British Police Continue A Secret Snowden Investigation

A secret British police investigation focusing on journalists who have worked with Edward Snowden’s leaked documents is still active more than four years after it was launched.

The investigation, codenamed “Operation Curable”, is being led by a counter-terrorism unit within London’s Metropolitan Police, under the direction of the force’s head of Specialist Operations, Mark Rowley. The Metropolitan Police confirmed the status of the investigation in response to a Freedom of Information Act request.

The disclosure that the probe remains active prompted criticism on from the National Union of Journalists, the UK’s largest journalists’ organisation. Sarah Kavanagh, a spokesperson for the group, said that news reports based on the Snowden documents had exposed unlawful covert surveillance activities in the public interest.

“The media are often the only group in society able to reveal the intelligence and security forces have exceeded their legitimate powers and remit,” Kavanagh said. 
“The Met Police should be condemned for keeping journalists under investigation because they worked on the Snowden leaks. The investigation should be halted immediately. Journalism is not a crime.”

The origins of the investigation can be traced back to May 2013, when Snowden, a National Security Agency contractor, turned over a cache of classified documents about government surveillance to journalists, including Intercept co-founder Glenn Greenwald. Among the documents were details about mass surveillance programs operated by the UK’s largest spy agency, Government Communications Headquarters, or GCHQ.

In August 2013, detectives from the Metropolitan Police used a counterterrorism law to detain and interrogate David Miranda, Greenwald’s partner (both pictured), while he was passing through London’s largest airport. 

Miranda was carrying a batch of encrypted Snowden documents to aid Greenwald’s reporting on the files. The police seized Miranda’s possessions, including a mobile phone, laptop, camera, and flash drives, and began a criminal investigation.
British authorities argued that publishing the Snowden files was itself a terrorist act, thereby explicitly conflating journalism with terrorism. Prior to Miranda’s arrival in London, a memo authored by the Metropolitan Police and domestic spy agency MI5 was circulated to UK border entry points. 

It asserted that “the disclosure of the Snowden documents, or threat of disclosure, is designed to influence a government and is made for the purpose of promoting a political or ideological cause. This therefore falls within the definition of terrorism.”
In December 2013, one of the London force’s most senior officers, Cressida Dick, was questioned about the case during a parliamentary hearing. 

She acknowledged that the force’s investigation was looking at whether reporters at The Guardian had committed criminal offenses, some carrying potential 10-year prison sentences, for their role in revealing secret surveillance operations exposed in the documents. “We need to establish whether they have or haven’t [committed offenses,” Dick said. “That involves a huge amount of scoping of material.” Later, however, the Metropolitan Police attempted to keep all details about the case secret. In early 2015, the force refused to confirm or deny whether the investigation existed, and stated that revealing such details could help terrorists and be “detrimental to national security.” 

The force eventually backed down on this position and admitted the probe remained ongoing, following an intervention from the UK’s Information Commissioner’s Office, which enforces freedom of information laws in the country. Given that the investigation has been active for more than four years, it appears likely that it has required a substantial amount of resources at a time when the Metropolitan Police has faced budget cuts and had to respond to a spate of terror attacks in London. 

The force has declined to provide any information about the amounts of funds spent on the probe, or disclose the number of officers working on it, insisting that it does not hold records of these details. A spokesperson for the Metropolitan Police said in a statement that the investigation “was launched in order to protect life and national security.” 

The spokesperson added: “As would be as expected we do not put a time limit on an investigation, and the priority is that it is thorough and establishes all of the relevant facts. This is a complex investigation and enquiries continue. No arrests have been made to-date.”

In 2016, a judge ruled that the UK’s counterterrorism legislation did not sufficiently protect the rights of journalists, after Miranda sued the police for detaining him at the London airport. 

The judge found that Schedule 7 of the Terrorism Act, the power used to target Miranda and seize his possessions, was “not subject to adequate safeguards against its arbitrary exercise” and was “incompatible” with Article 10 of the European Convention on Human Rights, which protects the right to “receive and impart information and ideas without interference by public authority and regardless of frontiers.”

The Intercept

You Might Also Read: 


 

 

« The Role Of Russian Influence In The Brexit Referendum Is Unclear
UK Police Give Cybercrime Warning »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Malware.lu

Malware.lu

Malware.lu is a repository of malware and technical analysis. The goal of the project is to provide samples and technical analysis to security researchers.

Oxygen Forensics

Oxygen Forensics

Oxygen Forensics offer the most advanced forensic data examination tools for mobile devices and cloud services.

Roke Manor Research

Roke Manor Research

Roke is a world-class electronics engineering consultancy. Areas of expertise include cyber security, cyber assurance and cryptographic solutions.

Digital Guardian

Digital Guardian

Digital Guardian is a next generation data protection platform designed to stop data theft.

EverC

EverC

EverC (formerly EverCompliant) is a leading provider of cyber intelligence that allows acquiring banks and payment service providers (PSP) to manage cyber risk.

NextVision

NextVision

NextVision is a Cybersecurity and Technology company offering a range of solutions and services for Security, Compliance and IT Infrastructure Management.

Dutch Accreditation Council (RvA)

Dutch Accreditation Council (RvA)

RvA is the national accreditation body for the Netherlands. The directory of members provides details of organisations offering certification services for ISO 27001.

BioConnect

BioConnect

BioConnect provide biometric access control solutions to verify a person’s identity across physical, IOT and digital applications.

Sygnia

Sygnia

Sygnia is a cyber technology and services company, providing high-end consulting and incident response support for organizations worldwide.

Fluid Attacks

Fluid Attacks

Fluid Attacks specialize in red team operations as well as technology development that continuously enhance our security testing services.

SK Shieldus

SK Shieldus

SK shieldus are a converged security provider with business capabilities in both cybersecurity and physical security based on Big-Tech.

Custard Technical Services

Custard Technical Services

Custard provide Network Security for all types of businesses across many industries, helping to keep them safe and secure.

Troye Computer Systems

Troye Computer Systems

Troye provide a complete range of digital workspace solutions that empower people to do their very best work in a safe and secure manner anywhere, anytime, using any device.

SureCloud Cyber Services

SureCloud Cyber Services

Our Cyber Testing capability has been honed since we were founded in 2006 as a disrupter in the penetration testing market.

Triskele Labs

Triskele Labs

Triskele Labs deliver services including Penetration Testing, Compliance and Risk Management through to 24*7*365 Security Operations and outsourced Cybersecurity Managers.

KTrust

KTrust

KTrust provides Continuous Threat Exposure Management for Kubernetes environments.