Risk
6/11/2013
11:43 AM
Connect Directly
RSS
E-Mail
50%
50%

NSA Prism: Snowden Is Wrong, Says British Government

Foreign Secretary denies that British government used Prism program to access communications of private citizens, but questions remain.

The British government has been forced to clarify the position of its own intelligence agencies in light of the unfolding Prism scandal.

Foreign Secretary William Hague on Monday rejected suggestions that British spymasters at its GCHQ communications center had been taking advantage of Prism to gain back-door access to citizens' communications.

If that is true, it would counter what most subjects of the Queen see as legitimate use of surveillance powers as well as the allegations of whistleblower Edward Snowden, which were revealed last week in his interview with The Guardian.

While claiming he wasn't being "drawn into confirming or denying any aspect of leaked information," Hague suggested that Snowden's claims are "baseless." He also stated that British laws simply "do not provide for indiscriminate trawling for information through the contents of people's communications."

[ For more on the Prism scandal, see Obama Defends NSA Prism, Google Denies Back Door. ]

However, Hague also confirmed there are strong links between GCHQ and U.S. intelligence services, links that center on the regular sharing of information between the two countries. This, he said, had been particularly marked during the London Olympics. "The House will not be surprised that our activity to counter terrorism intensified and rose to a peak in the summer of last year," he stated.

Nonetheless, the British government stands by its assertion that it possesses a strong set of legal safeguards that protect citizens. "Any data obtained by us from the United States involving U.K. nationals is subject to proper [British] statutory controls and safeguards," Hague said. In his remarks to the House on Monday, Hague also pointed out that British intelligence sharing with the U.S. is subject to "ministerial and independent oversight and to scrutiny by the Intelligence and Security Committee." For example, of the hundreds of requests to carry out covert operations his office receives every year, each one is reviewed by lawyers to make sure it meets legal requirements.

Even as he attempted to close the debate on the status of electronic communications access, however, Hague may have reopened another. This one concerns the Data Communications Bill, controversial legislation that proposed expanded access to data by law enforcement via the so-called "Snooper's Charter." That legislation was taken off the books last month by the Deputy Prime Minister Nick Clegg, who said his party, the junior one in the current Coalition government, rejected the measure's possible encroachment on civil liberty protection. However, in the wake of a recent attack on an unarmed British soldier by Islamist extremists, some commentators are pushing for a return of the legislation, even in revised form, to beef up security.

Following Hague's Monday address, an MP suggested that current traffic monitoring legislation known as RIPA has not kept up with modern technological trends since its 2000 introduction. "The case for a Communications Data Bill rests on its own merits," Hague responded, adding that Her Majesty's Government will "bring forward proposals in the near future on this subject," which suggests that the "Snooper's Charter" may be far from dead.

The Foreign Secretary isn't the only senior political figure who has attempted this week to defuse worries raised by the Snowden leaks. Former Home Secretary, Labor peer John Reid, claimed that "within the legal framework," British security services, operating and sharing relevant data with allies led by the U.S., have saved "literally thousands of lives in this country in the past 15 years."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3341
Published: 2014-08-19
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.

CVE-2014-3464
Published: 2014-08-19
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers ...

CVE-2014-3472
Published: 2014-08-19
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

CVE-2014-3490
Published: 2014-08-19
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have...

CVE-2014-3504
Published: 2014-08-19
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Dark Reading continuing coverage of the Black Hat 2014 conference brings interviews and commentary to Dark Reading listeners.