This blog posting represents the views of the author, David Fosberry. Those opinions may change over time. They do not constitute an expert legal or financial opinion.

If you have comments on this blog posting, please email me .

The Opinion Blog is organised by threads, so each post is identified by a thread number ("Major" index) and a post number ("Minor" index). If you want to view the index of blogs, click here to download it as an Excel spreadsheet.

Click here to see the whole Opinion Blog.

To view, save, share or refer to a particular blog post, use the link in that post (below/right, where it says "Show only this post").

Encryption For All!

Posted on 20th June 2017

Show only this post
Show all posts in this thread.

It seems that the UK government is very out of step with the European parliament. This BBC report describes how MEPs (Members of European Parliament) believe that European citizens have a right to strong end-to-end encryption for all our online communications, to the extent that they want to modify "Article Seven of the EU's Charter of Fundamental Rights to add online privacy".

The UK government, on the other hand, believes that they need to be able to read all our online communication, in order to prevent terrorist attacks, and therefore want either that we have only weak (crackable) encryption, or that they have back-door access to our communications (bypassing any encryption that we use). The US government's position is the same.

Given the fact that the Internet is a rather anarchistic thing. with people bringing to market whatever will sell, and if something is banned in the country where you live, you can always use a service or product from another jurisdiction, it seems pretty unlikely that governments will be able to legislate away our ability to keep our messages private.

Personally, I want to have my messages on Skype, WHatsApp, and FaceBook Messenger kept private. Whilst governments may claim that we should trust them, and that their intentions are pure, and today those claims may even be true, there is no guarantee that this will remain so. If, one day, you find yourselves living in some totalitarian regime, how will you organise protests, or even a revolution, when your every message is being read by that regime? This scenario is what we are warned about in books like George Orwell's "1984".

The other reason why I don't want governments reading my messages is that they have proven themselves unable to keep a secret: there have been so many leaks and hacks of government held data, with that data being published in WikiLeaks or offered for sale on the dark-web. They can't even keep their own secrets, so how can I trust them to keep mine?

Of course, the UK is now engaged in Brexit negotiations. If Brexit goes ahead, the EU's Charter of Fundamental Rights will not have any sway over the UK government, and they will be free to do as they please (unless citizens protest strongly enough). I am so glad that I no longer live in Britain; at least in continental Europe, it looks like my data will remain secure.

Wikileaks Hypocrisy

Posted on 11th March 2017

Show only this post
Show all posts in this thread.

I find the latest statement by Julian Assange, the man in charge of Wikileaks, as reported here by the BBC, to be somewhat hypocritical.

As stated in the new report, Wikileaks is an "anti-secrecy website". They have upset many, especially in US government, by publishing documents which others would much rather remained secret.

Now, however, the latest round of revelations (relating to the CIA's hacking tools, and their competence in hacking) has made Mr Assange rethink his opposition to secrecy. He has decided to first "offer" any further revelations on this subject to technology firms. That means two things to me:

  1. Any new revelations will be kept secret from the rest of us, at least for a short period; this seems at odds with the principles and mission of Wikileaks.
  2. The use of the word "offer" suggests that such early and exclusive access to this information will be in exchange for money.

Whatever the reasons for this change of heart, I think that it will be rather difficult for Wikileaks to claim the moral high-ground, once this system of two-speed leaks has begun.

Spies Lies

Posted on 18th November 2015

Show only this post
Show all posts in this thread.

The topic of this BBC report Gary Powers, is very much in the news at the moment because of the movie "Bridge of Spies".

The thrust of the report is that Gary Powers, pilot of the USA's U2 spy plane which was shot down over Russia, was rather hard done by. When he returned home after being swapped for Soviet spy Vilyam Fisher (also known as Rudolf Abel), the American public felt he had betrayed his country (apparently he should have ensured that the U2 was destroyed, and the committed suicide), despite having followed his orders to the letter.

I feel sympathy for Gary Powers. It is all to easy to be labelled as a traitor by the fickle American public. That, however, is not the reason for this post.

What really concerns me is the blatant disregard for known facts, and the blind faith showed by the US military and the CIA in the supposed superiority of American technology.

