It was immediately banned by the British Government. Although the Internet wasn't around to facilitate its distribution, it was trivial to obtain copies imported from Australia. As a boy, I remember seeing the publicity about it on the news and being very upset that my parents had a copy!

In light of the recent revelations by Edward Snowden and Julian Assange, I would have thought that the book would be enjoying somewhat of a reassurance.

It is not.

The physical book is long out of print and is available second hand on Amazon.

There's a scanned and OCR'd copy of the eBook available on OpenLibrary. If you are to venture to the "deep web" (i.e. the 2nd page of Google results) you'll find plenty of ersatz eBook copies floating around.

So, what does a book about the security state in the 1950s, 60, and 70s have to do with the world today?

Here are some choice quotes which I found interesting.

Metadata and Warrants

Each major [post] sorting office and [telephone] exchange in the country had a Special Investigations Unit Room, under the control of [Major Albert] Denman, to place taps and intercept mail.

...

In fact, Denman was very particular about warrants. He was prepared to install a tap or intercept an address without a warrant only on the strict understanding that one was obtained as soon as possible. MI5 were, however, allowed to request a form of letter check without a warrant. We could record everything on an envelope, such as its origin and destination and the date it was sent, as long as we did not actually open it. Denman, like everyone in the Post Office who knew of the activity, was terrified in case the Post Office role in telephone and mail intercepts was discovered.

Spycatcher - page 45-46

Here we have a excellent argument about why metadata is important. Traffic analysis about which parties are communicating and can be used to build up a detailed picture of a target - even without a warrant and probable cause.

We also see that the security service has always been lax about the need to obtain warrants before intercepting communications.

Finally - I wonder if ISPs today are similarly terrified about their role in PRISM? With seemingly every major ISP, social network, and telecoms company now in the hands of the intelligence services, it seems the more things change the more they stay the same...

Listening In

I had spent a lot of time researching ways in which innocuous objects, like ashtrays or ornaments, could be modified to respond to sound waves when radiated with microwaves of a certain frequency. If a system could be perfected, it promised enormous advantages. The object itself would carry no transmitter or receiver, so detection would be virtually impossible. By 1956 we had successfully developed prototypes, and decided to attempt an operation against the Russian Embassy in London.

Spycatcher - page 67

While we sit here and worry whether our phones can be used to eavesdrop on us, or wonder if an empty crisp packet can do the same - the reality is that for over 60 years MI5 has had the ability to listen in to our conversations at will.

Storing Data

In 1959, a new discovery was made which resuscitated VENONA again. GCHQ discovered that the Swedish Signals Intelligence Service had taken and stored a considerable amount of new wartime traffic, including some GRU radio messages sent to and from London during the early years of the war. GCHQ persuaded the Swedes to relinquish their neutrality, and pass the material over for analysis.

Spycatcher - page 186

While it is natural that wartime signals should be stored, I think it's interesting that going back over ancient data with new knowledge has been a staple of spying for years. While we may think our PGP encryption is secure now - any future attacks will render its protection useless.

Of course, storing data is somewhat pointless when the sheer volume of it means it overwhelms the capacity to analyse it.

A joint MI6/CIA team had tunneled under the Russian sector of Berlin in February 1955, and placed taps on the central communications of the Soviet Military Command.

The actual electrical taps were done by Post Office personnel. Both the CIA and MI6 were reeling under the sheer volume of material being gathered from the Tunnel.

So much raw intelligence was flowing out from the East that it was literally swamping the resources available to transcribe and analyze it. MI6 had a special transcription center set up in Earl's Court, but they were still transcribing material seven years later when they discovered that George Blake had betrayed the Tunnel to the Russians from the outset.

Spycatcher - page 47

And, even if cracked and analysed - someone has to actually make use of the material!

I was shown into a room in Northumberland Avenue which contained all the Dragon material, stacked up in dozens and dozens of dusty volumes. Incredibly, neither MI5 nor MI6 had bothered to process any of this material for its own use.

Spycatcher - page 116

With Friends Like These...

The Germans are appalled to discover gambling spying taking place against them. Merkel is furious!

For nearly three years, between 1960 and 1963, MI5 and GCHQ read the French high grade cipher coming in and out of the French Embassy in London. Every move made by the French during our abortive attempt to enter the Common Market was monitored. The intelligence was avidly devoured by the Foreign Office, and verbatim copies of De Gaulle's cables were regularly passed to the Foreign Secretary in his red box.

Spycatcher - page 111

Yeah. We spied on friend and foe alike - and they spied on us.

Analysis

I made a series of analyses of Soviet strength in 1945, based on the VENONA material. Although we broke only a small fraction of the traffic, GCHQ were able to statistically assess the total number of spies active in Britain at between 150 and 300. (The statistical analysis was conducted using methodology devised by one of the top cryptographers, I.J. Good.)

