U.K. allows British spies to intercept Google and Facebook traffic
It is the first time a U.K. official has commented on the government's 'vague surveillance legal framework,' Privacy International says
IDG News Service - British spies are authorized to spy on British citizens' Internet communications transiting through servers outside the U.K., a civil rights group has discovered.
Privacy International uncovered the information as part of a lawsuit it filed against the U.K. government over its alleged involvement in mass surveillance programs. It filed the suit with the U.K.'s Investigatory Powers Tribunal, a court that can investigate complaints about any alleged conduct by or on behalf of the intelligence services.
On Tuesday the group published a witness statement from Charles Farr, director general of the Office for Security and Counter Terrorism at the U.K.'s Home Office, who is among the government officials and other witnesses who have made depositions in the case. His statement was published ahead of a hearing by the tribunal scheduled to take place between July 14 and 18.
Farr, one of the U.K.'s most senior security officials, said British spies have the right to intercept Internet communications even if they are from British citizens because the services often use Web servers located outside the U.K. Many messages "such as a Google search, a search of YouTube for a video, a 'tweet' on Twitter, or the posting of a message on Facebook," could be qualified as external by the intelligence services, he said.
Under British laws, the country's intelligence services require a special warrant to monitor communications of British residents located within the U.K., which can only be granted if there is reason to suspect the person is involved in unlawful activity. However, only a general warrant is required for external communications, sent or received outside of the U.K., the Isle of Man, or the Channel Islands, collectively known as the British Islands.
"A Google search by an individual located in the U.K. may well involve a communication from the searcher's computer to a Google web server, which is received outside the British Islands; and a communication from Google to the searcher's computer, which is sent outside the British Islands. In such a case, the search would correspondingly involve two 'external communications'," Farr said.
In the case of Twitter and Facebook the recipient of the communication is the platform itself since the message is not meant for a particular person but broadcast to a group, Farr said. "Thus a user located in the British Islands posting a message on Facebook will communicate with a Facebook web server, located in a Facebook data center. If the Facebook data center is outside the British Islands, then the message will be an 'external communication'," he said.
The matter is somewhat different for emails. An email sent from London to someone in Birmingham would qualify as an internal communication, Farr said. However, when the sender uses a webmail service such as Gmail or Yahoo, the email could be routed through servers outside of the U.K.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!