UK Government Is Working In A Snowden-Free Bubble

from the who-is-that-now? dept

Anyone who took the time to read the UK government’s latest update on its cybersecurity strategy could be forgiven for thinking that a man called Edward Snowden never existed.

Most people who are even slightly plugged in to the world around them would agree, however, that we live in decidedly more interesting times for internet security and privacy than the document would have us believe. Not a day seems to have gone by since the summer without a new revelation of activities by the NSA or GCHQ that have gone just a little further than what most people find acceptable.

Brazil, the EU, and many individual European countries have made serious objections, as have tech companies and a group of 500 prominent writers, artists and academics.

In fact, the only place where you won’t see the NSA affair taking centre stage is in communications from the UK government.

This latest update brings us up to speed on the progress made towards the objectives and the forward plans relating to the cybersecurity strategy that was published two years ago. Yet neither appear to have been affected by the Snowden crisis. There is not the slightest mention of his name in either document. This may not surprise the cynics but it is highly inadequate.

Bad for business

The very first objective in the original strategy was to make the UK “one of the most secure places in the world to do business in cyberspace”. The Snowden affair has profoundly affected this goal.

At the heart of cybersecurity, as far as businesses are concerned, is the ability to guarantee the confidentiality of sensitive data. Presumably, international companies which operate in competition with UK rivals do not expect to be sharing their business data with GCHQ. Snowden teaches us that they should.

US tech companies are already feared to be losing billions due to the NSA surveillance scandal. The UK hosts fewer such companies but the changed perception of the confidentiality of communications could still risk significant economic losses here. The legal sector is already worried about confidentiality of merger negotiations.

Undermining the infrastructure

It has also been alleged that the NSA and GCHQ have been involved in building back doors into commercially available encryption software and standards in order to gain access to encrypted data. Security researchers have pointed out that this undermines the very cyber infrastructure that GCHQ is supposed to be protecting.

If the agency introduces deliberate weaknesses to gain covert access to information, those weaknesses can equally be sniffed out and exploited by cyber criminals and other third parties. This point was also made quite forcefully by Sir Tim Berners-Lee. Obviously, undermining the infrastructure also runs contrary to “making the UK more resilient to cyber attack”, another objective identified in the original strategy.

Above scrutiny?

Another objective originally identified is “protecting our interests in cyberspace”, the execution of which has been mostly delegated to GCHQ. The government thus avoids having to report back on progress in any great detail since the information is classified. Nevertheless, we are assured that a report has been made on the matter to the Intelligence and Security Committee.

Here too, the government appears oblivious to the fact that the public has almost entirely lost confidence in the adequacy of information-sharing and challenge in that particular oversight relation. It claims to want to “ensure broad understanding within the UK of the government’s approach” but this is hard to defend if the workings of GCHQ are only revealed to and understood by tiny subgroups of government and parliament.

Even a past Cabinet minister on the National Security Council and parliamentarians with relevant responsibilities have already claimed that they had been insufficiently informed of GCHQ’s activities, so what hope for the rest of us?

An open society

However, the government scores its lowest marks for progress made towards objective three in its original strategy. Two years ago, it planned to play a part in creating an “open” and “vibrant” cyberspace “which the UK public can use safely and that supports open societies”. The lack of transparency and accountability of GCHQ’s operations, even to Westminster, runs very much counter to this ideal.

The UK takes pride in its role in promoting democracy and human rights across the world and yet the Snowden affair has led to so much damage that Amnesty International has felt the need to lodge a complaint to the Investigatory Powers Tribunal because it thinks its sensitive communications have probably been intercepted.

International cyber-waters

As a positive achievement, the progress report mentions agreements to make international law apply in cyberspace. But even this will be fraught with difficulties as a result of the Snowden affair. International law should be equal to all, and this does not sit easily with the collaboration that is thriving between GCHQ and the NSA. The NSA is regulated in a way that is strongly biased against non-US citizens and many other governments seem to be alive to that, even if the UK isn’t.

All in all, Snowden’s revelations have significantly changed many people’s perceptions of the role the UK government actually plays in cyberspace. The government’s progress report does not appear to take this into account at all.

The UK government may choose to believe that none of Snowden’s files prove to be true, or that all the activities reported in them are fully justifiable. But even if that were the case, public reaction to these stories is a reality that needs to be confronted. The UK government cannot afford to be in denial about the relevance of the Snowden files and certainly not about the impact that they have had on business and society, at home and abroad.

Eerke Boiten is a senior lecturer in the School of Computing at the University of Kent, and Director of the University's interdisciplinary Centre for Cyber Security Research. He receives funding from EPSRC for the CryptoForma Network of Excellence on Cryptography and Formal Methods.

The Conversation

This article was originally published at The Conversation. Read the original article.



Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Ninja (profile), Dec 17th, 2013 @ 4:49am

    Snowden never existed. They made the Guardian destroy the hard drives, remember?

    Do not underestimate the power of denial ;)

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    scotts13 (profile), Dec 17th, 2013 @ 5:44am

    We had to destroy your security...

