Top 10 surveillance, journalism and encryption stories of 2024

1. Russia hacked ex-MI6 chief’s emails – what they reveal is more Dad’s Army than deep state

An investigation by Computer Weekly and Byline Times reveals how a network of right-wing elites funded by wealthy donors used their links with government and the intelligence services to influence government policy on science and technology.

More than 70 hard Brexit supporters, led by former MI6 chief Richard Dearlove and retired academic Gwythian Prins, set up encrypted email and WhatsApp accounts to campaign against the “Soros-funded Remaniac operation”, the “Green blob” and the Chinese Communist Party”. 

Their targets included science journal Nature and its editor-in-chief; Chinese tech company Huawei; and those in the intelligence services that argued the company posed no threat to the UK telecoms infrastructure.

2. NCA director sacked after WhatsApp and email security breaches

A senior director at the National Crime Agency lost her job after sending sensitive and secret information over her personal email and on WhatsApp, in what was described as a “serious information security” breach.

A disciplinary panel found that Nikki Holland had committed “gross misconduct” by using a personal email address to transmit sensitive and secret NCA material and by declassifying secret material to enable it to be sent from an NCA email account to a non-NCA email account.

Holland’s most high-profile role was her responsibility for the NCA’s Operation Venetic investigation into organised criminals using the EncroChat encrypted phone network, which was compromised in an international police operation in 2020.

3. Canadian arrested by France after cooperating with US on Sky ECC cryptophone investigation

A Canadian businessman accused of helping to facilitate organised crime through his involvement with an encrypted messaging service was arrested by French police despite “fully cooperating” with US law authorities.

Thomas Herdman, now 64, assisted US authorities in their investigation of Canadian-encrypted phone supplier Sky Global under a “proffer agreement” with the US, but his lawyers claimed foul play after he was arrested and extradited to France.

Herdman is the only person held by France under an indictment issued by the French authorities against 30 individuals involved in Sky ECC.

US investigators claimed he was the right-hand man of former Sky CEO Jean-François Eap. But Herdman worked for a phone distributor, LevUp, and argues in court filings that he had no involvement in the development of Sky ECC or the running of the company.

4. Police arrested journalists as part of surveillance operation to identify confidential source

Durham Police and the Police Service of Northern Ireland made “repeated and entirely unjustified” attempts to put two journalists under surveillance without seeking judicial authorisation.

Durham Police, working with the PSNI, raided the journalists’ homes and film production company Fine Point Films, and seized computers, notes, mobile phones and terabytes of journalistic data.

5. Northern Irish police used covert powers to monitor over 300 journalists

Police in Northern Ireland have made 323 applications for communications data relating to journalists since 2011.

The chief constable of the PSNI disclosed the figures in a report commissioned by the Northern Ireland Policing Board.

Police chief Jon Boutcher disclosed that the PSNI had made 10 applications to use covert powers to identify journalists’ confidential sources between 2021 and March 2024.

Northern Irish police also authorised four covert human intelligence sources to provide intelligence on journalists or lawyers.

6. Lawyers and journalists seeking ‘payback’ over police phone surveillance, claims former detective

A former detective regarded as a key witness in an investigation into allegations that police unlawfully monitored the phones of journalists has accused their lawyers of seeking “payback” against law enforcement.

Former Durham Police detective Darren Ellis claimed in an email to the Investigatory Powers Tribunal that lawyers and journalists were “riding roughshod over people who ‘dare’ challenge them”.

He claimed in an email to the court that he was unwilling to give evidence to the Investigatory Powers Tribunal as the journalists’ lawyers were unwilling to accept clear explanations and were attempting to “rewrite history”. 

“The applicants and their legal teams operate in a community when no-one ever holds them to account,” wrote Ellis. “In a system that simply allows them to ride roughshod over people who ‘dare’ challenge them. For too long, they shout and they brawl and intimidate others. I consider it to be a strategy to frighten and softly intimidate, and hence place a ring of steel around corrupt activity.

7. Investigatory Powers review will undermine privacy of UK citizens

Government plans to update the UK’s surveillance laws could divert tech companies away from safeguarding the privacy and security of their customers towards meeting the surveillance needs of government..

The warning from technology companies came in a briefing for government ministers on the risks posed by government plans to modernise the Investigatory Powers Act 2016, which governs state surveillance in the UK.

8. Sellafield local authority slammed over response to North Korean ransomware attack

Former bosses at Copeland Borough Council blamed a 2017 ransomware attack for the authority’s failure to submit audited accounts for its final four years of business. 

A council source told Computer Weekly that the council “still doesn’t know who did it and what [information] was lost” during the 2017 attack.

9. DWP anti-fraud measures will allow monitoring of bank accounts of landlords, carers and parents

Proposed anti-fraud powers were intended to allow the Department of Work and Pensions (DWP) to monitor the bank accounts of landlords, parents, carers and partners of people receiving state benefits, including the state pension.

The wording of the bill allowed the DWP to ask banks and financial companies for any “information specified” by the DWP, raising concerns that the powers outlined on the face of the bill could be used to obtain intrusive financial information on benefit claimants.

MPs warned in an open letter that the proposals would require banks to sift through tens of millions of bank accounts to identify people in the welfare system, around 40% of the population.

10. Government agrees law to protect confidential journalistic material from state hacking

The government has agreed to bring in legislation to require MI5 and GCHQ to seek independent authorisation before accessing confidential journalistic material obtained through the bulk hacking of phones or computer systems.

The Investigatory Powers (Amendment) Bill, which was debated in the House of Commons, requires the intelligence services to seek independent approval from the investigatory powers commissioner before accessing journalistic material or material that could identify a confidential journalistic source.

The concession follows a seven-year legal challenge brought by human rights organisation Liberty with the support of the National Union of Journalists.

It follows separate warnings from technology companies and rights organisations that proposed changes to the Investigatory Powers Act would disrupt the ability of technology companies to apply security updates and introduce end-to-end encryption.