Events , Governance & Risk Management , Infosecurity Europe Conference

GCHQ Official Avoids Privacy Questions

Defers to Parliament Over Privacy, Surveillance Issues
GCHQ Official Avoids Privacy Questions
Ciaran Martin, Director General for Government and Industry Cybersecurity at GCHQ

Delivering the opening keynote June 2 at the Infosecurity Europe conference in London, the head of cybersecurity for the U.K. intelligence agency GCHQ avoided overt discussions of current U.K. government surveillance and privacy policies.

See Also: OnDemand - XDR: Five Factors to Keep in Mind for Better Implementation

Instead, Ciaran Martin - a deputy head of the Government Communications Headquarters - noted that in recent years, GCHQ's remit, which includes the responsibility to advise the government "on matters of cryptography and information assurance such as the Prime Minister may determine," has evolved to include intelligence operations that focus on the Internet. "That intelligence role has been the source of well-known controversy around privacy. I won't and can't talk about that in any detail today."

But Martin did cite a report from the U.K.'s Interception Commissioner, Anthony May, who investigated allegations against the agency. "He had full access to the papers and staff of GCHQ," Martin said. "He asked the question: 'Does GCHQ engage in the random mass intrusion into the private lives of law-abiding citizens?' The answer was 'emphatically no.'"

Now, following the country's May 7 general election that resulted in a Conservative government taking power, Martin says that related measures and new types of oversight are due to be debated soon. Some proposals were already laid out during the May 27 Queen's speech delivered by the U.K.'s reigning monarch at the opening of both Houses of Parliament. The traditional speech details the governing party's agenda, following a general election.

"The Queen's speech set out a process for considering legislation on the proper powers for national security and law enforcement bodies, and it is for ministers to propose and for Parliament to debate," Martin said, referring to the government's proposed new Investigatory Powers Bill. "All I would say is that everyone in GCHQ is acutely conscious that we are entrusted with significant power under the law, and we use it extremely carefully."

Time was allotted following Martin's talk for one question, and that question touched on U.K.-based Eris Industries promising that it will exit the United Kingdom if the Investigatory Powers Bill passes. "You say that GCHQ does not engage in mass surveillance, and I understand that," an audience member said. "But in a week where another tech firm has decided to quit the U.K., I'm interested to know whether we in the cybersecurity industry would now see the U.K. government in essence as a threat actor itself insofar as the proposals for the Snooper's Charter and the desire for backdoors in products moves ahead?"

In response, Martin again referred to May's report, as well as the impending debates over the Investigatory Powers Bill.

Investigatory Powers Bill

As detailed in the Queen's speech, the Investigatory Powers Bill would "modernize the law on communications data." Prime Minister David Cameron is pitching the legislation as a way to "address ongoing capability gaps that are severely degrading the ability of law enforcement and intelligence agencies ability to combat terrorism and other serious crime." Critics, however, allege that the legislation is a minor updating of the controversial Draft Communications Data Bill, which has been derided by many privacy and civil rights groups as being a "Snooper's Charter" (see UK Debates Rebooted 'Snooper's Charter').

Going forward, however, lines are already being drawn between elements of the government that favor greater levels of surveillance, versus those who would emphasize privacy.

Promised: Appropriate Oversight

In introducing the new Investigatory Powers Bill, the government has promised that it would "provide for appropriate oversight and safeguard arrangements." But the current government - which for the past five years had formed a coalition government with the Liberal Democrat party, which previously torpedoed the Draft Communications Data Bill - does not have a well-established track record for opening to debate the rules and procedures that govern the company's surveillance apparatus (see UK Quietly Rewrote Hacking Law).

Cameron has also come under fire from cryptography and information security experts around the world for his suggestion that cryptographic systems should be weakened to better allow "intelligence agencies and law enforcement to target the online communications of terrorists, pedophiles and other serious criminals."

Johns Hopkins University cryptography expert Matthew Green, for example, has warned that any attempt to give governments a backdoor - or as Cameron has said, "front door" - access to strong encryption would leave everyone from governments to banks at greater risk from cybercriminals and terrorists (see Obama Sees Need for Encryption Backdoor).

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.