Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)

Surveillance Demands Follow Paris Massacre

UK Intelligence Agency Seeks New Powers
Surveillance Demands Follow Paris Massacre
Andrew Parker, Director General of MI5 (Source: Security Service, Crown Copyright)

In the wake of the Paris massacre, the head of Britain's MI5 domestic intelligence agency has called for new powers to fight extremism, warning that the risk of an attack in the U.K. remains "highly likely."

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

Addressing an invitation-only audience at the headquarters of MI5 - also known as Britain's Security Service - Director General Andrew Parker on Jan. 8 warned that violent Islamic extremists in both Syria and Iraq have been attempting to plan attacks on U.K. soil, as well as use "propaganda to provoke individuals in the U.K. to carry out violent attacks here."

Parker characterized the Jan. 7 Paris massacre that left 12 people dead as "a terrible reminder of the intentions of those who wish us harm" and said he'd already contacted his French counterparts. "As you would expect, we are offering our French colleagues our full support as they respond," he said.

But the bulk of Parker's speech was devoted to detailing the challenges facing MI5 throughout 2015 and beyond, and he warned that the agency is seeing an imbalance between the recent rise in terror plots and the decrease in the intelligence service's ability to intercept potential attackers' communications. "My sharpest concern as director general of MI5 is the growing gap between the increasingly challenging threat and the decreasing availability of capabilities to address it," he said.

Parker said that MI5 needs new powers to stop terror attacks, although he stopped short of defining just what those powers should be. "Government, Parliament and society will need to consider ... what are the right intrusive powers, at what scale, and under what oversight, to ensure sufficient security against the threats we face," he said.

The U.K.'s Security Service, often referred to as MI5, serves as the country's domestic intelligence and security agency, and Parker said about 50 percent of its work today focuses on counter-terrorism. MI5 works alongside the country's Secret Intelligence Service, known as MI6, which gathers intelligence from outside the country and also conducts counter-intelligence operations.

Warnings Over Iraq, Syria

Parker says the United Kingdom faces similar threats to France - and other countries in Europe and beyond - from terrorist plots either directed or provoked by extremist groups in Syria, and in particular driven by the Sunni Islamist rebel group ISIS that controls territory in Iraq and Syria. "Strikingly, working with our partners, we have stopped three UK terrorist plots in recent months alone," he said. "Deaths would certainly have resulted otherwise. Although we and our partners try our utmost, we know that we cannot hope to stop everything."

Parker cautioned that the U.K.'s intelligence services risk "going dark" due to advances in recent communications technology. His remarks parallel recent, similar warnings sounded by other senior British government officials. The head of Britain's Government Communications Headquarters intelligence agency in November blasted U.S. technology firms for creating services that facilitate crime, terrorism and child abuse. The same month, U.K. legislators released a report that accused Facebook of serving as a "terrorist haven" - inadvertently or not - and blamed it for failing to detect the impending murder of Fusilier Lee Rigby by two of his fellow British citizens. The same report, however, exculpated the U.K.'s intelligence services, despite finding they'd made a string of investigatory errors relating to the two men, who were convicted of Rigby's murder in December 2013.

Some critics have responded to U.K. government criticism of the U.S. technology sector by accusing the government of posturing, given the mass surveillance system already being operated by the United Kingdom.

Following the revelations sparked by former U.S. National Security Agency contractor Edward Snowden's leaks, a group of privacy advocates filed a lawsuit challenging the legality of the surveillance programs being run by the U.K.'s intelligence services - MI5, MI6 and GCHQ.

But the U.K.'s independent investigatory powers tribunal, which heard the case, ruled in December 2014 that the country's surveillance programs did not violate human rights. At the time, U.K. Home Secretary Theresa May welcomed that finding, the Guardian reported. "This latest judgment adds to the findings of the intelligence and security committee of Parliament and the interception of communications commissioner. Between them, they have made clear that the agencies work within a strict legal and policy framework," she said.

Security Versus Liberty

In the wake of the Paris massacre, however, information security experts say it's likely that some legislators and government officials will attempt to pass new or more expansive surveillance laws. "The recent atrocity in France will doubtless raise the call again for more surveillance or for banning things like encryption, but it is a specious argument," Alan Woodward, a visiting computer science professor at the University of Surrey, tells Information Security Media Group. "There will always be a dynamic tension between security and liberty, but as we all know, liberty can be lost through excessive security if the wrong government exercises the security."

Woodward, who's a cybersecurity adviser to the group of European police organizations that's known as Europol, adds that such powers alone aren't a silver bullet for tracking attackers, especially if they're technology-savvy. "France has some of the most intrusive surveillance laws in the western world, but even they would have difficulty tracing back if you were using a pseudonym online for, say, e-mail," he says. "We all know that it is extremely easy to set up an anonymous e-mail account, and trying to trace that after the event is enormously difficult. And despite what the public might think, governments just don't have the wherewithal to read every e-mail sent to or from their territory."

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.