up the events of the video which is embedded in the article itself.
Whereby the comment, which you claim exists nowhere on the "entire internet" is contained. It is spoken directly to the Chair of the Hearing in response to the question "Was it a PR move?".
Funny the Guardian failed to write up that little exchange...
"Trial by Google"? What the hell are you talking about? I merely asked where the quote came from, and observed that I first made an attempt to locate it on my own.
Well no, those are clearly the words of somebody who thinks to himself, "shit, did I just say that? Better deny it."
Let's be honest for a second: are you actually trying to discredit the NSA and GCHQ? Because behaving like a complete ass while defending them is a great way to do that.
I adore the common double standard, wherein making a statement like "I accept your concession" when both parties know that wasn't the intent is considered OK, but calling out that behavior is not.
He's such an obvious and terrible shill that I honestly think there's a decent possibility he's actually shilling for the other side. That is to say, he's deliberately attempting to discredit the NSA, GCHQ, and everyone who sides with them by defending them so badly.
Who was that guy with that bigass beard was? You know, the one everyone in tech takes lightly and treats as the butt of the joke? He keeps owning your asses as you keep ignoring him.
Another part of the problem is the assumption that using free software necessarily protects you from government intrusion. I think at this point you pretty much have to live out in the woods with nothing more complicated than a gun in your possession to avoid that.
Well, RMS exclusively uses a Lemote Yeelong that has been formally verified to not contain backdoors, and he runs purely free software on it. If that's not enough, he never connects it directly to the internet by having another computer wget certain websites on a regular basis and also download/ upload emails, which get transferred to the Lemote via physical media.
There may still be vulnerabilities, but he's a whole lot more secure than your average person.
But how well does RMS' model scale to our modern, global and interconnected society? Free software assumes the right to validate, and modify, source code - which is great if you can. Most users of free software, however, don't have the time or even the ability to do anything but blindly trust that someone else has it covered (and obviously, users of non-free software don't have a choice in the matter.)
> But how well does RMS' model scale to our modern, global and interconnected society?
It doesn't. But it isn't supposed to. Stallman is consciously upholding a moral ideal that most in tech are not.
The goal is not for everyone to be like RMS. The goal is to sway the companies who build tech for everyone to be like RMS.
Consider for a moment how much open source software Google, Microsoft, and Apple use in their proprietary products. Is it ethical to use that much free software for the corporation's own personal gain?
>Is it ethical to use that much free software for the corporation's own personal gain?
I don't believe it's necessarily unethical for a corporation to take advantage of open source software if the open source code is distributed with a license which allows for commercial use. I think if the author wants not to care about that, then that should be their right.
That said, closed-source code does make theft a lot easier to hide, so the case is stronger for the use of free software validating the (ethical) integrity of a company.
Well, in terms of package and code validation, there are definitely strong arguments to be made for source-based distribution models and FOSS-backed fuzzing operations. Although freely available source isn't perfect for combating government intrusions, it still is the gold standard since it's impossible to implement fully-featured, unobfuscated backdoors. Despite the fact that things like heartbleed are damaging, keep in mind that they're only a bugs rather than deliberate backdoors.
The answer to imperfect software freedom isn't no software freedom.
It's all a matter of trust in the end. Even with Open Hardware, the production line, or the transport of the hardware to your doorstep could be compromised. The same way that even Open Source software can be compromised if no one is paying attention or you are being specifically targeted.
That's all true. But if intelligence agencies are constrained to physically breaking in to your premises to bug you, that gets hard to scale up to pervasive mass surveillance.
It's surprising that they didn't destroy the entire computer to cover up what they were hiding. This seems like a relatively small subset of components to investigate.
We've been here before, 20 years ago, in the "Spycatcher" trial. The UK sued to suppress information from the book which had been printed in Australia from making it into the UK newspapers. http://news.bbc.co.uk/onthisday/hi/dates/stories/october/13/...
" These two newspapers had for some time been conducting a campaign for an independent investigation into the workings of the Security Service. The details given included the following allegations of improper, criminal and unconstitutional conduct on the part of MI5 officers:
(a) MI5 "bugged" all diplomatic conferences at Lancaster House in London throughout the 1950’s and 1960’s, as well as the Zimbabwe independence negotiations in 1979;
(b) MI5 "bugged" diplomats from France, Germany, Greece and Indonesia, as well as Mr Kruschev’s hotel suite during his visit to Britain in the 1950’s, and was guilty of routine burglary and "bugging" (including the entering of Soviet consulates abroad);
(c) MI5 plotted unsuccessfully to assassinate President Nasser of Egypt at the time of the Suez crisis;
(d) MI5 plotted against Harold Wilson during his premiership from 1974 to 1976;
(e) MI5 (contrary to its guidelines) diverted its resources to investigate left-wing political groups in Britain."
