Data Loss: Bob Quick Follow Up

Following on from the story of Bob Quick accidentally revealing information, it seems that the “immediate” and very “real” threat of terrorists was not quite as immediate, or real, as originally stated.

With the raids, some of which did not even require firearms officers, producing the square root of nothing (not the first time crazed terrorists have been found to be regular people), with all those arrested being released without charge

So, the net result is that a well regarded, long serving officer, was forced to resign following the inadvertent exposure of largely irrelevant material relating to a totally irrelevant operation.


Data Loss: Police – Bob Quick

Headlines around the UK have been showing the now infamous picture of Bob Quick carrying the documents relating to an anti-terror police operation into downing street.  The information, it is reported, forced a large scale police operation (200+ staff)  ahead of schedule. For this error in judgment Mr Quick has been criticized and forced out of his position; resigning just 24 hours after the incident.

But how bad was his lapse in judgment? Is he a disgrace who needs to be kicked out of his job?


The pictures were taken on downing street as Bob Quick came to Number 10 for a meeting. Downing street is the most secure street in the country, if its not, there is something very wrong.

The entrance to downing street consists of a large security gate, and a vertical road block , that could, quite literally, stop a tank. This gets lowered into the road if a car is allowed to pass. In addition to  this the entrance, and the street itself has numerous armed police officers, carrying semi and fully automatic weapons.  It would be reasonable to feel secure in this scenario.

Capturing the image:

The press managed to read the information on display, using telephoto lenses and probably image enhancement techniques. I.e. the same technology a spy or a special forces reconnaissance unit would use.

Data Loss

Several papers have published the pictures of what the document states, with the key information blacked out. It appears that the information given away was:

  • The “gold” commanders for each area
  • The “SIO” for each area.

A gold commander is almost always the Chief Constable, and this is a strategic, rather than a tactical role. This role is a very public role, and the person involved could be expected to appear on TV with the title “Gold Commander of Operation X” under his name.

The SIO, or Senior Investigating Office, will normally be the head of CID for the area, or possibly the head of special branch for the region. This will also be public information, normally, or very easy to find out.

In fact a quick google search for “Gold Commander” brings back a Wiki page on the very subject, as the first hit.

In short the only information given away is that fact that a police operation was occurring in the North, North West, or North East of England, against those of Pakistani origin. That geographic area would probably include 70% of all pakistani terrorists in the UK, who must know that at any time they may be under the gaze a police operation of some sorts. (Note 70% is a wildly made up figure, but the true number will be a high number due to the geography, social demographic and previous events in the area)


One of the houses the police were due to raid they were not even going to carry firearms; where the terrorists armed with strong sarcasm and a disdain for authority?

Time Scale

The police have alleged they stopped a “major” terrorist plot, that could have occurred as “early as this weekend”. Therefore, by definition the police raids must have  been planned to occur, at the latest, this weekend. This means that the police have acted a couple of hours early.


The government has the ability to stop the press publishing information, and have done so on numerous occasions, often without merit. If this was an issue of national security, surely this would have been an opportunity to use this power?

Previous Examples

Losing information is not a new thing. The goverment loses data all of the time and last year a civil servant left an entire dossier on the train; other MPs have allowed similar photographs to occur. Despite this huge history of events no minister or senior civil servant has resigned or been sacked over these incidents.


A police officer, in the most secure street in the country, allowed press with high powered lens find out that a police operation was going to occur, somewhere in England. An operation on which some of the terrorists suspects were not percieved a serious enough threat for the police to bother carrying  firearms.  The government could have used a D-Notice,but didn’t. In other information loss/leak cases which similar in nature, but far worse in scale, nobody of any importance has been sacked or forced to resign.

Mr Quick however, was out of his job faster than you can say “double standards”.

Data Retention: Email, Email Monitoring and ISPs

Following the recent news articles covering the issues of the government monitoring personal emails, storing personal data, and data retention,  numerous questions have arisen. This article attempts to answer these questions:

What powers does the UK government have to monitor emails at the moment?

Currently most of the powers for monitoring of data come from the Regulation of Interception Powers Act 2000 (RIPA). Which amongst, other things, allows for the interception of communications data.

RIPA requires that ISPs maintain the ability to allow for interception

The Anti-Terrorism, Crime and Security Act provides guidelines for data retention, though it is currently voluntary. The powers under this act have been condemned for overuse, even by the current government.

Do ISPs currently store data?

Yes, they do. There are two reasons for this.

Commercial reasons, obviously the more data they have about individual’s habits the better they can hone their service, and marketing.

