Feeds

EC wants to suppress internet bomb-making guides

Eurocrats, terrorists vie for techno-dunce supremacy

Combat fraud and increase customer satisfaction

The European Commission (EC) has announced plans to frustrate terrorism by suppressing online guides on bomb-making.

"It should simply not be possible to leave people free to instruct other people on the internet on how to make a bomb – that has nothing to do with freedom of expression," EC vice president Franco Frattini said yesterday.

Mr Frattini is "responsible for Freedom, Security and Justice."

When asked how the EC planned to suppress web bomb manufacture instructions hosted outside EU borders, it appeared that officials planned to act at the level of ISPs in Europe.

The Times quoted a commission spokesman as saying: "You always need a provider here that gives you access to websites. They can decide technically which websites to allow. Otherwise, how would China block internet sites? There are no technological obstacles, only legal ones."

According to the Telegraph's Brussels correspondent, "internet service providers would face charges if they failed to block websites with bomb-making instructions".

Mr Frattini and his EC subordinates appeared to have no plans for dealing with bomb instructions sent via email, browsed over encrypted relays such as Tor, sent by post, or physically transported. Nor did his plan offer any serious chance of websites being blocked at hundreds of ISPs in time to prevent full details being obtained by anyone who wanted them. Nor did it take account of the speed with which controversial information can be - and usually is - mirrored.

If the UK papers' reports are correct, Frattini and his advisors are fantastically ignorant of internet realities. The timing of the announcements seemed to respond with recent comically inept terror attempts in London and Glasgow. Given that those involved had clearly failed to do any internet research whatsoever before mounting their addled and ineffectual campaign, Mr Frattini's outburst yesterday wasn't just ignorant, but irrelevant too.

Anyone with even very basic net savvy is going to be able to get bomb-making instructions despite the laws Mr Frattini tries to push through this autumn. Even total web dolts with contacts outside the EU will be able to get information forwarded to them. A dunce's cap, please, for Frattini and the EC Freedom, Security and Justice apparat. Off to the corner with them.

A rather more crafty - if still, ultimately, doomed - strategy has been seen in recent times. Dame Stella Rimington, head of MI5* in the 1990s, penned spy novel At Risk after she retired. In it, Muslim terrorists seeking revenge for a murderous US air attack in Afghanistan (how balanced) manufacture a homemade bomb. Rimington describes the process in detail, but rather than being the real deal it is lifted wholesale from a spoof webpage.

Presumably some wannabe terrorists, cleverer than last weekend's UK ones, but still not too clever, might be taken in by this sort of thing; especially if they had only read Rimington's book, which doesn't include the giveaway at the end. Only a little bit of effort by the spooks could easily see a lot of more realistic fake-instructional websites out there, making the would-be bomber's job that much harder.

Serious terrorists, of course, will always carry out tests before going operational; but a spoofing effort would cost very little and could frustrate the less diligent bomber. Even the better class of attackers could be led to waste time and resources, and perhaps to reveal themselves by accident. Such initiatives may well be underway, in fact. They'd be at least as effective as Mr Frattini's plans, but would offer no opportunity for political posturing.

Going back to Ms Rimington and her novels, the matter of whether she's playing fair with her paying readers is for them to decide. Given that the first book contained one arguable counter-terror plant, reams of MI5 publicity material and in the end the true villains were revealed to be MI5's hated rivals in the Secret Intelligence Service (aka MI6), one could say that she should pay people to read it rather than the other way round.

Once a spook, always a spook, it seems. ®

*Actually the UK internally-oriented spooks are formally titled the Security Service. The title MI5 was officially dropped in 1929, but people still use it (perhaps because they might otherwise have to abbreviate to "SS").

Top three mobile application threats

More from The Register

next story
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
APPLE FAILS to ditch class action suit over ebook PRICE-FIX fiasco
Do not pass go, do cough (up to) $840m in damages
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.