Risk
6/11/2013
11:43 AM
50%
50%

NSA Prism: Snowden Is Wrong, Says British Government

Foreign Secretary denies that British government used Prism program to access communications of private citizens, but questions remain.

The British government has been forced to clarify the position of its own intelligence agencies in light of the unfolding Prism scandal.

Foreign Secretary William Hague on Monday rejected suggestions that British spymasters at its GCHQ communications center had been taking advantage of Prism to gain back-door access to citizens' communications.

If that is true, it would counter what most subjects of the Queen see as legitimate use of surveillance powers as well as the allegations of whistleblower Edward Snowden, which were revealed last week in his interview with The Guardian.

While claiming he wasn't being "drawn into confirming or denying any aspect of leaked information," Hague suggested that Snowden's claims are "baseless." He also stated that British laws simply "do not provide for indiscriminate trawling for information through the contents of people's communications."

[ For more on the Prism scandal, see Obama Defends NSA Prism, Google Denies Back Door. ]

However, Hague also confirmed there are strong links between GCHQ and U.S. intelligence services, links that center on the regular sharing of information between the two countries. This, he said, had been particularly marked during the London Olympics. "The House will not be surprised that our activity to counter terrorism intensified and rose to a peak in the summer of last year," he stated.

Nonetheless, the British government stands by its assertion that it possesses a strong set of legal safeguards that protect citizens. "Any data obtained by us from the United States involving U.K. nationals is subject to proper [British] statutory controls and safeguards," Hague said. In his remarks to the House on Monday, Hague also pointed out that British intelligence sharing with the U.S. is subject to "ministerial and independent oversight and to scrutiny by the Intelligence and Security Committee." For example, of the hundreds of requests to carry out covert operations his office receives every year, each one is reviewed by lawyers to make sure it meets legal requirements.

Even as he attempted to close the debate on the status of electronic communications access, however, Hague may have reopened another. This one concerns the Data Communications Bill, controversial legislation that proposed expanded access to data by law enforcement via the so-called "Snooper's Charter." That legislation was taken off the books last month by the Deputy Prime Minister Nick Clegg, who said his party, the junior one in the current Coalition government, rejected the measure's possible encroachment on civil liberty protection. However, in the wake of a recent attack on an unarmed British soldier by Islamist extremists, some commentators are pushing for a return of the legislation, even in revised form, to beef up security.

Following Hague's Monday address, an MP suggested that current traffic monitoring legislation known as RIPA has not kept up with modern technological trends since its 2000 introduction. "The case for a Communications Data Bill rests on its own merits," Hague responded, adding that Her Majesty's Government will "bring forward proposals in the near future on this subject," which suggests that the "Snooper's Charter" may be far from dead.

The Foreign Secretary isn't the only senior political figure who has attempted this week to defuse worries raised by the Snowden leaks. Former Home Secretary, Labor peer John Reid, claimed that "within the legal framework," British security services, operating and sharing relevant data with allies led by the U.S., have saved "literally thousands of lives in this country in the past 15 years."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9651
Published: 2015-08-28
Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."

CVE-2015-1171
Published: 2015-08-28
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.

CVE-2015-2987
Published: 2015-08-28
Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits.

CVE-2015-6266
Published: 2015-08-28
The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.

CVE-2015-6267
Published: 2015-08-28
Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.