In the case of Google you’re also talking about open source code

I would imagine if such code existed it wouldn’t be present in the open-source bit at all. They would tuck it away somewhere that wouldn’t be altered by folk loading on custom rom images and wouldn’t be detected by memory dumps etc.

What are you suggesting there Graham? Something which is hard coded into the phone at a level in the comms stack where it can decode a text and then do all the other stuff described? Would make the interfacing requirements for the bit which is open source kind of interesting and not only easily broken by a custom ROM, but also incredibly obvious for anybody looking at the source code because it would have to do things in a non-standard way which would be duplicated across multiple versions. Of course you are also widening your circle of secrecy to include all manufacturers of phones, some/most of whom notably aren’t based in Western democracies.

In less words: you don’t just plonk something which has those capabilities in isolation in the hardware of a phone, it would rely on lots of other stuff in the firmware.

Is there any part of your life you prefer to be kept private?

Plenty, which is, of course, why nothing that I would prefer others didn’t know about never goes near social media, emails, texts, etc.
Not that difficult to do, really.

Been saying it for years (in a non tinfoil hat way) why do you think phones don’t have shutters across camera lenses

If you mean the protective shutter that compact cameras have, then you could ask the same question about DSLR cameras; the simple fact is that the actual front lens element is protected by a thick sapphire crystal cover, in much the same way most people put a UV filter on a DSLR lens to protect the front element.
It’s as simple as that, don’t try to make something sneaky about it.

Can’t say I’m shocked but it’s to what level they can control. I really don’t think they’d automatically listen to very call/data just those that they have suspicions of.

There is blurred lines when you factor in secret societies such as freemasons.

[video]https://www.youtube.com/watch?v=vewkfFu8Q7I[/video]

lots of nice paranoia on here. They are welcome to nose in on my life, they really wont be tuned in long. yawn. and this is true for most of us most of the time, so why worry?

//
But as I type I get paranoid, maybe other states have this tech? Maybe ISS might one day work out a way to hoax something that gets tons of people to die? like an internet 911.

//has the movie finished now? Get a grip.

If they took control of my iPhone cameras they would see…

• The inside of my jeans pocket.
• My bedroom ceiling as seen from my bedside table.
• And my gurning face when I’ve lost a life on whatever game I’m playing at the time.

There is blurred lines when you factor in secret societies such as freemasons.

lots of nice paranoia on here. They are welcome to nose in on my life, they really wont be tuned in long. yawn. and this is true for most of us most of the time, so why worry?

Perhaps you don’t contributed anything useful to society in the way that for example Stephen Lawrence’s parents did ?

But then perhaps you feel Stephen Lawrence’s parents were being “paranoid” for objecting to being spied on – perhaps anyone who demands justice is a legitimate target for surveillance ?

As has been said, it’s a double-edged sword. On the one hand if they use this ability to prevent a terrorist attack then great but it’s obviously open to abuse as well. On balance I’m fine with GCHQ and the NSA having this ability, although it does worry me how protected this knowledge is. It wouldn’t surprise me if China had this ability (or will soon have) and then after that you start losing any control – what’s to stop some under-paid Chinese government hacker selling the info to a criminal gang and then it being misused?

When you have laws being put before parliament like the current anti union/employee laws, and look at how the anti terrorism laws were abused, and the lack of protection afforded to personal data by successive governments, it is worrying.

Union activity is exactly the kind of thing I can see this technology being abused against.

n balance I’m fine with GCHQ and the NSA having this ability, although it does worry me how protected this knowledge is. It wouldn’t surprise me if China had this ability (or will soon have) and then after that you start losing any control – what’s to stop some under-paid Chinese government hacker selling the info to a criminal gang and then it being misused?

Criminals, and not just those in a state sponsored role have been able to hijack / take over computers / laptops for years, why would it be any different with a computer in your pocket

I’m surely not the only one who remembers carrier IQ, pretty invasive data collection tool integrated into both apple and android phones? Yes a custom ROM would fix, but XDA and the like were in their infancy then so few folk had any ideas it existed.

tech has come on a bit since then too, I’ve got a very obvious app you can get from play store on one of my phones that allows me to locate the phone, read texts, send texts, make calls, file transfer, install and uninstall apps, take screenshots, see what both cameras see and take photos either on the device, or on the device I’m using to access it. It has an intruder mode which periodically takes a photo of the face of whomever is using the phone, and gives a location.

The app runs silently in the background, so the user is unaware it’s running or being accessed.

This could potentially be bundled in with a common app, tick off the list of permissions, I mean, no one questions why flappy birds should have access to your camera and be able to take pictures? maybe it’s for a paid part of games, you know, multiplayer features…?

so, relatively easy?

What are you suggesting there Graham?
…
In less words: you don’t just plonk something which has those capabilities in isolation in the hardware of a phone, it would rely on lots of other stuff in the firmware.

I was thinking that if I was speccing and coding something like this then I wouldn’t want it easily discoverable and and I wouldn’t want it squashable just by installing a custom rom image.

