UK Parliament's back for Snoopers' Charter. Former head of GCHQ talks to El Reg

Terror law review project turned in at the holidays... and now we wait

editorial only image of Whitehall. Pic Daniel Gale/Shutterstock

IPBill The UK Parliament has returned from recess for a fortnight ahead of the conference season. That's just long enough to squeeze in the House of Lords’ committee stage examination of the Investigatory Powers Bill, which resumes this afternoon.

The upper chamber had been waiting for the publication of a review of the bill’s bulk powers, which had been led by the independent reviewer of terrorism legislation, David Anderson QC.

Anderson’s report was published while the politicians were on their holidays, and although it found that there was no proven case GCHQ needs to engage in bulk hacking missions, it was otherwise overwhelmingly supportive of the bulk powers provided for in the Snoopers’ Charter.

Anderson made what he called a “single, major, recommendation” — the creation of a Technical Advisory Panel to monitor how developments in technology affect the investigatory powers.

An amendment to the bill [PDF] proposed by Lord Rosser would create such a panel to advise both the Secretary of State and the Investigatory Powers Commissioner on “the impact of changing technology on the exercise of the investigatory power; and the availability and development of techniques to use investigatory powers while minimising interference with privacy.”

Those bulk hacking missions were addressed last week at a panel convened by the Chartered Institute of IT. Academics, National Crime Agency representatives, and Sir David Omand — the former director of GCHQ and visiting professor at KCL — discussed the difficulties that traditional law enforcement techniques encountered when attempting to tackle cybercrime.

Corresponding with The Register, Sir David explained how in his experience such bulk hacking powers were necessary for law enforcement purposes on the internet, rather than just being necessary for national security reasons.

Omand wrote: “Over 20 years ago Parliament in the 1994 Intelligence Services Act wisely recognised the added value that GCHQ and MI6 could bring to the fight against international crime, and made the prevention and detection of serious crime a statutory function for the agencies.”

“The recent serious rise in global cybercrime by organised criminal groups based in jurisdictions that do not cooperate with law enforcement has only reinforced the importance of having the specialist techniques and international liaisons of the secret agencies available to support the investigations of law enforcement, for example in helping to dismantle child abuse networks,” he explained. “And where it is not possible to bring the perpetrators before a Court, the Agencies may be able to help law enforcement reduce the potential harm to the public by disruption of the criminal operations.”

Disrupting cybercriminals through hacking involves sinkholing malware strains, or borking all of the nasties' command-and-control nodes so they can't communicate any more. Such targeted hacking operations are not only available to the spooks, but to police forces too.

As terror law reviewer Anderson explained in the 200-plus page report: “There is no requirement for a link to the interests of national security: it is enough that the warrant be necessary for the purpose of preventing or detecting serious crime, or (in some cases) preventing or mitigating death, injury or damage to a person’s physical or mental health.”

Sir David, meanwhile, in his correspondence with The Register, considers that old-fashioned Snowden-revelation surveillance couldn't be understated in the fight against cybercrime:

Less publicised has been the part that bulk access to digital communications now plays in detecting cyber attacks. By scanning the technical detail of Internet communications GCHQ has been able to pick up the electronic signatures characteristic of cyber exploits, including new attacks, and share the warnings with industry partners.

95% of the cyber attacks on the UK detected by the intelligence community in the last 6 months came from the collection and analysis of bulk data. Right now GCHQ is monitoring cyber threats from high-end adversaries against 450 companies across the aerospace, defence, energy, water, finance, transport and telecoms sectors.

According to Omand, GCHQ dealt with more than 200 "cyber national security incidents" each month last summer, doubling its work-load on the previous year. This involved assisting Blighty's law enforcement agencies tackle a number of "high-profile operations against pernicious cybercrime malware threats, like Dridex, Shylock and GameOver Zeus."

So if 2013 and 2014 saw the revelation of the capability of the digital revolution to supply intelligence on those who mean us harm, and if 2015 and 2016 sadly saw the recognition of the legitimacy of the demand for such intelligence to counter terrorists and cyber criminals, then this also has to be the year in which Parliament passes the Investigative Powers Bill, with all its added safeguards and judicial oversight, to allow this vital activity to continue.

These issues, Lord Rosser's amendment, and other arguments will be considered when the House of Lords convenes to debate these matters this afternoon. ®


Biting the hand that feeds IT © 1998–2017