This report just seems like a whitewash to try to blame an Internet company with no legal and (arguably) no ethical duty to monitor communications over its network for the collective repeated failings of the security services.
According to various reports in the serious media today, the security services had these two in their sights seven times before the attack. Some commenters also seem to be suggesting that surveillance was undermined, possibly as late as the day before the attack, by numerous procedural errors by those security services, though I haven't yet seen a specific citation of anywhere the ISC report itself states this.
In any case, why do we still pretend that it is plausible to monitor everything said on-line, correctly identify every genuine threat needle in the hyperbole haystack, and anticipate and prevent every small-scale, isolated violent attack by bad people?
While I would never make light of the loss to Lee Rigby and his family and friends, objectively this appears to have been an isolated incident with a single victim, given coverage out of all proportion by the media because someone said "terrorism". There were hundreds of murders in the UK last year, and I doubt the others were any less tragic for those affected, but we don't see David Cameron, Theresa May and Malcolm Rifkind calling for draconian state surveillance powers to avoid repeats of all the other killings.
You hold a very minority opinion. Personally I don't see a problem with this kind of monitoring, AND I would go further...
- There are many many young people on facebook. Every year a percentage of these innocents decide to kill themselves. I think facebook have a MORAL OBLIGATION to monitor all language used in facebook posts in order to ascertain potential suicide threats - which should then be reported to the appropriate authorities.
- Every year thousands of people die of hear attacks brought about by years of unhealthy living. It is facebooks MORAL RESPONSIBILITY to monitor the word density of posts, giving extra weight to words like 'pie', 'cake' and 'spachumnauzer' - These perpetrators should be reported to the relevant NHS department for immediate medically induced coma therapy[1]
- EVERY, SINGLE, YEAR, millions of illegal immigrants done come over to our country illegally, in order to steal our benefits. Facebooks continued lack of action in monitoring facebook photos for suspicious foreign looking persons in a job type role consists of MORAL CONSTIPATION on the part of Facebook. All foreign-ish photos should be vetted by the appropriate vets.
[1] study after study show people in comas are at a significantly lessenered risk of dying of heart attacks - I don't have the links right now, but believe me, they do!
> “The ISC is spinning the facts in an attempt to condemn US technology companies for not spying on their customers,” said Eric King, deputy director of Privacy International, the UK-based right to privacy charity. “Law enforcement should have powers to intercept and acquire communications when necessary, but deputising private companies to do it for them is not the right answer.
> “It is not appropriate for internet services — who handle some of our most private and sensitive correspondence — to be snooping through that data for the police, anymore than it would be for the postman to snoop through peoples' letters.”
I know BBC tries to remain neutral, but why is it that almost always when we see a post like this, that serves as a platform for UK government's propaganda, it seems to come from BBC?
Did a senior representative of Privacy International really just advocate a position where the only technically possible solution is to give governments the power to monitor everything and forcibly prohibit the use of any technology that would prevent that from being achieved? Surely that must have been taken out of context somehow.
For a platform for the "government's propaganda" the BBC report is prepared to voice some pretty blunt criticisms of it...
> Isabella Sankey, director of policy for Liberty, said: "The ISC shamefully spins the facts seeking to blame the communications companies for not doing the agencies' work for them."
> Executive director of the Open Rights Group, Jim Killock, said: "To pass the blame to internet companies is to use Fusilier Rigby's murder to make cheap political points."
The BBC doesn't try to be neutral, it tries to be "balanced", which in their view means giving equal time and weighting to both sides of an issue. It's lunacy.
>Cameron, still speaking in the Commons, says he does not believe it is acceptable that there should be internet communications that authorities are not permitted to intercept. The government should legislate on this, he adds.
Honestly, I'm rather angry. An innocent man hacked to death in the street, and the murder is being used by politicians to openly further the goals of the security services, who may have actually recruited the murderer. Cynical fucking bastards.
Authorities can in practice permit themselves to do anything they damn well want, I'm not under any illusions otherwise. But I want to do everything I can to try to make sure that neither they nor anyone else are able to perform mass surveillance - because I know damned well there is now no other way of stopping such grossly horrendous violations of everyone's inalienable rights to privacy. They lie routinely; they have no oversight, no accountability, no limits, no apologies, no truths, and absolutely no hope of reform inside a system that is not even prepared to acknowledge what it is doing is wrong, let alone stop it.
Talk is cheap, but I will state now that no legislation of any kind will stop me trying to develop, publish, advocate and deploy strong encryption and anti-surveillance techniques everywhere that I can: places where such techniques are illegal are uniformly the places that need it most. Maybe trying to bring a little more 'civil liberty through complex mathematics' is all I can do: but it's something.
Unfortunately we live in an age of idiocy where anyone will sell their soul for a smaller fee and less privacy. There's no winning against that so you have to deal with this from the inside of the enemy via "legitimate sabotage"
a) get into hiring positions in the government and hire the stupidest, least qualified and incompetent people you can get then quit and leave the projects in the shit.
b) spend money galore so it cant be used on anything else
c) leak insider information on the sly.
d) use the tools you built against the people who paid for them.
e) manipulate and shame other staff out of positions of power.
f) play people off against each other and create new rivalry which consumes all money and time.
I worked for the defence industry. This is how to break it.
The Lee Rigby inquest just happens to be coinciding with the government trying to push through their latest Snooper Charter of surveillance laws [1].
You don't even have to be particularly cynical to put two and two together...
It's pretty disgusting of the government to exploit Rigby's death by scapegoating the blame for not catching this guy - who was known to MI5 - on internet firms.
PS: Some claims neither need citation nor can possibly provide it. Are you seriously suggesting someone get a quote from David Cameron saying "I'm a sneaky bastard who's going to exploit this situation"?
EDIT: I just realised you may be referring to the "recruitment" part of that quote. Apparently MI5 tried to recruit one of the killers as an informant when he came back to England after being jailed in Kenya for trying to join a terrorist group. Here's a reference to the report [2] page 44-ish. It's all rumours as it's national security, ie. neither confirm nor deny, but there's usually no smoke without fire on these things...
"Furthermore, it highlights that the companies' embrace of complex encryption techniques is making it even harder for GCHQ to spot potential threats in the "204 million email messages, 100,000 tweets and a million Facebook posts" sent every minute."
You mean just like it is hard to spot potential threats in physical mouth to ear communications?
Why is it okay to look at internet data for threats but not okay to put listening devices on every person? Seems like it's the same flow of data coming in either way.
By that line of reasoning, coffee shops should start employing security staff at each table, listening for patrons plotting terrorist attacks, schools should ensure each classroom has adequate staff to interecept notes between students to look out for signs of radicalisation, and companies should place cameras and microphones throughout their premises to monitor for any dissenting behaviour. Monitor everything. Record everything. Just in case.
I don't know what you mean by "step 1", but coffee shop employees do not routinely monitor all conversations just in case there's something illegal going on.
Only in airports. Oh and last time I was in Boston, the subway had that message playing at intervals. Up here in New Hampshire we mind our own business - or at least pretend to ;)
Nothing should, you can't possibly know what they actually mean and you have no context. They might be writing a movie script. They might be CIA. They might be messing with you.
I'm not sure what you mean by Step 1, however what you're suggesting is more akin to an engineer at a SaaS provider carrying out maintenance or debugging a fault and stumbling across something suspicious. What's being suggesting is active monitoring of every communication.
Great, another terrorist attack used to justify restricting freedom and privacy
The report seems surprised that Facebook failed to hand the guy over to the authorities because he said he wanted to kill a soldier online. They'd be reporting half the teenagers in the world if they were forced to do so
> Great, another terrorist attack used to justify restricting freedom and privacy
The way things stand, I agree that there's currently a big rush in the UK to approve wider snooping laws
> The report seems surprised that Facebook failed to hand the guy over to the authorities because he said he wanted to kill a soldier online.
Facebook had already taken down several of his accounts because they were deemed offensive and used to spread terror stuff (videos/hate speech). The ISC report says Facebook took the content offline and didn't forward the matter to the authorities.
Furthermore, I wonder how many threats to police officers are happening right now on facebook due to a controversial grand jury decision that happened very recently. Do we want to investigate and/or arrest all those people? ....granted, I'm sure at least one of them is real.
> Facebook is the internet company that could have passed on information about Adebowale but failed to do so, the Telegraph has learnt.
> The ISC describes the internet firm’s policy of not policing its own website as “unacceptable” and accuses the firm of “providing a safe haven for terrorists”.
The full report[1] has a number of interesting details about how the UK intelligence agencies monitor people.
The "DIFFICULTIES ACCESSING COMMUNICATIONS CONTENT" section, from p139, mentions things like how GCHQ monitors backbone traffic.
It's clear that if the UK have evidence of someone breaking the law then there are options available.
What they're complaining about are suspects who are just being monitored as "suspicious".
But even if they'd wanted to ask e.g. Yahoo to monitor the suspects, I can't see how that would have operated. Obviously UK ISPs can identify and monitor specific people (or at least their home/mobile internet). But remote services can't tie things back to an individual[2].
Really they seem to be suggesting that anyone running a large internet service proactively monitor everything for "terrorism" and notify the relevant international authorities when this happens. From the report:
We note that several of the companies ascribed their failure to review suspicious
content to the volume of material on their systems. Whilst there may be practical
difficulties involved, the companies should accept they have a responsibility to notify
the relevant authorities when an automatic trigger indicating terrorism is activated
and allow the authorities, whether US or UK, to take the next step. We further note
that several of the companies attributed the lack of monitoring to the need to protect
their users’ privacy. However, where there is a possibility that a terrorist atrocity is
being planned, that argument should not be allowed to prevail.
I find it hard to believe that anyone technical is suggesting this!
The MPs on the committee might not understand how impractical it is but what about the people from GCHQ who were suggesting this? Either they seriously think this is a good ide, or they're just trying to get more ammunition for increased monitoring powers within the UK.
[2] I suppose they could use the IP address, if GCHQ did the cross referencing for changing NAT etc. But that would be impractical for some ISPs where the IP changes regularly.
The key pages of the full report relevant to the US providers believed to include Facebook are 127-133.
Some of the statements it makes are much more modest than the politicised responses; others a fair bit more dubious.... either way I think the below are more interesting talking points than the original article...
(i) They believe multiple accounts were closed by the service providers themselves due to "terrorist content", so they believe the service providers are failing in an assumed duty to share information with UK intelligence services more than an assumed duty to scan the content.
(ii) Some [likely US] providers did share details directly with UK intelligence after the fact whilst others were achieved indirectly via a [presumably US] "partner agency".
(iii) The "partner agency" didn't share everything that was possible to share either, which [unlike the computer service providers] GCHQ apparently considers normal and acceptable given their "resource constraints".
(iv) The report claim that Adebowale "obviously" had a "number of accounts" with the service provider the media are claiming to be Facebook, some of which were closed down "because they hit triggers which we believe were related to their criteria for closing things down on the basis of terrorist content". Which suggests either the provider in question wasn't Facebook, or that the report authors have a serious lack of understanding either of what a Facebook account is or what Facebook's policy on an individual having several accounts is.
(v) GCHQ suggests that an account with the text "let's kill a soldier" should have triggered algorithms detecting potential terrorist content, which implies they believe that [allegedly] Facebook could or should have algorithms that can parse sentences containing trigger words that happen to be extremely common, rather than simple blacklists and flagging functionality.
[2] I suppose they could use the IP address, if GCHQ did the cross referencing for changing NAT etc. But that would be impractical for some ISPs where the IP changes regularly.
It's not clear what those proposals really mean. But even if Vodafone were sending a constant stream of IP->subscriber mappings to GCHQ then GCHQ would have to send them on to Facebook/Google/Yahoo etc. in close to real time in order to get what they're after.
Please, as if the ISC could deal with the insane amount of false alarms it would get.
This[1] would happen multiple times a day because nobody can tell the different between a joke & a real threat... except teenagers and people who "get it".
Well when you put it that way, it would be pretty entertaining! Maybe FB should just filter ISC workers and their families and report to them everything that might be construed as a threat.
If the security services are seriously suggesting that Facebook should be doing their job for them it doesn't speak too highly of any special competencies and clearances of the security services themselves. If they think this kind of thing can and should be done by the IT industry they have just made the argument for outsourcing themselves to India. Not spectacularly intelligent.
Until we actively have thought reading, you can't know what people mean when they say or write something unless you investigate every potential reference to something terroristy. No one has enough money or manpower to do that.
I seem to recall reading about various covert operations using advertising in the International Herald Tribune and their "command-and-control network". Anyone think the BBC would want to publish criticisms of journalism?
According to various reports in the serious media today, the security services had these two in their sights seven times before the attack. Some commenters also seem to be suggesting that surveillance was undermined, possibly as late as the day before the attack, by numerous procedural errors by those security services, though I haven't yet seen a specific citation of anywhere the ISC report itself states this.
In any case, why do we still pretend that it is plausible to monitor everything said on-line, correctly identify every genuine threat needle in the hyperbole haystack, and anticipate and prevent every small-scale, isolated violent attack by bad people?
While I would never make light of the loss to Lee Rigby and his family and friends, objectively this appears to have been an isolated incident with a single victim, given coverage out of all proportion by the media because someone said "terrorism". There were hundreds of murders in the UK last year, and I doubt the others were any less tragic for those affected, but we don't see David Cameron, Theresa May and Malcolm Rifkind calling for draconian state surveillance powers to avoid repeats of all the other killings.