    ...to save it. SINCE the people weren't supposed to know their every communication was monitored, it didn't matter if it was. The perfect illusion of privacy is as good for business as if it was really secure.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    OldMugwump (profile), Dec 17th, 2013 @ 6:29am

    They are required to keep their heads in the sand

    All in all, Snowden’s revelations have significantly changed many people’s perceptions of the role the UK government actually plays in cyberspace. The government’s progress report does not appear to take this into account at all.
    If the UK works anything like the US, it goes like this:

    1 - Snowdon's leaks were of classified materials

    2 - Spooks must not look classified materials they aren't cleared for

    3 - Therefore they can't look at Snowdon's leaked materials (even tho they're in the press)

    4 - Thus, the government position can't be affected by Snowdon's revelations, as government workers either aren't aware of them or have to pretend that they're not aware of them

    Simple, really. It's like they stick their fingers in their ears and chant "I can't hear you!".

     

    reply to this | link to this | view in thread ]

  4. This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Dec 17th, 2013 @ 6:33am

    And so begins another day of copied wonders here at Techdirt.

    The wonder being how Mimeograph Mike attracts page views with 3 day old "news". Complete Mystery. Other sites with same "news" just don't get this much attention...

    My theory is that Google provides Mike special priority. We know that The Google tweaks results. You can somewhat test this for yourself: just put "Snowden-Free Bubble" into The Google. On mine, Techdirt's 47 minutes ago pops up at top, just before Phys.org, and ahead of all sites that had it three days ago. BUT one can never get a grip on The Google 'cause it's all secret, so perhaps it recognizes my browser and IP address and slants it from my doing searches just on Wonderful Techdirt.

    Now, setting aside just Techdirt: The Google has in place all the programming needed to slant new to just YOU! Yes, in future you may not be bothered by news that disturbs you: it'll automatically be filtered out. As will items you'd like to know and need to know to be aware of what gov't and corporations are doing. -- AND INSTEAD, it'll put in the desired propaganda, perhaps re-written by bots like Mimeograph Mike. You won't even be able to find the source or whether are duplicates, because The Google will be the only search engine. -- Such programs are already in place, quite simple. -- And that, kids, is just part of the danger of allowing one corporation to control most access. Google at best should be a public utility, well-regulated.

    And yes, this IS on topic, as you see, I've worked around to where Google may keep YOU in an "X-free Bubble", where X is anything The Googlers don't want you to know -- and at same time, they PUSH information and sites that DO want you to "know".

    When you think surveillance or spying or snooping or censoring or pushing propaganda, think Google!

    02:33:05[c-090-5]

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Dec 17th, 2013 @ 6:49am

    Re: And so begins another day of copied wonders here at Techdirt.

    It's not always about Google. Stay on topic. Report.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Dec 17th, 2013 @ 6:51am

    It's not just UK that pretends Snowden revelations never happened. France has JUST passed a law to monitor everyone's communications:

    http://www.theguardian.com/world/2013/dec/11/french-officials-internet-users-real-tim e-law

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Dec 17th, 2013 @ 6:51am

    the UK is more concerned with being able, via GCHQ, to continue spying on everyone, everywhere, over everything and being bestest buddies with Obama and the USA! there is no confidence in the UK security, just as there is no confidence in that touted by the USA. the latest implementation of internet filters by Cameron 'in order to protect the children' are there so as to make it appear that the illegal spying done by GCHQ can now carry on unimpeded, as everyone is going to be watched to make sure there is no 'child porn' being accessed and then children actually being exploited from there. he has started down a slippery slope that is going to be extremely hard to get off now. the man is a total fucking idiot but thinks everyone else is as well, so he can get away with things, like turning the UK into a China look-alike, just to please his buddy Obama and keep his sponsors in the entertainment industries happy! he has started a dangerous game and it could lead to a whole lot of trouble!!

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Antonio, Dec 17th, 2013 @ 7:55am

    Snowden

    I think the issue is very complicated and Snowden will bring very serious responsibilities for several countries

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Dec 17th, 2013 @ 8:12am

    Re:

    Denial - not just a series of tubes in Egypt.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Dec 17th, 2013 @ 8:42am

    Smart move.

    Ah, the ol Vunter Slaush defense.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Dec 17th, 2013 @ 11:14am

    Needs to Be Softer

    Notice that report is titled "Progress Against the Objectives of the National Cyber Security Strategy – December 2013", not "Progress Towards...". So, "progress" is considered to be "going against the objectives". It all makes more sense now.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Dec 17th, 2013 @ 11:32am

    Re: We had to destroy your security...

    Goes along with “We had to destroy the village in order to save it.”

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Dec 17th, 2013 @ 4:50pm

    Re:

    Passing a law to justify something you've been fuking doing for years, fuking doing for years without this law to justify it

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Dec 17th, 2013 @ 5:03pm

    That attitude, and religious freedom, is exactly why the Declaration Of Independence happened. Old Blighty never was or has been much on individual freedoms, especially if it interferes with HM government operations.
    .

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Dec 17th, 2013 @ 10:31pm

    Re: Re:

    out_of_the_blue just hates it when due process is enforced.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    Niall (profile), Dec 19th, 2013 @ 4:48am

    Re:

    And you Americans are so good at learning that crap from us, then exporting it across the world!

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This