The CIA knew, long before Gary Powers flew his doomed mission, that the U2 was not as out of sight and out of reach as they claimed. When the U2 was still being tested over West Germany, before being put into active service, it was spotted by the British RAF, and buzzed from above by a flight of lightnings. This was done several times, as part of a series of RAF trials. The simple fact that it was detected blows a huge hole in the myth of the U2 being out of sight, and made it highly likely that the Russians would see it too. The U2 did indeed fly above the official ceiling height of all other known military aircraft at the time (the RAF lightnings flew a parabolic arc from a much lower altitude to be able to come at the U2 from above, as they were also unable to maintain that altitude), but everyone keeps the performance specifications of their latest aircraft secret, so there was no basis to be so cocky about the U2's immunity from threats; it was probably in range for air-to-air missiles as well as ground-to-air missiles, and possibly also able to be hit by guns on Russian aircraft using the same trick as the RAF lightnings used.

One has to wonder, did the CIA set poor Gary Powers up for a fall, by sending him on a mission that they knew was doomed to failure?

Banning of Strong Decryption?

Posted on 10th August 2015

Show only this post
Show all posts in this thread.

The UK government has stated more than once that it wants to ban strong decryption. The most recent report on this is this one from the BBC.

You may think it odd to find this blog in the thread on espionage, but it is not really: the government wants to prevent the use of strong decryption so that they can spy on us all (to protect us against terrorism, tax evasion/avoidance etc.).

Strong encryption is used in many places: WhatsApp, Apple's iMessage and Skype are some of the most well known, but banking and financial services are another area of our lives that depend on keeping data secret.

So why am I so against government having the ability to spy on my data? After all, they are only suggesting that it be used after a legal warrant has been granted. Well, here is my "off the top of my head" list:

  1. Despite laws and other rules, spying happens without warrents, not only by the US NSA, but also by the UK's GCHQ, and we only find out about it through the efforts of whistle-blowers such as Edward Snowdon;
  2. Governments around the world have a really poor track record of keeping secret information secret (a recent example is the breach at the US OPM [Office of Personnel Management] where the personal information of at least 21.5 million people seems to have been stolen), and any law that allows government to collect data about me is just a pathway to making my data public;
  3. I have a right to privacy, and government only has a right to breach that if they can first prove that I am a law breaker (the right to be treated as innocent until proven guilty);
  4. The last government attempt to limit or undermine encryption technology for security reasons opened back-doors for hackers. This one will do the same, since if the law prevents me from strongly encrypting my data, it is not only government which will be able to hack into it; criminals will also be able to steal it.

The idea of only allowing weak encryption, to enable government to spy on us for whatever reasons, is akin to a law requiring us to leave all our homes and cars unlocked so that the government can search them whenever needed: the whole concept is disproportionate, and in violation of our rights.

This BBC story highlights the kind of thing which can happen with weak encryption. In this case, the lack of security is due to incomptence and irresponsibility by Globalstar (there is simply no encryption), but the results will be the same if weak encryption is used. The Globalstar satellite-based system is used to keep an eye on trucks, cars, containers and ships as they move around: that could include both valuable cargo (e.g. armoured cars used for cash transport) and hazardous cargo (e.g. toxic or radioactive waste). The lack of adequate security (lack of strong encryption) means that not only can criminals and terrorists find out where items are, but they can spoof Globalstar's system into thinking that they are somewhere else; all this makes stealing valuable and dangerous goods very easy.

Think about another scenario: you lose a significant amount of money due to a hacking attack on a financial institution, so you sue them because their cyber-security was not good enough. Their defence is that weak encryption is now mandated by law. Now your only recourse is to sue the government for enacting stupid laws: good luck with that!

The bottom-line is that we need strong encryption. Nowadays, the Internet is deeply embedded in our daily lives: every day more so. The data on the Internet and in computer systems in general needs to be safe, when stored and when in transit. If your government makes it illegal for you to use strong encryption, you have options: get a mobile phone in a different jurisdiction, move any servers out of reach of the new laws, change your cloud storage provider, and may other choices. I hope it doesn't come to that.

Hypocrisy Over Russian Spying

Posted on 27th April 2015

Show only this post
Show all posts in this thread.

