#fvey — Public Fediverse posts

If Britain dropped its demand, it means the #FVEY found another way to access #Apple users' data without their knowledge. www.reuters.com/sustainabili... #cybersecurity #privacy

US spy chief Gabbard says UK a...

Men in Black (still MIA)

* Remembering a former soulmate...

He always wore a white or tinfoil hat (just like me). Anyways, he has been MIA since 20 August 2018 (last seen in Bodø, Norway). Missing for 6 years, 11 months and 23 days and still counting…

@ArjenKamphuis

#HackThePlanet #Oldskool #InfoSec #WhiteHat #Smurf

https://en.wikipedia.org/wiki/Arjen_Kamphuis

#FVEY #ECHELON

Alec’s Personal, Utterly Speculative Opinion: Why does the UK Government want a Backdoor into Apple iCloud Encryption? Answer: “Corporate & Foreign Government Espionage for Five Eyes”

In case this is not clear enough from the headline, I’ll repeat: the following is utterly personal and very speculative speculation re: why the UK Home Office are pursuing a backdoor into Apple’s iCloud product, a privacy weakness that will be local in scope but global in nature — although we can all be reassured that they pinky-promise to be nice and not abuse that privilege.

All this said: since ~1990 I have, almost non-stop, sought to promote adoption of — and prevent restriction upon — cryptography, so maybe my opinion now carries a bit of weight.

Therefore:

I believe that the purpose of the UK TCN backdoor into iCloud is primarily to enable Corporate, Government, & various other Espionage across Five Eyes

That’s it. There’s also a bit of historical baggage which the late and lamented Professor Ross Anderson used to describe along the lines of:

“…[elements within] the UK Home Office believe, and have always believed, that they have a god-given right to read all message content…”

(personal communication)

— and they’ve been trying to hold back the flood of encryption for 40 years, so why stop now? But…

• It’s certainly not about Labour vs: Conservative; the demand for a backdoor has been in the pipeline / rumoured in civil society for more than a calendar year, so it predates the Labour government by some margin.
• Maybe it is a bit, but not greatly about preventing CSAM or terrorism; CSAM can be very effectively combated by user-reporting, metadata analysis fanout plus tracking-down abusers who have installed various sketchy apps, not to mention the ongoing social campaigns to prevent grooming and abuse “at source”; and the big end-to-end-secure apps like WhatsApp and Messenger already work on this basis in a content-privacy-preserving manner
• Similarly, terrorism: back in the 1990s the UK Police (i.e. the security services) would regularly demand, e.g. from telcos like Vodaphone, lists of calls to-or-from a watchlist of certain (i.e. IRA) phone numbers for anti-terrorism purposes
• So if today GCHQ don’t already demand/obtain lists of people who have installed niche, less-safety-focused communications apps on a similar basis, and then cross-correlate them against cookie-tracking and other semi-public surveillance technologies, I will be very surprised — because that’s how and where the abuse really happens, and how it is best combated.
• So: abusers and terrorists are already both well-surveilled by other means, and Apple iCloud seems a niche means to pursue them.
• But who would a backdoor in iCloud really help target?

Answer: Corporations & Governments using MDM.

Rationale

ADP is both a nerd technology, and a niche technology; it’s not the default. It might provide a protective blanket for content generated and shared by a bunch of terrorists or abusers who are simultaneously smart enough to enable it, but yet stupid enough to open themselves to seriously well-resourced tracking and analysis of their metadata footprint.

But you know who will really be making major, mass use of ADP?

Answer: big corporations and governments which switch it on for hundreds, perhaps even many thousands of iPhones at a time, by means of Mobile Device Management (MDM).

Brazilian mining companies that compete with Canada and the USA, the UK spying on Belgian Telcos, there are legion reasons for spying on corporates around the world, and as GCHQ puts it:

https://www.gchq.gov.uk/information/investigatory-powers-act

These grounds are that interception is necessary:

• In the interests of national security; or
• In the interests of the economic well-being of the UK; or
• In support of the prevention or detection of serious crime

IPA also requires safeguards to be in place to limit the use of intercepted material and related communications data.

