Feeds

Echelon discoverer gives masterclass in paranoia

You won't like him much, but he's the real deal

  • alert
  • submit to reddit

Application security programs and practises

At a recent conference for UK journalists explaining the full ins and outs of the RIP Act and what that means for our profession, leading investigative journalist Duncan Campbell gave a talk about the nastier side of governments.

You may know Duncan Campbell as one of the men behind the publicising of GCHQ, Echelon and other government-backed spying activities. He's a funny man - gaunt, bespeckled and geeky looking - but if one person is in a position to tell you what it's really like to be investigated by the security services, Duncan is he.

Perhaps surprisingly, Duncan is fairly unconcerned about the effect that the RIP Act (or RIPA, pronounced "ripper" in the Home Office, quipped another speaker) will have. "Don't lose sleep over it," he told us. "I don't think - even in the medium to long-term - that it is a great threat to most stories." The main threat of RIPA will be after the event (i.e. publication of a story) when the police will pop round, take away PCs/files, and work backwards to discover sources of leaks. (The list of priorities runs as follows: protect sources, protect story, protect yourself, protect long-term journalistic interests.)

For a man variously described as "paranoid" and "mad" by ex-colleagues, he was realistic about the risks faced by most journalists. Going through the various state-funded spying rackets - Carnivore (US), Echelon (US, UK, Australia, Canada, New Zealand), GCHQ (UK), the Russian station at Lourdes, Cuba, GTAC (doing the Web traffic monitoring in the UK), FRENCHELON (Campbell's tag for the listening station at Domme, near Bordeaux, run by France's DGSE security service) - he nevertheless pointed out that these "exotic" systems are for the most part uninterested in journalists.

Security in the software sense is useless if not taken as part of an overall mentality, he explained. The aim is to create as much security as is needed for each assignment. After all, does it really matter if the US government knows what is written in an article if that article is published four hours later? The aim is to create a suitable level of privacy. He illustrated his point with reference to a collaborator in New Zealand - Nicky - who apparently did most of the work on the Echelon investigation. Nicky doesn't bother to lock his door or build a huge amount of added security around his house because he knows that if the government wishes to know what is on the computer it can, at any time, encrypted or not. But when in conversation with Nicky, Duncan and he build up a "reasonable level of privacy" beforehand.

Duncan is also clear on the latest security technology. "You should all have PGP and should encourage others to use it. The aim is to provide reassurance. But some of the latest security is too complex - I had access to PGP for most of the 90s but only started using it when it became simpler [to use]."

The RIP Act will really only empower the police, domestic security and foreign governments/intelligence agencies, he said, and they are unlikely to be interested or proactive in chasing anyone but terrorists, drug smugglers and the like. The real threat lies with large corporations and multinationals that can afford to buy in intelligence skills, lawyers and forensics. And recent cases would appear to back up the feeling that it is the international mammoth companies that are the ones most guilty of abusing civil rights.

Duncan Campbell threw a few more entertaining but legally red-hot stories in the mix before wrapping up with an example of when he felt "we really saw the power of Echelon in action".

Duncan was involved in the publication of some highly classified documentation on the Net, the story goes. The relevant authorities knew the document had gone missing and were on the lookout. It was published in an obscure part of a US site specialising in this sort of thing - www.cryptome.org - and visits to that part of the site were tracked. Duncan then discussed the position of the file over a cellphone while in the States. Within minutes, he claims, the page received a number of hits from a US government agency.

Unfortunately, the logs were knocked about because of a conflicting piece of software blocking unwelcome visitors and so proof was lost. An example of Echelon at work? Or a dramatic end to an interesting talk? That's the beauty of this hi-tech paranoia - you just never know. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
Want to beat Verizon's slow Netflix? Get a VPN
Exec finds stream speed climbs when smuggled out
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.