Feeds

Snowden journo's boyfriend 'had crypto key for thumb-drive files written down' - cops

Greenwald, Guardian roasted over 'very poor' security

5 things you didn’t know about cloud backup

Journalists and their associates involved in the Edward Snowden NSA leaks affair followed almost unbelievably poor security practices while handling top-secret government files, according to a statement made in court by a British official today.

The hearing was looking into the case of David Miranda, the partner of journalist Glenn Greenwald, to whom fugitive NSA sysadmin Snowden is believed to have leaked large amounts of highly classified data. Miranda was stopped and held at London's Heathrow airport on 18 August while en route from Germany to his and Greenwald's home in Brazil: police seized thumb drives and other items capable of holding data from him, and interrogated him for 9 hours - the maximum time he could be held without being arrested under UK anti-terror laws - before letting him go on his way.

The Guardian subsequently admitted that it had paid for Miranda's flights. It appeared he had been carrying sensitive information from Greenwald's collaborator Laura Poitras in Germany, with whom he had been staying, to his partner in Brazil. Guardian editor Alan Rusbridger subsequently said that journalists and their associates were making many such flights in working on the Snowden leaks, apparently due to concerns over their electronic communications being eavesdropped upon by the NSA and allied organisations such as Britain's GCHQ.

It had been widely reported that Miranda disclosed some passwords to the police at Heathrow under threat of jail, but many analysts had concluded that these were merely those to his social-networking accounts and such like, which it would be implausible to claim he did not know. Naturally it was considered unlikely that he would even know the keys to any top-secret encrypted data he might be carrying - this was the view taken by security guru Bruce Schneier, for instance.

But now, in a court statement made this morning and tweeted live by Telegraph correspondent David Barrett, the government says that Miranda was actually carrying a piece of paper with a decryption password written on it. This allowed the police to read at least some of the files he was carrying. These included some 58,000 "highly classified UK intelligence documents".

In the government's view this demonstrated "very poor information security practice" on the part of Greenwald and the Guardian.

According to the Cabinet Office official making the statement, it was concern over this apparently amazingly lax security posture by the Guardian that had previously led the government to insist on destruction of any Snowden files it held, on UK territory at least.

“The Guardian appeared to accept our assessment that their continued possession of the information was untenable,” the court was told today. This led to the smashing up of some computers under GCHQ supervision at the paper's London offices, which Graun apparently agreed to keep confidential - but then it "unilaterally published" the story of the episode earlier this month.

In the government's judgement the huge amounts of data harvested by Snowden must be assumed to be in the hands of foreign governments at the very least (for instance that of Russia, where Snowden is now staying) and possibly that it has also reached "other, non-State actors". It was also stated that the information that Miranda was carrying would allow the identities of UK intelligence personnel, some of them serving abroad, to be unmasked. The government contended that it was not possible for Greenwald or any other journalist to determine what information could be released without damaging British national security.

Today's hearing came about because Mr Miranda's British lawyers had sought to prevent the police examining data they had seized from him. As of this morning this attempt appears to have been abandoned, with the judge congratulating the parties on reaching an agreement.

The Metropolitan police, whose officers detained Miranda at Heathrow, issued a statement today saying:

We are pleased that the Claimant has withdrawn his attempt to restrict our continued access to, and use of, material that was seized from him at Heathrow airport on Sunday 18 Aug 2013 under Schedule 7.

The examination of this material is necessary for the purposes of an ongoing criminal investigation and to protect public safety.

An initial examination of the seized material has identified highly sensitive material within thousands of classified intelligence documents. As previously stated the Metropolitan Police Service Counter Terrorism Command is now carrying out a criminal investigation, which is at an early stage.

The Counter Terrorism Command nowadays has as part of its portfolio the functions of the former Met police Special Branch, which was tasked to work with the intelligence and security services on espionage cases among other things.

It will not escape Reg readers' consideration that while the Guardian's security may have been poor, it was the US and UK governments' security regimes which allowed the information to escape in the first place. ®

The essential guide to IT transformation

More from The Register

next story
GCHQ protesters stick it to British spooks ... by drinking urine
Activists told NOT to snap pics of staff at the concrete doughnut
Britain's housing crisis: What are we going to do about it?
Rent control: Better than bombs at destroying housing
What do you mean, I have to POST a PHYSICAL CHEQUE to get my gun licence?
Stop bitching about firearms fees - we need computerisation
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
Redmond resists order to hand over overseas email
Court wanted peek as related to US investigation
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.