'1984' after all: UK's MI5 wants all travel data of 17 million commuting Britons

[David Farber <dave () farber net>]

________________________________________
From: dhvanderwoude () gmail com [dhvanderwoude () gmail com] On Behalf Of Dirk van der Woude [dirkvanderwoude () gmail 
com]
Sent: Monday, March 17, 2008 11:03 AM
To: David Farber
Subject: '1984' after all: UK's MI5 wants all travel data of 17 million commuting Britons

For IP if you wish

grtz
Dirk


http://www.guardian.co.uk/uk/2008/mar/16/uksecurity.terrorism
MI5 seeks powers to trawl records in new terror hunt

Counter-terrorism experts call it a 'force multiplier': an attack combining slaughter and electronic chaos. Now 
Britain's security services want total access to commuters' travel records to help them meet the threat

 *   Gaby Hinsliff<http://www.guardian.co.uk/profile/gabyhinsliff>, political editor - The 
Observer<http://observer.guardian.co.uk/>,
 *   Sunday March 16 2008

This article appeared in the Observer<http://www.guardian.co.uk/theobserver> on Sunday March 16 
2008<http://www.guardian.co.uk/theobserver/2008/mar/16> on p22 of the 
News<http://www.guardian.co.uk/theobserver/2008/mar/16/news/uknews> section. It was last updated at 01:49 on March 16 
2008.

Millions of commuters could have their private movements around cities secretly monitored under new counter-terrorism 
powers being sought by the security services.

Records of journeys made by people using smart cards that allow 17 million Britons to travel by underground, bus and 
train with a single swipe at the ticket barrier are among a welter of private information held by the state to which 
MI5 and police counter-terrorism officers want access in order to help identify patterns of suspicious behaviour.

The request by the security services, described by shadow Home Secretary David Davis last night as 'extraordinary', 
forms part of a fierce Whitehall debate over how much access the state should have to people's private lives in its 
efforts to combat terrorism.

It comes as the Cabinet Office finalises Gordon Brown's new national security strategy, expected to identify a string 
of new threats to Britain - ranging from future 'water wars' between countries left drought-ridden by climate change to 
cyber-attacks using computer hacking technology to disrupt vital elements of national infrastructure.

The fear of cyber-warfare has climbed Whitehall's agenda since last year's attack on the Baltic nation of Estonia, in 
which Russian hackers swamped state servers with millions of electronic messages until they collapsed. The Estonian 
defence and foreign ministries and major banks were paralysed, while even its emergency services call system was 
temporarily knocked out: the attack was seen as a warning that battles once fought by invading armies or aerial 
bombardment could soon be replaced by virtual, but equally deadly, wars in cyberspace.

While such new threats may grab headlines, the critical question for the new security agenda is how far Britain is 
prepared to go in tackling them. What are the limits of what we want our security services to know? And could they do 
more to identify suspects before they strike?

One solution being debated in Whitehall is an unprecedented unlocking of data held by public bodies, such as the Oyster 
card records maintained by Transport for London and smart cards soon to be introduced in other cities in the UK, for 
use in the war against terror. The Office of the Information Commissioner, the watchdog governing data privacy, 
confirmed last night that it had discussed the issue with government but declined to give details, citing issues of 
national security.

Currently the security services can demand the Oyster records of specific individuals under investigation to establish 
where they have been, but cannot trawl the whole database. But supporters of calls for more sharing of data argue that 
apparently trivial snippets - like the journeys an individual makes around the capital - could become important pieces 
of the jigsaw when fitted into a pattern of other publicly held information on an individual's movements, habits, 
education and other personal details. That could lead, they argue, to the unmasking of otherwise undetected suspects.

Critics, however, fear a shift towards US-style 'data mining', a controversial technique using powerful computers to 
sift and scan millions of pieces of data, seeking patterns of behaviour which match the known profiles of terrorist 
suspects. They argue that it is unfair for millions of innocent people to have their privacy invaded on the off-chance 
of finding a handful of bad apples.

'It's looking for a needle in a haystack, and we all make up the haystack,' said former Labour minister Michael 
Meacher, who has a close interest in data sharing. 'Whether all our details have to be reviewed because there is one 
needle among us - I don't think the case is made.'

Jago Russell, policy officer at the campaign group Liberty, said technological advances had made 'mass computerised 
fishing expeditions' easier to undertake, but they offered no easy answers. 'The problem is what do you do once you 
identify somebody who has a profile that suggests suspicions,' he said. 'Once the security services have identified 
somebody who fits a pattern, it creates an inevitable pressure to impose restrictions.'