Anti-Terrorism, Crime and Security Act. Currently the government has a voluntary code of practice, whereby the ISPs voluntarily collect the data

Who can currently authorize the monitoring of emails?

The authority to monitor emails and intercept communications comes from different people, depending on where the request comes from. For example, if MI5 or MI6 want to intercept communications need the permission of the Secretary of State (Home Secretary). The police, however, only require the permission of survelliance commissioner, under Section 36 of RIPA.

How are the emails intercepted?

Emails are currently intercepted via the ISP (Internet Service Provider). Technical details about this are not released. In the press the method of interception are referred to as “black boxes” at the ISP. In all probability these black boxes are an advanced a network tap/packet sniffer, which pulls out all of the required information for a given protocol. This data i  then probably stored/cached with the ISP and then sent to the government or maintained at the ISP for searching at the location. The latter model would be the more secure, so the government has probably gone for the former. The data is almost certainly indexed, which means that searches would be realtivley quick, seconds rather than days or months.

The ISPs are required under RIPA to provide the ability to maintain interception capability. This means that the government, when required, can monitor any person’s internet activity.

The police also have the powers to access personal computers directly, and covertly. This type of access would allow the monitoring of emails, as well as internet access, screen shots; even key strokes can be recorded.

What new laws are being created to monitor emails?

The government is not actually creating new laws, but rather a statutory instrument. This means that an act of parliament is not required

The statuary instrument, Data Retention (EC Directive) Regulations SI 2007/2199, issued in the UK is based on the EU directive 2006/24/EC which states, under Article 5, what data must be retained.

 EU directive 2006/24/EC, is a European directive the UK are required to transpose it into UK law.

6) What information will the government be collecting from the emails?

a. Currently the plans are to only collect the header information from the emails. i.e. The “To”, “From”, “BCC”, “Subject”, as well as information in the email about IP address it was sent from, how it was sent (Thunderbird, Outlook). This information is known as “traffic” data.

b. Article 5 of the EU directive states that content of the email should not be retained.

7) What is the difference between “traffic” and “communciations” data

a. Traffic” data is information about data that is being transmitted, e.g. IP addresses, phone numbers, to, from etc. This defined by RIPA and more information is available here

b. Communications” data is the actual body of the data package being sent.

c. Example. If an email was sent from Person A to Person B, the information about Person A, IP address, email address, subject of the email, and the email of Person B would be the “traffic” data. But the content of the actual email, the message, would be the “content”.

8 ) Will the government be reading the content of the email or header?

a. Currently the UK Government is only planning to store the “traffic” data, i.e. the header information. It should be emphasized that while only traffic data is stored both content and traffic can be intercepted and can be monitored

9) How long will the email data be retained for?

a. This email header information is to be detained for 12 months (1 year), minimum. But no more than 24 months (2 years).

b. This figure comes from the Data Retention (EC Directive) Regulations SI 2007/2199, which states that: [Email Traffic] data must be retained for a period of 12 months, in accordance with regulation 4(2). The data must be stored in accordance with the requirements in regulation 7.

10) Why did the government change the laws?

a. The government changed the laws for several different reasons, depending on your political perspective. Some of the documented reasons are below:

b. The EU Directive, in March 2006,  required nation states to have greater monitoring of email and internet traffic

c. Based on the EU Directive, the UK transposed this into UK law, via the statutory instrument 2007/2199

d. In December 2007 the UK government published a document entitled the Next Generation Telecoms Networks. This pointed out the failings of RIPA, because as networks have become more and more capable, it has been harder to monitor the communications traffic. The document states: “Under the Regulation of Investigatory Powers Act 2000,communications providers must allow lawful interception by police and intelligence services where reasonably practicable. This may become more difficult with NGNs. A phone call over the PSTN can be intercepted with a tap anywhere along the line dedicated to the call, but in an NGN, packets may travel along many different paths. However, there are points where traffic can be intercepted, and 21CN will allow lawful interception. The Home Office’s Interception Modernisation Programme aims to ensure that NGNs and other developments in communications do not impede lawful interception”

e. In short, the government feels it is losing control of the communications and want to able to tap into communications anywhere at anytime.

11) How much will this cost?

a. The current estimates for the Interception Modernisation Programme are estimated at £12 billion. But, as with all government projects, particularly IT projects, these figure can expect to increase radically. It will no doubt be closer to £20 billion before its finished

12) Has the government ever misused data it has collected before?

a. Yes, lots and regularly. In fact most databases appear to have been misused at sometime or another. Examples of data misuse are here.

13) Could the government lose the email data, or will it be secure?

a. It’s been reported on numerous occasions that the government has lost data many many times. Examples of data loss are here.

