GCHQ Asked Court To Let It Infringe On Anti-Virus Copyrights... For National Security
from the nothing-is-intact dept
National security apparently means "securing" the nation at the expense of citizens' security. New Snowden documents published by The Intercept show massive amounts of dicking around in the coding of popular anti-virus software by the NSA and GCHQ. The list of antivirus products not affected would be much, much shorter than a list of those that have been.
Much of what listed here involves the NSA and GCHQ monitoring threats reported to these antivirus makers (by intercepting email messages, naturally), obviously in hopes of finding something temporarily exploitable. But in other cases, the efforts went much, much deeper. The GCHQ obtained a warrant to reverse engineer Kapersky products because it felt the company's software was "obstructing" its hacking attempts.
“Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE [Computer Network Exploitation] capability and SRE is essential in order to be able to exploit such software and to prevent detection of our activities,” the warrant renewal request said. “Examination of Kaspersky and other such products continues.” The warrant renewal request also states that GCHQ reverse engineers anti-virus programs to assess their fitness for use by government agencies.Not only did the GCHQ seek permission to tear apart a legitimate security product for its own ends, but it also asked for an exception to UK copyright law in order to do so.
GCHQ’s success as an intelligence agency is founded on technical knowledge and creativity. In particular this may involve modifying commercially available software to enable interception, decryption and other related tasks, or “reverse engineering” software (this means to convert it from machine readable code into the original format, which is then comprehensible to a person). These actions, and others necessary to understand how the software works, may represent an infringement of copyright. The interference may also be contrary to, or inconsistent with, the provisions of any licensing agreement between GCHQ and the owners of the rights in the software.Recognizing this could potentially cause a problem if its efforts were discovered, GCHQ explicitly asked that it be granted permission to engage in copyright infringement in the name of national security.
There is a risk that in the unlikely event of a challenge by the copyright owner or licensor, the Courts would, in the absence of a legal authorisation, hold that such activity was unlawful and amounted to a copyright infringement or breach of contract. The purpose of this warrant is to provide authorisation for all continuing activities which involve interference with copyright or licensed software, but which cannot be said to fall within any other specific authorisation held by GCHQ and which are done without the permission of the owner.In other words, GCHQ doesn't have specific authorization to violate copyrights or licensing agreements, but for this particular effort, the warrant would act as a blanket permission slip to engage in this illegal activity. And, in doing so, it stretched an intelligence law to cover its violation of intellectual property laws.
GCHQ obtained a warrant for reverse engineering under a section of British intelligence law that does not explicitly authorize — and had apparently never been used to authorize — the sort of copyright infringement GCHQ believed was necessary to conduct such activity.On top of that, the type of warrant it obtained was only to be used for foreign surveillance, but supporting documentation notes GCHQ would also be performing its reverse engineering to support "police operations" and the domestically-focused National Technical Assistance Centre.
The spy agency instead relied on the Intelligence Services Commissioner to let it use a law pertaining only to property and “wireless telegraphy,” a law that had never been applied to intellectual property, according to GCHQ’s own warrant renewal application. Eric King, deputy director of U.K. surveillance watchdog Privacy International said, after being shown documents related to the warrant, “The secret reinterpretation of powers, in entirely novel ways, that have not been tested in adversarial court processes, is everything that is wrong with how GCHQ is using their legal powers.”
When it comes to national security efforts, laws just don't apply, it would appear. The NSA and GCHQ's efforts are completely indistinguishable from those of cybercriminals. While these agencies may have "good" on their side -- at least in terms of not wishing specific harm to non-targets -- the end result is the same: a less secure computing world.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: anti-virus, copyright, gchq, infringement, national security, reverse engineering
Companies: kaspersky
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
FFS
[ link to this | view in chronology ]
Re: FFS
[ link to this | view in chronology ]
Re: FFS
Once the economy goes kablooie and people stop getting their daily dose of reality tv shows and food then they will be more willing to overthrow the criminals in charge that caused it all
[ link to this | view in chronology ]
Maybe TTPP would be a good thing
[ link to this | view in chronology ]
monthly reminder
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
a COUPLE POINTS
It does have ANTI encryption abilities..to FIND Virus.
The only reason to Goto the AV programs is to find ways to bypass it..Thats what hackers DO..
There is an easier way..ASK MS..
MS has pre-authorized hidden programs..Wonder why they didnt ask MS??
The Only reason for this, is to install CRAP on your machine.
Something we already have problems with and WHY we try to protect ourselves..
Also...If you are VERY smart..and encrypt your machine, you are not going to use WINDOWS... They even warn you about it..that recovery isnt easy,or even possible in many cases.
Encrypting your machine means you are NOT doing standard things...its a pain and hassle if you are a gamer. they have their OWN data checks and encryption, and verifications, and adding encryption, just confuses things on your machine.
Only good thing to use encryption on is a data server, Mail server or the like..Otherwise its not worth the hassle.
