Feeds

MI5 boss: Snowden leaks of GCHQ methods HELPED TERRORISTS

And denies it snoops on world+dog. That's alright then

Beginner's guide to SSL certificates

MI5's newly appointed boss has suggested that his predecessor might have spoken too much about cyber-attacks rather than conventional terrorism in a speech attempting to justify controversial surveillance programs by GCHQ and the NSA.

Andrew Parker, director general of the security service, made the remarks in a speech to the Royal United Services Institute in London on Tuesday. It's his first published speech as director-general of MI5, a position he took over from Sir Jonathan Evans.

"My predecessor spoke last year about cyber threats," said Parker, according to an official transcript of the speech. "This evening I am majoring on terrorism. Describing the reality of the terrorism threat we face is challenging in public discourse. I've heard too much exaggeration at one end, while at the other there can sometimes be an alarming degree of complacency."

Parker went on to describe how "terrorism, espionage, cyber attack, and weapons of mass destruction are all features of the darker side of our modern world" that MI5 strives to combat.

"Over recent decades new threats have emerged (Al Qaeda), old ones have fallen away (Cold War subversion), mutated (Northern Ireland-related terrorism) or branched out in new forms (cyber espionage)," he added.

The secret service boss, a 30 year veteran of MI5, led its response to the 7 July 2005 London bombings and the 2006 transatlantic aircraft plot as deputy director general. The vast majority of his speech focused on the international terrorist threat from Al-Qaeda and its affiliates as well as how accelerating technological change is altering MI5's work.

Helping the bad guys

Parker controversially argued that Snowden's leaks in publicising the "reach and limits of GCHQ techniques" has the effect of "handing the advantage to the terrorists".

"Reporting from GCHQ is vital to the safety of this country and its citizens," he said. "GCHQ intelligence has played a vital role in stopping many of the terrorist plots that MI5 and the police have tackled in the past decade. We are facing an international threat and GCHQ provides many of the intelligence leads upon which we rely. It makes a vital contribution to most of our high priority investigations. It causes enormous damage to make public the reach and limits of GCHQ techniques. Such information hands the advantage to the terrorists. It is the gift they need to evade us and strike at will. Unfashionable as it might seem, that is why we must keep secrets secret, and why not doing so causes such harm."

Parker sought to explain how individuals known to MI5 have gone on to plan, or in some cases execute terrorist plots. "With greater resources since 7/7 we have worked very hard to identify as many as possible of the people in the country who are active in some way in support of terrorism," he explained.

"Knowing of an individual does not equate to knowing everything about them. Being on our radar does not necessarily mean being under our microscope. The reality of intelligence work in practice is that we only focus the most intense intrusive attention on a small number of cases at any one time."

He added:

The idea that we either can or would want to operate intensive scrutiny of thousands is fanciful. This is not East Germany, or North Korea. And thank goodness it's not.

The MI5 boss went on to highlight "accelerating technology" change as well as the "diversifying threat landscape" as the two principal challenges facing the security service.

The impact of tech on the spooks' legit work

Net technologies make it a bigger challenges for security services to track terrorists, Parker claimed.

"The internet is used by terrorists for many purposes: broadcasting their propaganda, radicalising vulnerable individuals, arranging travel, buying items, moving money and so on. But the primary issue is communication.

"The internet and related technologies offer a rather different world - better in so many ways, but better too for the terrorists. Through e-mail, IP telephony, in-game communication, social networking, chat rooms, anonymising services, and a myriad of mobile apps, the terrorist has tens of thousands of means of communication. Many of those routes are now encrypted."

Parker controversially suggests that terrorist use of encryption justifies attempts by signals intelligence agencies such as the NSA and GCHQ to weaken internet standards, plant backdoors and capture all the traffic flowing through international cables as well as running dragnet internet surveillance programmes such as Prism. Parker did not refer to any of these directly, instead describing them as "tools" necessary to uncover the nefarious plots of terrorists.

"How the UK decides to respond to these developments will directly determine the level of security available against the threats we face. Retaining the capability to access such information is intrinsic to MI5's ability to protect the country.

Staying at the cutting edge

"Shifts in technology can erode our capabilities. There are choices to be made, including, for example, about how and whether communications data is retained. It is not, however, an option to disregard such shifts with an unspoken assumption that somehow security will anyway be sustained. It will not. We cannot work without tools."

The ongoing Snowden revelations suggest otherwise, but Parker sought to justify internet surveillance as proportionate and legally authorised under a regime operating with strict controls. This echoes the arguments of US spooks.

"Technologies advance all the time. But MI5 will still need the ability to read or listen to terrorists' communications if we are to have any prospect of knowing their intentions and stopping them. The converse to this would be to accept that terrorists should have means of communication that they can be confident are beyond the sight of MI5 or GCHQ acting with proper legal warrant."

Parker also dismissed the idea that GCHQ is indiscriminately snooping on the entire web, claiming instead that his agency only monitored those threatening national security.

We only apply intrusive tools and capabilities against terrorists and others threatening national security. The law requires that we only collect and access information that we really need to perform our functions, in this case tackling the threat of terrorism. In some quarters there seems to be a vague notion that we monitor everyone and all their communications, browsing at will through people's private lives for anything that looks interesting. That is, of course, utter nonsense.

Parker concluded by seeking to deny criticism that the security services were operating dragnet surveillance programs:

"Far from being gratuitous harvesters of private information, in practice we focus our work very carefully and tightly against those who intend harm. The law requires it. All our internal controls, systems and authorisation levels are built accordingly and subject to independent inspection and oversight." ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
Desperate VXers enslave FREEZERS in DDoS bot
Updated Spike malware targets Asia
Heatmiser digital thermostat users: For pity's sake, DON'T SWITCH ON the WI-FI
A stranger turns up YOUR heat with default password 1234
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.