(a) and (b) are basically the same as some of Snowden's allegations: diplomatic meetings are bugged.
(c) is a routine violation of international law, although to be fair we were trying to invade Suez at the time;
(d) is MI5 trying to overthrow our democratic government, straightforward totalitarianism;
(e) is still going on, and Scotland Yard are involved as well (e.g. the deeply embedded undercover officers in the Green movement).
The judgement eventually held that MI5 attempting to block the publication of Spycatcher was a human rights violation. I would expect a similar result in an ECHR trial about attempts to block Snowden's leaks, if such a trial happened.
EDIT: The downvotes are strong on this one :-) I have only posted the transcript from the court. Are we downvoting primary sources now?
I think it is important to provide the crux of the context which you have failed to do so -
[18]
(e) The Attorney General’s principal objection was not to the dissemination of allegations about the Security Service but to the fact that those allegations were made by one of its former employees, it being that particular fact which O.G. wished to publish.
There was credible evidence (in the shape of Sir Robert Armstrong’s affidavits; see paragraph 16 above) that the appearance of confidentiality was essential to the operation of the Security Service and that the efficient discharge of its duties would be impaired, with consequent danger to national security, if senior officers were known to be free to disclose what they had learned whilst employed by it.
Although this evidence remained to be tested at the substantive trial, the refusal of an interlocutory injunction would permit indirect publication and permanently deprive the Attorney General of his rights at the trial. Bearing in mind, inter alia, that the alleged unlawful activities had occurred some time in the past, there was, moreover, no compelling interest requiring publication immediately rather than after the trial.
One possibility, as mentioned, is that these ICs are not what they're claimed to be. Someone should take them out of equivalent devices, decap them, and publish some photos.
Another possibility is that they weren't just looking to destroy data, but also to sneak a peak at the data being destroyed. Scraping off a power IC might let them attach a power source, to turn on parts that were supposed to be off. Scraping off other ICs might get them access to I2C buses.
There's a huge leap between having access to pins and actually accessing data. Even talking to unknown i2c devices requires some experimentation. Even if there was a clear channel through which you could access data over i2c (I'm not aware of any consumer bulk storage device which makes data available over i2c), doing that covertly in a short period of time while giving pretences that you're destroying the device would be practically impossible. GCHQ employees aren't magicians.
I suppose it's possible that the guardian hid all the secret data in i2c eeprom chips which happened to be on their motherboard. "Possible" in the very remotest sense. You'd need to be pretty knowledgeable in digital electronics to even approach that successfully.
I suspect it's more likely that GCHQ have a list of ICs which can store data, and to be safe they are required to destroy them all.
That was my reaction too. Unlike other chips which at least sit on some data buses and theoretically have electrical access to the information being processed by the PC, _this_ device is attached to little other than a DC power lead.
To target this particular device as a data tap borders on science fiction. It's theoretically possible to glean bits of data from surges in power consumption, but not very practical.
I seem to recall a story where they put fake plans in the pocket of an army coat, which they put on a recently deceased person dressed in full military uniform (of military service age), and then strategically dumped it where they knew the germans would find it. Or maybe that was just a spy movie I watched.
> letter from Ernest Whitley Jones, joint general manager of Lloyds Bank,[7] demanding payment of an overdraft of £79 19s 2d (£79.96).
This amount of money seems incorrect. A £56 ring would cost £2000 today, thus a £79 overdraft would not be £79 today, or someone would not have a > £2000 overdraft.
Its not really odd, its a natural way to convert a quantity stated in three units that have no obvious relation even to each other to someone unfamiliar with the pre-decimal system into a quantity stated in a single unit.
Something similar happened in Cryptonomicon, certainly; in the section of the story where Detachment 2702 is 'widening the bell curve', there's the segment where they take the cook who died of a heart attack in the cold freezer (blond hair, mushroom, tattoo on his arm with a heart and the name "Griselda"), put him in the wet suit with the watch, and dump him in the ocean; they also pack a coffin full of meat from same freezer, nail it shut, and plaster it with biohazard stickers to ensure that it won't be opened.
Destroying those components would render the machine useless without external inputs and outputs, maybe their intention was simply just to disable the machine, executed in a rather odd manner.
