GCHQ Spying Wasn't Illegal, it Just ‘Lacked Transparency’…

Uploaded on 2015-03-17 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, FREE TO VIEW

UK data surveillance programs, including the bulk collection of data from ISPs, have been declared legal by a parliamentary committee. However, it also found them "overly complicated" and lacking in transparency. The report from the Intelligence and Security Committee (ISC) probed GCHQ initiatives that tapped massive amounts of emails and other private "upstream" data, often in conjunction with the NSA's PRISM program. The extent of the UK's involvement in that program was revealed by whistleblower Edward Snowden in 2013.

The committee declared that "we are satisfied that the UK's intelligence and security Agencies do not seek to circumvent the law." But it immediately qualified that by saying "however, that legal framework has developed piecemeal, and is unnecessarily complicated. We have serious concerns about the resulting lack of transparency, which is not in the public interest."
Despite that slap down, the finding contradicts a court decision that found the program flat-out "unlawful." That decision carried some legal teeth, even allowing you to fill out a form and find out if the GCHQ ever spied on you using NSA data. However, the parliamentary committee declared that:
Our Inquiry has shown that the Agencies do not have the legal authority, the resources, the technical capability, or the desire to intercept every communication of British citizens, or of the internet as a whole: GCHQ are not reading the emails of everyone in the UK.

The report went on further to say that bulk collection programs "operate on a very small percentage" of Internet users, from whom only "a certain amount of material is being collected." Ironically, however, the actual percentages of users and data requests were redacted in the final document, meaning the public can't tell what "very small" means, exactly. The report added that targeting an individual in the UK still requires a warrant "signed by a Secretary of State."
In the end, the government said that data collection activities in the UK were still on shaky ground. It recommended the development of a "new, transparent legal framework" -- likely to fend off further unfriendly court decisions. But it also emphasized the need for the spying, saying "we do not subscribe to the point of view voiced by some of our witnesses that it is preferable to let some terrorist attacks happen rather than to allow any form of bulk interception. " 
endgadget http://ow.ly/KfEMx

« A Theory About MH370: 'Putin ordered plane to be flown to Kazakhstan'
CIA 'tried to crack security of Apple devices' »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Zentek Digital Investigations

Zentek Digital Investigations

Zentek has been providing digital forensics services to the public and private sector for computers and mobile devices since 2004.

Parasoft

Parasoft

Parasoft is an independent software testing and software quality assurance tool and solution vendor.

TestingXperts

TestingXperts

TestingXperts is a specialist software QA and testing company.

Agari

Agari

Agari is the Trusted Email Identity Company™, protecting brands and people from devastating phishing and socially-engineered attacks.

Volatility Foundation

Volatility Foundation

Volatility is an open source memory forensics framework for incident response and malware analysis.

Oceania Cyber Security Centre (OCSC)

Oceania Cyber Security Centre (OCSC)

OCSC engages with government and industry to conduct research, develop training opportunities and build capacity for responding to current and emerging cyber security issues.

Specops Software

Specops Software

Specops Software is a leading password management and authentication solution vendor.

InfoSystems Inc

InfoSystems Inc

InfoSystems provides reliable IT solutions to build and maintain strong and secure systems for both SMB and enterprise organizations.

Risk Strategies

Risk Strategies

Risk Strategies is a leading specialty risk management consultancy and insurance broker offering smarter, practical approaches to risk mitigation including Cyber Liability insurance.

Conversant Group

Conversant Group

Conversant Group is an IT infrastructure and security consulting company, providing technical, organizational, procedural, and process consulting internationally.

Cyber Bytes Foundation

Cyber Bytes Foundation

Cyber Bytes Foundation exists to establish and sustain a unique Cyber Ecosystem to accelerate the development of a strong Cyber workforce and support community outreach programs.

Tetra Defense

Tetra Defense

Tetra Defense is a leading incident response, cyber risk management and digital forensics firm.

META-Cyber

META-Cyber

META-cyber was founded by engineers with experience in process and control-protection to provide cyber security for industrial infrastructure.

BLOCX

BLOCX

BLOCX is designed to address the ever-growing challenges of managing and securing digital devices, from personal computers to corporate networks.

Cyber Industrial Networks

Cyber Industrial Networks

Cyber Industrial Networks objective is to service the needs of industry in achieving reliable, robust and secure infrastructure that supports productivity.

SecZone

SecZone

SecZone is a Chinese enterprise with a mission to "Make It Secure." We are dedicated to driving software security innovation globally.