MI5 Wants Oyster Card Travel Data

Counter-terrorism experts call it a ‘force multiplier’: an attack combining slaughter and electronic chaos. Now Britain’s security services want total access to commuters’ travel records to help them meet the threat

Millions of commuters could have their private movements around cities secretly monitored under new counter-terrorism powers being sought by the security services.

Records of journeys made by people using smart cards that allow 17 million Britons to travel by underground, bus and train with a single swipe at the ticket barrier are among a welter of private information held by the state to which MI5 and police counter-terrorism officers want access in order to help identify patterns of suspicious behaviour.

The request by the security services, described by shadow Home Secretary David Davis last night as ‘extraordinary’, forms part of a fierce Whitehall debate over how much access the state should have to people’s private lives in its efforts to combat terrorism.

It comes as the Cabinet Office finalises Gordon Brown’s new national security strategy, expected to identify a string of new threats to Britain – ranging from future ‘water wars’ between countries left drought-ridden by climate change to cyber-attacks using computer hacking technology to disrupt vital elements of national infrastructure.

The fear of cyber-warfare has climbed Whitehall’s agenda since last year’s attack on the Baltic nation of Estonia, in which Russian hackers swamped state servers with millions of electronic messages until they collapsed. The Estonian defence and foreign ministries and major banks were paralysed, while even its emergency services call system was temporarily knocked out: the attack was seen as a warning that battles once fought by invading armies or aerial bombardment could soon be replaced by virtual, but equally deadly, wars in cyberspace.

While such new threats may grab headlines, the critical question for the new security agenda is how far Britain is prepared to go in tackling them. What are the limits of what we want our security services to know? And could they do more to identify suspects before they strike?

One solution being debated in Whitehall is an unprecedented unlocking of data held by public bodies, such as the Oyster card records maintained by Transport for London and smart cards soon to be introduced in other cities in the UK, for use in the war against terror. The Office of the Information Commissioner, the watchdog governing data privacy, confirmed last night that it had discussed the issue with government but declined to give details, citing issues of national security.

Currently the security services can demand the Oyster records of specific individuals under investigation to establish where they have been, but cannot trawl the whole database. But supporters of calls for more sharing of data argue that apparently trivial snippets – like the journeys an individual makes around the capital – could become important pieces of the jigsaw when fitted into a pattern of other publicly held information on an individual’s movements, habits, education and other personal details. That could lead, they argue, to the unmasking of otherwise undetected suspects.

Critics, however, fear a shift towards US-style ‘data mining’, a controversial technique using powerful computers to sift and scan millions of pieces of data, seeking patterns of behaviour which match the known profiles of terrorist suspects. They argue that it is unfair for millions of innocent people to have their privacy invaded on the off-chance of finding a handful of bad apples.

‘It’s looking for a needle in a haystack, and we all make up the haystack,’ said former Labour minister Michael Meacher, who has a close interest in data sharing. ‘Whether all our details have to be reviewed because there is one needle among us – I don’t think the case is made.’

Jago Russell, policy officer at the campaign group Liberty, said technological advances had made ‘mass computerised fishing expeditions’ easier to undertake, but they offered no easy answers. ‘The problem is what do you do once you identify somebody who has a profile that suggests suspicions,’ he said. ‘Once the security services have identified somebody who fits a pattern, it creates an inevitable pressure to impose restrictions.’

Individuals wrongly identified as suspicious might lose high-security jobs, or have their immigration status brought into doubt, he said. Ministers are also understood to share concerns over civil liberties, following public opposition to ID cards, and the debate is so sensitive that it may not even form part of Brown’s published strategy.

But if there is no consensus yet on the defence, there is an emerging agreement on the mode of attack. The security strategy will argue that in the coming decades Britain faces threats of a new and different order. And its critics argue the government is far from ready.

The cyber-assault on Estonia confirmed that the West now faces a relatively cheap, low-risk means of warfare that can be conducted from anywhere in the world, with the power to plunge developed nations temporarily into the stone age, disabling everything from payroll systems that ensure millions of employees get paid to the sewage treatment processes that make our water safe to drink or the air traffic control systems keeping planes stacked safely above Heathrow.

