Slashdot Mirror

← Back to Stories (view on slashdot.org)

GCHQ, European Spy Agencies Cooperate On Surveillance

Posted by timothy on from the albert-jay-nock-was-an-optimist dept.

jones_supa writes "Edward Snowden papers unmask that the German, French, Spanish and Swedish intelligence services have all developed methods of mass surveillance of internet and phone traffic over the past five years in close partnership with Britain's GCHQ eavesdropping agency. The bulk monitoring is carried out through direct taps into fibre optic cables and the development of covert relationships with telecommunications companies. A loose but growing eavesdropping alliance has allowed intelligence agencies from one country to cultivate ties with corporations from another to facilitate the trawling of the web. The files also make clear that GCHQ played a leading role in advising its European counterparts how to work around national laws intended to restrict the surveillance power of intelligence agencies."

2 of 145 comments (clear)

  1. Re:It's all a sham by ebno-10db · · Score: 4, Interesting

    "they can't itemize a list of the terrorist operations they've intercepted and stopped." - for obvious reasons

    Bull. National security be damned - have you ever known a politician not to take credit? That's why I don't believe these operations are even effective. The biggest fish they've bragged about is some cabbie in LA and his friends who sent a whopping $8500 to some terrorist group in Africa. Are we willing to sell the Bill of Rights for that?

  2. Encrypt everything. by ByTor-2112 · · Score: 4, Interesting

    End to end encryption is the only answer here. Maybe instead of relying on server certificates, which could be compromised, do the reverse -- the client certificate is used to secure the connection. That way everyone can use a CA (or even issue their own) that they trust. It puts the client in the driver seat, so instead of just stealing Google's key (or tapping Google's fiber), they have to get yours... One might argue that they could target you with advanced malware and steal your private key, but that is no different than what could happen today if they REALLY target you.

    Makes sense that if you trust no one, why do you trust their SSL certificate? Why not make them use yours. In the case of on-line purchases, you trust the server based on their certificate but the client still controls the session key. And they trust you based on your login rather than the certificate.

    Shrug... Something has to be done by the users. These governments are never, ever going to stop spying.