Risk
6/11/2013
11:43 AM
Connect Directly
RSS
E-Mail
50%
50%

NSA Prism: Snowden Is Wrong, Says British Government

Foreign Secretary denies that British government used Prism program to access communications of private citizens, but questions remain.

The British government has been forced to clarify the position of its own intelligence agencies in light of the unfolding Prism scandal.

Foreign Secretary William Hague on Monday rejected suggestions that British spymasters at its GCHQ communications center had been taking advantage of Prism to gain back-door access to citizens' communications.

If that is true, it would counter what most subjects of the Queen see as legitimate use of surveillance powers as well as the allegations of whistleblower Edward Snowden, which were revealed last week in his interview with The Guardian.

While claiming he wasn't being "drawn into confirming or denying any aspect of leaked information," Hague suggested that Snowden's claims are "baseless." He also stated that British laws simply "do not provide for indiscriminate trawling for information through the contents of people's communications."

[ For more on the Prism scandal, see Obama Defends NSA Prism, Google Denies Back Door. ]

However, Hague also confirmed there are strong links between GCHQ and U.S. intelligence services, links that center on the regular sharing of information between the two countries. This, he said, had been particularly marked during the London Olympics. "The House will not be surprised that our activity to counter terrorism intensified and rose to a peak in the summer of last year," he stated.

Nonetheless, the British government stands by its assertion that it possesses a strong set of legal safeguards that protect citizens. "Any data obtained by us from the United States involving U.K. nationals is subject to proper [British] statutory controls and safeguards," Hague said. In his remarks to the House on Monday, Hague also pointed out that British intelligence sharing with the U.S. is subject to "ministerial and independent oversight and to scrutiny by the Intelligence and Security Committee." For example, of the hundreds of requests to carry out covert operations his office receives every year, each one is reviewed by lawyers to make sure it meets legal requirements.

Even as he attempted to close the debate on the status of electronic communications access, however, Hague may have reopened another. This one concerns the Data Communications Bill, controversial legislation that proposed expanded access to data by law enforcement via the so-called "Snooper's Charter." That legislation was taken off the books last month by the Deputy Prime Minister Nick Clegg, who said his party, the junior one in the current Coalition government, rejected the measure's possible encroachment on civil liberty protection. However, in the wake of a recent attack on an unarmed British soldier by Islamist extremists, some commentators are pushing for a return of the legislation, even in revised form, to beef up security.

Following Hague's Monday address, an MP suggested that current traffic monitoring legislation known as RIPA has not kept up with modern technological trends since its 2000 introduction. "The case for a Communications Data Bill rests on its own merits," Hague responded, adding that Her Majesty's Government will "bring forward proposals in the near future on this subject," which suggests that the "Snooper's Charter" may be far from dead.

The Foreign Secretary isn't the only senior political figure who has attempted this week to defuse worries raised by the Snowden leaks. Former Home Secretary, Labor peer John Reid, claimed that "within the legal framework," British security services, operating and sharing relevant data with allies led by the U.S., have saved "literally thousands of lives in this country in the past 15 years."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.