Feeds

Snowden journo's boyfriend 'had crypto key for thumb-drive files written down' - cops

Greenwald, Guardian roasted over 'very poor' security

Top three mobile application threats

Journalists and their associates involved in the Edward Snowden NSA leaks affair followed almost unbelievably poor security practices while handling top-secret government files, according to a statement made in court by a British official today.

The hearing was looking into the case of David Miranda, the partner of journalist Glenn Greenwald, to whom fugitive NSA sysadmin Snowden is believed to have leaked large amounts of highly classified data. Miranda was stopped and held at London's Heathrow airport on 18 August while en route from Germany to his and Greenwald's home in Brazil: police seized thumb drives and other items capable of holding data from him, and interrogated him for 9 hours - the maximum time he could be held without being arrested under UK anti-terror laws - before letting him go on his way.

The Guardian subsequently admitted that it had paid for Miranda's flights. It appeared he had been carrying sensitive information from Greenwald's collaborator Laura Poitras in Germany, with whom he had been staying, to his partner in Brazil. Guardian editor Alan Rusbridger subsequently said that journalists and their associates were making many such flights in working on the Snowden leaks, apparently due to concerns over their electronic communications being eavesdropped upon by the NSA and allied organisations such as Britain's GCHQ.

It had been widely reported that Miranda disclosed some passwords to the police at Heathrow under threat of jail, but many analysts had concluded that these were merely those to his social-networking accounts and such like, which it would be implausible to claim he did not know. Naturally it was considered unlikely that he would even know the keys to any top-secret encrypted data he might be carrying - this was the view taken by security guru Bruce Schneier, for instance.

But now, in a court statement made this morning and tweeted live by Telegraph correspondent David Barrett, the government says that Miranda was actually carrying a piece of paper with a decryption password written on it. This allowed the police to read at least some of the files he was carrying. These included some 58,000 "highly classified UK intelligence documents".

In the government's view this demonstrated "very poor information security practice" on the part of Greenwald and the Guardian.

According to the Cabinet Office official making the statement, it was concern over this apparently amazingly lax security posture by the Guardian that had previously led the government to insist on destruction of any Snowden files it held, on UK territory at least.

“The Guardian appeared to accept our assessment that their continued possession of the information was untenable,” the court was told today. This led to the smashing up of some computers under GCHQ supervision at the paper's London offices, which Graun apparently agreed to keep confidential - but then it "unilaterally published" the story of the episode earlier this month.

In the government's judgement the huge amounts of data harvested by Snowden must be assumed to be in the hands of foreign governments at the very least (for instance that of Russia, where Snowden is now staying) and possibly that it has also reached "other, non-State actors". It was also stated that the information that Miranda was carrying would allow the identities of UK intelligence personnel, some of them serving abroad, to be unmasked. The government contended that it was not possible for Greenwald or any other journalist to determine what information could be released without damaging British national security.

Today's hearing came about because Mr Miranda's British lawyers had sought to prevent the police examining data they had seized from him. As of this morning this attempt appears to have been abandoned, with the judge congratulating the parties on reaching an agreement.

The Metropolitan police, whose officers detained Miranda at Heathrow, issued a statement today saying:

We are pleased that the Claimant has withdrawn his attempt to restrict our continued access to, and use of, material that was seized from him at Heathrow airport on Sunday 18 Aug 2013 under Schedule 7.

The examination of this material is necessary for the purposes of an ongoing criminal investigation and to protect public safety.

An initial examination of the seized material has identified highly sensitive material within thousands of classified intelligence documents. As previously stated the Metropolitan Police Service Counter Terrorism Command is now carrying out a criminal investigation, which is at an early stage.

The Counter Terrorism Command nowadays has as part of its portfolio the functions of the former Met police Special Branch, which was tasked to work with the intelligence and security services on espionage cases among other things.

It will not escape Reg readers' consideration that while the Guardian's security may have been poor, it was the US and UK governments' security regimes which allowed the information to escape in the first place. ®

3 Big data security analytics techniques

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.