Feeds

Echelon discoverer gives masterclass in paranoia

You won't like him much, but he's the real deal

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

At a recent conference for UK journalists explaining the full ins and outs of the RIP Act and what that means for our profession, leading investigative journalist Duncan Campbell gave a talk about the nastier side of governments.

You may know Duncan Campbell as one of the men behind the publicising of GCHQ, Echelon and other government-backed spying activities. He's a funny man - gaunt, bespeckled and geeky looking - but if one person is in a position to tell you what it's really like to be investigated by the security services, Duncan is he.

Perhaps surprisingly, Duncan is fairly unconcerned about the effect that the RIP Act (or RIPA, pronounced "ripper" in the Home Office, quipped another speaker) will have. "Don't lose sleep over it," he told us. "I don't think - even in the medium to long-term - that it is a great threat to most stories." The main threat of RIPA will be after the event (i.e. publication of a story) when the police will pop round, take away PCs/files, and work backwards to discover sources of leaks. (The list of priorities runs as follows: protect sources, protect story, protect yourself, protect long-term journalistic interests.)

For a man variously described as "paranoid" and "mad" by ex-colleagues, he was realistic about the risks faced by most journalists. Going through the various state-funded spying rackets - Carnivore (US), Echelon (US, UK, Australia, Canada, New Zealand), GCHQ (UK), the Russian station at Lourdes, Cuba, GTAC (doing the Web traffic monitoring in the UK), FRENCHELON (Campbell's tag for the listening station at Domme, near Bordeaux, run by France's DGSE security service) - he nevertheless pointed out that these "exotic" systems are for the most part uninterested in journalists.

Security in the software sense is useless if not taken as part of an overall mentality, he explained. The aim is to create as much security as is needed for each assignment. After all, does it really matter if the US government knows what is written in an article if that article is published four hours later? The aim is to create a suitable level of privacy. He illustrated his point with reference to a collaborator in New Zealand - Nicky - who apparently did most of the work on the Echelon investigation. Nicky doesn't bother to lock his door or build a huge amount of added security around his house because he knows that if the government wishes to know what is on the computer it can, at any time, encrypted or not. But when in conversation with Nicky, Duncan and he build up a "reasonable level of privacy" beforehand.

Duncan is also clear on the latest security technology. "You should all have PGP and should encourage others to use it. The aim is to provide reassurance. But some of the latest security is too complex - I had access to PGP for most of the 90s but only started using it when it became simpler [to use]."

The RIP Act will really only empower the police, domestic security and foreign governments/intelligence agencies, he said, and they are unlikely to be interested or proactive in chasing anyone but terrorists, drug smugglers and the like. The real threat lies with large corporations and multinationals that can afford to buy in intelligence skills, lawyers and forensics. And recent cases would appear to back up the feeling that it is the international mammoth companies that are the ones most guilty of abusing civil rights.

Duncan Campbell threw a few more entertaining but legally red-hot stories in the mix before wrapping up with an example of when he felt "we really saw the power of Echelon in action".

Duncan was involved in the publication of some highly classified documentation on the Net, the story goes. The relevant authorities knew the document had gone missing and were on the lookout. It was published in an obscure part of a US site specialising in this sort of thing - www.cryptome.org - and visits to that part of the site were tracked. Duncan then discussed the position of the file over a cellphone while in the States. Within minutes, he claims, the page received a number of hits from a US government agency.

Unfortunately, the logs were knocked about because of a conflicting piece of software blocking unwelcome visitors and so proof was lost. An example of Echelon at work? Or a dramatic end to an interesting talk? That's the beauty of this hi-tech paranoia - you just never know. ®

Security for virtualized datacentres

More from The Register

next story
Hey, Scots. Microsoft's Bing thinks you'll vote NO to independence
World's top Google-finding website calls it for the UK
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
OECD lashes out at tax avoiding globocorps' location-flipping antics
You hear that, Amazon, Google, Microsoft et al?
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.