Post by Papa C. on Jan 9, 2009 11:52:57 GMT
Posters note: Notice they use the words 'step up' and not 'start'. An admission that they are already doing it.
------------------------------------------------------------------
British Police set to step up hacking of home PCs
David Leppard | January 05, 2009
THE Home Office has quietly adopted a new plan to allow police across Britain routinely to hack into people's personal computers without a warrant.
The move, which follows a decision by the European Union’s council of ministers in Brussels, has angered civil liberties groups and opposition MPs. They described it as a sinister extension of the surveillance state which drives “a coach and horses” through privacy laws.
The hacking is known as “remote searching”. It allows police or MI5 officers who may be hundreds of miles away to examine covertly the hard drive of someone’s PC at his home, office or hotel room.
Material gathered in this way includes the content of all e-mails, web-browsing habits and instant messaging.
Under the Brussels edict, police across the EU have been given the green light to expand the implementation of a rarely used power involving warrantless intrusive surveillance of private property. The strategy will allow French, German and other EU forces to ask British officers to hack into someone’s UK computer and pass over any material gleaned.
A remote search can be granted if a senior officer says he “believes” that it is “proportionate” and necessary to prevent or detect serious crime - defined as any offence attracting a jail sentence of more than three years.
However, opposition MPs and civil liberties groups say that the broadening of such intrusive surveillance powers should be regulated by a new act of parliament and court warrants.
They point out that in contrast to the legal safeguards for searching a suspect’s home, police undertaking a remote search do not need to apply to a magistrates’ court for a warrant.
Shami Chakrabarti, director of Liberty, the human rights group, said she would challenge the legal basis of the move. “These are very intrusive powers – as intrusive as someone busting down your door and coming into your home,” she said.
“The public will want this to be controlled by new legislation and judicial authorisation. Without those safeguards it’s a devastating blow to any notion of personal privacy.”
She said the move had parallels with the warrantless police search of the House of Commons office of Damian Green, the Tory MP: “It’s like giving police the power to do a Damian Green every day but to do it without anyone even knowing you were doing it.”
Richard Clayton, a researcher at Cambridge University’s computer laboratory, said that remote searches had been possible since 1994, although they were very rare. An amendment to the Computer Misuse Act 1990 made hacking legal if it was authorised and carried out by the state.
He said the authorities could break into a suspect’s home or office and insert a “key-logging” device into an individual’s computer. This would collect and, if necessary, transmit details of all the suspect’s keystrokes. “It’s just like putting a secret camera in someone’s living room,” he said.
Police might also send an e-mail to a suspect’s computer. The message would include an attachment that contained a virus or “malware”. If the attachment was opened, the remote search facility would be covertly activated. Alternatively, police could park outside a suspect’s home and hack into his or her hard drive using the wireless network.
Police say that such methods are necessary to investigate suspects who use cyberspace to carry out crimes. These include paedophiles, internet fraudsters, identity thieves and terrorists.
The Association of Chief Police Officers (Acpo) said such intrusive surveillance was closely regulated under the Regulation of Investigatory Powers Act. A spokesman said police were already carrying out a small number of these operations which were among 194 clandestine searches last year of people’s homes, offices and hotel bedrooms.
“To be a valid authorisation, the officer giving it must believe that when it is given it is necessary to prevent or detect serious crime and (the) action is proportionate to what it seeks to achieve,” Acpo said.
Dominic Grieve, the shadow home secretary, agreed that the development may benefit law enforcement. But he added: “The exercise of such intrusive powers raises serious privacy issues. The government must explain how they would work in practice and what safeguards will be in place to prevent abuse.”
The Home Office said it was working with other EU states to develop details of the proposals.
The Times
------------------------------------------------------------------
From Spyblog.org.uk
By wtwu
on January 5, 2009 11:53 PM | Permalink | Comments (4)
As some people have emailed pointing to this story in the Sunday Times,
Police set to step up hacking of home PCs
we feel duty bound to comment on what seems to be another of bit of anonymous Whitehall briefing and spin via the well connected journalist David Leppard.
We reported on the earlier
Home Secretary Jacqui Smith - EU G6 plus USA Ministers discussing "remote searches of computer hard drives"
which looks like an attempt to policy launder a Must Be Seen To Be Doing Something About Cyber Crime plan onto the entire European Union, back on October 18th 2008:
The Register has taken up this story
Home Office denies remote snooping plan
following on from their earlier investigation of the G6 plus USA summit
Germans seduce Jacqui over remote hacking of disks - Trojanised Home Sec comes home to infect Parliament
(note that the mainstream print and broadcast media did not bother to do any such digging).
A spokesman for the Home Office told the Reg that UK police can already snoop - but these activities are governed by the Regulation of Investigatory Powers Act and the Surveillance Commissioner. He said changes had been proposed at the last Interior Ministers' meeting, but nothing has happened since.
[...]
A Home Office spokesperson said: "The UK has agreed to a strategic approach towards tackling cyber crime on the same basis as all Member States - however, the decisions in the Council Conclusions are not legally binding and there are no agreed timescales.
"We fully support work to develop an understanding of the scale and impact of electronic crime across the EU and will work with Member States to develop the detail of the proposal."
This is a typical Home Office media spin statement, carefully avoiding the important privacy and security risks to the public. Note the New Labour weasel word "tackling" - that does not actually promise the prevention or prosecution of even a single instance of "cyber crime", it just gives the impression that they might eventually be "Doing Something".
There is not much that we want to add to The Register's comments on this Sunday Times / Whitehall kite flying / anonymous briefing story, except to remind people that the Office of the Surveillance Commissioners, which is supposed to provide some weak monitoring under the Regulation of Investigatory Powers Act 2000 (RIPA) and the the Police Act 1997 Part III, is not required to be informed of Police or other Property Interference i.e. state sanctioned burglary to plant electronic bugging devices or, by extension, malicious computer snooping software at business premises i.e. company offices, or those premises of, say, internet service providers or co-location hosting computer server hosting companies, online backup companies, or financial institutions etc.
In order to be "in accordance with law", specifically Article 8 of the European Convention on Human Rights, as incorporated in the Human Rights Act 1998 Schedule 1
1 ."Everyone has the right to respect for his private and family life, his home and his correspondence,
such authorisations for Property Interference of people's homes or, following European Court of Human Rights case law precedents, people's private motor vehicles does require the cumbersome and not very effective bureaucracy of the Surveillance Commissioners to be involved. They have no real powers of sanction, only "name and shame" powers via an Annual Report to the Prime Minister and, eventually to Parliament.
They are also meant to "regulate" the use of Covert Human Intelligence sources i.e. infiltrators, undercover agents, and informers, who also might well be involved in helping to set up "remote searches of computer hard disks".
It is all very well for the Home Office to be involved in EU level policies on cyber crime cooperation, but they have done nothing to protect British sovereignty against Collateral Damage or Denial of Service by Law Enforcement. The Indymedia server seizure scandal in 2004 shows that foreign based companies, or even UK based subsidiaries of foreign owned companies can be pressurised into snooping on, or handing over your private data, or killing off your innocent website etc. even if it is physically in the UK, without any UK Court Order and without even a formal or informal request to the UK law enforcement authorities.
The Home Office should be working to prevent foreign or domestic law enforcement "collateral damage" to innocent people's data and computer systems the UK, rather than making it easier for such mistakes to happen.