My theory is that they were not destroying any kind of persistent data on these components like IC's; rather, destroying what/where/whom they might be able to identify or correspond with via serial numbers, dates, manufacturer, locations of where that component came from, etc.
At least for the components of which have no memory, volatile or not.
Both keyboard and trackpad controllers are microcontrollers with embedded flash, third chip (LT3957) says it is "programmable" in it's datasheet (although in this case it means that it's characteristics can be changed by values of external components, not that it contains any kind of non volatile memory).
Obviously, the easy answer is that theres somehow something that lets you record data in those components. On the other hand, you have to consider that perhaps those are components that they've known other groups (them selves included) to use to store data, so they want to ensure that they're destroyed. Perhaps they dont want any inadvertent leaks of the data to a third party?
No, the easy answer is that the same idiots run GCHQ that are employed in other government branches and they sent the trained equivalent of metalworkers to destroy these things, and they accordingly proceeded to hack into every computery looking piece.
I think this part gets lost in the cloak and dagger stories that dominate the media. No, the NSA and GCHQ have not revolutionized computing, they run the same shitty Java enterprise stuff designed by thieving contractors we all do. Just take a look at their hideous powerpoint presentations.
If I may speculate about why those ICs were destroyed, then I'd wager on, that the decision about which ICs to destroy was not made by an engineer, but by some overseeing manager who went through a number of PowerPoint slides (like they were leaked over the past year) and identified those as a threat, because those ICs have been mentioned for being an active part in data exfiltration.
Let me explain: What those ICs have in common is, that each of them bases their function on fast switching of voltages:
The keyboard controller IC rapidly (at several hundred kHz) switches voltage through the key matrix row-lines (addressing the row) so that on the column lines the voltage is read out and thereby telling if a key is pressed, hence making the connection.
The touchpad controller IC does the same, but not for reading out electrical connection made by keys, but the change of capacitance caused by a dielectric (=finger).
The voltage inverter IC is switching a voltage to drive an induction coil for a voltage converter.
Now the (often unwanted) side effect of switching voltages is, that they create electromagnetic waves, that radiate away. Unless you're building a radio transmitter you don't want that, as this is then EMI (electromagnetic interference). EMI is a big concern in the design of keyboard, touchpad and voltage conversion controller.
But for spooks the EMI caused by regular device operation can be a great covert channel to exfiltrate information. To the unwary it just looks like the regular, random EMI but a spy agency may know how to cleverly use it.
Now making use of keyboard row-column switching caused EMI to eavesdrop on user input is by no way something new. This kind of tempest attack is as old as it gets. You can nicely see on an oscilloscope when the controller begins reading out the keypad (there's some pause before) and every row switching produces a pulse; if there's a key pressed the pulse looks different; also the shape of the pulse depends on the amount of wire closing the circuit, so this gives you the key position on the row and column, thereby telling you which key is pressed. When voting computers were about to introduced in the Netherlands European hackers demonstrated, that the entry system of the machines used could be eavesdropped on by their EMI. Unless you got yourself a super EMI optimized keyboard on your computer, you're likely giving away your inputs by EMI.
The touchpanel controller is similar.
Now the inverter controller is interesting, because those normally drive a display's backlight, which is more or less independent from the data displayed on the display. But then the display brightness can be controlled by software! So by having a spy program run on the computer that modulates the display brightness with some data you want to exfiltrate you can make use of that channel. However the bitrate will not be very high; if I had to make an educated guess, I'd say about 100 Baud to 1 kBaud.
Anyway I think those techniques may have been presented or documented somewhere and a person without the technical understanding at GCHQ command thought those particular controllers would maybe hold some secrets or are something special, while in fact the really interesting stuff happened somewhere else. It's not even clear that the laptop computer had display modulating spyware installed. But that's what I was looking for on suspect computers first, because the keyboard and touch controllers are boring and their principal vulnerability to eavesdropping by EMI emission is well known.
The most likely explanation I think is that these extra chips are targeted for implantation as part of Tailored Access Operations, or the GCHQ equivalent.
When I was serving I always used to wonder why the Ministry of Defence never used to defend itself with a public spokesman about public allegations.
Now I know why - people are morons and no explanation will suffice. It is really not worth the time or resources to argue with people who have no primary experience of the subject they think they are qualified to argue about.
Just to be clear on this matter. The Guardian were given every option to return the classified material.[1]
In two tense meetings last June and July the cabinet secretary, Jeremy Heywood, explicitly warned the Guardian's editor, Alan Rusbridger, to return the Snowden documents.
