July 2009 Archives

The Home Office has announced:

UK identity card image unveiled

The ID card image shows the information contained on the face of the card, including photograph, name, date of birth and signature, and the card's unique design. It will hold similar information to that currently contained in the UK passport as well as a photograph and fingerprints on a secure electronic chip - linking the owner of the card securely to their unique biometric identity.


Thankfully there is no printed address on this ID Card design.

Will the Home Office Press Release use of the word "unveiled", coupled with a female photographic image of a female, cause resentment within the fundamentalist Islamic community ?

The 2006 to 2016 validity period of this specimen ID card image also implies 3 years of delays to the scheme.


It comes as no surprise, that the web link URL advertised on the back of this ID Card: www.direct.gov.uk/myid, gives a 404 error i.e. the web page does not exist.

This lack of coordination and communication between different parts of the Home Office is typical of the whole ID Cards scheme to date.

Will the ID Card number be randomly allocated, or will it betray information about the ID Card controllee, through batch sequences, which can also help to break the cryptographic protections on the Contactless / RFID chip, just as happened with the Netherlands biometric passport ?

The prefix "IDGBR" will be enough of an unencrypted identifier, which can be read remotely by "illegal" radio equipment, to snoop on British travellers, well beyond the normal very short range of the official ID Card reading equipment.

Potentially, this could also be used to trigger terrorist bombs, which only detonate, when British citizens are within the lethal radius - this is not our idea of a "security feature"!

Identity Commissioner

The Home Office takes seriously the concerns that the public have over their information being stored securely and accessed appropriately. That is why an Identity Commissioner will be appointed before ID cards are introduced to oversee operation of the service and report annually on the uses to which ID cards are put and the confidentiality and integrity of information recorded in the National Identity Register. Public panel meetings in Manchester and London will allow the public to join a conversation about the National Identity Service so their views, reactions and concerns inform the way service is developed and delivered.

Who exactly will be appointed as the virtually powerless National Identity Scheme Commissioner ?

Why should we trust the National Identity Scheme Commissioner, to provide effective checks and balances ? The Commissioner can only write an annual, censored Report to the Home Secretary, about the scheme, and the office will not have any resources to investigate individual complaints about the scheme from members of the public, and no legal powers to do anything about any such errors and failings.

The National Identity Scheme Commissioner is specifically forbidden by the terms of reference which appoint him under the Identity Cards Act 2006 section 22 Appointment of National Identity Scheme Commissioner to look into the following activities, which are exactly the secret activities which are the most likely to abuse the National Identity Register, and which therefore should be scrutinised the most:

(4) The matters to be kept under review by the Commissioner do not include--

(a) the exercise of powers which under this Act are exercisable by statutory instrument or by statutory rule for the purposes of the Statutory Rules (Northern Ireland) Order 1979 (S.I. 1979/1573 (N.I. 12));

(b) appeals against civil penalties;

(c) the operation of so much of this Act or of any subordinate legislation as imposes or relates to criminal offences;

(d) the provision of information to the Director-General of the Security Service, the Chief of the Secret Intelligence Service or the Director of the Government Communications Headquarters;

(e) the provision to another member of the intelligence services, in accordance with regulations under section 21(5), of information that may be provided to that Director-General, Chief or Director;

(f) the exercise by the Secretary of State of his powers under section 38; or

(g) arrangements made for the purposes of anything mentioned in paragraphs (a) to (f).


Please support or join the cross party NO2ID Campaign, to resist the introduction of this far too expensive, insecure, privacy invasive and counterproductive ID Card scheme in the UK.

The mainstream media like the Mail on Sunday, and The Sun, quoting the Conservative party spokesman and former military officer Patrick Mercer MP, have pointed out the embarrassing spelling mistakes made on the Secret Intelligence Service MI6 website

Frank, a security officer, might have been expected to know there aren't three Ls in patrollling while, elsewhere, drivers taken on for chauffering duties (as opposed to chauffeuring) will be carrying out saftely checks and graduates can expect to have a great carees after joinging the service.

Other spelling mistakes include apppointed, negotations and crtical.

But the most shocking mistake comes in the introduction, where MI6 cannot even get 'instability' right, listing 'regional instablity'

Very embarassing, but surely this is less serious than the reported MI5 Security Service website which had a Cross Site Scripting vulnerability last week ?

MI5 and WHO Websites Compromised

Vulnerable to cross-site scripting attacks

By Lucian Constantin, Web News Editor

22nd of July 2009, 11:33 GMT

Websites belonging to UK's national security agency, the MI5 (Military Intelligence, Section 5) and the World Health Organization (WHO) have been found vulnerable to cross-site scripting attacks. The weaknesses allow attackers to inject rogue IFrames, prompt JavaScript alerts or redirect visitors to other potentially malicious Web pages.

The cross-site scripting flaws were reported by a member of a group of programmers and security enthusiasts calling themselves Team Elite. Going by the online handle of [-TE-]-Neo, the grey hat hacker posted screenshots of several proof-of-concept XSS attacks against the two websites.

Cross-site scripting, or XSS, is a type of vulnerability that facilitates injecting rogue code into otherwise legit Web pages. Such flaws generally result from failure to properly validate user input into forms and can have different levels of impact, with persistent or Type 2 XSS being the most severe.

It is worth noting that, in the case of the MI5 and WHO websites, the cross-site weaknesses are non-persistent, or Type 1, and can only be exploited by opening malformed URLs. However, this does not mean that they are not dangerous.

Non-persistent XSS vulnerabilities can be used to significantly increase the credibility of phishing or malware-distribution campaigns. Instead of having to trick a user into visiting a fake page hosted on a dubious domain, the attacker can link to a vulnerable page on the legit domain directly.

The weakness in the MI5 website is located in the search form, which allows passing code as a search string. This can be used to inject a rogue IFrame into the page, which can, in turn, load more malicious code from a third-party domain via its src= attribute.


According to the hacker, the administrators of both websites have been notified, but, at the time of writing this article, the MI5 site was still vulnerable.


Why is this lack of a quick response from MI5 not a surprise ?

The stupid "shoot the messenger" attitude to those who try to report vulnerabilities, so prevalent in Whitehall, must have contributed to this unprofessional mistake, which very seriously damages the Security Service's brand credibility, as supposed "cyber terror / cyber warfare" defence trusted advisors.

Will the Intelligence and Security Committee or the new Office of Cyber Security bother to look into this incident, which reveals that proper website security management procedures, are still not being followed, even after the MI5 website notification email debacle ?

We doubt it.

Buried amongst the flurry of Government publications on the last day before the deliberately extended Parliamentary Summer to Autumn Recess, was Prime Minister Gordon Brown's latest utterance on the Wilson Doctrine.

UPDATE: there were, by our count, an astonishing 1463 Parliamentary Written Answers published on this Last Day Before the Summer Recess. Are we seriously meant to believe that none of these Answers were ready for publication in the days and weeks beforehand ?

HC Deb, 21 July 2009, c1166W

Members: Surveillance

Prime Minister

Written answers and statements, 21 July 2009

David Davis (Haltemprice & Howden, Conservative)

To ask the Prime Minister whether any hon. Member has been subject to (a) official surveillance and (b) interception of communications in the last two years.

Gordon Brown (Prime Minister, No Department; Kirkcaldy & Cowdenbeath, Labour)

The Wilson doctrine continues to apply to all forms of surveillance and interception that are subject to authorisation by Secretary of State warrant.

Labour Prime Minister Harold Wilson's original Wilson Doctrine covered all telephone interception / phone tapping / bugging of Members of Parliament.

The Sadiq Khan MP / Babar Ahmad electronic bugging in Prison affair saw Gordon Brown's henchmen Jack Straw (Justice) and Jacqui Smith (Home Office) slither around the Wilson Doctrine, because, under the Police Act 1997 Part III, there is no need for a Warrant signed by a Secretary State. The self -authorisation for such intrusive surveillance is done at the Superintendent / Deputy Chief Constable level. - see: "Report on two visits by Sadiq Khan MP to Babar Ahmad at HM Prison Woodhill" - Rt. Hon. Sir Christopher Rose finds no illegality

Since all Government statements about the "Wilson Doctrine" are deliberately vague and evasive, you have to read them as if they came from the Soviet Politburo, and see what they do not explicitly say or mention.