So to counter that I’d want to hide it away – perhaps in some writable eeprom space besides the main flash or perhaps by altering what memory the flash driver is allowed to address.

You’re right that getting all phone manufacturers to put in something naughty and agree to keep it secret would not be feasible. Especially as most are foreign owned.

But those manufacturers do tend to use a few common chips. Getting someone like Broadcom (US-based) or ARM (UK-based) to slip something nefarious into firmware becomes a bit more feasible and would give you huge coverage.

But as I said, I very much doubt it is something that is active in all phones, all the time. Far too much data and too much chance of discovery.

More likely is that there are exploits (either deliberately placed or just discovered by security research) which allow the covert installation of additional software to do some of these things.

There seems to be an assumption that pro-privacy people are anti-surveillance. This is incorrect. The question is one of proportionality, type of surveillance, the role of indiscriminate surveillance, proper oversight, and whether we should be surveilling good folk with tools that most do not understand to chase bad guys. Consent and openness seems to be missing in our democracy.

On ‘If you have done nothing wrong you have nothing to fear’, there are lots of arguments against it. Some of these entail appeals to the nature of consent in democracies, the need for some healthy distance between citizenry and governments, problems with what happens when the next government comes to power, who incumbents will choose to share this information with, and so on. For me it boils down to a question of trust. Can the state be trusted with increasingly granular information about us (and not just metadata as claimed)? The answer for me is no – indeed the Snowden leaks themselves highlighted how badly cared for this data is. This is exacerbated by the fact that we are in very early days of networked living (pre-internet of things and wearables). Better oversight and accountability is required.

Despite the severity of the situation, privacy advocates have found it very difficult to demonstrate the negative effect of surveillance per se on ‘ordinary’ citizens. My feelings on this are three-fold: 1) concerns are longitudinal (what issues are we storing up for the future?); 2) are we to open the door to total transparency (of searches, speech, location, emotional states and so on)? There are very powerful technologies in use and on the horizon (I’m interviewing many of the companies making these for academic work I’m doing) and I’m not sure our future is best served by state employment of these; 3) can we rely upon this government and the next to care for sensitive information (that was not collected with informed or tacit consent).

The fact that the infrastructure and legislation in place to allow such surveillance has been (and where they can get away with it, continues to be) hidden from the public over multiple elected governments, administrations and political parties raises some very serious constitutional questions.

Factor in that democratically elected MPs and even Prime Ministers have been subject to covert surveillance by the security services and things become murkier still.

I agree with JHJ. That’s a first. 😀

I’m not against surveillance, but it has to be warranted, targeted and overseen to be properly balanced against the basic right to privacy.

Not that the Tories are big fans of Human Rights but…

Article 12 of the UN’s Universal Declaration of Human Rights:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

Article 8 of the European Convention on Human Rights

Right to respect for private and family life

1. Everyone has the right to respect for his private and family life, his home and his correspondence.

2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic wellbeing of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

Clause 2 of the ECHR is obviously where the wiggle room is and where proper oversight is required.

Graham, I wholeheartedly agree, something like this?

The Intelligence Services Commissioner’s Office

On 1 January 2011 the Prime Minister appointed me to the post of Intelligence Services Commissioner, under Section 59 of the Regulation of Investigatory Powers Act 2000 (RIPA)

How much public consultation was there regarding the Regulation of Investigatory Powers Act 2000 (RIPA)?

When was the intelligence service commissioner’s role made public?

I believe the creation was bought about due to various scandals both home and abroad surrounding the intelligence services. As for public consultation, most likely as much as there is for any legislation the MP’s slide through parliament. i.e., very little!

Snowden is stretching his credibility with me, with this one.

The app runs silently in the background, so the user is unaware it’s running or being accessed.

The casual user, maybe, but if you were even slightly concerned about secrecy and had half a brain you’d be able to kill it from the background tasks menu.

I’m sceptical that software of the scale he’s claiming would be able to be secretly inserted in everyone’s phone, and the network traffic to service it would be spotted by someone at a mobile operator somewhere in the world.

Plus – what’re you going to do with this thing? If the security services have a person of interest, they can already get access to their phone records and the like via their ISP/mobile operator. Secret software would require a huge cloak and dagger operation that I’m not sure is possible.

Whilst I’m inclined to agree with this,

Snowden is stretching his credibility with me, with this one.

This:

if you were even slightly concerned about secrecy and had half a brain you’d be able to kill it from the background tasks menu.

… it’s hardly likely to appear in task manager as “GCHQ Monitoring Service.”

I undertake this duty rigorously and entirely independently of government, Parliament and the intelligence agencies themselves.

Why should he be independent of parliament, who the hell is he answerable to ?

Why isn’t he answerable to the Intelligence and Security Committee of Parliament ?

I would want to see some sort of democratic accountability somewhere.

it’s hardly likely to appear in task manager as “GCHQ Monitoring Service.”

I was talking about lovewookie’s app. In other words, it’s easy to make an app like this, but it might be rather harder to conceal it from EVERYONE’s eyes. Except the brilliance of Snowden, of course.

