Monthly Archives: July 2013

GCHQ surveillance: TEMPORA program

As you may have noticed, the technology side of this blog hasn’t been updated recently. The reason for this is because as part of my work at the Cybercrime Studies center at John Jay, I have been working on analysing the UK position in regards to intelligence matters. It took a long time and effort to pull it all together so I hope you enjoy. The article below was first published on the Cybercrime studies center at John Jay on July 12, 2013:

On June 21, 2013, it was reported by The Guardian that the UK Government Communications Headquarters (GCHQ), the equivalent of the American NSA, has been conducting a major surveillance operation. Codenamed “TEMPORA”, the program reportedly allows GCHQ the ability to create an “Internet buffer,” which one could think of as a temporary storage area that security analysts have access to, and thus store telephone conversation and Internet content for 3 days and metadata for 30 days.

Collecting and sharing intercepted data

The vast amounts of data are reportedly collected by tapping into the fibre optic cables that transport telephone and Internet traffic between the US and Europe with many of the lines connected via the UK. There is also tapping into the fibre optic cables connecting telecommunications and Internet traffic between the UK and Europe. This acquisition of data is supposedly achieved with the help of commercial companies who own the fibre optic cables, whom GCHQ has nicknamed “intercept partners”. Currently we are unable to ascertain whether this help from the intercept partners is voluntary or forced. The data is shared with many thousands of NSA workers and contractors, who play a leading role in defining and conducting searches, and is reportedly “the biggest internet access” of any member of the Five Eyes group.

Five Eyes

The Five Eyes group consists of the UK, US, Canada, Australia and New Zealand. In 1946, the UKUSA Signals Intelligence Program established cooperation in signals intelligence between the US and the UK that was later expanded to include Canada, followed by Australia and New Zealand. The Technical Cooperation Program, which implements the acquisition, searching, and sharing of Internet and telecommunications data within the Five Eyes Group, is described as “an international organization that collaborates in defence scientific and technical information exchange; program harmonization and alignment; and shared research activities for the five nations”.

How does it work?

According to The Guardian, GCHQ is able to “survey about 1,500 of the 1,600 or so high-capacity cables in and out of the UK at any one time”. The document seen by The Guardian reportedly shows that as of 2012, GCHQ was capable of extracting and collecting information from 200 of those cables at a time.  GCHQ’s goal is to double that capability to 400 cables at a time.  Each cable allegedly can transport 10Gb of data per second, in other words, more than the storage capacity of a dual-layer DVD every second.

The documents seen by The Guardian also allegedly show that in collecting data from the cables, GCHQ attempts to filter out UK-to-UK communications.  However, since UK-to-UK communications may take place on websites hosted outside the UK, GCHQ’s filtering system is highly unlikely to screen out all UK-to-UK traffic. For example, UK citizens who use Gmail might have their data stored on American servers and thus it would be very difficult to distinguish UK-to-UK email communications as it would appear to be UK-to-foreign.

As discussed in another posting on the Cybercrime studies center website, the claim that the contents, but not the metadata, of telecommunications, are protected by the Fourth Amendment of the United States Constitution underlies the NSA’s dragnet collection of telephony metadata.  Similarly, GCHQ documents seen by The Guardian state that “there are extremely stringent legal and policy constraints on what we can do with content, but we are much freer in how we can store metadata”.  GCHQ’s interpretation of the distinction between the contents and metadata is questionable, however.  One document allegedly declares that in making the distinction, GCHQ “lean[s] on legal and policy interpretations that are not always intuitive” and that passwords are sometimes regarded as metadata.  The collection and storage of passwords would, of course, enormously increase the government’s ability to access the contents of Internet accounts and would, therefore hugely increase the risk of unwarranted intrusions on privacy.

A more fundamental question is whether the GHCQ’s policy of according less protection to metadata than contents contravenes the decision of the European Court of Human Rights in 2007 in Copland v. United Kingdom, 45 Eur. Ct. H,R. 253, Sec. 43. There, the Court held that “information relating to the date and length of telephone conversations and in particular the numbers dialled . . . constitutes an “integral element of the communications made by telephone” that the right to privacy of Article 8, Section 1 of the European Convention on Human Rights (“ECHR”) protects, and extended that principle to email and other Internet communications.