14) How much information can the government obtained from just the email addresses?

a. A lot. From the email subject, IP addresses, and email addresses the government will be able to generate a lot useful information. They will be able to build up who is talking to who, frequency of communication and link those to IP addresses.

b. Cross referencing the email addresses with searches on forums, social networking sites, and other databases will bring together greater information for the government to data mine.

c. The IP addresses alone can be used to great effect, and combined with entries in the search engine databases, i..e who has been searching for what, they can tell a lot about the user.

d. Finally, and perhaps most importantly, the email addresses, will build up a network of contacts for each person and so could be used for a fishing expedition.

e. The commonly held belief of a maximum “Six Degrees of separation” between any two pepople, which has been shown to be true on several occasions, could be used against any person using email. Based on the “6 degrees theory” it stands to reason that any person in the UK is linked to a “terrorist” by, at most, 6 other people. With the onset of huge social networking sites, mass emails, and bookmarking sites, its likely that many people will receive an email or be connected to a terrorist within a couple of steps. I.e. a perfectly innocent person may be just 1 step away from somebody involved with an extremist group. This would give the police the power to intercept the innocent individuals email, both content and traffic data as they are “linked” to the terrorsist.

15) How can I avoid my emails being read?

a. The technology to be put in place (or already in place). Allows the government to retain data on email traffic, but monitor email content as and when required. This cannot be stopped, but security can be put in place.

b. You can’t hide your email address nor can this be encrypted, it has to be sent in plain text (it’s the nature of the internet). But you can try using multiple email accounts, one for work friends, one for network friends, one for purchases, etc. Doing this makes it harder to link your different groups together; but not impossible

c. Encrypt your email content. You cannot encrypt the email traffic, but you can encrypt the content.

d. Use none-decrypt subject titles: The subject title will be an important part of the traffic data, but if you are use none-descript ones e.g “Test1” “Test2”, then this will make it harder to understand what you are talking about. Remove the “Re” or “Fw” from the subject title, this again limits the information available from monitoring the subject title

e. Change your IP address: Currently all the tools available to the public, e.g. Tor, only hide your IP address for web browsing not for email. Therefore your true IP address will still be recorded when you use your email. But, by hiding your IP address in web browsing it is harder to link your web browsing to your emailing.



Internet Censorship

On 18th April 2008 the EU decided to start the censorship of the Internet; with similar laws to our liberal cousins in Saudi Arabia.

The EU stated in the press release of the time:

Today the Council reached a common approach on the amendment of the Framework Decision on combating terrorism proposed by the Commission on 6 November [2007]. The amendment up-dates the Framework Decision making public provocation to commit a terrorist offence, recruitment and training for terrorism punishable behavior, also when committed through the Internet

While this all sounds very laudable, stopping terrorism and the exchange of biological weapons on the Internet, there are a few concerns about this:

Firstly, who decides what “training for terrorism” is? Would a stag weekend in eastern Europe, involving firing machine guns count? What about kids fastening fireworks together? Or what about students reading the Jolly Rodger Cook Book?

Secondly, what if this definition shifts slightly? The UK have “shifted” laws over time, initially only the fingerprints of the guilty could be taken, then it was anyone arrested, now the government is issuing guidelines that allows children as young as 4 to have their fingerprints taken at school (2 million taken so far).  What if, once the powers have been created, the governments decide to tweak the laws slightly and change the phrasing to “terrorist related training”? That would hardly make the news but it could mean that paint-balling could count as training, or what about web sites that have information about how easy it is to avoid CCTV , ANPR, or  fingerprint scanners? Would they be shut down?

Thirdly, the UK has lived with the IRA for 300 years, the Spanish have ETA, the French have the Algerians, and Germany had “Munich”, yet despite all of this nobody suggested censorship on this scale – its worth pointing out that the IRA killed more than the 9/11 attacks.  So why the the sudden fear of the bogey man? What’s the driving force?

Finally, who are the biggest arms dealers in the world, who are the ones who buy and sell weapons to dubious regimes around the world? The 5 biggest dealers are – USA, China, Russian, UK and France.

Companies like BAe, Lockheed Martin and others clearly sell weapons, often to places that conduct torture and, by many legal definitions, terrorism. But, despite this they will almost certainly be allowed to  have a web site.

So who is the censorship aimed at?

Firewall for the UK

While many people will have heard of the Great Firewall of China, also known as the Golden Shield, not many will know the UK has slowly been growing the capability to have the same thing and, in part, it is already functioning.