>> At one point Heywood said: "We can do this nicely or we can go to law"
That is not intimidatory. It is exactly how I would expect a democratic institution to act. They didn't send in jackbooted armed personnel to shut down the editorial department. Two computer engineers arrived and oversaw classified material being destroyed. That's it.
It's about as intimidating as a police officer telling a suspect he can get in the car nicely or he can be handcuffed.
The Guardian were asked point blank in a Parliamentary Hearing - "Do you think the entire episode was a PR stunt?" and they said "No."
EDIT TO ADD: I love it :-) Voted down for publishing the story written by the Guardian about the entire incident.
ZenPro's comment is a very British way to look at government power, untethered to the limits that the U.S. Bill of Rights still imposes even in its weakened state.
> Two computer engineers arrived and oversaw classified material being destroyed. That's it.
Yes, but what if the Guardian had said: "Sorry, mates, we're we're not giving it to you. Cheers!"
That's when the few dozen agents waiting in the vans outside armed with semiautomatic rifles come in and seize the hardware with a slightly less polite approach.
Put another way, everyone who has read NSA/Snowden stories over the last 12 months -- at least the ones with leaked docs embedded -- possessed classified material. That's perhaps 10 million people in the UK alone. Should all of their hard drives be "destroyed" -- "that's it?"
Just because it happens to be law doesn't mean it's right, or just, or defensible.
I do not understand why the Guardien would ever give up the information voluntarily. If they believed they where acting in the public interest, returning the data voluntarily would be an admission of guilt. The UK was best served by retaining the information and holding the Government to account. Naturally the Government have a resposiubility to oppose the release of sensitive information. There is an inherent unavoidable conflict. But that does not mean that either side actually acted improperly.
>I do not understand why the Guardien would ever give up the information voluntarily.
Because they spent 15 seconds backing up the Snowden files on an anonymous Google Drive account and knew that GCHQ's attempts to destroy the files were futile? Or because they knew that Glenn Greenwald -- writing for them at the time -- was living in another hemisphere, had a full set of the files, and wasn't about to comply? Or because they didn't want to go to prison?
Pick your answer. Each is possible. Note I'm not faulting the Guardian here, just saying what some possibilities are.
In all of my defence of the intelligence community I have never disparaged the Guardian. They were just doing what a free press should do, and I value a free press. The Government were just doing what a Government should do.
When they went toe to toe The Guardian blinked first. When they did the whole process became mundane (in a security policy context).
EDIT: Downvoted for saying I agree with free press! :-) :-) I love this platform
[1] I never stipulated the law was defensible. Laws are weird like that though, we don't get to pick and choose which ones we feel like following that day because of how defensible we think they are.
[2]You have a very US way to look at Government. UK intelligence services have no powers of arrest and carry no weapons. We certainly would not send military forces into a civilian news office so we would, in line with UK and EU legislation, ask the police to intervene once a legal mandate had been proven.
The Guardian knew GCHQ had an airtight case, it is why they complied. No men in black with assault rifles were forthcoming. What would have happened is, the place would have been closed, a thorough audit of IT and Magnetic Media would have been conducted. Everything with anything classified on it would have been destroyed. The building reopened.
The Government was doing the the Guardian a favour by saying "Look, we only want these specific info dumps. Carry on business as normal, just give us these or we go to the law and take everything."
Exactly the same way a policemen might let you off with a caution if you are caught speeding and apologise. If you fight him, he impounds the car on the spot and uses the full extent of his legally provided powers. Do you honestly think two guys from GCHQ wanted to be standing in the Guardian on camera watching HDD's being grinded for hours??
The issue with cloud computing is separate and distinct from recovering a known quantity of classified information. I really am struggling to comprehend why people are failing to grasp this point.
Just because X quantity of classified material exists does not mean you can ignore N quantity that can be removed from circulation. Also, you have no evidence to support that the material destroyed at the Guardian HQ had been already released in full, had been copied or transmitted to another location. You have to take each incident on it's own merits. It is what you know to be the facts at the time, not what you hope to be the facts so you can avoid being diligent.
The problem is that your statement "That is not intimidatory. It is exactly how I would expect a democratic institution to act." could easily be interpreted as you saying exactly that. What happens is that two separate questions - whether the security individuals on the ground should have carried out the law as specified, and whether that law should exist in the first place - get conflated.
How I personally would expect a democratic institution to act is to not have these kinds of laws. Press freedom is a critical part of a properly functioning democracy, and I get sick of the state crying wolf with "it's threatening national security" (without, as far as I'm aware, a single instance of an actual national security issue arising from one of these stories ever being published) every time a journalist breaks a story that's embarrassing to them.