"all forms of surveillance and interception that are subject to authorisation by Secretary of State warrant" only applies to:

  1. Interception of Communications (electronic or postal) under the Regulation of Investigatory Powers Act 2000 Part 1 Chapter 1., which requires a Warrant or a Certificate signed by a Secretary of State (either the Home Secretary or the Foreign Secretary, usually)

  2. A property interference and / or interference with wireless telegraphy warrant under the Intelligence Services Act 1994 sections 5 to 7

The "Wilson Doctrine" is important, not because it might allow a minority of Members of Parliament should be able to hide any shady business dealings or scandalous private lives, but because it should prevent the over powerful tentacles of the Government and State bureaucracy from snooping on their political opponents (within their own political party and the opposition parties) and breaking the anonymity and confidentiality of meetings, correspondence and electronic communications between a Member of Parliament and his or her Constituents, or other members of the public, who they are elected to serve, and champion against the Government and the bureaucracy etc. if necessary.

However, by restricting it to the two legal requirements listed above, it does mean that Members of Parliament and their constituents have may have been snooped on by:

  • GCHQ or any other public body authorised to intercept electronic communications, not via a Warrant but via a more general Certificate (e.g. for snooping, in bulk, on transatlantic fibre optic cables or satellite communications)

  • Police units using the Police Act 1997 Part III powers

    • Property Interference i.e. authorised breaking and entering into homes or vehicles, usually to plant electronic bugging or tracking devices.

  • Police or intelligence agency units using the rest of the Regulation of Investigatory Powers Act 2000 for: the various kinds of Surveillance:

    • Directed Surveillance

    • Covert Surveillance

    • Intrusive Surveillance

    • The use of Covert Human Intelligence Sources (CHIS) - informants and infiltrators
    • Seizure of cryptographic keys and / or de-crypted plaintext.

    • Communications Data:

      • Subscriber Details - Name and Address of land line or registered mobile phones<

      • Location Based Services Data (instantaneous and historical tracking of mobile phone handsets)

      • Communications Traffic Data (itemised phone bills, who called who and when "friendship trees", email server logfiles, internet access log files etc.

The Police or Military covert surveillance units (but not the Intelligence Agencies, without a Warrant) could also use the Counter Terrorism Act 2008 section 18 Material not subject to existing statutory restrictions

  • DNA or fingerprint samples obtained in secret, through Property Interference or by Confidential Human Intelligence Sources

There are "official surveillance" techniques and Databases which are not covered by RIPA e.g.

  • Automatic Number Plate Recognition (the Metropolitan Police have access to all of the Transport for London Congestion Charge ANPR data "in bulk, in real time", exempt from the Data Protection Act).

  • Passenger Name Records, credit card and email details data slurped from Airline, Train and Ferry Booking Systems

  • Transport for London Oyster Travel Smart Card data

  • The planned National Identity Register / ID Card scheme

  • Literally millions of CCTV surveillance cameras and recording devices

There are also other Government Departments which have granted themselves snooping powers, which fall outside of the RIPA or Intelligence Services legal frameworks:

None of the above, apart from items 1 and 2, "are subject to authorisation by Secretary of State warrant"

RIPA Commissioners Annual Reports for 2008


Regulation of Invesigatory Powrs Act 2000 (RIPA) Commissioners Annual Reports for 2008 (self censord, with a confidential annex):

Interception of Communications Commissioner:

2.33 Warrants (a) in force, under the Regulation of Investigatory Powers Act, as at 31 December 2008 and (b) issued during the period 1 January 2008 to 31 December 2008 a b

Home Secretary 844 [929]* 1508 [1881]*

The total number of RIPA modifications from 01/01/2008 - 31/12/2008 = 5344 [5577]*

Scottish Executive 43 [28]* 204 [145]*

The total number of RIPA modifications from 01/01/2008 - 31/12/2008 = 610 [367]*

* For comparison purposes I have included in the parentheses warrant information for the period 1 January 2007 to 31 December 2007 as detailed in my 2007 Annual Report

[NB: Under the Regulation of Investigatory Powers Act 2000 there is no longer a breakdown of the figures between Telecommunications and Letters.]


3.8 During the year ended 31 December 2008, public authorities as a whole made 504,073 requests for communications data to CSPs and Internet Service Providers (ISP). This figure is slightly below the number of requests which were made in the previous year. I do not intend to give a breakdown of these requests because I do not think that it would serve any useful purpose, although the intelligence agencies, police forces and other law enforcement agencies are the principal users of communications data.

We respectfully disagree.

This data should be broken down, by public authority, by the number of requests for Subscriber Details, for Location Based Services data (both one off instantaneous or last known position fixes, and for full Location History Tracking, and for full Traffic Analysis of friendship trees etc.

3.29 In some instances, however, errors may result in catastrophic consequences for members of the public. When that happens it is my responsibility and that of my Inspectors to investigate the circumstances and work with the public authority concerned to review their systems and processes to prevent them recurring. In this particular example the police took swift action when information from a reliable source suggested that a number of very young children were at immediate risk of falling into the hands of a paedophile ring. Subscriber information relating to an Internet Protocol (IP) Address was obtained in order to locate an address for the children but unfortunately it would appear this was not correct. The police entered the address and arrested a person who was completely innocent and further enquiries are continuing. This was a very unfortunate error and the whole process of obtaining data relating to IP addresses has been re-examined. In this case there was confusion between the Internet Service Provider and the public authority over how the data should be interpreted, particularly in relation to the critical international time zones. Better checks and balances have been put in place to help clarify the process, which includes liaison with the SPoC trainers and these should help to prevent similar errors in the future.

Has there been a prompt public apology and generous financial compensation for the victim of this "very unfortunate error" ? We doubt it.

3.51 There are approximately 110 other public authorities which are registered for the purpose of acquiring communications data. These include the Serious Fraud Office, Independent Police Complaints Commission, Charity Commission, Royal Mail and the Medicines & Healthcare Products Regulatory Agency (MHRA), to name just a few.

3.52 A temporary shortage of staff in the Inspectorate and a requirement to prioritise other inspections meant that it was possible only to inspect a few of these public authorities during the reporting year.


4.6 During the period covered by this report my Inspectors visited 89 prisons which roughly equates to two thirds of the whole estate.

i.e. the ISC is still spending a lot of resources on informally checking on Prisons,which are not formally covered by RIPA, but does not have the resources to check on Local Authorities etc. , who are.

Prisons should be inspected, so they should be formally put under the RIPA framework.

Such inspections should also look into the number of illegal mobile phones discovered in each prison, and into any collateral damage caused to Emergency Services and the neighbouring public by any jamming or shielding or IMEI / IMSI tracking systems put in place to counter them.

7.3 Finally I would like to draw your attention to the Wilson Doctrine. My predecessor could find no justification for it, and neither can I. The statute and the oversight regime exist to ensure that, so far as is reasonably practicable, no-one's privacy is invaded without proper authorisation given because there seems to be good reason to take that step. Why should Members of Parliament not be in the same position as everyone else? At a time when other parliamentary privileges are under review it might be appropriate for this one to be swept away.

This assumes that the the public believe that the secretive RIPA Commissioners scheme is actually effective and trustworthy in holding over zealous petty officals in check, but that is simply not true.

Yet again, for some reason, the Interception of Communications Commissioner fails to even mention Encryption, except in his re-statement of his powers and duties, and about the NTAC centre visit which the RIPA Commissioners made.

Intelligence Services Commissioner

For a second year running, no Section 49 notices regarding access to cryptographic keys or de-crypted plaintext have been notified to the Intelligence Services Commissioner.

Part III of RIPA.

34. As I have noted above, Part III of RIPA came into force on 1 October 2007. However, no notification of any directions to require disclosure in respect of protected electronic information has been given to me in 2008 and there has been no exercise or performance of powers and duties under Part III for me to review.


Omagh Bombing

Furthermore, I concluded that there was no evidence before me to make good a number of assertions made in both the Panorama television programme and the article in the Sunday Telegraph newspaper.

Investigatory Powers Tribunal

For some reason, both the Intelligence Services Commissioner and the Interception of Communications Commissioner report annually and vaguely on the activities of the secretive Investigatory Powers Tribunal, which has never yet called any of the RIPA Commissioners before it for assistance.

The Tribunal received 136 new applications during the calendar year 2008 and completed its investigation of 70 of these during the year as well as concluding its investigation of 32 of the 41 cases carried over from 2007. 75 cases have been carried forward to 2009.6.3 In 2007 the Tribunal received 66 new applications and completed its investigation in relation to 31 of them, so in 2008 the workload increased by over 100%


Determination made in favour of two separate complainants by the Investigatory Powers Tribunal

46. During 2008 the Tribunal made two determinations in favour of two separate complainants. These are the second and third occasions that the Tribunal has upheld a complaint,


In its ruling in the 1st case the Tribunal ordered payment of an award of compensation to the complainant, as provided by section 67(7) of RIPA, though the respondents were not required to destroy the relevant records. In the second case, no award of compensation was made but the respondents were ordered to destroy the evidence of the unauthorised conduct.