The act itself constrains those powers:

A targeted interception warrant or targeted examination warrant is necessary on grounds falling within this section if … in the interests of the economic well-being of the United Kingdom so far as those interests are also relevant to the interests of national security

But continues…

A warrant may be considered necessary … only if the information which it is considered necessary to obtain is information relating to the acts or intentions of persons outside the British Islands.

…which (“may?”) does not strike me as a terribly onerous nor an insurmountable barrier to operation, especially if this is all hush-hush top-secret.

tl;dr

• There is a long history of economic espionage of corporations & foreign governments
• FVEY (pre-Trump?) pursue and share corporate/economic espionage
• Once one FVEY country obtains access to a resource, all of them have it, bidirectionally
• Popular adoption of ADP at-scale is most likely via use of MDM, which is mostly an enterprise/institutional tool
• To understand who is being surveilled, look at who most uses the technology

I can’t see any incremental benefit to the pursuit of abusers and terrorists to be worth the necessary expenditure of political capital necessary to obtain a backdoor into Apple iCloud.

But: I can totally see an “economic well-being” cost/benefit argument.

#apple #endToEndEncryption #feed #fvey #homeOffice #surveillance #tcn

“[Trump] wanted to eject Canada out of an intelligence-sharing group known as the Five Eyes that also includes Britain, Australia & New Zealand”

The other four are going to have serious opinions about this, not least because they have a single shared monarchy:

https://twitter.com/ChrisO_wiki/status/1898020000029413818

#fvey #trump

Canada Taps into MUOS (Mobile User Objective System) Satellite System in Collaborative Effort with Space Systems Command 🇺🇸

#Canada #FMS #FVEY #MUOS #PartnertoWin #USSF

▶️ 1 new picture from U.S. Space Force/Command (DVIDS) https://commons.wikimedia.org/wiki/File:Canada_Taps_into_MUOS_%28Mobile_User_Objective_System%29_Satellite_System_in_Collaborative_Effort_with_Space_Systems_Command_%288715066%29.jpg

Leaked unofficially verified documents indicate that New Zealand was in the loop about a planned attack on Iran by Israel.
#5eyes #FVEY
https://edition.cnn.com/2024/10/19/politics/us-israel-iran-intelligence-documents/index.html

“The Inspector-General has found significant failings in the GCSB’s hosting of a foreign partner’s system”

There’s a PDF linked in this tweet from the NZ Inspector-General of Intelligence Services, vaguely detailing how (presumably: US, UK, AU or CDN) foreign spooks parked a spooky surveillance “capability” on NZ soil and ran it without telling anyone, nor (worse) keeping proper records. Both are typical* but the latter deserves calling out as it’s yet more evidence that private industry can’t trust Governments to hold back-doors or “golden keys” to encrypted messaging. Quotes:

5.3. The record-keeping of the decision process was poor and there are significant gaps, which have made it difficult to identify reasons for certain decisions, particularly whether concerns about the capability were mitigated by redrafts to the MOU. There appears to be no substantive written legal advice, despite the GCSB’s General Counsel being involved throughout the process.

5.4. Despite the then acting Director-General anticipating that the Minister responsible for the GCSB would be informed about the capability and possibly asked to approve GCSB hosting the system, this inquiry found no evidence of the Minister being told about the capability […]

7. I found that the capability operated at GCSB:

7.1. without adequate record keeping;

7.2. without due diligence by GCSB on the capability tasking requests;

7.3. without full visibility for GCSB of the capability tasking;

7.4. without adequate training, support or guidance for GCSB operational staff;

7.5. with negligible awareness of the capability at a senior level within GCSB after the signing of the MOU in 2012 and until the system was shut down in 2020;

7.6. with no apparent access for GCSB to the outcomes of the capability’s operation at GCSB;

