The revelation of the US National Security Agency’s highly secret “Prism” intelligence-gathering program will undermine America’s moral authority to deal with China over cyber espionage, according to a leading cyber security expert.
The expert, who was speaking at a cyber-security conference at Chatham House, said that he suspects the repercussions of the Prism program would be likely to rebound on the US and had the potential to “harm us in 15 years time”.
President Obama made cyber-espionage a key issue in his recent summit with Chinese president Xi Jinping.
Under the “Chatham House Rule”, participants in a debate at the Royal Institute of International Affairs can be quoted, but the quotes cannot be attributed.
The expert added that there was “a lot more to this” and that “there will be prosecutions” as a result of revelations about the program, which siphoned off vast amounts of data from internet users which passed through the servers of web giants such as Google, Yahoo, Facebook and Twitter.
He added that coverage of the program in the US media had been “walked back in an Orwellian manner” and cited the example of the Washington Post, which initially ran a slide from an NSA presentation of the top-secret program on its front page, only to remove the technically classified slide from later editions.
Is Prism Legal?
The legality of any such actions in the US is governed by legislation know as *USSID18 *which is designed to allow access to internet material while protecting the rights of US citizens.
The directive does nothing to protect non-US citizens from having their data accessed.
Since the vast majority of internet traffic flows through servers in the US, the NSA is believed to have accessed data from British citizens without legal oversight.
It is unlikely to have encountered much legal problem in “building a library of every book”, capturing vast amounts of personal data in its secret program, but that permissions “to look at any page of any book in that library is extremely restrictive”
The speaker also said that the nature in which the Prism programme was conducted was indicative of the US’ “because we can” attitude to cyber-espionage and cyber-conflict, an attitude which was also evident in the US’ development of the world’s first autonomous cyber-weapon – the Stuxnet virus which caused huge damage to the Iranian nuclear program in 2010.
In Britain, a row has developed after it emerged that the NSA has claimed Britain’s electronic eavesdropping agency GCHQ had received 197 intelligence reports from the NSA, based on Prism data in the last year alone.
Foreign Secretary William Hague said on Monday that accusations British intelligence services had acted outside the law were "baseless".
It remains unclear whether these reports originated as a result of NSA investigations and were then passed on to GCHQ, or whether GCHQ was involved with “tasking” the NSA to supply the data in order to circumvent legal safeguards in Britain and the US over accessing internet data.
However, a source with good knowledge of GCHQ’s said she believed that the agency would want any such requests to be subject to thorough legal compliance and political oversight.
Speaking on the sidelines of the Chatham House conference, the source claimed that the agency had a strong culture of conservatism and bureaucratic box-ticking over legal matters and neither workers nor bosses at Cheltenham would be inclined to stick their necks out in this manner.
She added that the large amount of intelligence reports passed to GCHQ as a result of Prism indicated that protocols and procedures would have been worked out in advance and that government lawyers would have been heavily involved.
Internet giants have been at pains to issue denials over the program, with Facebook and Google claiming on Friday that they had not given the US government, or any other government “direct access to our servers”.
At the Chatham House conference, another speaker said that law enforcement bodies frequently co-operated with intelligence services such as the NSA, as well as military organisations like NATO, and that there was a need for information to be handed back and forth in order to combat threats such as cyber-crime, and that much of this information was not “secret” as it had been posted on the internet, saying:
If you don’t want something to be shared, then don’t put it on the web.
The problem, he said, was that:
Prism pollutes what [law enforcement agencies] are trying to do against cyber crime.
If Prism is being used against cyber-crime then it’s good; if its being used for political purposes then its bad.
The same speaker predicted that the Prism scandal would lead to an acceleration in demand and development of anonymity software such as the Tor project which allows users to mask their online identities, and that such software was bound to be exploited by organised crime groups, creating potentially huge problems for the prosecution of online fraud cases.