The number of cases being considered by the Investigatory Powers Tribunal is surprising, given the secrecy which surrounds it.

Chief Surveillance Commissioner:

Section 49 - Encryption

4.11. My Commissioners and Inspectors attended a briefing by the National Technical Assistance Centre (NTAC) regarding the processes and procedures for the investigation of protected electronic information. During the period of this report, NTAC approved 26 applications for the service of a notice under s.49 of RIPA Part III.

1 Of these 17 went on to obtain permission from a Judge. No permissions were refused and 15 Notices were served.

2 Eleven individuals failed to comply resulting in seven charges and two convictions. The types of crime under investigation were: counter terrorism, child indecency and domestic extremism.

4.12. One Notice was served without the proper involvement of NTAC. The force concerned had relied on incorrect information from the Police National Legal Database. The individual on whom the Notice was served refused to comply but it was decided not to proceed.


Yesterday the Security Service MI5, dutifully alerted us via email, that the Terrorism Threat Level had been reduced a notch from SEVERE to only SUBSTANTIAL

Current threat level

The current threat level is assessed as SUBSTANTIAL (as of 20th July 2009 - see threat level history for previous changes).

This means there is a high likelihood of future terrorist attacks and indicates a continuing high level of threat to the UK.

See The UK's threat level system for more information on what threat levels mean, who decides the level of threat and how the threat level system is used.

The Government continues to maintain a state of heightened readiness in response to the threat from international terrorism. It remains the Government's policy to issue warnings or advice if this ever became necessary to protect public safety in the event of a specific and credible terrorist threat.

Source and form of the threat

The threat of international terrorism comes from a diverse range of sources, including Al Qaida and associated networks, and those who share Al Qaida's ideology but do not have direct contact with them. A threat could manifest itself from a lone individual or group, rather than a larger network. Domestic terrorism related to Northern Ireland, principally from dissident Irish Republican and Loyalist terrorist groups, also remains a threat.

The terrorist threat can take a number of forms, as terrorists may use a variety of methods of attack to achieve their objectives. These may include explosive devices, firearms, missiles, kidnapping, infiltration and electronic attacks. See the Centre for the Protection of National Infrastructure (CPNI) (new window) website for practical advice on how to defend against these threats.

This page has been produced in consultation with the Joint Terrorism Analysis Centre (JTAC). It will be regularly reviewed and updated. Whilst every care has been taken in preparing this summary, the Security Service accepts no liability for any statement contained therein (see our Content Disclaimer).

What exactly is anyone doing now , which is any different from before ?

The general public is still being told to Obey and Report Anything Suspicious, as always..

MI5 and the terrorists are unlikely to be doing anything different from normal either.

Note the importance given to the Content Disclaimer !

MI5 Security Service senior management officials appear to be trying to cover themselves legally, from any blame (or lawsuits) arising from any failures on their part:

Security Advice disclaimer

The Security Service shall have no liability to any person for the accuracy or contents of the security advice published on this website. The Security Service assumes no responsibility to any person. No warranties are given. No liability is accepted for any inclusion or omission herefrom or the absence of any other information or matter. Furthermore, no liability or responsibility is accepted for any further advice given or omission to give further advice, prior to or subsequent to the advice published on this website.

The MI5 Security Service website now sports an RSS syndication feed for News and Updates, with little buttons to spread the News items to Digg, de.licio.us, Reddit and Stumbleupon

All very "Social Networking" aware, however the actual feed


does not include any mention of the change to the Terrorism Threat Level.

Pending the publication of the RIPA Commissioners' Annual Reports, which might possibly be online on Tuesday or Wednesday, we would like to remind journalists, broadcasters and bloggers etc. not to confuse the meaningless statistics on the number of Communications Data requests (hundreds of thousands ? How many Subscriber Details, how many Location Data request, how many full Communications Traffic Data history requests ?) , with the meaningless statistics about the number of electronic communications Interception Warrants and Certificates (a couple of thousand ?).

A single Warrant or Certificate supposedly signed personally (except when it isn't) by the Home Secretary or the Foreign Secretary, might authorise mass snooping on multiple targets, or on, all transatlantic cable traffic etc.

  • How many RIPA PArt III section 49 notices for cryptographic de-cryption keys or de-crypted plain text have there been in the last year ?

  • Will there be any more criticism of the lack of a legal basis for the vast Automatic Number Plate Recognition national database ?

  • Following the various Police fishing expeditions in Parliament against MPs and their constituents correspondence and emails, what about the Wilson Doctrine ?

Meanwhile, you might wish to read some detailed documents (in English), which describe how Lawful Interception of mobile phone and broadband internet communications is done in Switzerland.

Unlike the United Kingdom (which relies on potentially easily faked plaintext emails and callback telephone numbers) , the Swiss mandate the use of OpenPGP strong encryption and digital signing of emails, and of encrypted OpenVPN virtual private networks for handling their Lawful Intercept requests, authorisations and data.

Why can't we the British public, be absolutely sure that something like this, or better, is done as standard here in the UK ?

See the documents published by Die Wochenzeitung (WOZ) weekly newspaper:

The use of Strong Encryption is not, of itself, a magical panacea, but it should be the routine, normal, standard practice, for any professional, competent, trustworthy organisation with access to privacy or security sensitive data.

ParliamentProtest.org.uk blog - Constitutional Reform and Governance Bill - repeals SOCPA ss 132-138, but substitutes new enabling powers in a 250 metre Area around Parliament Square

The Labour Government has today published its long awaited

Constitutional Reform and Governance Bill

The Good News - the abhorrent and undemocratic requirement for Prior Written Authorisation by the Police and arbitrary Restrictions on small or spontaneous demonstrations, near Parliament seems to be on its way to being repealed.

Part 4

Public order

32 Demonstrations etc in the vicinity of Parliament

(1) Omit sections 132 to 138 of the Serious Organised Crime and Police Act 2005 (c. 15) (which regulate demonstrations in the vicinity of Parliament).

Hurray !!

However, do not get too excited because:

(2) Schedule 4 (which inserts new powers into Part 2 of the Public Order Act 1986 (c. 64) etc) has effect.

This amendment to the Public Order Act 1986 is even longer and just as complicated as the SOCPA legislation it replaces.

It does not spell out any of the details, as it is enabling legislation, allowing for the creation of arbitrary laws via Statutory Instrument Orders, which can only be accepted or rejected by Parliament, and not amended in any way.

The main difference seems to be the "area around Parliament", defined as no more than 250 metres in a straight line from the nearest point in Parliament Square, rather than the still current Designated Area of up to 1 kilometre (the current Designated Area does not extend as far as that in all directions).

Unlike the current Designated Area, this smaller Area around Parliament would exclude the front entrance of the Metropolitan Police HQ at New Scotland Yard to the west, the MI5 Security Service Thames House building to the south, extend only across Westminster Bridge but no further than the former Country Hall to the east, but would still cover most of Whitehall to the north, including the Whitehall and Horseguards Road entrances to Downing Street and the Whitehall entrance to the Ministry of Defence, if the full 250 metres is designated.


N.B. the existing Public Order Act 1986 already covers the 250 metres Area around the Parliament Square, so there must be something sneaky being planned for the Secondary Legislation Statutory Instrument Orders, which this Clause and Schedule would enable.

Satellite jammers in Iran ?

| | Comments (2)

Are these pictures of satellite jamming equipment on the top of the huge Milad Tower in Iran ? Or are they just mobile phone antennas ?

According to Tehran Bureau - Jamming devices ? (4 more detailed pictures)



From an Iranian source in the Middle East [unconfirmed] | "Satellite jamming devices (manufactured locally by Saberin Co., an IRGC company) installed on Milad Tower. "Now we know why Milad tower was constructed. The current jammers have capability of jamming satellites serving the Middle East, Turkey and Europe as we have seen during past few weeks."

IGRC = Army of the Guardians of the Islamic Revolution

The Labour Government, fearful of by-election results, public opinion polls, the media, the Opposition and some of its own backbenchers, has reduced the amount of time available for Parliamentary scrutiny and "Westminster Village" media interest, by sneakily and unnecessarily extending the Summer Recess from the end of business this Tuesday 21st July until Tuesday 13th October i.e. 3 months

Presumably there will be a splurge of Government announcements and media spin rushed out before Tuesday, which will attempt to divert attention from the Regulation of Invesigatory Powers ACt 2000 Commissioners' Annual Reports:

HC Deb, 16 July 2009, c77WS

Chief Surveillance Commissioner, Interception of Communications Commissioner and Intelligence Service

Prime Minister

Written answers and statements, 16 July 2009

Gordon Brown (Prime Minister, No Department; Kirkcaldy & Cowdenbeath, Labour)

I can announce to the House that I have arranged for the annual reports of the Chief Surveillance Commissioner, the right hon. Sir Christopher Rose, HC 704, the Interception of Communications Commissioner, the right hon. Sir Paul Kennedy, HC 901, and the Intelligence Services Commissioner, the right hon. Sir Peter Gibson, HC 902, to be laid before both Houses on Tuesday 21 July 2009.