> The Guardian knew GCHQ had an airtight case, it is why they complied.
Debatable, given that there are no UK laws that permit the destruction of assets not owned by the Government.
The Guardian parties were not signatories to the OSA. RIPA has no stipulations on the destruction of tainted assets.
More likely the threat of seizure of a wide range of equipment and extended 'investigation' by the authorities would have been sufficiently disruptive to the Guardian's conduct of business that it was quicker and easier to comply.
The assets were owned by the Government. The minute they were used to store and/or transport classified information.
Exactly the same way a bank account becomes the property of the state if it is used to launder money or an item becomes the property of the state if it is seized for illegality.
As per the High Court ruling. Unless you know of a different High Court?...
Nuremberg - really? We are already moving towards comparing the destruction of laptops with the widespread genocide of ethnic minorities and Jews?
They are not following orders. They are following the law.
Intelligence Services are not the military and as such do not fall under the Armed Forces Act 2011 (Military Law) therefore your assertion of "orders" is incorrect.
Even if they did fall under it, any order not compatible with UK legislation would be legally bound to be ignored.
The were not following orders. They were following the our legal guidelines for the security of classified information in the UK.
If it is a HRA violation, feel free to raise it in court and state your case.
Some of the down voting here is really weird right now. It's not really worthwhile commenting so I've given up. If you have anything outside of a mainstream geek view you are toast on HN. Your comment is fine and adds information, so I can't understand why it's been down voted.
Because he's aggressively making the same claims in many threads, the discussions in those threads suggest that people have found fault in his arguments (e.g. they think he's misrepresenting the law).
Because of the way the threading works people are seeing his N repetitions of these claims, with rebuttals, before seeing this post, so naturally they're down-voting it.
In response to people aggressively stating the same false allegations.
1. Miranda was denied a lawyer.
>> False. He refused the lawyer after it was offered and confirmed it in his appeal and his subsequent account.
2. The Guardian accused the GCHQ of merely conducting a PR stunt.
>> False. Guardian admitted it was not a PR stunt.
3. No laws exist that pertain to the destruction of magnetic media holding classified data.
>> False. Too many statutes and policy papers to list *again*
4. No other countries have similar laws
>> False. Posters from Australia and the USA and Commercial organisations have confirmed it is exactly the same in their countries. Posters working with List X companies have confirmed the exact same legal environment.
5. I am a shill.
>> So false it is absurd. I disagreed with JTRIG, advocated free press and refuse to disparage the Guardian and wrote a lengthy article about questioning the intelligence services. I am so much of a shill I purposefully sabotaged my own shilling with a failed iAMA on Reddit and links to my own startup.
6. Intelligence Service had no right to detain Miranda
>> False as per the ruling of the High Court.
7. Intelligence Service had no right to seize magnetic media containing classified information.
>> False as per High Court ruling.
8. Intelligence Services were under orders. IE Nuremberg Argument.
>> False. Intelligence Services are not bound by the Military Act of 2011. They are not under orders.
9. Intelligence services would have sent gunmen into the Guardian to claim their property.
>> So false it is nearing Hollywood levels of nonsense.
10. I am anti-Snowden, pro-NSA
>> False. Never stated my leaning either way. Merely described the circumstances that lead to hard drives being destroyed.
11. I am a liar / Walter Mitty / fantasist etc
>> False. Served 8 years in military intelligence as an EW OP, Operations Analyst and then Counter Intelligence operator. Full reports and SC and NATO SC clearances with lapsed DV clearances. Regardless of accusations, I *know* my service record is genuine.
12. I have invented the law.
>> False. Consider for a second the absolute ludicrous nature of this thread. Just rationally consider it. It is highly likely that only one person on the thread (me) has *ever* been responsible for the destruction of magnetic media containing compromised material of classification. I wrote about it on Quora (verified by Marc and for Urban Times (credentials verified by the Editorial Team) and I have explained why it happened. I have not defended the law or advocated it, merely explained it. And there is an entire thread of people claiming that they know better and, brilliantly, some of them are not even British. The did a cursory Google search, did not read anything and decided I was lying.
The best part is a poster above actually linked to a document which word for word proved exactly what I had posted. He was using it as some sort of evidence I was lying! It was a baseline policy document directing you to the legislation of information breaches and destruction of IT...
If ever there was a thread evidencing the reasons against Democracy it is this one.