Individuals wrongly identified as suspicious might lose high-security jobs, or have their immigration status brought 
into doubt, he said. Ministers are also understood to share concerns over civil liberties, following public opposition 
to ID cards, and the debate is so sensitive that it may not even form part of Brown's published strategy.

But if there is no consensus yet on the defence, there is an emerging agreement on the mode of attack. The security 
strategy will argue that in the coming decades Britain faces threats of a new and different order. And its critics 
argue the government is far from ready.

The cyber-assault on Estonia confirmed that the West now faces a relatively cheap, low-risk means of warfare that can 
be conducted from anywhere in the world, with the power to plunge developed nations temporarily into the stone age, 
disabling everything from payroll systems that ensure millions of employees get paid to the sewage treatment processes 
that make our water safe to drink or the air traffic control systems keeping planes stacked safely above Heathrow.

And it is one of the few weapons which is most effective against more sophisticated western societies, precisely 
because of their reliance on computers. 'As we become more advanced, we become more vulnerable,' says Alex Neill, head 
of the Asia Security programme at the defence think-tank RUSI, who is an expert on cyber-attack.

The nightmare scenario now emerging is its use by terrorists as a so-called 'force multiplier' - combining a 
cyber-attack to paralyse the emergency services with a simultaneous atrocity such as the London Tube bombings.

Victims would literally have nowhere to turn for help, raising the death toll and sowing immeasurable panic. 'Instead 
of using three or four aircraft as in 9/11, you could do one major event and then screw up the communications network 
behind the emergency services, or attack the Underground control network so you have one bomb but you lock up the whole 
network,' says Davis. 'You take the ramifications of the attack further. The other thing to bear in mind is that we are 
ultimately vulnerable because London is a financial centre.'

In other words, cyber-warfare does not have to kill to bring a state to its knees: hackers could, for example, wipe 
electronic records detailing our bank accounts, turning millionaires into apparent paupers overnight.

So how easy would it be? Estonia suffered a relatively crude form of attack known as 'denial of service', while 
paralysing a secure British server would be likely to require more sophisticated 'spy' software which embeds itself 
quietly in a computer network and scans for secret passwords or useful information - activating itself later to wreak 
havoc.

Neill said that would require specialist knowledge to target the weakest link in any system: its human user. 'You will 
get an email, say, that looks like it's from a trusted colleague, but in fact that email has been cloned. There will be 
an attachment that looks relevant to your work: it's an interesting document, but embedded in it invisibly is "malware" 
rogue software which implants itself in the operating systems. From that point, the computer is compromised and can be 
used as a platform to exploit other networks.'

Only governments and highly sophisticated criminal organisations have such a capability now, he argues, but there are 
strong signs that al-Qaeda is acquiring it: 'It is a hallmark of al-Qaeda anyway that they do simultaneous bombings to 
try to herd victims into another area of attack.'

The West, of course, may not simply be the victim of cyber-wars: the United States is widely believed to be developing 
an attack capability, with suspicions that Baghdad's infrastructure was electronically disrupted during the 2003 
invasion.

So given its ability to cause as much damage as a traditional bomb, should cyber-attack be treated as an act of war? 
And what rights under international law does a country have to respond, with military force if necessary? Next month 
Nato will tackle such questions in a strategy detailing how it would handle a cyber-attack on an alliance member. 
Suleyman Anil, Nato's leading expert on cyber-attack, hinted at its contents when he told an e-security conference in 
London last week that cyber-attacks should be taken as seriously as a missile strike - and warned that a determined 
attack on western infrastructure would be 'practically impossible to stop'.

Tensions are likely to increase in a globalised economy, where no country can afford to shut its borders to foreign 
labour - an issue graphically highlighted for Gordon Brown weeks into his premiership by the alleged terrorist attack 
on Glasgow airport, when it emerged that the suspects included overseas doctors who entered Britain to work in the NHS.

A review led by Homeland Security Minister Admiral Sir Alan West into issues raised by the Glasgow attack has been 
grappling with one key question: could more be done to identify rogue elements who are apparently well integrated with 
their local communities?

Which is where, some within the intelligence community insist, access to personal data already held by public bodies - 
from the Oyster register to public sector employment records - could come in. The debate is not over yet.


-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com