Review of key security legislation 'misses key issues' claims security expert


The UK government's Joint Committee review into the Investigatory Powers Bills, has failed to deal with critical flaws, according to a cyber security expert.

Erika Koivunen, cyber security adviser for F-Secure, has expressed concern with the current draft of the bill, highlighting the Belgacom case as a cause for worry.

The Belgacom case, in which the UK Government Communications Headquarters (GCHQ) hacked into the telecoms company Belgacom, gaining access to employee computers and more, enabled them to read encrypted and unencrypted data. This resulted in a $5 million damage bill for Belgacom.

Documents released by famous whistleblower Edward Snowden link GCHQ to the hack, which according to Snowden, had one of the most "sophisticated pieces of malware ever discovered."

Koivunen in referring to the Belgacom case in his statement, said: “We have seen in the Belgacom case that equipment interference activity on non-terrorist and non-combatant organisations can be used to create stepping stones to the intended targets."

Koivunen, who was asked to give evidence to the Committee, continues by stating that the bill asks for too much trust from businesses and has expressed concern that the bill in its current draft opens up the "potential for abuse and lack of oversight".

Parliament's Intelligence and Security Committee (ISC) has expressed similar concerns, urging the government to make the Bill as robust as possible and to make it a "comprehensive and clear legal framework" and in need of "substantive amendment" regarding protections from hacking and the actions from intelligence agencies.

Koivunen concludes: “Sharper, clearer definitions are required in order to protect both the privacy of citizens and viability of the British tech industry.”

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *