recentpopularlog in

GCHQ

« earlier   
Give Up the Ghost: A Backdoor by Another Name | Just Security
Now that GCHQ have asked for this, I suspect plenty of other government bodies around the world will be looking for similar.
They’re talking about adding a “feature” that would require the user’s device to selectively lie about whether it’s even employing end-to-end encryption, or whether it’s leaking the conversation content to a third (secret) party. Is the security code displayed by your device a mathematical representation of the two keys involved, or is it a straight-up lie? Furthermore, what’s to guarantee that the method used by governments to insert the “ghost” key into a conversation without alerting the users won’t be exploited by bad actors?

Despite the GCHQ authors’ claim, the ghost will require vendors to disable the very features that give our communications systems their security guarantees in a way that fundamentally changes the trust relationship between a service provider and its users. Software and hardware companies will never be able to convincingly claim that they are being honest about what their applications and tools are doing, and users will have no good reason to believe them if they try.

And, as we’ve seen already seen, GCHQ will not be the only agency in the world demanding such extraordinary access to billions of users’ software. Australia was quick to follow the UK’s lead, and we can expect to see similar demands, from Brazil and the European Union to Russia and China. (Note that this proposal would be unconstitutional were it proposed in the United States, which has strong protections against governments forcing actors to speak or lie on its behalf.)
We must reject GCHQ’s newest “ghost” proposal for what it is: a mandated encryption backdoor that weakens the security properties of encrypted messaging systems and fundamentally compromises user trust.
crypto  ghost  gchq  security  backdoors  uk 
11 days ago by jm
Give Up the Ghost: A Backdoor by Another Name
Despite the GCHQ authors’ claim, the ghost will require vendors to disable the very features that give our communications systems their security guarantees in a way that fundamentally changes the trust relationship between a service provider and its users. Software and hardware companies will never be able to convincingly claim that they are being honest about what their applications and tools are doing, and users will have no good reason to believe them if they try.

And, as we’ve seen already seen, GCHQ will not be the only agency in the world demanding such extraordinary access to billions of users’ software. Australia was quick to follow the UK’s lead, and we can expect to see similar demands, from Brazil and the European Union to Russia and China. (Note that this proposal would be unconstitutional were it proposed in the United States, which has strong protections against governments forcing actors to speak or lie on its behalf.)
by:NateCardozo  from:JustSecurity  surveillance  GCHQ  politics  crypto  CryptoWars2 
12 days ago by owenblacker
GCHQ boosts powers to launch mass data hacking | UK news | The Guardian
Ben Wallace, the security minister, said Britain’s intelligence agencies would greatly increase their use of ‘equipment interference’.Photograph: Tom…
security  privacy  society  gchq 
19 days ago by lorenzo
UK refusal to cooperate with Belgian hacking inquiry condemned
For at least two years ending in 2013, the British intelligence service was probably spying within the state-owned company’s networks on the instruction of UK ministers, according to leaks from a judicial inquiry presented to Belgium’s national security council this week.

When asked by the Belgian federal prosecutor’s office to cooperate with the investigation into the alleged hacking, the UK Home Office is said to have refused, claiming: “The United Kingdom believes that this could jeopardise our sovereignty, security and public order.”

According to the Belgian newspaper De Standaard, the prosecutor’s office regarded the response as “exceptional between EU states, and something that could lead to a diplomatic incident”.
by:DanielBoffey  from:TheGuardian  surveillance  geo:UnitedKingdom  geo:Belgium  GCHQ 
12 weeks ago by owenblacker
Tech companies targeted in mission to develop new spy tools
SEPTEMBER 24, 2018 | Financial Times | David Bond, Security Editor.

an £85m venture capital fund backed by intelligence chiefs. The National Security Strategic Investment Fund (NSSIF) was announced by chancellor Philip Hammond in last year’s budget to boost investment in the UK’s security technology sector.

This week, the government-owned British Business Bank, which is running the fund, will begin to encourage private fund managers to promote the programme with a view to raising additional money from fund managers and private investors.

It is thought to be the first time the UK’s main intelligence and security agencies, led by the foreign intelligence service MI6, have actively looked to invest in the private sector....To guide companies considering applying for funding, the government has set out 11 “technology areas” that are of greatest interest to the UK national security community, which also includes the domestic security service MI5, digital and signals intelligence agency GCHQ and the National Crime Agency.

These include data analytics and artificial intelligence, technologies to track financial information and new computing tools that highlight or obscure identifying information about individuals and groups.....Warner said last week there was nevertheless “an aversion among civil servants to working with start-ups for fear they will fail”.

Writing in the Telegraph, Mr Warner added: “Singapore and Norway have shown it is possible for governments to act more like venture capitalists, using sovereign wealth funds to back innovative new players.”
GCHQ  MI5  MI6  security_&_intelligence  technology  tools  United_Kingdom  venture_capital  InQtel 
september 2018 by jerryking
We ask the Home Secretary why UK intelligence agencies have unlawfully analysed PI's data | Privacy International
ing intelligence agency, MI5, today admitted that it captured and read Privacy International's private data as part of its Bulk Communications Data (BCD) and Bulk Personal Datasets (BPD) programmes, which hoover up massive amounts of the public's data. In further startling legal disclosures, all three of the UK's primary intelligence agencies - GCHQ, MI5, and MI6 - also admitted that they unlawfully gathered data about Privacy International or its staff. You can read the full press release here.

We have therefore written to the Home Secretary, Sajid Javid MP, to ask him to:

Confirm what changes he will make to the Investigatory Powers Act as a result of last week's ECHR judgement;

Instruct the security and intelligence agencies to provide to our Counsel and ourselves a full explanation as to why the agencies unlawfully held and analysed PI's data; and
privacyinternational  m15  m16  gchq  uk  snooperscharter  hjd 
september 2018 by osi_info_program
Exclusive: Britain says Huawei 'shortcomings' expose new telecom networks risks
HCSEC is discussing questions about the use of third-party software with Huawei, he added, with the aim of finding a "strategic fix" for the problem." // ie vendor H is squorging all sorts of rot into their product and it's impossible to follow up where it came from
huawei  gchq  cesg  security  nfv  ovum 
august 2018 by yorksranter

Copy this bookmark:





to read