GCHQ Spying Wasn't Illegal, it Just ‘Lacked Transparency’…

Uploaded on 2015-03-17 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, FREE TO VIEW

UK data surveillance programs, including the bulk collection of data from ISPs, have been declared legal by a parliamentary committee. However, it also found them "overly complicated" and lacking in transparency. The report from the Intelligence and Security Committee (ISC) probed GCHQ initiatives that tapped massive amounts of emails and other private "upstream" data, often in conjunction with the NSA's PRISM program. The extent of the UK's involvement in that program was revealed by whistleblower Edward Snowden in 2013.

The committee declared that "we are satisfied that the UK's intelligence and security Agencies do not seek to circumvent the law." But it immediately qualified that by saying "however, that legal framework has developed piecemeal, and is unnecessarily complicated. We have serious concerns about the resulting lack of transparency, which is not in the public interest."
Despite that slap down, the finding contradicts a court decision that found the program flat-out "unlawful." That decision carried some legal teeth, even allowing you to fill out a form and find out if the GCHQ ever spied on you using NSA data. However, the parliamentary committee declared that:
Our Inquiry has shown that the Agencies do not have the legal authority, the resources, the technical capability, or the desire to intercept every communication of British citizens, or of the internet as a whole: GCHQ are not reading the emails of everyone in the UK.

The report went on further to say that bulk collection programs "operate on a very small percentage" of Internet users, from whom only "a certain amount of material is being collected." Ironically, however, the actual percentages of users and data requests were redacted in the final document, meaning the public can't tell what "very small" means, exactly. The report added that targeting an individual in the UK still requires a warrant "signed by a Secretary of State."
In the end, the government said that data collection activities in the UK were still on shaky ground. It recommended the development of a "new, transparent legal framework" -- likely to fend off further unfriendly court decisions. But it also emphasized the need for the spying, saying "we do not subscribe to the point of view voiced by some of our witnesses that it is preferable to let some terrorist attacks happen rather than to allow any form of bulk interception. " 
endgadget http://ow.ly/KfEMx

« A Theory About MH370: 'Putin ordered plane to be flown to Kazakhstan'
CIA 'tried to crack security of Apple devices' »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Kirkland & Ellis

Kirkland & Ellis

Kirkland & Ellis LLP is an international law firm with offices in the USA, Europe and Asia. Practice areas include Data Security & Privacy.

TrainACE

TrainACE

TrainACE, is a professional computer training school offering courses in information technology with a focus on Advanced Security training.

Navaio IT Security

Navaio IT Security

Navaio helps clients with IT Security related challenges with a primary focus on Identity and Access Management, Data Governance, User Awareness and Cyber Resilience Services.

GlobalPass

GlobalPass

Covering 200+ countries with 78 000 databases, GlobalPass provides sophisticated facial biometrics verification and deep screening, delivering peace of mind to every client.

Shift5

Shift5

Shift5 focus on securing operational technology (OT) by building best-in-class, dual-use products serving military and commercial entities.

DMARC360

DMARC360

DMARC360 analyzes your email traffic patterns and sources, rapidly deploys email authentication protocols and monitors your email domains with automated recommendations and incident response.

Netsurion

Netsurion

Netsurion powers secure and agile networks for highly distributed and small-to-medium enterprises and the IT providers that serve them.

Kratos Defense & Security Solutions

Kratos Defense & Security Solutions

The Kratos Space, Training, and Cybersecurity division addresses key cybersecurity challenges, including cloud security, continuous monitoring, IT security, and risk management.

OmniCyber Security

OmniCyber Security

Omni is a cyber security firm specialising in Penetration Testing, Managed Security and Compliance.

Valency Networks

Valency Networks

Valency Networks provide cutting edge results in the areas of Vulnerability Assessment and Penetration Testing services for webapps, cloud apps, mobile apps and IT networks.

Certihash

Certihash

Certihash have developed the world’s first blockchain empowered suite of information security tools based on the NIST cybersecurity framework.

Cyberplc

Cyberplc

Cyberplc is a global cybersecurity consulting firm providing services to government, the public sector and enterprises.

Nukke

Nukke

Nukke offers advanced cybersecurity software and tailored solutions for your business.

AddSecure

AddSecure

AddSecure is a leading European provider of secure IoT connectivity and end-to-end solutions.

Falconfeeds

Falconfeeds

Falconfeeds empowers businesses and security professionals with immediate access to the latest and historical threat intelligence data.

National Cyber Force (NCF)

National Cyber Force (NCF)

The National Cyber Force (NCF) is a partnership between defence and intelligence.