Spycatcher - page 344

Again, we see that decryption isn't necessarily needed in order to analyse data. Encrypting your email isn't enough - traffic analysis can give an excellent idea of how many people you are in communication with and the volumes of material you are exchanging.

And, in the end

There's no doubt that Spycatcher is still a highly significant book. What may have seemed somewhat dry and irrelevant when first published, has now become frighteningly prophetic. It is vital that the book is republished and that all students of security - computer or otherwise - read it and learn its lessons.

For anyone with an interest in the development of the security state - and the evolution of computerised espionage, Spycatcher is a must.

Much as today, it was The Guardian newspaper who were on the forefront of helping to reveal those who seek to spy on us.

I'll leave the last words to the judgement of the Law Lords who decided whether Spycatcher should be banned.

'In a free society,' Lord Geoff said, 'there is a continuing public interest that the workings of government should be open to scrutiny and criticism.'

Lord Keith of Kinkeld said the Government's claim that anyone receiving confidential information from a Crown servant in any circumstances is bound by an obligation of confidence was 'untenable and impracticable, in addition to being unsupported by any authority'.

Lord Griffiths, chairman of the Security Commission, said: 'The balance in this case comes down firmly in favour of the public interest in freedom of speech and a free press.' But he said that a member or former member of the security services could publicly disclose his concerns only as a last resort.

Attorney General v Guardian Newspapers Ltd (No 2) [1988] UKHL 6 (13 October 1988)

You can buy used copies of Spycatcher on Amazon.

In 1940, the Nazi's communications encryption had been broken by the British. Military Intelligence were able to decrypt a signal which indicated that the city of Coventry was to be bombed. The military chiefs took this information to the Prime Minister, Winston Churchill. If he ordered the evacuation of the city, he would save hundreds of thousands of lives - but the enemy would know that their encryption was compromised.

What, gentle reader, would you do? Is it worth sacrificing lives now in the hope of saving more in the future? Is revealing your hidden knowledge a price worth paying if it means saving a city?

This utilitarianist problem was probably not actually placed in front of Winston Churchill - but it is an interesting thought experiment.

This brings us to the recent revelation that the security services of the world are tapping our communications, listening to our phone calls, and tracking our every move.

So why is there still crime?

If "Prism" (which I'll use as a shorthand for all digital surveillance) is so good and effective, why is there still any form of crime or terrorism?

There are, I think, several possibilities.

• It doesn't work - either it can't capture the data or it's impossible to sift.
• Criminals don't communicate via electronic means.
• The Government don't want Prism revealed.

To go down the conspiracy theory route, is it acceptable to allow a major criminal attack in order not to reveal how intelligence is captured?

Or, to look at it through a different lens, is Prism stopping 99% of crimes, and the ones which do occur are statistical outliers?

If Prism is as amazing as claimed - and assuming revelations don't push criminals to secure crypto and unmonitored communications - why can't it be used to ticket speeding cars, foil bank robberies, or stop traders manipulating LIBOR?

Are minor and major criminal acts the price that governments are prepared to pay in order to keep Prism secret?

[The] Xerox 914 copy machine [...] was used in soviet embassies all over the world. The machine was so complex that the CIA used a tiny camera designed by Zoppoth to capture documents copied on the machine by the soviets and retrieved them using a "Xerox repairman" right under the eyes of soviet security.

Xerox Helped Win The Cold War

And

Samsung printers (as well as some Dell printers manufactured by Samsung) contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility.

A remote, unauthenticated attacker could access an affected device with administrative privileges. Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution.

Samsung Printer firmware contains a backdoor administrator account

There's no evidence that Samsung are working on behalf of the security services.

This could just be a snafu like the constant SCADA security bugs. The same bugs which were allegedly used to cripple Iran's alleged nuclear ambitions with Stuxnet.

Are Samsung viewing all your print outs and forwarding them to South Korea's Security Services? I honestly don't know. You don't know. No one knows!

This is one of the reasons that Open Source software is so important - especially for appliance-like devices.

Could your Samsung TV have a vulnerability that will let anyone see what you're watching? Or could the integrated camera start to watch you? Does your Samsung phone have spy code which forwards your information to a third party? Or does your Samsung phone let any application access your private information?

Open Source Software is far from perfect. But without being able to check the code which runs on our appliances, we're at the mercy of "professionals" who fail again and again.

Even the most trivial device could have a significant impact - what happens if your Internet Fridge has a bug, mistakes your chicken for Halal, and then secretly reports your dietary preferences to the security services?

The first freedom of software is the freedom to study how the program works, and change it so it does your computing as you wish.

I'm not paranoid. The vital services which run our lives have bugs. Some are intentional, some are not. We must be able to check for the presence of these vulnerabilities and correct them when their supplier are unable or unwilling to do so.