I found the hypocrisy behind this BBC Article a bit too much. Apparently it is a huge problem that Russian hackers were able to access White House computer system last year and were able to read President Obama's unclassified emails.

Well, what goes around, comes around, as they say. If you think it OK for the NSA (in cahoots with UK and Australian government agencies) to spy on foreign governments, organisations and individuals, and even (in contravention of US law) on US citizens, then I guess it must be OK to be spied on in return.

The USA needs to clean up their act, and demonstrate that they have done so, before that "holier than thou" attitude is going to fly.

Guilty by Metadata

Posted on 12th February 2015

Show only this post
Show all posts in this thread.

We should all be worried by this story on the BBC.

Jeffrey Sterling has been found guilty in the USA of espionage, on the basis of metadata proving that he communicated repeatedly, by phone and email, with a reporter who later published classified information. The metadata shows who was communicated with, but not the content of those emails and phone conversations. That is like you being convicted of terrorism, because you often talked to your neighbour who later turned out to be a terrorist.

The rule in most western nations is "innocent until proven guilty", and I don't feel that Jeffrey Sterling's guilt has been proven. His legal rights have been trampled in the name of national security. There are countries where he might have expected such cavalier treatment, but in the USA? I am not saying that he is definitely innocent, but I am most certainly saying that his guilt has not been proven.

The whole issue of metadata came to public attention after the Edward Snowden leaks, when security agencies in various countries attempted to justify their collection of data about our communications by saying that mostly they were only collecting and storing metadata, not the message content itself. Well apparently, metadata is enough to convict people, so that assurance is not very reassuring.

Warning: this message will self-destruct in five seconds.

ISPs take legal action against GCHQ

Posted on 3rd July 2014

Show only this post
Show all posts in this thread.

This story on the BBC gives me some hope.

GCHQ is the British central signals surveillance agency. They have a long history of being embroiled in rows about legally and morally questionable activities, the latest being that they were coordinating electronic spying activities with the NSA, related to the NSA's Prism spying programme.

It is good to see that at least some ISPs are taking some legal action, finally, to protect the privacy of our Internet data.

United States Foreign Intelligence Surveillance Court (FISC)

Posted on 17th July 2013

Show only this post
Show all posts in this thread.

Whilst reading this artcle about Yahoo and their attempts to demonstrate how little they had cooperated with the NSA regarding the Prism spying programme, I found a reference to the Foreign Intelligence Surveillance Court (FISC).

I find the existence and purpose of the FISC to be both worrying and bizarre. As you can read here, the court was established by the US Congress in 1978 to "oversee requests for surveillance warrants against suspected foreign intelligence agents inside the United States by federal law enforcement agencies" (mostly requests by the NSA and the FBI).

Normally, the requirement for law enforcement and surveillance agencies to obtain a court approved warrant would give us all a nice feeling of safety; the feeling that our rights were being upheld. It seems that is not justified in this case. The FISC is outside of the normal judicial system: judges are appointed solely by the Supreme Court Chief Justice, without confirmation or oversight by the U.S. Congress. There is no effective judicial oversight, and the whole process is highly secretive. Requests are almost never refused (during the 25 years from 1979 to 2004, 18,742 warrants were granted, while just four were rejected). There are strong suspicions of pro-government bias in the court.

Yes We Can - Read Your Emails

One thing which I find odd is that the Prism programme was (apparently) approved by the court at all. US government statements have assured us that Prism does not spy on US citizens or US residents, but the court has the remit to "oversee requests for surveillance warrants against suspected foreign intelligence agents inside the United States". If this is so, their only interest in Prism would be cases of spying on foreign nationals who are not resident in the US, whilst the are temporarily in the US (only a subset of the activities of Prism). There actually seems to be no judicial system for approval of spying on foreign intelligence agents when they are outside of the US. Where is the system to ensure that espionage is conducted in accordance with the laws of those other countries having legal jurisdiction over the surveillance targets, and to guarantee the constitutional rights of those foreign nationals? The answer, of course, is that the USA does not care about the laws in other countries (including their allies), but the USA are not alone is this.

Is this really the kind of world that you want to live in?