Relevant Legislation – Regulation of Investigatory Powers Act (RIPA)

The legislation that governs the reported surveillance activities is the Regulation of Investigatory Powers Act (RIPA).  Enacted in 2000, RIPA gives powers to intercept communications to the security services and police.  In addition, RIPA authorizes local authorities, such as county councils and district, borough or city councils, to intercept communications when needed “to prevent or detect criminal offences that are either punishable, whether on summary conviction or indictment, by a maximum term of at least 6 months’ imprisonment or are related to the underage sale of alcohol and tobacco”.

A major distinction between the powers of local authorities, on the one hand, and security services and police, on the other, was established by the enactment of the Protection of Freedoms Act 2012.  Under that Act, local authorities are required to obtain a warrant from a Justice of the Peace (JP), more commonly known as a magistrate, before carrying out any interceptions.  By contrast, security services and police remain free under RIPA to engage in interceptions without obtaining judicially authorized warrants. Different types of surveillance require different levels of authorization. Warrants that deal with the interception of communications such as a wiretap need to be signed by the Home Secretary.

Under RIPA Sections 8(1) and 8(2), an interception warrant needs to be specifically targeted.  According to RIPA Section 8 (1), the warrant must “name or describe either one person as the interception subject or a single set of premises as the premises in relation to which the interception to which the warrant relates is to take place”. Section 8 (2) follows up with requiring specifics “that are to be used for identifying the communications that may be or are to be intercepted

The possibility of mass surveillance arises, however, because Sections 8 (1) and (2) are not applicable when, pursuant to Section 8 (4) and 8(5), a warrant is allowed to be issued for the interception of “external communications.” An external communication “means a communication sent or received outside the British Islands,” according to Section 20 of RIPA.  Under Section 8(4), a warrant may be issued only if it is accompanied by a certification by the Secretary of State that the warrant is necessary for one of the three purposes delineated in Section 5(3): “in the interests of national security,” “for the purpose of preventing or detecting serious crime,” or “for the purpose of safeguarding the economic well-being of the United Kingdom”. Under Sections 9(2) and 9(6),  certifications have to be renewed by the Secretary of State every 6 months.

The interpretation of the words “considered necessary” in RIPA Section 8(4) is crucial to whether and when that Section can be used to allow external communications to be intercepted without the protection of the specific targeting required by Sections 8(1) and 8(2). What the intelligence services and the Secretary of State, whose responsibilities include keeping the country safe and secure, consider necessary could be far different from what an ordinary member of the public and/or the judicial authorities would deem necessary.

An additional major interpretative issue arises in regard to the requirement in RIPA Section 5 (2) (b) that a warrant only be issued by the Secretary of State if “the conduct authorised by the warrant is proportionate to what is sought to be achieved by that conduct”.  As with “necessity,” the surveillance that the Secretary of State might consider proportional to a threat could be far different from what an ordinary member of the public and/or the judicial authorities would consider proportional.


Has RIPA Been Violated by TEMPORA’s Mass Surveillance?

Whilst it is unlikely that the legislators who enacted RIPA foresaw the massive surveillance that has occurred under TEMPORA, it is not clear whether TEMPORA contravenes RIPA’s requirements.  The UK charity group Privacy International has filed a claim in the Investigatory Powers Tribunal (IPT), the group set up to oversee any abuses of RIPA, challenging both the UK TEMPORA program and GCHQ’s utilization of data acquired by the NSA under the PRISM program, whose surveillance of the contents of Internet communications will be described in further posts on this website. .According to Privacy International, TEMPORA’s acquisition, storage and use of Internet and telecommunications data fails to satisfy RIPA’s requirements of “proportionality” and “necessity.”

A claim against the British Intelligence Services has also been issued by Liberty, a UK civil liberties group which is similar to the ACLU.  Liberty has asked the IPT to decide “whether the British Intelligence Services have used PRISM and/or TEMPORA to bypass the formal UK legal process which regulates the accessing of personal material”.