This is the first time that publication of any of these RIPA Annual Reports has been pre-announced.

This will also be the first time that they have all been published on the same day.

N.B. these Reports are for the previous calendar year so they are already over six months out of date..

Given how short, and lacking in specific detail these reports usually are, they all should have been published in January.

Will the details of these Reports have been leaked and briefed to this weekend's newspapers, or will they have been successfully buried ?

The Regulation of Investigatory Powers Act 2000 (RIPA) established, for the first time in the UK, a comprehensive regulatory system to govern the use of a range of investigatory techniques, some of which had been used without any statutory regulations or safeguards for decades. RIPA set out clear parameters within which these techniques could be used, and established an independent oversight regime and an independent complaints tribunal.

This publication of heavily censored Annual reports, by RIPA Commissioners who have no budget and little inclination to independently investigate complaints by members of the public, should not be mistaken for proper transparency and democratic accountability.

The Home Office is now in the process of reviewing the statutory codes of practice on covert surveillance and property interference, and on covert human intelligence sources. It has recently completed a public consultation exercise on the revised codes of practice, and on all public authorities able to use certain techniques regulated in RIPA, the ranks at which those techniques can be authorised, and the purposes for which they can be used. The Government will shortly table statutory instruments giving Parliament the opportunity to debate a range of proposed revisions to the RIPA framework, following this consultation exercise.

Spy Blog has submitted some thoughts to the Home Office in response to the Public Consultation which closed on 10tth July.

N>B. There is still time to submit your responses to the other RIPA Consultation, which closes this coming Monday 20th July 2009:

Protecting the public in a changing communications environment

However, on past performance, this Government simply cannot be trusted to change their pre-set policies as a result of the responses they get from the public.

The previous official 12 week Public Consultation of RIPA Codes of Practice, back in 2006 was notable for the Statutory Instrument which was introduced halfway through the consultation period, and which came into legal force 3 days before the 12 week consultation period finished, making an utter mockery of the whole process.

This put into force the Government's favoured option on one of the Questions upon which the public was supposedly being consulted on (about about using Communications Traffic Data to identify dead or incapacitated people)


Remember that Statutory Instruments can, in theory be debated, but this is done on a "take it or leave it" basis, with no chance of making any amendments.

Backbench Members of the House of Commons have consistently failed to properly scrutinise the thousands of such Statutory Instruments, and they always get rubberstamped into law, even when their length and complexity exceeds that of many full Acts of Parliament.

I am grateful to Sir Christopher, Sir Paul and Sir Peter, and to their support staff, for their work on these reports.

How about some proper independent public scrutiny of the increasingly powerful "Database / Surveillance / Snooper / Nanny" State which has been inflicted on us, with proper resources to investigate complaints from the public, able to punish abuses by petty public officials or by private companies and to veto policy disasters in the making by senior officials and Ministers ?

Reading the

National Policing Improvement Agency annual report and accounts 2008-09

we were reminded of our previous Spy Blog article:

Police Receive £50 Million For 10,000 Hand Held Computers i.e. £5,000 each - are they gold plated ?


During 2008, the Home Office allocated £80 million of funding over the next three years to support the delivery of handheld computers to frontline police officers. The funding was provided to increase the number of devices used by officers to 30,000 by March 2010.

The roll-out, managed by the NPIA has already exceeded its first milestone to have 10,000 devices in force by September 2008, and the second phase of roll-out is well
underway. All forces in England, Scotland and Wales have now received a portion of the funding.


So £50 million has now magically become £80 million !


Table 2: Summary of other protected personal data related incidents
in 2008/09

Incidents deemed by the Data Controller not to fall within the criteria for report to the Information Commissioner's Office but recorded centrally within the Department are set out in the table below. Small, localised incidents are not recorded centrally and are not cited in these figures.

Category Nature of incident Total

I Loss of inadequately protected electronic equipment, devices or paper documents from secured Government premises - 0 (nil)

II Loss of inadequately protected electronic equipment, devices or paper documents from outside secured Government premises - 4 (four)

III Insecure disposal of inadequately protected electronic equipment, devices or paper documents - 0 (nil)

IV Unauthorised disclosure - 1 (one)

V Other - 0 (nil)

N.B. the carefully worded "inadequately protected devices or paper documents"

How many of the 10,000 portable devices which NPIA have issued have been lost or stolen ?

It is hard to believe that none of them at all have gone missing.

These may or may not prove to be "adequately protected"

Some other points of interest in the report:

The BBC have emailed to suggest that this forthcoming radio programme might be of interest to Spy Blog readers, especially with the recent announcement of the appointment of Sir John Sawers as the incoming Chief of the Secret Intelligence Service, and the Centenary of "the decision made by the Committee for Imperial Defence in 1909 to create a Secret Service Bureau." (which later spawned both MI5 the Security Service and MI6 the Secret Intelligence Service):

Title: MI6: A Century in the Shadows
Channel: BBC Radio 4
Broadcast date: Monday July 27th 2009
Broadcast time: 9am

It seems that there will be "three episodes in total (one each week)."

An unprecedented look inside Britain's Secret Intelligence Service, which marks its centenary this year. BBC security correspondent Gordon Corera talks to senior intelligence officers, agents and diplomats as well as their former arch enemies about the shadowy world of espionage.

They have a "voice fragments" video clip on YouTube, with a helicopter flyby circling around the MI6 Secret Intelligence Service headquarters building at Vauxhall Cross

Click on the image above to go to the YouTube preview video clip link, which has deliberately not been embedded in this web page, in order to preserve the privacy of Spy Blog visitors, who would otherwise appear in YouTube's web server log files, regardless of whether they were interested in this video clip or not.

The Register reports:

Met warns officers off photographers

The return of copper plate photography?

By John Oates
Posted in Policing, 9th July 2009 12:59 GMT

The Metropolitan Police has issued guidance to its officers to remind them that using a camera in public is not in itself a terrorist offence


However, the actual Metropolitan Police Service Photography advice web page is not a comprehensive guide to the relevant legislation and legal powers, for an amateur or professional photographer and for the Police Constables and Police Community Support Officers (PCSO) who are meant to enforce them fairly and proportionately.

The web page mentions the Terrorism Act 2000 section 43 (stop and search with "reasonable suspicion") , section 44 (stop and search without reasonable suspicion) and section 58A (eliciting, publishing or communicating information about current or former members of the armed forces, intelligence services or police constables , but not PCSOs etc.)

It sheds no light on where exactly the controversial Terrorism Act 2000 section 44 powers are actually in force, According to the Statute, they are supposed to be temporary,and strictly limited to a specific location and for a limited duration, not general purpose police powers available all everywhere, at all times.

However the Home office is still trying to keep the extent of the use of these powers secret from the public, thereby ruining any deterrent effect, and simply increasing the fear , mistrust and hatred of the Police - see the progress of the Spy Blog Freedom of Information Act request on this topic:

ICO serves an Information Notice on the Home Office re our complaint about the Terrorism Act 2000 s44 stop and search Authorisations

The Met Police Advice on Photography web page also omits mention of the Official Secrets Act 1911 Prohibited Places, which no longer applies to some buildings which it used to, before Gordon Brown;'s failed Public / Private Finance Initiatives tax dofge schemes.Former Government owned office buildings, including the Ministry of Defence and the HM Treasury buildings in Whitehall, and the Home Office now in Marsham Street, and the Ministry of Justice (in the redeveloped former Home Office buildings in St Anne's Gate /Petty France) are now owned by property companies based in foreign tax havens, which lease the poperties back to the Government. As such these buildings are no longer automatically "Prohibited Places" under the OSA 1911 , like they used to be, by virtue of ownership by the Crown, and they have not been specifically designated by a Secretary of State as being so.

However, there are Prohibited Places, where it is a non-arrestible criminal offence (prosecution of which still requires the permission of the Attorney General) to make make "models, plans, sketches" etc, including photographs, in the vicinity of, typically military bases which are stillowned by the Crown. Later legislation also designates any Licensed Nuclear Site i.e. nuclear power stations, research laboratories and re-processing plants etc, and any "aerodrome" owned by the Civil Aviation Authority i.e. Heathrow Airport etc.