Plus – what’re you going to do with this thing? If the security services have a person of interest, they can already……..

Are you doubting Edward Snowden’s central claim that the NSA has the telephone records of tens of millions of people? I thought that claim was generally accepted to be true ?

I was talking about lovewookie’s app.

Ah, fair enough. Point still stands though, there’s nothing to stop you calling it something wooly like “Background Service” or “Runtime Helper” or some such, malware writers have been doing the same sort of thing for years.

There are antivirus tools for Android. You’d have thought someone working on one of those would have looked into that kind of simple ruse in a little more detail..?

I’m not saying it’s not true, I’m saying I’m sceptical and that to me it seems improbable.

I would want to see some sort of democratic accountability somewhere.

Intelligence services don’t seem to like democracy all that much…

I was talking about lovewookie’s app. In other words, it’s easy to make an app like this, but it might be rather harder to conceal it from EVERYONE’s eyes. Except the brilliance of Snowden, of course.

What lovewookie describes is just an app. It is sneaky but it still has to work within the confines of the OS.

What Snowden describes are exploits (either found or deliberately placed) so they are outside at least some of the confines of the OS.

If those exploits allow them to gain the ability to patch the OS in some way then all bets are off.

As a trivialised example, they could swap the Android equivalent of “ps” for a filtered version so that certain processes are never listed and won’t show on any task manager.

(The actual technique would be a lot more sophisticated obviously, but that’s the sort of cloaking and armour that “Paranoid Smurf” would provide. Read up about Rootkits if you are still doubtful)

I’m sceptical that software of the scale he’s claiming would be able to be secretly inserted in everyone’s phone

I didn’t think he’d claimed that it was installed, just that it was a simple task to do so if required to any phone..?

So we come back to my arguments above – that for Android at least the firmware is open source (supposedly, but I have no reason to doubt that because any deviation in the binary would be very obvious to people in the open source community). Of course that doesn’t rule out some sneaky back door exploit, but then they would have to maintain such an exploit across multiple versions of the OS, which is the sort of thing which would stand out. It gets tricky when your sneaky tricks have to stand up to public scrutiny – the open source community isn’t stupid.

As mentioned above, using such an exploit would also leave behind a trail with service providers.

Well there still has to be something installed on the phone in order to allow all the other stuff to be installed – something which has to be a bit more than trivial.

It gets tricky when your sneaky tricks have to stand up to public scrutiny – the open source community isn’t stupid.

How many people really examine that source code and know what to look for? Especially given that it could be something incredibly subtle that may even require a complicit hardware vendor.

“Who thinks they are competent to judge the security of the Linux kernel?’ Downloading 21 million lines of Linux code and saying ‘I’ve got the code and I’ve looked through it’, so I can convince myself it’s secure, is often nonsense.

“Many eyes give you many eyelashes, and not a lot else.”

— Dr Ian Levy, technical director with the CESG, GCHQ intelligence agency.

Why should he be independent of parliament, who the hell is he answerable to ?

Careful ernie, questions like that can topple Prime Ministers…

Emerging from an informal agreement related to the 1941 Atlantic Charter, the secret treaty was renewed with the passage of the 1943 BRUSA Agreement, before being officially enacted on 5 March 1946 by the United Kingdom and the United States. In the following years, it was extended to encompass Canada, Australia and New Zealand.

Australian PM Gough Whitlam was not made aware of the secret treaty of the Five Eyes Alliance through official channels…

In the aftermath of the 1973 Murphy raids on the headquarters of the Australian Security Intelligence Organisation (ASIO), the existence of the UKUSA Agreement was revealed to Australia’s Prime Minister Gough Whitlam. After learning about the agreement, Whitlam discovered that Pine Gap, a secret surveillance station close to Alice Springs, Australia, had been operated by the U.S. Central Intelligence Agency (CIA).

At the height of the 1975 Australian constitutional crisis, the use and control of Pine Gap by the CIA was strongly opposed by Whitlam, who fired the chief of the ASIO, before being dismissed as Prime Minister.

The existence of several intelligence agencies of the Five Eyes was not revealed until the following years

So to whom are the intelligence agencies accountable, if not the democratically elected leader of Her Majesty’s Government?

So to whom are the intelligence agencies accountable, if not the democratically elected leader of Her Majesty’s Government?

Deja vú, it’s coming back, you know! 🙄

You’re still thinking a South Korean company is part of this?

So to whom are the intelligence agencies accountable, if not the democratically elected leader of Her Majesty’s Government?

Deja vú, it’s coming back, you know!

Probably something to do with no one being able to answer the question…

Any advances?

You’re still thinking a South Korean company is part of this?

No, I suggested that *IF* a hardware company was complicit in GCHQ/NSA shenanigans then it would probably be a US or UK company making core chips, for example companies like ARM or Broadcom.

I agree it seems very unlikely that a foreign-held company would knowingly support UK/US intelligence services ahead of their own government.