GCHQ, however, firmly believes that they are acting within the law and boundaries of UK legislation. A spokesman for GCHQ stated that, “GCHQ takes its obligations under the law very seriously. Our work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Intelligence and Security Committee”.

The concerns that have been raised are being looked into by the Intelligence and Security Committee (ISC), who have the ability to look at classified material, as all members are subject to Section 1 (1) (b) of the Official Secrets Act 1989. The chairman of the group, Sir Malcolm Rifkind MP, stated: “The Intelligence and Security Committee is aware of the allegations surrounding data obtained by GCHQ via the US Prism programme. The ISC will be receiving a full report from GCHQ very shortly and will decide what further action needs to be taken as soon as it receives that information”. As of now, there has been no further comment from the Committee.


EU Data Protection Directive / UK Data Protection Act

Another consideration is whether the TEMPORA surveillance violates the EU Data Protection Directive (the “Directive”), which the UK enacted into legislation in the Data Protection Act 1998 .  Although the Directive does not regulate government “processing operations concerning public security, defence, State security…and the activities of the State in areas of criminal law,” Article 4 of the Directive puts protections in place against private companies.  The question is whether the activities of the private companies that are GHCQ’s “intercept partners” in TEMPORA conform to the requirement in Article 4 sub section 1. (a) “that the data controller on the territory of a member state… must take the necessary measures to ensure that each of those establishments complies with the obligations laid down by the national applicable law”.

The principal problem with arguing that Article 4 sub section 1. (a) is violated is that the “national applicable law,” the Data Protection Act 1998, includes a very broad national security exception. Section 28 (1) of the Act notes that “personal data are exempt from any of the provisions of the data protection principles if the exemption from that provision is required for the purpose of safeguarding national security”.  Once again, whether TEMPORA’s massive, general surveillance contravenes legislation hinges on the interpretation of what “is required for the purpose of safeguarding national security.” Ultimately, it will be up to the courts to decide this question.


Human Rights concerns

Articles 8 of both the ECHR and the legislation that incorporates the ECHR into UK law, the Human Rights Act of 1998, both establish a right to respect for one’s private and family life and one’s home and correspondence.  There is to be no interference with such rights by a public authority, “except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others”.

Privacy International has claimed before the IPT that there are not “sufficient safeguards” to render [TEMPORA’s interference with private and family life and the privacy of correspondence] in accordance with the law, as required by Section 8 of the ECHR.  Liberty has also claimed that the group’s rights under Article 8 of the Human Rights Act 1998 have been breached.


It remains to be seen what will happen, but it is likely that the Intelligence Services will use the national security exemption to claim that their activities under TEMPORA were perfectly legal. It is also now clear that it will be up to the IPT and, possibly, the courts to interpret ambiguous language and decide on the relative protections that UK statutes and the ECHR accord to private life and national security.


I would like to place on record my thanks to Adina Schwartz who took the time to provide valuable feedback and contributed to the editing of this piece.

This article was first published on the Cybercrime studies center at John Jay on July 12, 2013

Compare and Contrast: My life at 23 vs. My Mothers

Let’s do a little experiment, shall we? I am going to compare my life at 23 to my mothers life when she was 23. I got the idea to do this after seeing this cartoon by Matt Bors that rightly asks if we can stop dumping on the millennial generation. Seriously old people I’m not as lazy as you think.

First let’s look at relationships:

(from here on out I will be in bold because I’m awesome and the one writing this, mom when you start a blog you can bold yourself)

Me: I have had a few serious boyfriends (2) one of which I am dating now. Hi Aidan.

Mom: Has been married to Bill (my dad) for two years

Mom: Has a baby

Me: Doesn’t even own a house plant

Me: Lives 1,200 miles away from her family

Mom: lives about 6 miles from her family


Mom: Associates degree in Science

Mom: no debt

Me: Masters degree in social work

Me: owe $52,000 to Sallie Mae for my education


Mom: nice house with 2 bedrooms, a living room, a kitchen and separate dinning room, and get this two whole bathrooms

Me: about to be homeless in two weeks when her lease ends and trying to navigate the apartment market in New York City


Mom: Unemployed er I mean stay at home mom

Me: Currently babysitting, working for her church part – time, and waitressing part-time, while also trying to get a real social work job, oh yeah and blogging which she should be better at.