In 2004 the Internet Watch Foundation, IWF, a group which tries to stop child pornography worked with BT to put technological systems in place to try and stop child pornography being accessed from the UK, using technology called “CleanFeed”. This technology works by analysing all web traffic, at the ISP level, before getting to the user and then trying to block indecent images of children. The technology by blocking a known list of URLs.

By 2006 BT had fully installed CleanFeed and was claiming to be blocking 35,000 attempts a day to access child pornography. Though this high figure was disputed by some.

So far, so good, blocking access to peadohilic images is a good thing.

Nobody, not even the most liberal, would argue for the right to access child pornography, hence there was no objection to CleanFeed.

What Else is Banned?

But, what about banning access to other subject matters?

Racial Hatred and violent pornography are now subjects which the IWF, using Cleanfeed, have started to censor on the the internet. While this sounds reasonable, it may not always be.

The laws relating to “racial hatred” are a botched mess and were described by British Comedian Rowan Atkinson as “represent[ing] the relentless pursuit of the interests of a tiny minority of the population with, so far, no consideration or quarter being given to the concerns of the baffled majority”.

The laws relating to violent pornography are not as welcome as some may think.

The EU is already banning terrorist related sites which, again, sounds reasonable. Unfortunately the definition of “terrorism” is pretty felxible. The reality is that terrorism is any political group any given government doesn’t agree with. The PLO, IRA, PKK and even the Taliban, have all been supported, in our generation, by one Western government or another. But now they all are regarded, by the current UK government, as terrorist groups. So access and support to these organisations websites could see you a hero, or a couple of decads later whisked off to prison; it just depends on the timing.

If these concerns were not enough to raise eyebrows the UK Government is also working to ban internet discussions about suicide.

While not all of these subjects are currently blocked at a technical level, the technology and law is in place that could prevent access to all of these subjects at a moments notice.

To make matters worse, this blocking technology is not a fine scalpel, but more of a rusty spoon; in 2007 innocent Lycos users were unable to access sites as they were mistakenly blocked.

Censorship in the UK

The UK has an interesting history of censorship:  From the heavy handed approach of preventing the actual voices of the IRA being broadcast (resulting in nothing more than bad dubbing) to the surreal banning of an episode of Star Trek until 2007.  UK internet users are banned from reading about sucraloses written by Joseph Mercola. The UK Government also uses D Notices to stop certain “national security” articles being published in the UK. The D Notices are supposed to be used for military necessity, but are sometimes used for political expediency or other non-national security reason

With this history of censorship do we want the UK to have its own firewall? Do you trust the government more than they trust you?

The Expansion of CleanFeed

CleanFeed has already spread from just being on BT and stopping child pornography, to getting involved in political issues, such as “race hate” and spreading to all of the UK’s ISPs.

TJ McIntrye, lecturer in law at University College Dublin, has stated that:

Unlike formal legal mechanisms of censorship that ensure a degree of public accountability (for example: the obscenity trial of D H Lawrence’s Lady Chatterley’s Lover, which lowered the threshold of censorship) filtering systems failed to provide a list of prohibited sites, their criteria for designation, prior notice of prohibition, or an appellate procedure. BT’s Cleanfeed filtering system that tells users attempting to access an unauthorized site that it is unavailable owing to a technical fault; the end-users are deceived by the filter into believing that the temptation does not exist.

Everybody knows about the Great Firewall of China, but few people know about the ever expanding internet censorship in the UK, censorship which is putting in place technical measures that could be used to stop access to virtually anything on the web.

Which is the greater concern, the known threat or the unknown threat?

90 Days – Because its so complex?

One of the reasons the UK Government keeps pushing for changes to the law to allow for 90 days detention without trial is the complexity of terrorism cases.

The argument goes something like this:

  • We have arrested a man, who we know is guilty, but the evidence is so complex that we can’t prove it: E.g There are a tens of computers to search, hundreds of boxes of paper to search, and bags of credit cards, fake passports etc, its just all so complex, that we need more time to investigate before we charge.

This argument is flawed at virtually every point. Firstly if there are huge amounts of paper, say 1000s of pieces of paper  and 1000s of gigabytes of data to search through,  this information does not take 3 months to process.

In fact major law firms handle very large volumes of data on a daily basis, far larger than in terrorist cases. In fact there is a multi-billion dollar industry called “electronic discovery” that does exactly this. It trawls through huge amounts of data and presents it in an easy to read and search manner for the users/investigators.

Modern technology allows for concept searching, time line creation, and can now even “cluster” together documents of a similar nature automatically. This allows review teams/investigators, to find documents of relevance quickly, and then find other similar documents with matching concepts or within the same time line.

