The Bugman Chronicles

You never know who's listening....

In other news

While not part of the Bugman series, we are moving closer to production with something I co-wrote with Jack Coltrane.


It’s being made by these good folks.


Free book promotion

The Bugman” is on a free promotion on Kindle today and tomorrow.



Computer misuse.

Although I hate to do it, I feel bound to use one bad piece of legislation to show up shortcomings in an even worse piece.


2016-02-12 19.40.09

I’ve been reading through the draft Investigatory powers bill and had to stop when I got to page 16.  This section covers “Equipment Interference”.

“Equipment interference allows the security and intelligence agencies,  law enforcement and the armed forces to interfere with electronic equipment such as computers and smartphones in order to obtain data, such as communications from a device.
Equipment interference encompasses a wide range of activity from remote access to computers to downloading covertly the contents of a mobile phone during a search.”
Page 16 Draft Investigatory Powers Bill 2015
As you can see it’s a pretty broad brush, among other things encompasses activities that the general public would call hacking.    Now, should this be enacted I can see a conflict here with the 1990 Computer Misuse act.

“(1)A person is guilty of an offence if—

(a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer [F1, or to enable any such access to be secured] ;

(b)the access he intends to secure [F2, or to enable to be secured,] is unauthorised; and

(c)he knows at the time when he causes the computer to perform the function that that is the case.

(2)The intent a person has to have to commit an offence under this section need not be directed at—

(a)any particular program or data;

(b)a program or data of any particular kind; or

(c)a program or data held in any particular computer.

[F3(3)A person guilty of an offence under this section shall be liable—

(a)on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;

(b)on summary conviction in Scotland, to imprisonment for a term not exceeding [F412] months or to a fine not exceeding the statutory maximum or to both;

(c)on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine or to both.”

Computer Misuse act 1990.
As you can see such activities as described in the draft bill would fall squarely under this act and would be a criminal offence.  Nowhere in the 1990 act is there any exclusion or statutory defence listed.
Now, I’m no lawyer, but the only way out for the government would be to amend the 1990 act with a clause that effectively would say “All this is a crime, but if we do it it’s OK.” For more information about the law enforcement visit our official website” style=”text-decoration: none; color: #5B5E5A !important”>
Again I’m no expert, but I would hazard to suggest that any government that exempts itself from it’s own criminal laws in tending towards the despotic, tyrannical wing of governance and is already a fair way down the slippery slope of no longer representing the people.

Moments after writing this I came across this news item.
“GCHQ is operating within the law when it hacks into computers and smart phones, a security tribunal has ruled.”
BBC News
Privacy International had challenged the government over the practices revealed by Edward Snowden.
“GCHQ admitted its agents hack devices, in the UK and abroad, for the first time during the hearings.”
BBC News.
The hearing was conducted by The Investigatory Powers Tribunal, a panel of senior judges.  What I am having trouble comprehending is how an unelected panel can seemingly over rule statute Criminal law and common law?
Taking the whole thing further if Theresa May decided that people with red hair were a threat to public safety and instructed the security services to execute all persons with red hair, it seems all she would need is a panel of judges to rubber stamp it as lawful.  I don’t think it a step too far to say that when a government can routinely excuse itself from it’s own criminal code we are in a very bad place as far as democracy goes.

More Oysters sir?



Yet more people have fallen foul of the Oyster Card data vomit.

Specialist riot officers have been accused of claiming overtime when their Oyster Card showed they were actually commuting home.”

Huffington Post

While I’m not supporting the fraudulent claiming of overtime, I do suspect that those officers will have worked many more hours, over the course of their careers, than they ever claimed, but regardless several of them do appear to have been skiving off of work.  Shame on them.

What’s more disturbing is the proportionality of accessing that data for what is essentially an employment matter.  I say essentially,  because police constables are not employees and are not covered by much of the legislation that governs employee/employer relationships.  That last sentence not withstanding it does seem to be a heavy handed investigative method when you consider that there exist many other avenues by which the evidence of clocking off late could have been obtained.

And clocking off is what this is about.  Not murder or terrorism.  It’s the same thing as someone who persistently arrives late for work.  Downloading that tardy employees entire travel history just isn’t proportionate.  In fact it’s outright bizarre.

It seems Transport for London are busy collecting every scrap of data on their customers as they can and then happily handing it over to anyone in a uniform on the flimsiest of pretexts.  It gets even more worrying when you consider the breadth of their empire which includes buses, trains and roads.  The amount of data they must be collecting on a daily basis is staggering.


In light of how much data they collect and share this logo now seems somewhat sinister….

I spent several hours trying to find any record of Transport for London’s policy on data collection and retention, but could find none in the” style=”text-decoration: none; color: #444 !important;”> san diego inspectors.  No where on the Oyster card website could I find any mention of how our data is collected and used.  While there are lots of mentions on transparency and a neat api for querying some of their massive data hoard, there is scant mention of how they collect and store our travel records and certainly no warning that every journey you make is logged and stored and available to third parties long after you have travelled.



A Police state?

As an occasional visitor to Benenden I’ve come to quite like the place and particularly the Bull public house.  So it was a shock to read the news last week and see the headlines:

“A man wanted over the suspicious death of a mother of four has been arrested as police confirmed they are treating the incident as murder.”


It started out very Midsomer Murders but very soon became altogether darker and disturbing.  The police began a massive man-hunt for the 54 year old IT manager from orange county comp.

Kent police said they made “extensive searches” to locate the 54-year-old man after they discovered the body of Caroline Andrews, 52, at a property in The Street in Benenden on Thursday.

