Feeds

Echelon discoverer gives masterclass in paranoia

You won't like him much, but he's the real deal

  • alert
  • submit to reddit

3 Big data security analytics techniques

At a recent conference for UK journalists explaining the full ins and outs of the RIP Act and what that means for our profession, leading investigative journalist Duncan Campbell gave a talk about the nastier side of governments.

You may know Duncan Campbell as one of the men behind the publicising of GCHQ, Echelon and other government-backed spying activities. He's a funny man - gaunt, bespeckled and geeky looking - but if one person is in a position to tell you what it's really like to be investigated by the security services, Duncan is he.

Perhaps surprisingly, Duncan is fairly unconcerned about the effect that the RIP Act (or RIPA, pronounced "ripper" in the Home Office, quipped another speaker) will have. "Don't lose sleep over it," he told us. "I don't think - even in the medium to long-term - that it is a great threat to most stories." The main threat of RIPA will be after the event (i.e. publication of a story) when the police will pop round, take away PCs/files, and work backwards to discover sources of leaks. (The list of priorities runs as follows: protect sources, protect story, protect yourself, protect long-term journalistic interests.)

For a man variously described as "paranoid" and "mad" by ex-colleagues, he was realistic about the risks faced by most journalists. Going through the various state-funded spying rackets - Carnivore (US), Echelon (US, UK, Australia, Canada, New Zealand), GCHQ (UK), the Russian station at Lourdes, Cuba, GTAC (doing the Web traffic monitoring in the UK), FRENCHELON (Campbell's tag for the listening station at Domme, near Bordeaux, run by France's DGSE security service) - he nevertheless pointed out that these "exotic" systems are for the most part uninterested in journalists.

Security in the software sense is useless if not taken as part of an overall mentality, he explained. The aim is to create as much security as is needed for each assignment. After all, does it really matter if the US government knows what is written in an article if that article is published four hours later? The aim is to create a suitable level of privacy. He illustrated his point with reference to a collaborator in New Zealand - Nicky - who apparently did most of the work on the Echelon investigation. Nicky doesn't bother to lock his door or build a huge amount of added security around his house because he knows that if the government wishes to know what is on the computer it can, at any time, encrypted or not. But when in conversation with Nicky, Duncan and he build up a "reasonable level of privacy" beforehand.

Duncan is also clear on the latest security technology. "You should all have PGP and should encourage others to use it. The aim is to provide reassurance. But some of the latest security is too complex - I had access to PGP for most of the 90s but only started using it when it became simpler [to use]."

The RIP Act will really only empower the police, domestic security and foreign governments/intelligence agencies, he said, and they are unlikely to be interested or proactive in chasing anyone but terrorists, drug smugglers and the like. The real threat lies with large corporations and multinationals that can afford to buy in intelligence skills, lawyers and forensics. And recent cases would appear to back up the feeling that it is the international mammoth companies that are the ones most guilty of abusing civil rights.

Duncan Campbell threw a few more entertaining but legally red-hot stories in the mix before wrapping up with an example of when he felt "we really saw the power of Echelon in action".

Duncan was involved in the publication of some highly classified documentation on the Net, the story goes. The relevant authorities knew the document had gone missing and were on the lookout. It was published in an obscure part of a US site specialising in this sort of thing - www.cryptome.org - and visits to that part of the site were tracked. Duncan then discussed the position of the file over a cellphone while in the States. Within minutes, he claims, the page received a number of hits from a US government agency.

Unfortunately, the logs were knocked about because of a conflicting piece of software blocking unwelcome visitors and so proof was lost. An example of Echelon at work? Or a dramatic end to an interesting talk? That's the beauty of this hi-tech paranoia - you just never know. ®

Top three mobile application threats

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
Intel sees 'signs of improvement in the PC business' but earnings remain 'Meh...'
Prospects for the future, however, please Wall Street money men
What's a right pain in the ASCII for IBM? Its own leech-like hardware biz
Keep your eyes on our cloud while we remove this pesky thing, say execs
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.