7.7. without any auditing;

7.8. without the required review of the MOU;

7.9. without due attention to the possibility, recognised within the Bureau, that support for the capability could contribute to military targeting; and

7.10. without clarity, in consequence, as to whether data supplied by the GCSB to the capability did in fact support military action.

https://twitter.com/igisnz/status/1770562733332943101

The Inspector-General has found significant failings in the GCSB's hosting of a foreign partner's system. Read more here https://t.co/Zi8wa5OttB

— IGIS NZ (@igisnz) March 20, 2024

[*] as anyone who remembers the 1996 publication of this book already knows

https://alecmuffett.com/article/109427

#fvey #gcsb #surveillance

"How to Use a Pixel Tablet as a Secure Calling and Messaging Device" (using @calyxos)

https://yawnbox.com/blog/how-to-use-an-pixel-tablet-as-a-secure-calling-and-messaging-device/

this is a new blog post by me based on years of security and privacy research on these types of devices

feedback always welcome, i'm not perfect, and many different people have many different threat models

#google #android #pixel #tablet #security #cybersecurity #privacy #signal #baseband #nsa #fvey

Curious about how deep the surveillance-state goes? Here's a good article to start your trip down the rabbit hole. Make sure to bring plenty of snacks and water, this hole goes deep: https://cybernews.com/resources/5-eyes-9-eyes-14-eyes-countries/

#SurveillanceState #FVEY #FiveEyes #NineEyes FourteenEyes #COMINT #SIGINT #NSA #GCHQ #NATO #UKUSA :WeAreNameless:

@PINE64 this is called 'interdiction' and is how the #FVEY plants hardware implants.

What measures do you have to prevent surreptitious hardware from being implanted by FVEY?

Unsinn, Herr Michel Müller: Geheimdienste, insbesondere solche des Five-Eyes-Komplexes (#FVEY), haben tief Zugang zu Dokumenten des Schweizer Staates, dass Ihnen schwindelig wird, um nicht zu sagen, dass etwa die USA z. B. die Schweiz an der Leine haben. https://www.srf.ch/suche?q=schweiz+in+geheimer+mission&date=all&page=0

Die Five-Eyes (#FVEY) im Propaganda-Modus gegen Ende-zu-Ende-Verschlüsselung (#E2EE). 😡
https://www.heise.de/news/Five-Eyes-plus-Durchgehende-Verschluesselung-gefaehrdet-oeffentliche-Sicherheit-4926978.html

Ähm, ist @[email protected] jetzt ein Propaganda-Sprachrohr für die Five-Eyes oder was wird das?

Am Schluss so: Schaden keiner bekannt.

So die #SRFTaggeschau, so #10vor10.

#FVEY #Russohackismus
https://www.der-postillon.com/2017/06/russische-hacker.html

#IT #5G #Huawei #china #security #FVEY #UK #USA #australia #new_zealand #canada #EU

Johnson won’t say so, but the real decision about Huawei was made years ago

https://www.theguardian.com/commentisfree/2020/jan/28/huawei-security-boris-johnson

Iniciamos Noviembre con fiesta y color 🎃 compartiendo nuestras reflexiones a medio siglo de existencia de #internet 🌐 sus rutas, redes, enredos y retos por mantenerla libre, autogestiva y segura 🗣

#DerechosDigitales #BigData #ExtractivismoDeDatos #Vigilancia #FVEY #Smaldone

https://sursiendo.org/blog/2019/11/hay-un-sabado-de-comun-denominadores-365/#more-9794

"Sí y mil veces sí al cifrado"

Comunicado conjunto de colectivos y organizaciones frente a la petición de Gobiernos #FVEY de eliminar el #cifrado en los servicios de mensajería

#GobiernoEspía
#DerechosDigitales
#redessociales
#vigilancia
#bigdata

https://sursiendo.org/blog/2019/10/si-y-mil-veces-si-al-cifrado/