British surveillance agency GCHQ has launched an app teaching children to understand “basic encryption techniques”, despite its director having criticised technology firms for making more advanced tools available to their users.
Cryptoy is a free app for Android tablets, and it teaches children about four encryption techniques – shift, substitution, Vigenère and Enigma – as well as the history behind their use.
It transpires that when the Regulation of Investigatory Powers Act (Ripa) was being drafted no-one realised it could be used to access journalists’ communications and thus compromise their confidential sources. One of those who helped to draft the act, Michael Drury, who was GCHQ’s director of legal affairs between 1996 and 2010, said journalism was barely considered.
Drury told the audience that during the period of drafting attention was focused on privacy rights under Article 8 of the European Convention on Human Rights (ECHR), rather than the right to freedom of expression under Article 10.
American and British spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.
The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.
The alleged hack was revealed by documents from the NSA files provided by Edward Snowden, which detailed attacks on Gemalto – the world’s largest Sim card manufacturer – which allegedly saw them steal encryption keys that allowed them to secretly monitor voice calls and data from billions of mobile phones around the world.
But after an investigation, the Dutch security company, which supplies Sim cards to all of the major UK mobile phone networks and 450 operators globally, has said that no evidence of a theft of Sim card security details has been found.
“No breaches were found in the infrastructure running our SIM activity or in other parts of the secure network which manage our other products such as banking cards, ID cards or electronic passports,” said the company. “Each of these networks is isolated from one another and they are not connected to external networks.”
Since its launch on 16 February 2015, over 25 000 people have joined an international campaign to try to learn whether Britain’s intelligence agency, GCHQ, illegally spied on them.
This opportunity is possible thanks to court victory in the Investigatory Powers Tribunal (IPT), a secret court set up to hear complaints against the British Security Services. As previously reported in the EDRi-gram, Privacy International won the first-ever case against GCHQ in the Tribunal, which ruled that the agency acted unlawfully in accessing millions of private communications collected by the US National Security Agency (NSA), up until December 2014.
Because of this victory, now anyone in the world can try to ask if their records, as collected by the NSA, were part of those communications unlawfully shared with GCHQ. We feel the public has a right to know if they were spied on illegally, and Privacy International wants to help make that as easy as possible.
Spies have been dismissed and disciplined for inappropriately accessing private information on citizens in recent years, the intelligence and security committee (ISC) report on privacy has found.
The report reveals a small number of staff at the intelligence agencies misused their surveillance powers, but it is not specific about how the information was wrongly accessed.
“Deliberate abuse of access to GCHQ’s systems would constitute gross misconduct (depending on the circumstances) – to date there has only been one case where GCHQ have dismissed a member of staff for misusing access to GCHQ’s systems,”the report states.