See Current Prohibited Places under the Official Secrets Act 1911

None of these Prohibited Places actually ban photography by the public for innocent, non-espionage purposes, but the burden of proof seems to shift to the photographer having to prove his innocence.

What is also needed is a similar statement from the notorious British Transport Police, who, disproportionately, conduct even more unnecessary and counterproductive Terrorism Act 2000 section 44 stop and searches than the Met Police do.

There is plenty of evidence that some Police forces seem to be trying to cover up their obnoxious policy of racial profiling, by indulging in even more stupid racial profiling to "balance the figures" on section 44 stops and searches etc. - see the Report on the Operation in 2008 of the Terrorism Act 2000 and of part 1 of the Terrorism Act 2006 by Lord Carlile

In London, there are by-laws against commercial photography and filing, without prior permission (and payment of fees) in areas such as Trafalgar Square or Parliament Square, and on the whole of the London Underground railway Tube network.

Remember that Private Security Guards or even Police Community Support Officers acting on their own without a real , sworn, Police Constable in Uniform physically present, cannot exercise any of these powers, no matter how many yellow or orange high visibility vests or "official" Security Industry Authority photo id badges they sport.

See also the previous Spy Blog article: NPIA Practice Advice on Stop and Search in relation to Terrorism and on the War on Photographers

According to a Written Answer by the Home Office Minister Admiral Lord West of Spithead, the controversial "If you suspect it, report " terrorism propaganda campaign, involving posters and some local newspaper and local radio advertising, launched in March 2009, has cost at least £1.7 million, and the "anti-terrorist hotline" costs about £120,000 a year to run.

Spy Blog: Metropolitan Police terrorism fear Propaganda Poster lies about bombs, reconnaissance and CCTV cameras - updated 25th March 2009

This campaign includes this false and misleading poster, which claims a non existent link between public CCTV and protection against terrorist bombs:

"A bomb won't go off here because weeks before a shopper reported someone studying the CCTV cameras"


In answer to a Question by Baroness Neville-Jones (Shadow Security Minister, Home Affairs; Conservative):

9 July 2009 : Column WA176

Lord West of Spithead (Parliamentary Under-Secretary (Security and Counter-terrorism), Home Office; Labour)

The confidential anti-terrorist hotline is administered by the Metropolitan Police Service. The hotline receives, on average, 243 calls per month.

In March 2009, the Association of Chief Police Officers (ACPO) launched a national media campaign to raise counterterrorism awareness. The anti-terrorist hotline received more than 1,800 calls in March 2009 and more than 1,100 in April 2009.

The anti-terrorist hotline is a 24-hour facility for members of the public to volunteer information to specially-trained police officers, in confidence, regarding any activity which they suspect to be terrorism-related.

The police service considers the anti-terrorist hotline to be a valuable means for the public to volunteer information in confidence. It is assessed that more than 80 per cent of calls received by the hotline contain information relevant to terrorist activity.

It is estimated that the anti-terrorist hotline costs approximately £120,000 to run each year.


Incredibly, this Written Answer about the "Anti-Terrorism Hotline", does not bother to mention the actual telephone number ! i.e. 0800 789 321

"on average, 243 calls per month" equates to about 2900 calls a year or about £40 per call.

The "more than 1,800 calls in March 2009 and more than 1,100 in April 2009" following the ACPO poster, local press and local radio advertising campaign, has, presumably, now tailed off to below the "on average, 243 calls per month" figure, which must include the effect of the advertising campaign stimulated peaks.

If you bother to hunt around on the Metropolitan Police Service website, there is a "If you suspect it, report it" web page which gives further details about the "Anti-Terrorist Hotline", but none of the Climate of Fear propaganda posters or adverts bother to give details of how to find this web page.

This creepy and disproportionate web page tries to throw suspicion of involvement in terrorism on anyone who uses a "Van, Passport, Mobile Phone, Camera, Chemicals, Masks and Goggles, Credit Card, Computer, Suitcase or Padlock" i.e. the vast majority of millions of innocent people !

There is now, after many years without one, a confidential online form, which does make use of the standard SSL / TLS session strong encryption, built in to your web browser software to protect the confidentiality of your e-commerce credit card etc.online transactions.

N.B. Reminder to the MPS: your Digital Certificate expires later this month on the 24th July 2009, do remember to get a new one ordered and installed before then.

However, "text messages from mobiles are not accepted", which is an utterly stupid policy. What are they worried about ? SMS text messages are no more difficult to trace than mobile phone calls.

There is also no no Web Form or Mobile Phone Multi Media Message Service facility for uploading digital images or video clips taken by members of the public on their digital cameras or mobile phone cameras of "suspicious" people, locations or objects.

It is inconceivable that in the aftermath of the next major terrorist attack in the UK, there will not be an appeal to the public to send in such digital images and video clips of "anything suspicious".

Why waste crucial time in the minutes and hours immediately after such an attack, by hurriedly setting up an untested web upload form or an SMS / MMS capable mobile phone number, and then trying to publicise it. ?

This facility should already be in place, after having been properly specified and stress tested to cope with the huge surge in demand which will follow a major incident.

Adding such a secure web form and SMS/ MMS digital image / video clip upload facility would cost only a few hundred pounds, and even allowing for several thousand pounds for extra secure, resilient infrastructure, testing and training, this will still only cost a fraction of the the £1.7 million pounds wasted on the counter productive, insulting and widely ridiculed advertising campaign.

See BoingBoing: Remixes of the paranoid London police "anti-terror"/suspect your neighbours posters.

Reminder: Home Office RIPA CoP Con closes today


There is still time to send in your response (via email) to the Home Office Public Consultation on the

Regulation of Investigatory Powers Act 2000: Consolidating orders and codes of practice

which closes officially today, Friday 10th July 2009.

Ignore the attempt to only focus on the official Questions, and feel free to tell the Home Office your positive suggestions about, and constructive criticisms of, the current mess of Regulations.

N.B.There is another current Home Office Public Consultation:

Protecting the Public in a Changing Communications Environment

which closes on July 20th:

See Spy Blog:

Communications Data public "consultation" with only one permitted option

The Mail on Sunday has another exclusive story about an aspect of data privacy and security, which are two ides of the same coin:

MI6 chief blows his cover as wife's Facebook account reveals family holidays, showbiz friends and links to David Irving

By Jason Lewis
Last updated at 11:43 AM on 05th July 2009

The new head of MI6 has been left exposed by a major personal security breach after his wife published intimate photographs and family details on the Facebook website.

Sir John Sawers is due to take over as chief of the Secret Intelligence Service in November, putting him in charge of all Britain's spying operations abroad.

But his wife's entries on the social networking site have exposed potentially compromising details about where they live and work, who their friends are and where they spend their holidays.

Amazingly, she had put virtually no privacy protection on her account, making it visible to any of the site's 200million users who chose to be in the open-access 'London' network - regardless of where in the world they actually were.

There are fears that the hugely embarrassing blunder may have compromised the safety of Sir John's family and friends.


Spy Blog does not often find itself in agreement with the creepy authoritarian NuLabour Foreign Secretary David Miliband, but his comments via the BBC are, at one level true:

But Foreign Secretary David Miliband told the BBC's Andrew Marr programme: "Are you leading the news with that? The fact that there's a picture that the head of the MI6 goes swimming - wow, that really is exciting.

"It is not a state secret that he wears Speedo swimming trunks, for goodness sake let's grow up.

UPDATE - The BBC did Miliband yet another favour by making this quotation seem more coherent and pithy than it actually was in the video clip.

This Sir John Sawers affair is reminiscent of the similar one about Alex Allan, Chairman of the Joint intelligence Committee when he was appointed back in November 2007

Alex Allan is now Chairman of the Joint Intelligence Committee - his home address, phone and mobile phone number are...

Is there nobody in Whitehall who bothers to check the world wide web for such personal details before a new senior appointment is made ?

Apart from the location details of the London flat, was there really anything sensitive from a security point of view ? Photos of his family and friends are inevitable, as he has been in the public eye as a very senior diplomat.

Since he is currently still the UK's representative on the UN Security Council, and is living in New York, he would anyway probably be looking to move to a larger house or flat in London by November, when he takes up his post as Chief of the Secret Intelligence Service.

If one were to be very cynical, one might suspect that by allowing your personal details to be revealed by members of your family via the web, it means that once you are appointed to a "sensitive" official position, you can then get the Government to foot the bill for a new house or apartment for "security" reasons.

This Mail on Sunday story does, however, raise the same questions which we asked about their previous story about Assistant Commissioner Bob Quick / private hire cars business story back in December 2008:

For how much longer will the UK media and bloggers be able to freely investigate stories like the Bob Quick anti-terrorist policeman / family wedding cars business story ?