[ link to this | view in chronology ]
Re: a COUPLE POINTS
[ link to this | view in chronology ]
Re: Re: a COUPLE POINTS
really..
Then as an AC' disprove it..
Windows passwords and other codes are easy to pull out with programs available around the net..
Many programs with/without DMCA, go look at STEAM..its a whole system..
Encrypting a system is abit dangerous unless you have a First recovery disk and are willing to do a full reinstall and Encrypt again..
Also, we are talking about the common user. NOT people with abit more advanced knowledge..
Show me whats wrong here?
Good AV programs Check themselves FIRST..
Yes you can HIDE things under windows..and there are simple ways to find it(not to decode it, just find) And the Border patrol has the RIGHTS to ask you to OPEN IT...
Get a hint please..That you wont be using windows to hide things.. And most advanced users can do allot more..
[ link to this | view in chronology ]
Re: Re: Re: a COUPLE POINTS
Heh, that's funny. One anonymous commenter calling another for being anonymous.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
There could, in theory, be the possibility of a whistleblower from said company, but the threat of hanging, shooting, stabbing, decapitation, mauling by angry dogs and other nice things people in power have suggested, will keep most people from stepping forward.
[ link to this | view in chronology ]
Re:
How do we know that the NSA/GCHQ/etc. aren't at least partially to blame for some of the recent large database security breaches? If the are, you can bet the government has gag orders on the companies involved to prevent them disclosing it.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I could describe this in one simple metaphor.
[ link to this | view in chronology ]
Ofcourse, one could compare the UK or the US to nazi germany and could easily draw some pararells or even overshoot and realize that not even Hitler was this crazy.
[ link to this | view in chronology ]
I don't get it
If they're performing a sleight of hand to replace the official strong version of Kapersky's AV with their own modified/weakened version, then that's terrible, but how would they do that? That seems like it would involve spoofing the Kapersky website across the UK... which would still be defeated by a VPN.
I'm not sure how to read this story other than as an endorsement for the official version of Kapersky's software...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Security agencies are worse than cybercriminals
Actually its the cybercriminals who do not wish harm to non-targets as any harm you do to a system leaves a mark that can be cataloged and tracked so it is in the criminals best interest to do as little harm as possible to the target in getting to the goal and to avoid collateral damage.
Compare that to the security agencies model of everyone is a suspect and as such there are no non-targets. Everybody is a target and a suspect.
[ link to this | view in chronology ]
Re: Security agencies are worse than cybercriminals
[ link to this | view in chronology ]
One small comfort
[ link to this | view in chronology ]
Re: One small comfort
Hard to decide which, when your dealing with criminals in all the high places.
---
[ link to this | view in chronology ]
There's no business, like Snow Business, and snowjobs are such a breeze...
At the rate the federal governments are telling their populations to fuck themselves now, it should not take much more than another 50-75 years or so, for the public to catch on - which should be - if history is any yardstick - about 50 years too late, as usual.
---
[ link to this | view in chronology ]
Re: There's no business, like Snow Business, and snowjobs are such a breeze...
Things like getting your door kicked in and your family dragged off in the middle of the night for political dissent against the self entitled party rulers.
[ link to this | view in chronology ]
Re: Re: There's no business, like Snow Business, and snowjobs are such a breeze...
Actually, I said it would take the public that long - 50-75 years - to figure out exactly who the enemy is, not that it would take that long before the enemy removes all vestiges of what was once the mythical American freedoms and rights protections.
And while the poster below appears to be playing tongue-in-cheek, he/she is actually quite correct.
"We know", is pretty much the end-purpose of the Five Eyes' entire surveillance program.
And busting down your door and dragging your family off in the dead of night, is already a common practice, although the Drug War is used as a premise for the public pest extermination process, rather than political dissent - currently.
However, given the escalation of the War on Terror programs and its accompanying anti-public-rights laws, by the timely, convenient and well (Five Eyes) funded inauguration of ISIL as the new Evil Terrorist Horde, the Five Eyes will soon be using the War on Terror and the War on Drugs together, to implement their new secret War on the Adversary.
At that point, "We Know" becomes "We Gotcha" for any and all dissidents, popular anti-establishment bloggers and reporters and anyone else who gets in the way of the future Ownership Society's intended Roman Utopia.
Its just the natural progression of Fascism actually.
Fascism is very difficult for the common peasant to recognise, because its a quiet conquest of the 99%, from behind, by the nation's own wealthy 1% - the very people that the poor and middle class - the Adversary - have been trained for centuries to look up to and admire.
It is very difficult to admit that the people you want to become are the very people who are destroying your life and draining the nation in which you live.
In fact, The People almost never catch on to the process of Fascism, so fascism can be seen as the final stage of the entropy of a failed civilization.
I doubt this process will take another 20 years to accomplish, even if they do not destroy the internet through BS copyright legislation and Phony Free Trade Agreements.
---
[ link to this | view in chronology ]
Re: There's no business, like Snow Business, and snowjobs are such a breeze...
[ link to this | view in chronology ]