Having seen teams of lawyers plough through 100,000s of documents in a matter of weeks, then how come the UK government can’t do this?

The answer, sadly, is because the UK government simply does not have this technology. Having worked on both sides, I have seen the private sector complete a sizable review of documents in around 2 months, and the UK Government, on the other side, take around 9 to 10 months for the exact same case.

Secondly, just because a case is complex it doesn’t mean that it can’t be dealt with, and there is no need to review all of the documents. In fact the Bar Council had this to say on the issue of complexity.

Whilst terrorist cases may be complex in the sense that they may involve seizures of large volumes of material, the use of false identities, and international links, the scale of the investigations is not unusual. Investigations of comparable size and with the same features are found in drug trafficking and fraud cases. These features are not unique to terrorist cases and cannot justify further extension. The experience of the Bar is that very often whilst (due to the thoroughness of the investigative teams) large volumes of materials are seized, the real issues frequently involve a modest number of exhibits, the existence of which is well known from shortly after arrest. Detailed questions based upon recovered material are put to suspects in interview within the early stages of detention (the “interview material”), and this material is only exceptionally shown not to fairly represent the thrust of the allegation against suspects. Whilst further evidence may subsequently come to light which puts this “interview material” into a fresh light this is unlikely to bear upon the decision to charge.

This was put to the home office in a letter in 2007

In short, the Bar Council don’t see the size of cases to be an issue at all, and the Bar are the ones who have to prosecute and defend in these cases. It can also be shown that other cases of equally complex nature, e.g major frauds, are dealt with in the 24 hour detention period – rather than 90 days.

Thirdly, if the police have arrested a person with boxes of paper, a few false passports, and some credit cards, is he the real immediate threat? Is he somehow going to destroy the UK Rail network with the cunning use of credit cards?

Surely if the suspect has a few sticks of TNT, a clock, and some bright red curly wires – they have enough to charge him on, and it doesn’t take 90 days to work out what to charge him with? If there are no explosives, no bomb making kit, no car full of fertilizer – what danger does he pose? Bail him, carry on the investigation, and then charge him when you have the information.

If the suspect is really accused of organizing serious offences,  and there is a genuine concern that he will continue when he is released, is there nothing he can be charged with, just a  simple  holding charge, and then re-arrest the suspect later with the more serious offence?

Surely, if the suspect is such a serious threat/terrorist there must be some offence he can be charged with; offensive weapon, stolen credit cards, fake passports, or the like? If there is no evidence of weapons, or any crime,  then why the need to detain him for 90 days? What is the immediate threat?

But, if the security services still insist that he is a threat, that he can continue to plot and plan once released and they have nothing to charge him with at all, not even a stolen mobile phone, can they not just release him and follow him? There are dedicated teams in the police and security services for doing this, and it was certainly done regularly against the IRA, who were one of the most sophisticated terrorist organizations in the world. Far more organized than a couple of jokers from Burnley whose idea of “terrorist planning” involves buying some extra petrol for their car and driving at a building.

Surely it would be preferable to have more resources to conducted the surveillance than to change the law, with all the costs associate with changing the law, and the loss of rights the latter brings.

Six Degrees of Seperation

Following on from the age old story of “six degrees of separation”, a detailed study involving 30 billion instant messages has been conducted by Microsoft.

The research showed that people are linked by, on average 6.8 people – so its closer to 7 than 6. This is not original research and similar studies – but on a much smaller scale have been conducted before. In 2001 a similar study was conducted with 48,000 emails messages. Other experiments have also been conducted using letter writing. Several examples of this are in Wiki

While this study may be interesting, it will not doubt provide added  concern for those who are  already concerned about the Governments ever increasing databases of their populations.

With every person in the UK being linked to every other person in the UK by an average of 6.8 people, it means that we are just 6.8 emails, text messages, or address books away from a “terrorist”. What if your connection is just 5 hops from a terrorist sympathizer or 4.0 hops from a terrorist fund raiser? Does that mean you get picked up? What if you a chemist who is 3 hops away from a terrorist, because of where you live, and then your bio is : lives near a terrorist, went to school with a terrorist,  has a degree in Chemistry and therefore understands explosives – what action will the agency be taking then?

With the 7/7 Investigation collecting upto 10% of the phone calls of the UK Muslim population (though it could be a lot less) , surely its easy to find lots of false leads and patterns – all pointing to innocent people? In fact we know this happens the numerous examples of mistaken Identity occurring over and over again.

Also – is Microsoft building a database of who talks to who, how often, and when?

Note: The BBC incorrectly reported this research to be about text messages, not instant messages