Feeds

Echelon discoverer gives masterclass in paranoia

You won't like him much, but he's the real deal

  • alert
  • submit to reddit

Gartner critical capabilities for enterprise endpoint backup

At a recent conference for UK journalists explaining the full ins and outs of the RIP Act and what that means for our profession, leading investigative journalist Duncan Campbell gave a talk about the nastier side of governments.

You may know Duncan Campbell as one of the men behind the publicising of GCHQ, Echelon and other government-backed spying activities. He's a funny man - gaunt, bespeckled and geeky looking - but if one person is in a position to tell you what it's really like to be investigated by the security services, Duncan is he.

Perhaps surprisingly, Duncan is fairly unconcerned about the effect that the RIP Act (or RIPA, pronounced "ripper" in the Home Office, quipped another speaker) will have. "Don't lose sleep over it," he told us. "I don't think - even in the medium to long-term - that it is a great threat to most stories." The main threat of RIPA will be after the event (i.e. publication of a story) when the police will pop round, take away PCs/files, and work backwards to discover sources of leaks. (The list of priorities runs as follows: protect sources, protect story, protect yourself, protect long-term journalistic interests.)

For a man variously described as "paranoid" and "mad" by ex-colleagues, he was realistic about the risks faced by most journalists. Going through the various state-funded spying rackets - Carnivore (US), Echelon (US, UK, Australia, Canada, New Zealand), GCHQ (UK), the Russian station at Lourdes, Cuba, GTAC (doing the Web traffic monitoring in the UK), FRENCHELON (Campbell's tag for the listening station at Domme, near Bordeaux, run by France's DGSE security service) - he nevertheless pointed out that these "exotic" systems are for the most part uninterested in journalists.

Security in the software sense is useless if not taken as part of an overall mentality, he explained. The aim is to create as much security as is needed for each assignment. After all, does it really matter if the US government knows what is written in an article if that article is published four hours later? The aim is to create a suitable level of privacy. He illustrated his point with reference to a collaborator in New Zealand - Nicky - who apparently did most of the work on the Echelon investigation. Nicky doesn't bother to lock his door or build a huge amount of added security around his house because he knows that if the government wishes to know what is on the computer it can, at any time, encrypted or not. But when in conversation with Nicky, Duncan and he build up a "reasonable level of privacy" beforehand.

Duncan is also clear on the latest security technology. "You should all have PGP and should encourage others to use it. The aim is to provide reassurance. But some of the latest security is too complex - I had access to PGP for most of the 90s but only started using it when it became simpler [to use]."

The RIP Act will really only empower the police, domestic security and foreign governments/intelligence agencies, he said, and they are unlikely to be interested or proactive in chasing anyone but terrorists, drug smugglers and the like. The real threat lies with large corporations and multinationals that can afford to buy in intelligence skills, lawyers and forensics. And recent cases would appear to back up the feeling that it is the international mammoth companies that are the ones most guilty of abusing civil rights.

Duncan Campbell threw a few more entertaining but legally red-hot stories in the mix before wrapping up with an example of when he felt "we really saw the power of Echelon in action".

Duncan was involved in the publication of some highly classified documentation on the Net, the story goes. The relevant authorities knew the document had gone missing and were on the lookout. It was published in an obscure part of a US site specialising in this sort of thing - www.cryptome.org - and visits to that part of the site were tracked. Duncan then discussed the position of the file over a cellphone while in the States. Within minutes, he claims, the page received a number of hits from a US government agency.

Unfortunately, the logs were knocked about because of a conflicting piece of software blocking unwelcome visitors and so proof was lost. An example of Echelon at work? Or a dramatic end to an interesting talk? That's the beauty of this hi-tech paranoia - you just never know. ®

Boost IT visibility and business value

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Fast And Furious 6 cammer thrown in slammer for nearly three years
Man jailed for dodgy cinema recording of Hollywood movie
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
Primetime precrime? Minority Report TV series 'being developed'
I have to know. I have to find out what happened to my life
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?