The UK government is working in a Snowden-free bubble

Dec 17, 2013 by Eerke Boiten, The Conversation
Like butter wouldn’t melt: Francis Maude thinks we’re doing pretty well on cybersecurity. Credit: Cabinet Office

Anyone who took the time to read the UK government's latest update on its cybersecurity strategy could be forgiven for thinking that a man called Edward Snowden never existed.

Most people who are even slightly plugged in to the world around them would agree, however, that we live in decidedly more interesting times for internet security and privacy than the document would have us believe. Not a day seems to have gone by since the summer without a new revelation of activities by the NSA or GCHQ that have gone just a little further than what most people find acceptable.

Brazil, the EU, and many individual European countries have made serious objections, as have tech companies and a group of 500prominent writers, artists and academics.
In fact, the only place where you won't see the NSA affair taking centre stage is in communications from the UK government.

This latest update brings us up to speed on the progress made towards the objectives and the forward plans relating to the cybersecurity strategy that was published two years ago. Yet neither appear to have been affected by the Snowden crisis. There is not the slightest mention of his name in either document. This may not surprise the cynics but it is highly inadequate.

Bad for business

The very first objective in the original strategy was to make the UK "one of the most secure places in the world to do business in cyberspace". The Snowden affair has profoundly affected this goal.

At the heart of cybersecurity, as far as businesses are concerned, is the ability to guarantee the confidentiality of sensitive data. Presumably, international companies which operate in competition with UK rivals do not expect to be sharing their business data with GCHQ. Snowden teaches us that they should.

US tech companies are already feared to be losing billions due to the NSA surveillance scandal. The UK hosts fewer such companies but the changed perception of the confidentiality of communications could still risk significant economic losses here. The legal sector is already worried about confidentiality of merger negotiations.

Undermining the infrastructure

It has also been alleged that the NSA and GCHQ have been involved in building back doors into commercially available encryption software and standards in order to gain access to encrypted data. Security researchers have pointed out that this undermines the very cyber infrastructure that GCHQ is supposed to be protecting.

If the agency introduces deliberate weaknesses to gain covert access to information, those weaknesses can equally be sniffed out and exploited by cyber criminals and other third parties. This point was also made quite forcefully by Sir Tim Berners-Lee. Obviously, undermining the infrastructure also runs contrary to "making the UK more resilient to cyber attack", another objective identified in the original strategy.

Above scrutiny?

Another objective originally identified is "protecting our interests in cyberspace", the execution of which has been mostly delegated to GCHQ. The government thus avoids having to report back on progress in any great detail since the information is classified. Nevertheless, we are assured that a report has been made on the matter to the Intelligence and Security Committee.

Here too, the government appears oblivious to the fact that the public has almost entirely lost confidence in the adequacy of information-sharing and challenge in that particular oversight relation. It claims to want to "ensure broad understanding within the UK of the government's approach" but this is hard to defend if the workings of GCHQ are only revealed to and understood by tiny subgroups of government and parliament.

Even a past Cabinet minister on the National Security Council and parliamentarians with relevant responsibilities have already claimed that they had been insufficiently informed of GCHQ's activities, so what hope for the rest of us?

An open society

However, the government scores its lowest marks for progress made towards objective three in its original strategy. Two years ago, it planned to play a part in creating an "open" and "vibrant" cyberspace "which the UK public can use safely and that supports open societies". The lack of transparency and accountability of GCHQ's operations, even to Westminster, runs very much counter to this ideal.

The UK takes pride in its role in promoting democracy and human rights across the world and yet the Snowden affair has led to so much damage that Amnesty International has felt the need to lodge a complaint to the Investigatory Powers Tribunal because it thinks its sensitive communications have probably been intercepted.

International cyber-waters

As a positive achievement, the progress report mentions agreements to make international law apply in cyberspace. But even this will be fraught with difficulties as a result of the Snowden affair. International law should be equal to all, and this does not sit easily with the collaboration that is thriving between GCHQ and the NSA. The NSA is regulated in a way that is strongly biased against non-US citizens and many other governments seem to be alive to that, even if the UK isn't.

All in all, Snowden's revelations have significantly changed many people's perceptions of the role the UK government actually plays in cyberspace. The government's progress report does not appear to take this into account at all.

The UK government may choose to believe that none of Snowden's files prove to be true, or that all the activities reported in them are fully justifiable. But even if that were the case, public reaction to these stories is a reality that needs to be confronted. The UK government cannot afford to be in denial about the relevance of the Snowden files and certainly not about the impact that they have had on business and society, at home and abroad.

Explore further: It's all about cryptography as Rusbridger faces parliament

add to favorites email to friend print save as pdf

Related Stories

Report: NSA cracked most online encryption

Sep 05, 2013

The National Security Agency, working with the British government, has secretly been unraveling encryption technology that billions of Internet users rely upon to keep their electronic messages and confidential ...

Google boss says US data spying is "outrageous"

Nov 04, 2013

Google executive chairman Eric Schmidt said reports that the US government spied on the Internet giant's data centres were "outrageous" and potentially illegal if proved true, in an interview Monday.

White House to keep NSA, cyber oversight together

Dec 14, 2013

A group reviewing the National Security Agency's surveillance programs and cyber command operations sent President Barack Obama more than 40 recommendations on intelligence collection and government spying.

Report: UK spies hacked foreign diplomats

Jun 17, 2013

The Guardian newspaper says the British eavesdropping agency GCHQ repeatedly hacked into foreign diplomats' phones and emails when the U.K. hosted international conferences, even going so far as to set up ...

Recommended for you

Study: Social media users shy away from opinions

Aug 26, 2014

People on Facebook and Twitter say they are less likely to share their opinions on hot-button issues, even when they are offline, according to a surprising new survey by the Pew Research Center.

US warns shops to watch for customer data hacking

Aug 23, 2014

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Fitbit to Schumer: We don't sell personal data

Aug 22, 2014

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

Aug 22, 2014

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

How much do we really know about privacy on Facebook?

Aug 22, 2014

The recent furore about the Facebook Messenger app has unearthed an interesting question: how far are we willing to allow our privacy to be pushed for our social connections? In the case of the Facebook ...

Philippines makes arrests in online extortion ring

Aug 22, 2014

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

User comments : 0