I made you guys this ven diagram on Microsoft Paint:


I definitely didn’t write this to bash my mom, so please don’t think that. My mom is awesome, she went back to school when my older sister was only two to get a degree and become a dental hygienist, she is the nicest person you will ever meet and a pretty cool mom.

But stop calling me and my friends lazy. I worked jobs all through college, sometimes two at a time. When I was twenty two I moved to New York City on my own and have survived a year here. I want to stay in NYC and so I’m working three stable jobs and some odd jobs to make that a reality. I have a masters degree, two internships, and a good GPA under my belt yet I keep going to interviews only to be told they want someone with more experience. I’m sorry exactly how much experience am I supposed to have at 23? I have work experience, internship experience, I was very involved in college, and I’ve been to 10 different countries all around the world from Asia and Europe to Central America.

Yes old people you owned a house at my age, you also went to college when it only cost $3,000 a year to attend college, whereas I paid almost $30,000 annually. Yes you were having babies, and we all thank you for that, but you also had a different economic situation than us. Yes we wait longer to buy houses, get married, and have children, shouldn’t you be proud we’re trying to save money before we do all those things? As the cartoon says you may have started with nothing but the majority of us start our lives already in debt, and we work hard to still be successful.



The Great Gatsby Special Effects

*Spoiler alert* The below video only gives away visual aspects, no real plot points, and if you’ve read the book, nothing you don’t already know, but if you don’t want to know or see anything about the film The Great Gatsby don’t watch the video

The special effects of The Great Gatsby were supervised by Chris Godfrey, who also worked with Baz Lurhmann on Moulin Rouge. It’s so interesting to see a little behind the scenes of how the movie was made, especially the house and driving scenes.

Robert Redford as Gatsby, 1974
Robert Redford as Gatsby, 1974


When you compare this Great Gatsby to the 1970’s Great Gatsby  it pales in comparison, it’s crazy what can be done with the advancing computer technology.

The song in the video is Young and Beautiful by Lana Del Rey

Only You Can Prevent Pigeon Death

Today I was perusing the free section of Craigslist, for well, free things and I happened upon this sad story:


Okay now I applaud any effort to save wildlife, especially in New York City where any animals besides pampered dogs are very scarce. but Rob there seem to be some holes in your story.

First you say you found this almost 3 week old pigeon on the ground because it had fallen out of it’s nest, but there was no nest Rob! Did this not worry you?

Second you say you have been feeding it mushed up bread and water because you don’t know what they eat… Rob, Rob, Rob have you not heard of Google? I can’t believe that you don’t have the ability to Google search this question seeing as you have access to Craigslist.

bird 2


Look Rob, I didn’t even have to type the whole sentence! Rob do you even CARE about your new pigeon!?

In your defense though Rob I looked up what 3 week old pigeons eat and it’s much more complicated than one would assume, it involves syringes and pigeon formula or mushed up cat food. Side note Rob how do you know your pigeon is 3 weeks old but you don’t know what he eats? See things just aren’t adding up.

Finally Rob you claim to care about this 3 week old pigeon and yet you threaten to throw him out on the street to die  if no one comes and gets him?

Rob did you not think to Google NYC pigeon rescue? Because that was the first thing I thought of and looky here:

bird 3

I’m really doubting your commitment to this bird Rob. I don’t want to adopt your new pigeon friend, but please, don’t kill him.



We (Sorta) Met Tom Hanks

Remember how Aidan and I went and saw Lucky Guy? It was a really good play, made much better by Tom Hanks. He really is the quintessential definition of Renaissance man, at least when it comes to the acting industry, he writes, directs, and acts and does all three quiet well. It was the closing performance of the play so there was a large crowd gathered at the stage door, even so Aidan and I had a pretty good view and Tom even touched my hand :)

signing autographs
signing autographs


Tom hugging costar Christopher McDonald
Tom hugging costar Christopher McDonald