Security | Marcus Povey

Reporting online terrorists

February 4th, 2010 by Marcus Povey

There was a small ripple around the internet this morning caused by the Home office opening up the Beta terrorist reporting tool.

To what extent the reports from this tool are monitored is unclear, but I suspect this will cause more problems that it solves.

Even before we consider the rather broad definition the government has for illegal material (which on the face of it could cover a number of science and religious texts), I can see the tool quickly becoming buried under false positives – whether through over sensitive citizens or through plain vindictiveness – which would need to be investigated.

Even if no further action is taken after the investigation, the cost in both time and resources must surely represent a significant risk that things that are actually a threat will be missed.

bct,Government,Security :: Tags - barcamp transparency, Government, innovate, reporting, Security, surveillance, terrorists

Comments (3)

Fake police at Canary Wharf

October 19th, 2009 by Marcus Povey

A few days ago my father – a passionate amateur photographer – fell foul of Canary Wharf’s pretend police. His crime? Taking a photo of a shadow of a tree on a building.

Initially it was two fake police which challenged him, demanding that he show them what photos he took on his camera. This not even the real police are entitled to do, and fake police certainly can not (since they have no more rights than you or I).

He quite rightly refused, at which point the fake coppers prevented him from leaving, and so committed the first actual crime.

More fake police arrived and the situation became increasingly tense, the fake police demanded that he show them the photos citing “terrorism” and “9/11″ and “The current climate” and said that taking a photo of a shadow was “not what normal people did”.

They threatened him by their physical presence, preventing him from leaving, and threatened to call the police. To which my father requested that they do so since it was the private security agents who were breaking the law (they of course didn’t call them).

The intimidation continued for about 40 minutes becoming increasingly farcical until the supervisor turned up, who was much less confrontational and admitted that they had no right to demand to see his photos or to detain him. My father, who was not feeling very well and was getting tired, showed the photo and was finally permitted to leave.

To his credit, my father kept his cool throughout although he now wishes that he hadn’t capitulated. We are now investigating possible legal action against the private security firm responsible and their agents.

This sort of scenario appears to be happening more often, and it is happening thanks to the passive co-operation of the public. It is understandable that people do give in at times – especially in situations like this where 20 odd 6ft something men were sent to intimidate one gentlemen in his 60s carrying a camera, however it is the general climate of passive acceptance that lets governments and corporations think we can get away with it.

Fundamentally, you have the right to film, take photos, say, do or be anything and you don’t need permission to do so. This is the essence of freedom, and to let this right – which (if you excuse the hyperbole) was paid for with the blood of your ancestors – be lost is the only crime that really matters.

bct09,Government :: Tags - canary wharf, love, police, Security

Comments (4)

Elgg 1.0 gatekeeper functions

May 29th, 2008 by Marcus Povey

This is just a quick post to introduce a pair of functions I wrote today while working on some of the Elgg 1.0 access control code.

Namely, call_gatekeeper($function, $file = "") and callpath_gatekeeper($path, $include_subdirs = true), both of which return a boolean value.

call_gatekeeper()

This function tests to see whether it has the given method/function (optionally also test that it is defined in a specified file) exists on the call stack.

The function will return true if the called by the named function (or its parent was called by the named function).

Here is an example of its usage:

function my_secure_function() { if (!call_gatekeeper("my_call_function")) return false; ... do secure stuff ... }

function my_call_function() { // will work my_secure_function(); }

function bad_function() { // Will not work my_secure_function(); }

To specify a method instead of a function, pass an array to $function containing the classname and method name.

callpath_gatekeeper()

This function is similar to call_gatekeeper() but returns true if it is being called by a method or function which has been defined on a given path or by a specified file.

The function accepts two parameters:

$path, which is either the full path of the desired file or a partial path. If a partial path is given and $include_subdirs is true, then the function will return true if called by any function in or below the specified path.

elgg :: Tags - elgg, howto, Security

Comments (0)