Feeds

Echelon discoverer gives masterclass in paranoia

You won't like him much, but he's the real deal

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

At a recent conference for UK journalists explaining the full ins and outs of the RIP Act and what that means for our profession, leading investigative journalist Duncan Campbell gave a talk about the nastier side of governments.

You may know Duncan Campbell as one of the men behind the publicising of GCHQ, Echelon and other government-backed spying activities. He's a funny man - gaunt, bespeckled and geeky looking - but if one person is in a position to tell you what it's really like to be investigated by the security services, Duncan is he.

Perhaps surprisingly, Duncan is fairly unconcerned about the effect that the RIP Act (or RIPA, pronounced "ripper" in the Home Office, quipped another speaker) will have. "Don't lose sleep over it," he told us. "I don't think - even in the medium to long-term - that it is a great threat to most stories." The main threat of RIPA will be after the event (i.e. publication of a story) when the police will pop round, take away PCs/files, and work backwards to discover sources of leaks. (The list of priorities runs as follows: protect sources, protect story, protect yourself, protect long-term journalistic interests.)

For a man variously described as "paranoid" and "mad" by ex-colleagues, he was realistic about the risks faced by most journalists. Going through the various state-funded spying rackets - Carnivore (US), Echelon (US, UK, Australia, Canada, New Zealand), GCHQ (UK), the Russian station at Lourdes, Cuba, GTAC (doing the Web traffic monitoring in the UK), FRENCHELON (Campbell's tag for the listening station at Domme, near Bordeaux, run by France's DGSE security service) - he nevertheless pointed out that these "exotic" systems are for the most part uninterested in journalists.

Security in the software sense is useless if not taken as part of an overall mentality, he explained. The aim is to create as much security as is needed for each assignment. After all, does it really matter if the US government knows what is written in an article if that article is published four hours later? The aim is to create a suitable level of privacy. He illustrated his point with reference to a collaborator in New Zealand - Nicky - who apparently did most of the work on the Echelon investigation. Nicky doesn't bother to lock his door or build a huge amount of added security around his house because he knows that if the government wishes to know what is on the computer it can, at any time, encrypted or not. But when in conversation with Nicky, Duncan and he build up a "reasonable level of privacy" beforehand.

Duncan is also clear on the latest security technology. "You should all have PGP and should encourage others to use it. The aim is to provide reassurance. But some of the latest security is too complex - I had access to PGP for most of the 90s but only started using it when it became simpler [to use]."

The RIP Act will really only empower the police, domestic security and foreign governments/intelligence agencies, he said, and they are unlikely to be interested or proactive in chasing anyone but terrorists, drug smugglers and the like. The real threat lies with large corporations and multinationals that can afford to buy in intelligence skills, lawyers and forensics. And recent cases would appear to back up the feeling that it is the international mammoth companies that are the ones most guilty of abusing civil rights.

Duncan Campbell threw a few more entertaining but legally red-hot stories in the mix before wrapping up with an example of when he felt "we really saw the power of Echelon in action".

Duncan was involved in the publication of some highly classified documentation on the Net, the story goes. The relevant authorities knew the document had gone missing and were on the lookout. It was published in an obscure part of a US site specialising in this sort of thing - www.cryptome.org - and visits to that part of the site were tracked. Duncan then discussed the position of the file over a cellphone while in the States. Within minutes, he claims, the page received a number of hits from a US government agency.

Unfortunately, the logs were knocked about because of a conflicting piece of software blocking unwelcome visitors and so proof was lost. An example of Echelon at work? Or a dramatic end to an interesting talk? That's the beauty of this hi-tech paranoia - you just never know. ®

Top three mobile application threats

More from The Register

next story
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Bose says today is F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.