MI5 boss: Snowden leaks of GCHQ methods HELPED TERRORISTS

And denies it snoops on world+dog. That's alright then

Beginner's guide to SSL certificates

MI5's newly appointed boss has suggested that his predecessor might have spoken too much about cyber-attacks rather than conventional terrorism in a speech attempting to justify controversial surveillance programs by GCHQ and the NSA.

Andrew Parker, director general of the security service, made the remarks in a speech to the Royal United Services Institute in London on Tuesday. It's his first published speech as director-general of MI5, a position he took over from Sir Jonathan Evans.

"My predecessor spoke last year about cyber threats," said Parker, according to an official transcript of the speech. "This evening I am majoring on terrorism. Describing the reality of the terrorism threat we face is challenging in public discourse. I've heard too much exaggeration at one end, while at the other there can sometimes be an alarming degree of complacency."

Parker went on to describe how "terrorism, espionage, cyber attack, and weapons of mass destruction are all features of the darker side of our modern world" that MI5 strives to combat.

"Over recent decades new threats have emerged (Al Qaeda), old ones have fallen away (Cold War subversion), mutated (Northern Ireland-related terrorism) or branched out in new forms (cyber espionage)," he added.

The secret service boss, a 30 year veteran of MI5, led its response to the 7 July 2005 London bombings and the 2006 transatlantic aircraft plot as deputy director general. The vast majority of his speech focused on the international terrorist threat from Al-Qaeda and its affiliates as well as how accelerating technological change is altering MI5's work.

Helping the bad guys

Parker controversially argued that Snowden's leaks in publicising the "reach and limits of GCHQ techniques" has the effect of "handing the advantage to the terrorists".

"Reporting from GCHQ is vital to the safety of this country and its citizens," he said. "GCHQ intelligence has played a vital role in stopping many of the terrorist plots that MI5 and the police have tackled in the past decade. We are facing an international threat and GCHQ provides many of the intelligence leads upon which we rely. It makes a vital contribution to most of our high priority investigations. It causes enormous damage to make public the reach and limits of GCHQ techniques. Such information hands the advantage to the terrorists. It is the gift they need to evade us and strike at will. Unfashionable as it might seem, that is why we must keep secrets secret, and why not doing so causes such harm."

Parker sought to explain how individuals known to MI5 have gone on to plan, or in some cases execute terrorist plots. "With greater resources since 7/7 we have worked very hard to identify as many as possible of the people in the country who are active in some way in support of terrorism," he explained.

"Knowing of an individual does not equate to knowing everything about them. Being on our radar does not necessarily mean being under our microscope. The reality of intelligence work in practice is that we only focus the most intense intrusive attention on a small number of cases at any one time."

He added:

The idea that we either can or would want to operate intensive scrutiny of thousands is fanciful. This is not East Germany, or North Korea. And thank goodness it's not.

The MI5 boss went on to highlight "accelerating technology" change as well as the "diversifying threat landscape" as the two principal challenges facing the security service.

The impact of tech on the spooks' legit work

Net technologies make it a bigger challenges for security services to track terrorists, Parker claimed.

"The internet is used by terrorists for many purposes: broadcasting their propaganda, radicalising vulnerable individuals, arranging travel, buying items, moving money and so on. But the primary issue is communication.

"The internet and related technologies offer a rather different world - better in so many ways, but better too for the terrorists. Through e-mail, IP telephony, in-game communication, social networking, chat rooms, anonymising services, and a myriad of mobile apps, the terrorist has tens of thousands of means of communication. Many of those routes are now encrypted."

Parker controversially suggests that terrorist use of encryption justifies attempts by signals intelligence agencies such as the NSA and GCHQ to weaken internet standards, plant backdoors and capture all the traffic flowing through international cables as well as running dragnet internet surveillance programmes such as Prism. Parker did not refer to any of these directly, instead describing them as "tools" necessary to uncover the nefarious plots of terrorists.

"How the UK decides to respond to these developments will directly determine the level of security available against the threats we face. Retaining the capability to access such information is intrinsic to MI5's ability to protect the country.

Staying at the cutting edge

"Shifts in technology can erode our capabilities. There are choices to be made, including, for example, about how and whether communications data is retained. It is not, however, an option to disregard such shifts with an unspoken assumption that somehow security will anyway be sustained. It will not. We cannot work without tools."

The ongoing Snowden revelations suggest otherwise, but Parker sought to justify internet surveillance as proportionate and legally authorised under a regime operating with strict controls. This echoes the arguments of US spooks.

"Technologies advance all the time. But MI5 will still need the ability to read or listen to terrorists' communications if we are to have any prospect of knowing their intentions and stopping them. The converse to this would be to accept that terrorists should have means of communication that they can be confident are beyond the sight of MI5 or GCHQ acting with proper legal warrant."

Parker also dismissed the idea that GCHQ is indiscriminately snooping on the entire web, claiming instead that his agency only monitored those threatening national security.

We only apply intrusive tools and capabilities against terrorists and others threatening national security. The law requires that we only collect and access information that we really need to perform our functions, in this case tackling the threat of terrorism. In some quarters there seems to be a vague notion that we monitor everyone and all their communications, browsing at will through people's private lives for anything that looks interesting. That is, of course, utter nonsense.

Parker concluded by seeking to deny criticism that the security services were operating dragnet surveillance programs:

"Far from being gratuitous harvesters of private information, in practice we focus our work very carefully and tightly against those who intend harm. The law requires it. All our internal controls, systems and authorisation levels are built accordingly and subject to independent inspection and oversight." ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.