Risk
6/11/2013
11:43 AM
50%
50%

NSA Prism: Snowden Is Wrong, Says British Government

Foreign Secretary denies that British government used Prism program to access communications of private citizens, but questions remain.

The British government has been forced to clarify the position of its own intelligence agencies in light of the unfolding Prism scandal.

Foreign Secretary William Hague on Monday rejected suggestions that British spymasters at its GCHQ communications center had been taking advantage of Prism to gain back-door access to citizens' communications.

If that is true, it would counter what most subjects of the Queen see as legitimate use of surveillance powers as well as the allegations of whistleblower Edward Snowden, which were revealed last week in his interview with The Guardian.

While claiming he wasn't being "drawn into confirming or denying any aspect of leaked information," Hague suggested that Snowden's claims are "baseless." He also stated that British laws simply "do not provide for indiscriminate trawling for information through the contents of people's communications."

[ For more on the Prism scandal, see Obama Defends NSA Prism, Google Denies Back Door. ]

However, Hague also confirmed there are strong links between GCHQ and U.S. intelligence services, links that center on the regular sharing of information between the two countries. This, he said, had been particularly marked during the London Olympics. "The House will not be surprised that our activity to counter terrorism intensified and rose to a peak in the summer of last year," he stated.

Nonetheless, the British government stands by its assertion that it possesses a strong set of legal safeguards that protect citizens. "Any data obtained by us from the United States involving U.K. nationals is subject to proper [British] statutory controls and safeguards," Hague said. In his remarks to the House on Monday, Hague also pointed out that British intelligence sharing with the U.S. is subject to "ministerial and independent oversight and to scrutiny by the Intelligence and Security Committee." For example, of the hundreds of requests to carry out covert operations his office receives every year, each one is reviewed by lawyers to make sure it meets legal requirements.

Even as he attempted to close the debate on the status of electronic communications access, however, Hague may have reopened another. This one concerns the Data Communications Bill, controversial legislation that proposed expanded access to data by law enforcement via the so-called "Snooper's Charter." That legislation was taken off the books last month by the Deputy Prime Minister Nick Clegg, who said his party, the junior one in the current Coalition government, rejected the measure's possible encroachment on civil liberty protection. However, in the wake of a recent attack on an unarmed British soldier by Islamist extremists, some commentators are pushing for a return of the legislation, even in revised form, to beef up security.

Following Hague's Monday address, an MP suggested that current traffic monitoring legislation known as RIPA has not kept up with modern technological trends since its 2000 introduction. "The case for a Communications Data Bill rests on its own merits," Hague responded, adding that Her Majesty's Government will "bring forward proposals in the near future on this subject," which suggests that the "Snooper's Charter" may be far from dead.

The Foreign Secretary isn't the only senior political figure who has attempted this week to defuse worries raised by the Snowden leaks. Former Home Secretary, Labor peer John Reid, claimed that "within the legal framework," British security services, operating and sharing relevant data with allies led by the U.S., have saved "literally thousands of lives in this country in the past 15 years."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3580
Published: 2014-12-18
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVE-2014-4801
Published: 2014-12-18
Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-6076
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2014-6077
Published: 2014-12-18
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVE-2014-6078
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.