Were the Mail on Sunday or Facebook threatened by the Foreign Office or by MI6 etc. with the new

58A Eliciting, publishing or communicating information about members of armed forces etc

(1) A person commits an offence who--

(a) elicits or attempts to elicit information about an individual who is or has been--

(i) a member of Her Majesty's forces,

(ii) a member of any of the intelligence services, or

(iii) a constable,

which is of a kind likely to be useful to a person committing or preparing an act of terrorism, or

(b) publishes or communicates any such information.

which is now fully in force ?

UPDATE 8th July 2009:

Former UK Ambassador Charles Crawford rightly and helpfully points out various misspellings of Sir John Sawers' name on this website - apologies to Sir John and his friends- hopefully these have now all been corrected.

Charles Crawford has also written some more personal recollections of his friend and diplomatic colleague on his blogoir blog: Sir John Sawers: On The Up

Spy Blog shares the sentiments and analysis published by Longrider in: Well, That Didn't Take Long...

This deconstructs the Labour Home Secretary Alan Johnson's appalling article in The Guardian We need identity cards, and soon.

The claim that "Identity fraud" somehow costs the UK economy "£1.2 billion a year" is a simple, barefaced lie.

How have the Home Office / Labour politicians manged to fiddle their misleading "identity fraud" figures, by £500 million a year, since they last tried the same propaganda trick back in 2006 ?

See these Spy Blog articles:

If this is a genuine drop in "identity fraud", which it is not, then it has been achieved without the National Identity Register centralised compulsorily national biometric database and without the use of any, as yet nonexistent ID Cards.

About this blog

This United Kingdom based blog attempts to draw public attention to, and comments on, some of the current trends in ever cheaper and more widespread surveillance technology being deployed to satisfy the rapacious demand by state and corporate bureaucracies and criminals for your private details, and the technological ignorance of our politicians and civil servants who frame our legal systems.

The hope is that you the readers, will help to insist that strong safeguards for the privacy of the individual are implemented, especially in these times of increased alert over possible terrorist or criminal activity. If the systems which should help to protect us can be easily abused to supress our freedoms, then the terrorists will have won.

We know that there are decent, honest, trustworthy individual politicians, civil servants, law enforcement, intelligence agency personnel and broadcast, print and internet journalists etc., who often feel powerless or trapped in the system. They need the assistance of external, detailed, informed, public scrutiny to help them to resist deliberate or unthinking policies, which erode our freedoms and liberties.

Email & PGP Contact

Please feel free to email your views about this blog, or news about the issues it tries to comment on.


Our PGP public encryption key is available for those correspondents who wish to send us news or information in confidence, and also for those of you who value your privacy, even if you have got nothing to hide.

We offer this verifiable GPG / PGP public key (the ID is available on several keyservers, twitter etc.) as one possible method to establish initial contact with whistleblowers and other confidential sources, if it suits their Threat Model or Risk Appetite, but will then try to establish other secure, anonymous communications channels e.g. encrypted Signal Messenger via burner devices,or face to face meetings, postal mail or dead drops etc. as appropriate.

Current PGP Key ID: 0x1DBD6A9F0FACAD30 which will expire on 29th August 2021.

You can download a free copy of the PGP encryption software from www.pgpi.org
(available for most of the common computer operating systems, and also in various Open Source versions like GPG)

We look forward to the day when UK Government Legislation, Press Releases and Emails etc. are Digitally Signed so that we can be assured that they are not fakes. Trusting that the digitally signed content makes any sense, is another matter entirely.

Hints and Tips for Whistleblowers and Political Dissidents

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)


Watching Them, Watching Us

London 2600

Our UK Freedom of Information Act request tracking blog

WikiLeak.org - ethical and technical discussion about the WikiLeaks.org project for anonymous mass leaking of documents etc.

Privacy and Security

Privacy International
United Kingdom Privacy Profile (2011)

Cryptome - censored or leaked government documents etc.

Identity Project report by the London School of Economics
Surveillance & Society the fully peer-reviewed transdisciplinary online surveillance studies journal

Statewatch - monitoring the state and civil liberties in the European Union

The Policy Laundering Project - attempts by Governments to pretend their repressive surveillance systems, have to be introduced to comply with international agreements, which they themselves have pushed for in the first place

International Campaign Against Mass Surveillance

ARCH Action Rights for Children in Education - worried about the planned Children's Bill Database, Connexions Card, fingerprinting of children, CCTV spy cameras in schools etc.

Foundation for Information Policy Research
UK Crypto - UK Cryptography Policy Discussion Group email list

Technical Advisory Board on internet and telecomms interception under RIPA

European Digital Rights

Open Rights Group - a UK version of the Electronic Frontier Foundation, a clearinghouse to raise digital rights and civil liberties issues with the media and to influence Governments.

Digital Rights Ireland - legal case against mandatory EU Comms Data Retention etc.

Blindside - "What’s going to go wrong in our e-enabled world? " blog and wiki and Quarterly Report will supposedly be read by the Cabinet Office Central Sponsor for Information Assurance. Whether the rest of the Government bureaucracy and the Politicians actually listen to the CSIA, is another matter.

Biometrics in schools - 'A concerned parent who doesn't want her children to live in "1984" type society.'

Human Rights

Liberty Human Rights campaigners

British Institute of Human Rights
Amnesty International

Prevent Genocide International

asboconcern - campaign for reform of Anti-Social Behavior Orders

Front Line Defenders - Irish charity - Defenders of Human Rights Defenders

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

Reporters without Borders internet section - news of internet related censorship and repression of journalists, bloggers and dissidents etc.

Judicial Links

British and Irish Legal Information Institute - publishes the full text of major case Judgments

Her Majesty's Courts Service - publishes forthcoming High Court etc. cases (but only in the next few days !)

House of Lords - The Law Lords are currently the supreme court in the UK - will be moved to the new Supreme Court in October 2009.

Information Tribunal - deals with appeals under FOIA, DPA both for and against the Information Commissioner

Investigatory Powers Tribunal - deals with complaints about interception and snooping under RIPA - has almost never ruled in favour of a complainant.

Parliamentary Opposition

The incompetent yet authoritarian Labour party have not apologised for their time in Government. They are still not providing any proper Opposition to the current Conservative - Liberal Democrat coalition government, on any freedom or civil liberties or privacy or surveillance issues.

UK Government

Home Office - "Not fit for purpose. It is inadequate in terms of its scope, it is inadequate in terms of its information technology, leadership, management systems and processes" - Home Secretary John Reid. 23rd May 2006. Not quite the fount of all evil legislation in the UK, but close.

No. 10 Downing Street Prime Minister's Official Spindoctors

Public Bills before Parliament

United Kingdom Parliament
Home Affairs Committee of the House of Commons.

House of Commons "Question Book"

UK Statute Law Database - is the official revised edition of the primary legislation of the United Kingdom made available online, but it is not yet up to date.

FaxYourMP - identify and then fax your Member of Parliament
WriteToThem - identify and then contact your Local Councillors, members of devolved assemblies, Member of Parliament, Members of the European Parliament etc.
They Work For You - House of Commons Hansard made more accessible ? UK Members of the European Parliament

Read The Bills Act - USA proposal to force politicians to actually read the legislation that they are voting for, something which is badly needed in the UK Parliament.

Bichard Inquiry delving into criminal records and "soft intelligence" policies highlighted by the Soham murders. (taken offline by the Home Office)

ACPO - Association of Chief Police Officers - England, Wales and Northern Ireland
ACPOS Association of Chief Police Officers in Scotland

Online Media

Boing Boing

Need To Know [now defunct]

The Register

NewsNow Encryption and Security aggregate news feed
KableNet - UK Government IT project news
PublicTechnology.net - UK eGovernment and public sector IT news
eGov Monitor

Ideal Government - debate about UK eGovernment

NIR and ID cards

Stand - email and fax campaign on ID Cards etc. [Now defunct]. The people who supported stand.org.uk have gone on to set up other online tools like WriteToThem.com. The Government's contemptuous dismissal of over 5,000 individual responses via the stand.org website to the Home Office public consultation on Entitlement Cards is one of the factors which later led directly to the formation of the the NO2ID Campaign who have been marshalling cross party opposition to Labour's dreadful National Identity Register compulsory centralised national biometric database and ID Card plans, at the expense of simpler, cheaper, less repressive, more effective, nore secure and more privacy friendly alternative identity schemes.

