UK's GCHQ Admits To Using Vulnerabilities To Hack Target Systems

Bismillah (993337) writes "Lawyers for the GCHQ have told the Investigatory Powers Tribunal in the UK that the agency carries out the same illegal Computer Network Exploitation (CNE) operations that criminals and hackers do. Except they do it legally. GCHQ is currently being taken to court by Privacy International and five ISPs from UK, Germany, the Netherlands, Zimbabwe and South Korea for CNE operations that the agency will not confirm nor deny as per praxis."

Hmm

[cascadingstylesheet]

"Police carry the same projectile weapons that criminals do. Except they do it legally."

Re:Per praxis?

[Chrisq]

will not confirm nor deny as per praxis.

What does an explodey Klingon moon have to do with this?

Didn't you know that the UK establishment is run by Klingons? Though they have let a Ferengi and a Vulcan enter the government too.

Computer Misuse Act 1990 ..

[DougPaulson]

@phayes: "Something is illegal when there are laws or treaties adopted by the country in question that render the actions illegal. If there is no law or treaty that interdicts the GCHQ from hacking third parties then it cannot be illegal.

Computer Misuse Act 1990

'Sections 1-3 of the Act introduced three criminal offences:

unauthorised access to computer material, punishable by 6 months' imprisonment or a fine "not exceeding level 5 on the standard scale" (currently £5000);

unauthorised access with intent to commit or facilitate commission of further offences, punishable by 6 months/maximum fine on summary conviction or 5 years/fine on indictment;

unauthorised modification of computer material, subject to the same sentences as section 2 offences.'

How can voters 'approve' of secret programs?

How can voters 'approve' of secret programs, to spy on them?

Their people in the House of Lords recently tried to slip 'snoopers charter' into an amendment, the Lords rejected it demanding instead a debate of surveillance. Hence nobody can pretend this has approval, even the Lords want to find the details of it and debate it. Also you don't try to legalize something that is already legal. We found out they have a huge database of private British info, and its freely accessed by Ministry staff. No warrants, no checks, and Snoopers Charter would have made it legal retrospectively.

Good luck telling a judge that his private info, and that of his family are freely available to everyone in certain ministries without so much as a warrant, or check.

Fearmongering isn't necessary if approval is given:
https://www.privacysos.org/node/1660

"If you’re submitting budget proposals for a law enforcement agency, for an intelligence agency, you’re not going to submit the proposal that ‘We won the war on terror and everything’s great,’ cuz the first thing that’s gonna happen is your budget’s gonna be cut in half. You know, it’s my opposite of Jesse Jackson’s ‘Keep Hope Alive’—it’s ‘Keep Fear Alive.’ Keep it alive." - FBI assistant director Thomas Fuentes

Re:You're not going to get anywhere with this crow

What they've done is to use a blanket warrant to grab ALL data on the excuse of 'terrorism', that gives them a searchable database, which no longer has the individual judicial checks. In particular they've done a full take on the pipes into the UK, which by its nature carries mostly UK to UK data.

GCHQ then handed this feed to the NSA, who have indexed it, on the promise they won't misuse it, and NSA in return has given them access to a search interface, PRISM back on this data and others.

NSA built a haystack, and the one thing we know is it isn't likely to contain needles, because its easy-to-get bulk data on everyone, not difficult-to-get signals intelligence on terrorists. The quantity of 'hay' they collect is connected to the ease by which they can intercept it, not the likeliness of it for 'terrorism'.

And of course once you remove the judicial protections and checks and balances, it all goes out the window. We learned of the memo saying NSA should keep any UK intelligence useful to the US, despite the 5 eyes 'no-spy' treaty, and that the SWIFT agreement was circumvented by simply assigning NSA staff to the treasury. Well duh!

In the process of turning US industry into surveillance machines, they've undermined encryption, withheld security holes, signed secret corporate commercial surveillance agreements. Undermining US products by coercion and bribery.

All because one General decided that instead of 'thin thread' approach of going after just the info they needed, they'd do a big 'store it all', and then do the searches adhoc without judicial checks after the fact.

You say 'clear legal framework' but it was clear from the leaks that the FISA judge was misled about the database stuff. He approved a tap, for a specific purpose, and instead it went into a database for other purposes. If FISA judges cannot be told the truth then how can this be a 'clear' anything?

NSA lied to the court:
https://www.techdirt.com/articles/20130821/16331524274/declassified-fisa-court-opinion-shows-nsa-lied-repeatedly-to-court-as-well.shtml

None of this has been approved by the democracy it operates in. We get glimpses of how abused the systems was sometimes:
https://www.techdirt.com/articles/20140813/23203228207/unsealed-jewel-v-nsa-transcript-doj-has-nothing-contempt-american-citizens.shtml

Keep in mind we're not talking about detail here, the basis of "collect everything one judicial warrant then search it later without warrant", for Britain this was one of the parts of Snoopers Charter. When GCHQ failed to get it, it went ahead with Tempora anyway with a faulty legal interpretation. It was clearly a breach of the law, yet they did it anyway.

So now we're in the position where politics is corrupted in 5 eyes countries, where the hard line military leaders win elections, and up coming parties have their telephone calls leaked against them. All of that needs to be pulled back in, the protections put back in place, GCHQ staff involved need to be ejected (prosecuted even) and replaced by people loyal to their country, and GCHQ need to only hand narrow data over, on terrorism, with proper judicial checks each time.

Should GCHQ be spying on data, which is mostly British, including sensitive data on commercial, political, journalistic and democratic actors from 200 fibre optics, handing it to NSA who give it to 800,000 NSA staff and private contractors ? It's a no-brainer. No they should not.

https://orderoftruth.wordpress.com/2013/06/22/uk-communications-bill-snoopers-charter-legalises-illegal-activity-of-gchq-and-nsa-in-uk-exposed-by-snowden/

GCHQ staff, to me you are compartmentalized into seeing tiny parts of the bigger picture. Classic 'rubes'.