And it is one of the few weapons which is most effective against more sophisticated western societies, precisely because of their reliance on computers. ‘As we become more advanced, we become more vulnerable,’ says Alex Neill, head of the Asia Security programme at the defence think-tank RUSI, who is an expert on cyber-attack.

The nightmare scenario now emerging is its use by terrorists as a so-called ‘force multiplier’ – combining a cyber-attack to paralyse the emergency services with a simultaneous atrocity such as the London Tube bombings.

Victims would literally have nowhere to turn for help, raising the death toll and sowing immeasurable panic. ‘Instead of using three or four aircraft as in 9/11, you could do one major event and then screw up the communications network behind the emergency services, or attack the Underground control network so you have one bomb but you lock up the whole network,’ says Davis. ‘You take the ramifications of the attack further. The other thing to bear in mind is that we are ultimately vulnerable because London is a financial centre.’

In other words, cyber-warfare does not have to kill to bring a state to its knees: hackers could, for example, wipe electronic records detailing our bank accounts, turning millionaires into apparent paupers overnight.

So how easy would it be? Estonia suffered a relatively crude form of attack known as ‘denial of service’, while paralysing a secure British server would be likely to require more sophisticated ‘spy’ software which embeds itself quietly in a computer network and scans for secret passwords or useful information – activating itself later to wreak havoc.

Neill said that would require specialist knowledge to target the weakest link in any system: its human user. ‘You will get an email, say, that looks like it’s from a trusted colleague, but in fact that email has been cloned. There will be an attachment that looks relevant to your work: it’s an interesting document, but embedded in it invisibly is “malware” rogue software which implants itself in the operating systems. From that point, the computer is compromised and can be used as a platform to exploit other networks.’

Only governments and highly sophisticated criminal organisations have such a capability now, he argues, but there are strong signs that al-Qaeda is acquiring it: ‘It is a hallmark of al-Qaeda anyway that they do simultaneous bombings to try to herd victims into another area of attack.’

The West, of course, may not simply be the victim of cyber-wars: the United States is widely believed to be developing an attack capability, with suspicions that Baghdad’s infrastructure was electronically disrupted during the 2003 invasion.

So given its ability to cause as much damage as a traditional bomb, should cyber-attack be treated as an act of war? And what rights under international law does a country have to respond, with military force if necessary? Next month Nato will tackle such questions in a strategy detailing how it would handle a cyber-attack on an alliance member. Suleyman Anil, Nato’s leading expert on cyber-attack, hinted at its contents when he told an e-security conference in London last week that cyber-attacks should be taken as seriously as a missile strike – and warned that a determined attack on western infrastructure would be ‘practically impossible to stop’.

Tensions are likely to increase in a globalised economy, where no country can afford to shut its borders to foreign labour – an issue graphically highlighted for Gordon Brown weeks into his premiership by the alleged terrorist attack on Glasgow airport, when it emerged that the suspects included overseas doctors who entered Britain to work in the NHS.

A review led by Homeland Security Minister Admiral Sir Alan West into issues raised by the Glasgow attack has been grappling with one key question: could more be done to identify rogue elements who are apparently well integrated with their local communities?

Which is where, some within the intelligence community insist, access to personal data already held by public bodies – from the Oyster register to public sector employment records – could come in. The debate is not over yet.

Gaby Hinsliff

London Tube Smartcard Cracked

Looks like lousy cryptography.

Details here. When will people learn not to invent their own crypto?

Note that this is the same card — maybe a different version — that was used in the Dutch transit system, and was hacked back in January. There’s another hack of that system (press release here, and a video demo), and many companies — and government agencies — are scrambling in the wake of all these revelations.

Seems like the Mifare system (especially the version called Mifare Classic — and there are billions out there) was really badly designed, in all sorts of ways. I’m sure there are many more serious security vulnerabilities waiting to be discovered.

Bruce Schneier