NO2ID - opposition to the Home Office's Compulsory Biometric ID Card
NO2ID bulletin board discussion forum

Home Office Identity Cards website
No compulsory national Identity Cards (ID Cards) BBC iCan campaign site
UK ID Cards blog
NO2ID press clippings blog
CASNIC - Campaign to STOP the National Identity Card.
Defy-ID active meetings and protests in Glasgow
www.idcards-uk.info - New Alliance's ID Cards page
irefuse.org - total rejection of any UK ID Card

International Civil Aviation Organisation - Machine Readable Travel Documents standards for Biometric Passports etc.
Anti National ID Japan - controversial and insecure Jukinet National ID registry in Japan
UK Biometrics Working Group run by CESG/GCHQ experts etc. the UK Government on Biometrics issues feasability
Citizen Information Project feasability study population register plans by the Treasury and Office of National Statistics

CommentOnThis.com - comments and links to each paragraph of the Home Office's "Strategic Action Plan for the National Identity Scheme".

De-Materialised ID - "The voluntary alternative to material ID cards, A Proposal by David Moss of Business Consultancy Services Ltd (BCSL)" - well researched analysis of the current Home Office scheme, and a potentially viable alternative.

Surveillance Infrastructures

National Roads Telecommunications Services project - infrastruture for various mass surveillance systems, CCTV, ANPR, PMMR imaging etc.

CameraWatch - independent UK CCTV industry lobby group - like us, they also want more regulation of CCTV surveillance systems.

Every Step You Take a documentary about CCTV surveillance in the Uk by Austrian film maker Nino Leitner.

Transport for London an attempt at a technological panopticon - London Congestion Charge, London Low-Emission Zone, Automatic Number Plate Recognition cameras, tens of thousands of CCTV cameras on buses, thousands of CCTV cameras on London Underground, realtime road traffic CCTV, Iyster smart cards - all handed over to the Metropolitan Police for "national security" purposes, in real time, in bulk, without any public accountibility, for secret data mining, exempt from even the usual weak protections of the Data Protection Act 1998.

RFID Links

RFID tag privacy concerns - our own original article updated with photos

NoTags - campaign against individual item RFID tags
Position Statement on the Use of RFID on Consumer Products has been endorsed by a large number of privacy and human rights organisations.
RFID Privacy Happenings at MIT
Surpriv: RFID Surveillance and Privacy
RFID Scanner blog
RFID Gazette
The Sorting Door Project

RFIDBuzz.com blog - where we sometimes crosspost RFID articles

Genetic Links

DNA Profiles - analysis by Paul Nutteing
GeneWatch UK monitors genetic privacy and other issues
Postnote February 2006 Number 258 - National DNA Database (.pdf) - Parliamentary Office of Science and Technology

The National DNA Database Annual Report 2004/5 (.pdf) - published by the NDNAD Board and ACPO.

Eeclaim Your DNA from Britain's National DNA Database - model letters and advice on how to have your DNA samples and profiles removed from the National DNA Database,in spite of all of the nureacratic obstacles which try to prevent this, even if you are innocent.

Miscellanous Links

Michael Field - Pacific Island news - no longer a paradise
freetotravel.org - John Gilmore versus USA internal flight passports and passenger profiling etc.

The BUPA Seven - whistleblowers badly let down by the system.

Tax Credit Overpayment - the near suicidal despair inflicted on poor, vulnerable people by the then Chancellor Gordon Brown's disasterous Inland Revenue IT system.

Fassit UK - resources and help for those abused by the Social Services Childrens Care bureaucracy

Former Spies

MI6 v Tomlinson - Richard Tomlinson - still being harassed by his former employer MI6

Martin Ingram, Welcome To The Dark Side - former British Army Intelligence operative in Northern Ireland.

Operation Billiards - Mitrokhin or Oshchenko ? Michael John Smith - seeking to overturn his Official Secrets Act conviction in the GEC case.

The Dirty Secrets of MI5 & MI6 - Tony Holland, Michael John Smith and John Symond - stories and chronologies.

Naked Spygirl - Olivia Frank

Blog Links

e-nsecure.net blog - Comments on IT security and Privacy or the lack thereof.
Rat's Blog -The Reverend Rat writes about London street life and technology
Duncan Drury - wired adventures in Tanzania & London
Dr. K's blog - Hacker, Author, Musician, Philosopher

David Mery - falsely arrested on the London Tube - you could be next.

James Hammerton
White Rose - a thorn in the side of Big Brother
Big Blunkett
Into The Machine - formerly "David Blunkett is an Arse" by Charlie Williams and Scribe
infinite ideas machine - Phil Booth
Louise Ferguson - City of Bits
Chris Lightfoot
Oblomovka - Danny O'Brien

Liberty Central

dropsafe - Alec Muffett
The Identity Corner - Stefan Brands
Kim Cameron - Microsoft's Identity Architect
Schneier on Security - Bruce Schneier
Politics of Privacy Blog - Andreas Busch
solarider blog

Richard Allan - former Liberal Democrat MP for Sheffield Hallam
Boris Johnson Conservative MP for Henley
Craig Murray - former UK Ambassador to Uzbekistan, "outsourced torture" whistleblower

Howard Rheingold - SmartMobs
Global Guerrillas - John Robb
Roland Piquepaille's Technology Trends

Vmyths - debunking computer security hype

Nick Leaton - Random Ramblings
The Periscope - Companion weblog to Euro-correspondent.com journalist network.
The Practical Nomad Blog Edward Hasbrouck on Privacy and Travel
Policeman's Blog
World Weary Detective

Martin Stabe
B2fxxx - Ray Corrigan
Matt Sellers
Grits for Breakfast - Scott Henson in Texas
The Green Ribbon - Tom Griffin
Guido Fawkes blog - Parliamentary plots, rumours and conspiracy.
The Last Ditch - Tom Paine
The (e)State of Tim - Tim Hicks
Ilkley Against CCTV
Tim Worstall
Bill's Comment Page - Bill Cameron
The Society of Qualified Archivists
The Streeb-Greebling Diaries - Bob Mottram

Your Right To Know - Heather Brooke - Freedom off Information campaigning journalist

Ministry of Truth _ Unity's V for Vendetta styled blog.

Bloggerheads - Tim Ireland

W. David Stephenson blogs on homeland security et al.
EUrophobia - Nosemonkey

Blogzilla - Ian Brown

BlairWatch - Chronicling the demise of the New Labour Project

dreamfish - Robert Longstaff

Informaticopia - Rod Ward


The Musings of Harry

Chicken Yoghurt - Justin McKeating

The Red Tape Chronicles - Bob Sullivan MSNBC

Campaign Against the Legislative and Regulatory Reform Bill

Stop the Legislative and Regulatory Reform Bill

Rob Wilton's esoterica

panGloss - Innovation, Technology and the Law

Arch Rights - Action on Rights for Children blog

Database Masterclass - frequently asked questions and answers about the several centralised national databases of children in the UK.


Moving On

Steve Moxon blog - former Home Office whistleblower and author.

Al-Muhajabah's Sundries - anglophile blog

Architectures of Control in Design - Dan Lockton

rabenhorst - Kai Billen (mostly in German)

Nearly Perfect Privacy - Tiffany and Morpheus

Iain Dale's Diary - a popular Conservative political blog

Brit Watch - Public Surveillance in the UK - Web - Email - Databases - CCTV - Telephony - RFID - Banking - DNA


MySecured.com - smart mobile phone forensics, information security, computer security and digital forensics by a couple of Australian researchers

Ralph Bendrath

Financial Cryptography - Ian Grigg et al.

UK Liberty - A blog on issues relating to liberty in the UK

Big Brother State - "a small act of resistance" to the "sustained and systematic attack on our personal freedom, privacy and legal system"

HosReport - "Crisis. Conspiraciones. Enigmas. Conflictos. Espionaje." - Carlos Eduardo Hos (in Spanish)

"Give 'em hell Pike!" - Frank Fisher

Corruption-free Anguilla - Good Governance and Corruption in Public Office Issues in the British Overseas Territory of Anguilla in the West Indies - Don Mitchell CBE QC

geeklawyer - intellectual property, civil liberties and the legal system

PJC Journal - I am not a number, I am a free Man - The Prisoner

Charlie's Diary - Charlie Stross

The Caucus House - blog of the Chicago International Model United Nations

Famous for 15 Megapixels

Postman Patel

The 4th Bomb: Tavistock Sq Daniel's 7:7 Revelations - Daniel Obachike

OurKingdom - part of OpenDemocracy - " will discuss Britain’s nations, institutions, constitution, administration, liberties, justice, peoples and media and their principles, identity and character"

Beau Bo D'Or blog by an increasingly famous digital political cartoonist.

Between Both Worlds - "Thoughts & Ideas that Reflect the Concerns of Our Conscious Evolution" - Kingsley Dennis

Bloggerheads: The Alisher Usmanov Affair - the rich Uzbek businessman and his shyster lawyers Schillings really made a huge counterproductive error in trying to censor the blogs of Tim Ireland, of all people.

Matt Wardman political blog analysis

Henry Porter on Liberty - a leading mainstream media commentator and opinion former who is doing more than most to help preserve our freedom and liberty.

HMRC is shite - "dedicated to the taxpayers of Britain, and the employees of the HMRC, who have to endure the monumental shambles that is Her Majesty's Revenue and Customs (HMRC)."

Head of Legal - Carl Gardner a former legal advisor to the Government

The Landed Underclass - Voice of the Banana Republic of Great Britain

Henrik Alexandersson - Swedish blogger threatened with censorship by the Försvarets Radioanstalt (FRA), the Swedish National Defence Radio Establishement, their equivalent of the UK GCHQ or the US NSA.

World's First Fascist Democracy - blog with link to a Google map - "This map is an attempt to take a UK wide, geographical view, of both the public and the personal effect of State sponsored fear and distrust as seen through the twisted technological lens of petty officials and would be bureaucrats nationwide."

Blogoir - Charles Crawford - former UK Ambassodor to Poland etc.

No CCTV - The Campaign against CCTV

Barcode Nation - keeping two eyes on the database state.

Lords of the Blog - group blog by half a dozen or so Peers sitting in the House of Lords.

notes from the ubiquitous surveillance society - blog by Dr. David Murakami Wood, editor of the online academic journal Surveillance and Society

Justin Wylie's political blog

Panopticon blog - by Timothy Pitt-Payne and Anya Proops. Timothy Pitt-Payne is probably the leading legal expert on the UK's Freedom of Information Act law, often appearing on behlaf of the Information Commissioner's Office at the Information Tribunal.

Armed and Dangerous - Sex, software, politics, and firearms. Life’s simple pleasures… - by Open Source Software advocate Eric S. Raymond.

Georgetown Security Law Brief - group blog by the Georgetown Law Center on National Security and the Law , at Georgtown University, Washington D.C, USA.

Big Brother Watch - well connected with the mainstream media, this is a campaign blog by the TaxPayersAlliance, which thankfully does not seem to have spawned Yet Another Campaign Organisation as many Civil Liberties groups had feared.

Spy on Moseley - "Sparkbrook, Springfield, Washwood Heath and Bordesley Green. An MI5 Intelligence-gathering operation to spy on Muslim communities in Birmingham is taking liberties in every sense" - about 150 ANPR CCTV cameras funded by Home Office via the secretive Terrorism and Allied Matters (TAM) section of ACPO.

FitWatch blog - keeps an eye on the activities of some of the controversial Police Forward Intelligence Teams, who supposedly only target "known troublemakers" for photo and video surveillance, at otherwise legal, peaceful protests and demonstrations.

Other Links

Spam Huntress - The Norwegian Spam Huntress - Ann Elisabeth

Fuel Crisis Blog - Petrol over £1 per litre ! Protest !
Mayor of London Blog
London Olympics 2012 - NO !!!!

Cool Britannia


Free Gary McKinnon - UK citizen facing extradition to the USA for "hacking" over 90 US Military computer systems.

Parliament Protest - information and discussion on peaceful resistance to the arbitrary curtailment of freedom of assembly and freedom of speech, in the excessive Serious Organised Crime and Police Act 2005 Designated Area around Parliament Square in London.

Brian Burnell's British / US nuclear weapons history at http://nuclear-weapons.info

Syndicate this site (XML):

Follow Spy Blog on Twitter

For those of you who find it convenient, there is now a Twitter feed to alert you to new Spy Blog postings.


Please bear in mind the many recent, serious security vulnerabilities which have compromised the Twitter infrastructure and many user accounts, and Twitter's inevitable plans to make money out of you somehow, probably by selling your Communications Traffic Data to commercial and government interests.

https://twitter.com/SpyBlog (same window)

Recent Comments

  • wtwu: NetIDMe seems to be in process of being wound up read more
  • wtwu: The House of Lords have approved the Regulations, without a read more
  • wtwu: Data Retention and Investigatory Powers Bill Government Note on the read more
  • wtwu: The former Customs Officer and the others involved in dealing read more
  • wtwu: BBC reports the password was $ur4ht4ub4h8 http://www.bbc.co.uk/news/uk-25745989 When Hussain was read more
  • wtwu: "only" an extra 4 months in prison for failing to read more
  • wtwu: Although not confirmed as part of the Wilson Doctrine per read more
  • wtwu: For now (just before Christmas 2013) it appears that the read more
  • wtwu: As expected, the ISC did not give the intelligence agency read more
  • wtwu: N.B. the Intelligence & Security Committee is now legally consituted read more


Monthly Archives

August 2020

Sun Mon Tue Wed Thu Fri Sat
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          

UK Legislation

The United Kingdom suffers from tens of thousands of pages of complicated criminal laws, and thousands of new, often unenforceable criminal offences, which have been created as a "Pretend to be Seen to Be Doing Something" response to tabloid media hype and hysteria, and political social engineering dogmas. These overbroad, catch-all laws, which remove the scope for any judicial appeals process, have been rubber stamped, often without being read, let alone properly understood, by Members of Parliament.

The text of many of these Acts of Parliament are now online, but it is still too difficult for most people, including the police and criminal justice system, to work out the cumulative effect of all the amendments, even for the most serious offences involving national security or terrorism or serious crime.

Many MPs do not seem to bother to even to actually read the details of the legislation which they vote to inflict on us.

UK Legislation Links

UK Statute Law Database - is the official revised edition of the primary legislation of the United Kingdom made available online, but it is not yet up to date.

UK Commissioners

UK Commissioners some of whom are meant to protect your privacy and investigate abuses by the bureaucrats.

UK Intelligence Agencies

Intelligence and Security Committee - the supposedly independent Parliamentary watchdog which issues an annual, heavily censored Report every year or so. Currently chaired by the Conservative Sir Malcolm Rifkind. Why should either the intelligence agencies or the public trust this committee, when the untrustworthy ex-Labour Minister Hazel Blears is a member ?

Anti-terrorism hotline - links removed in protest at the Climate of Fear propaganda posters

MI5 Security Service
MI5 Security Service - links to encrypted reporting form removed in protest at the Climate of Fear propaganda posters

syf_logo_120.gif Secure Your Ferliliser logo
Secure Your Fertiliser - advice on ammonium nitrate and urea fertiliser security

cpni_logo_150.gif Centre for the Protection of National Infrastructure
Centre for the Protection of National Infrastructure - "CPNI provides expert advice to the critical national infrastructure on physical, personnel and information security, to protect against terrorism and other threats."

SIS MI6 careers_logo_sis.gif
Secret Intelligence Service (MI6) recruitment.

Government Communications Headquarters GCHQ

National Crime Agency - the replacement for the Serious Organised Crime Agency

Defence Advisory (DA) Notice system - voluntary self censorship by the established UK press and broadcast media regarding defence and intelligence topics via the Defence, Press and Broadcasting Advisory Committee.

Foreign Spies / Intelliegence Agencies in the UK

It is not just the UK government which tries to snoop on British companies, organisations and individuals, the rest of the world is constantly trying to do the same, regardless of the mixed efforts of our own UK Intelligence Agencies who are paid to supposedly protect us from them.

For no good reason, the Foreign and Commonwealth Office only keeps the current version of the London Diplomatic List of accredited Diplomats (including some Foreign Intelligence Agency operatives) online.

Presumably every mainstream media organisation, intelligence agency, serious organised crime or terrorist gang keeps historical copies, so here are some older versions of the London Diplomatic List, for the benefit of web search engine queries, for those people who do not want their visits to appear in the FCO web server logfiles or those whose censored internet feeds block access to UK Government websites.

Campaign Button Links

Watching Them, Watching Us - UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond
Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution - Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

Amnesty International's irrepressible.info campaign

BlogSafer - wiki with multilingual guides to anonymous blogging

NGO in a box - Security Edition privacy and security software tools

Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

Icelanders are NOT terrorists ! - despite Gordon Brown and Alistair Darling's use of anti-terrorism legislation to seize the assets of Icelandic banks.

No CCTV - The Campaign Against CCTV


I'm a Photographer Not a Terrorist !


Power 2010 cross party, political reform campaign


Cracking the Black Box - "aims to expose technology that is being used in inappropriate ways. We hope to bring together the insights of experts and whistleblowers to shine a light into the dark recesses of systems that are responsible for causing many of the privacy problems faced by millions of people."


Open Rights Group - Petition against the renewal of the Interception Modernisation Programme


WhistleblowersUK.org - Fighting for justice for whistleblowers