The Guardian

It soon became apparent what these “Extensive searches” entailed as trains and platforms as far across the Network as Dover, Faversham and Gillingham were stopped and boarded by armed police.

Now, I don’t have an issue with a massive manhunt for suspected murderer.  Nor the deploying of armed police for a potentially hostile fifty four year old IT manager.


But… Here is the big but, the manner it was conducted was more akin to some kind of third world police state than the Britain I know.  We have always had armed police.  That’s a fact.  They are a necessary part of the job.  However, maybe out of respect for an imagined Dixon of Dock Green past, we have tended to keep them out of sight.  (As an aside even ten years ago the decision to issue police large handcuff carriers, instead of easier to use small ones, was taken on the basis that the public might feel threatened by seeing the cuff openly hanging on an officer’s belt. )

We’ve moved on a lot in the last few years, to the point that those in power feel it’s proportionate and reasonable to flood a train with paramilitary looking armed police and detain several hundred people for ninety minutes.  Working on the principle that To detain is to arrest, I would be happy to argue in court that the police were guilty of wrongful arrest and imprisonment.

Up to 30 officers carrying guns piled onto the train as it pulled into Gillingham station and searched it for around an hour and a half.

Passengers looked on as armed officers checked under seats and in bins in their search for clues as part of a massive manhunt.

The photographs and video taken by the inconvenienced passengers proved even more disturbing.

Police storm a train in Kent in their hunt for a man after a woman died in suspicious circumstances.  See SWNS story SWTRAIN: Police who stormed a busy commuter train have confirmed that they were hunting for a man - after a woman died under suspicious circumstances. The county-wide manhunt was launched on Thursday, which lead to more than 30 armed officers storming a train at Gillingham station in Kent. The man has still not been found, and the search continues. A police spokesman said: "Kent Police was called at 4.20pm on Thursday, 4 February following the death of a woman at an address in The Street, Benenden.

Since when did British Police start covering their faces?  It’s something I can understand when it’s done by the Italian Anti-corruption units or the Brazillian Anti-gang units, but allowing UK police to wander around with their faces hidden is a step too far.  I could possibly excuse it for anti-terror police, but for searching for a fifty four year old IT manager it seems a step too far.

In the UK, when a Police Officer searches someone it is a legal requirement they identify themselves.  This part of the PACE codes of practice and every officer is taught this.  While covering their faces may not be against the strict letter of the law it is certainly against the spirit of PACE.  More worryingly it is evidence of a growing trend of measures that are setting the Police and the policed apart.  It is alienating those serving from the people they are supposed to serve.

It seems the Peelian Principle of policing by consent has been well and truly ditched in favour policing by coercion at the end of a gun barrel.

I have to ask the final question, directed mostly at that officer on the train.  Why in the world would you want to go to work looking like a member of an Honduran Death Squad?


(Picture taken from this article in the Daily Mail)

The world is their Oyster.

“If one tells the truth, one is sure, sooner or later, to be found out.”

-Oscar Wilde

One of the arguments most often trotted out by the apologists for the surveillance state is the now threadbare, “If you’ve done nothing wrong then you’ve nothing to fear.”  Deconstructing this naive in-exactitude from a purely logical standpoint is so trivial I won’t even bother.  However, I will add comment from my own experience.  This is, the unpleasant truth of the modern justice system means the innocent have the most the fear.  You have everything to lose and nothing to gain from the process.



More pragmatic reasons exists for the innocent to be wary.  The guilty, sitting in a police interview has the advantage that they know precisely Where they were and where they were not.  And also the when and the how and the whys that they should avoid.  The innocent, have no such and can easily utter inculpatory statements without realising it.

However, I digress.  Returning to the nothing to fear paradigm.  I’m sure that Mark Pearson probably felt he had nothing to fear every time he tapped his Oyster card in and out of charter bus phoenix and trains.  I would wager on the fact that when the Police turned up on his front doorstep several months later he had no clue what was going on.  He certainly wouldn’t have expected to be arrested for sexually assaulting an “award winning actress”.

The award-winning actress, who is in her 60s, accused Pearson of penetrating her for two or three seconds following a violent blow to her left shoulder.

She contacted police, who tracked him to his East London home two months later using date(sic) from his Oyster card.


It is a piece of bitter irony that despite there apparently being no witnesses or forensic evidence the evidence that cleared Mr Pearson was the ubiquitous London CCTV.  The fact remains that in the presence of that CCTV, and the lack of any other evidence the CPS still took this matter trial.  Naming the defendant but granting the accuser anonymity.


Of course the damage is done now.  Regardless of the verdict Mr Pearson’s life will never be the same again.  A simple web search of his name will forever bring up the sexual assault allegation.    That data is now stored, backed up and a kept, just like the record of every time and place he has ever got on or off a train or bus.  If we allow the state to collect this information it is there forever and they will use it.  As the unfortunate Mr Pearson shows us it doesn’t matter if you are guilty of anything or not.


Festive freebies.

For anyone lucky enough to get a Kindle, tablet or new phone for Christmas, the book will be free Christmas day and boxing day on Kindle from Amazon.



Free Kindle Promotion

I’m running a free Kindle promotion, so head over to Amazon on Saturday 24th October 2015 to get Book 1 free on Kindle.



Ongoing research

After many months of searching I finally got hold of a Proxmark3 RFID board.  One of these is going to feature in book 2.


Free Kindle edition Promotion.

Free again for one day on the 28th May 2015

The celebrate the cryptoparty on the 28th I am making the book free for one day on the 28th May 2015.





« Older posts