Hacker News new | past | comments | ask | show | jobs | submit login

> And what were GCHQ, MI6 and NCSC doing to protect our prime-minister at this time?

Nobody is perfect - but there are people who blatantly ignore ITSEC best practices and are therefore almost unprotectable.




> Nobody is perfect - but there are people who blatantly ignore ITSEC best practices and are therefore almost unprotectable.

I hear you, but I would contest that they're not at liberty to ignore them. If pizza delivery drivers consent to obligations to carry issued and configured devices while on duty by what exceptionalism is Downing Street excused?

Secondly, I'd say that they may make themselves unprotectable, but that is not where their duty of care ends. Boris Johnson is not only responsible for his own security, but that of a nation. Insofar as the spooks are responsible for Boris (god help them) their pants are round their ankles again.


I don't think you really want a world where the security services can overrule the elected government, rather than the other way round.

However, I'm not one to defend either MI5 or Johnson here. MI5 routinely surveil anyone to the left of the Tory party as being some kind of dissident. The Johnson government is notorious for ignoring any kind of rules, restraint, or best practice. If they had something to say about it, they should have done so in public like the rest of us, once privately recommending had failed.


> I don't think you really want a world where the security services can overrule the elected government, rather than the other way round.

Well said, and excellent point. But I would like to live in a world where security services could professionally, and in good faith, advise other public servants, who would professionally, and in good faith heed that advice. As I understand it that fits the actual job description for all parties.

A world in which public servants are adversaries, in which intra- and inter-institutional trust has totally broken down seems to be the fruits of the misadventure, over-reach and disrespect for the Rule of Law in all quarters.


Well, yes. But we're not dealing with public servants in the Cabinet, we're dealing with inept looters who are being propped up by the conservative press.


> Nobody is perfect - but there are people who blatantly ignore ITSEC best practices and are therefore almost unprotectable

This is tangential to this story however. Even people who follow best practices can get owned when ex-Mossad/8200 agents armed with dozens of zero days and millions of dollars come after them.


Could these agencies enumerate some phone models / sw versions that are vulnerable to Pegasus and just blast email the govt folks "if you got one of these it's vulnerable, upgrade to new hardware or software { list of phones without known vulnerabilities here }"?


Well, what if the lists got leaked, and the secret services no longer can spy on the electorate with these tools? /s




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: