Britain’s Version Of The NSA Listens To Phone Calls And Reads Email, Lets The NSA Listen In

New revelations from The Guardian

GCHQ

There’s an interesting story in The Guardian that seems to indicate that the GCHQ, the British version of the National Security Agency, engages in even more mining of metadata and other information than the National Security Agency does, and frequently shares that information with the United States:

Britain’s spy agency GCHQ has secretly gained access to the network of cables which carry the world’s phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA).

The sheer scale of the agency’s ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.

One key innovation has been GCHQ’s ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months.

GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as well as targeted suspects.

This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user’s access to websites – all of which is deemed legal, even though the warrant system was supposed to limit interception to a specified range of targets.

The existence of the programme has been disclosed in documents shown to the Guardian by the NSA whistleblower Edward Snowden as part of his attempt to expose what he has called “the largest programme of suspicionless surveillance in human history”.

“It’s not just a US problem. The UK has a huge dog in this fight,” Snowden told the Guardian. “They [GCHQ] are worse than the US.”

One implication of this for the United States, of course, is that the actions of the GCHQ taking place in another country are completely removed from any strictures of the Constitution or U.S. law so, theoretically at least, they would be able to access information that the Federal Government cannot, at least not without seeking permission from a Court to do so. Indeed, according to the report, that’s exactly what representatives from the NSA were told by the GCHQ:

The Americans were given guidelines for its use, but were told in legal briefings by GCHQ lawyers: “We have a light oversight regime compared with the US”.

When it came to judging the necessity and proportionality of what they were allowed to look for, would-be American users were told it was “your call”.

(…)

The categories of material have included fraud, drug trafficking and terrorism, but the criteria at any one time are secret and are not subject to any public debate. GCHQ’s compliance with the certificates is audited by the agency itself, but the results of those audits are also secret.

An indication of how broad the dragnet can be was laid bare in advice from GCHQ’s lawyers, who said it would be impossible to list the total number of people targeted because “this would be an infinite list which we couldn’t manage”.

There is an investigatory powers tribunal to look into complaints that the data gathered by GCHQ has been improperly used, but the agency reassured NSA analysts in the early days of the programme, in 2009: “So far they have always found in our favour”.

Loose oversight, no need to worry about compliance with American law or the Constitution, and access to gigabytes upon gigabytes of both metadata and, apparently, the actual content of data passing through the Internet on a daily basis. Sounds like a pretty sweet setup for the NSA, doesn’t it? The interesting thing, of course, is that the NSA has been saying since this story began that they don’t listen to phone calls or read emails without first getting permission from a FISA Court. If this information is accurate, though, it’s clear that they have rather open access to a program run by the GCHQ that can apparently access every cable-based communication that passes through the Transatlantic cables that link the Eastern and Western Hemispheres. That would mean that virtually any communication that an American citizen makes that passes through these cables would be available for monitoring and analysis by the NSA without having to comply with U.S. law at all. If that’s the case, then it would seem to make almost any effort at oversight of the programs that they are running nothing more than an utter joke.

FILED UNDER: Intelligence, National Security
Doug Mataconis
About Doug Mataconis
Doug holds a B.A. in Political Science from Rutgers University and J.D. from George Mason University School of Law. He joined the staff of OTB in May 2010. Before joining OTB, he wrote at Below The BeltwayThe Liberty Papers, and United Liberty Follow Doug on Twitter | Facebook

Comments

  1. stonetools says:

    What this means is that the NSA does have a free hand in looking at the electronic data acquired from the Brits of foreigners, including British nationals. But it still must submit to US constitutional legal strictures when viewing the data of US citizens , from whatever source.

    Not sure if this adds much to the debate. Does mean that maybe the British public should be looking at whether it wants the NSA to have the same free hand with British electronic data as British intelligence does. I expect we will see the British public debate that, rancorously. Also note that contra Snowden-Greenwald, its perfectly possible to have a robust democracy with even looser oversight over intelligence agencies than the USA currently has, not that we would want that.

    OT, if you like to watch spy drama British style, I highly recommend the British TV series MI.5. Better than 24, IMO.

  2. DC Loser says:

    The “FIVE EYES SIGINT community” is not well understood by non intelligence professionals.

    Here is a link to a Canadian product that discusses this.

    Basically, the American, British, Canadian, Australian, and New Zealand SIGINT organizations have a collaborative approach towards collection and shares its data with all of them.

  3. Ron Beasley says:

    @stonetools: I agree with you on MI-5. You might also check out a great documentary from NOVA on the NSA, The Spy Factory

  4. michael reynolds says:

    I’ll give you some breaking news: the Chinese o it, the Russians do it, the Israelis do it, every country that has the technological capacity to do it, does it.

    What have I been saying since Day 1 of this NSA thing? Privacy in the mid-twentieth century sense is dead. And that fact is not a tragedy. It’s one big old increasingly transparent world.

    What people are experiencing now is just the shock of the new, which is a bit weird since most of these same folks participated enthusiastically in creating this new paradigm. What did people think would happen when they increasingly digitized themselves? We use cell phones, Facebook, credit cards, store loyalty cards, online banking, iTunes, Amazon, Twitter and Pinterest and all the rest. We vomit forth prodigious amounts of data every day and then, what, it’s still 1950 somehow?

    People want to have their cake and eat it, too. But new technologies sometimes require adjustments beyond just the benefit side of the equation. When we started buying cars we started needing state-issued drivers licenses. The state then maintained records on us. Similar thing. On the one hand, “Here is the power of the internet,” and on the other hand, “It’s going to cost a bit of privacy.” We as individuals have gained astounding new powers, but with great powers comes a possibility of Kryptonite.

  5. James in Silverdale, WA says:

    @michael reynolds: “And that fact is not a tragedy. ”

    There is nothing in the Constitution which says, “shall be made null and void when we get to the digital age.”

    Nor is the statement, “you no longer have privacy and never will” an inevitable outcome of the digital age. Technology has long existed to steer away from that outcome. The demand for it is now skyrocketing.

    I wish you would clamor for its use, and Federally mandated secure connections to a person, rather than just waving your white flag, while also encouraging others to do the same.

    Expect resistance.

  6. stonetools says:

    @michael reynolds:

    We actually do have the power to assure privacy, if we really wanted to. We could use Anonymizer or our Internet browsing. We could use Hushmail for our email. We could use the many (paid and free) encryption tools available for download over Internet (Many of those programs claim that their encryption is NSA proof). We could learn the joys of the one time pad.

    But we don’t, because it’s inconvenient. I’m betting that every one of those concerned with electronic privacy here use cellphones and webmail with no special encryption. The plain fact is that most of us just don’t care that much.
    I might add too that the actuality of the NSA is that the world’s greatest intelligence service allowed a mid level contract employee to use a $20 flash drive to collect all sorts of classified data, put it on a laptop, walk out and fly to China. Its just not the omniscient, Big Brother type octopus that the Greenwalds would have us believe it is.

  7. michael reynolds says:

    @James in Silverdale, WA:

    I don’t care if the NSA knows who I call. I just don’t. It doesn’t harm me. And despite a lot of huffing and puffing no one has yet made a case that it harms anyone. So I’m not waving the white flag, I actually want the NSA to have technology equal to the job we’ve asked them to do.

    If you want to use encryption, go for it. I just don’t see why I should bother.

  8. TPF says:

    @michael reynolds: Spot on! What is amazing to me is that some many people have no problem with the private sector invading their privacy, sharing data and yet have an absolute fit when intelligence agencies share data. I guess if the data sharing is done in the name of private profit, that’s okay. But is the name of protecting lives, can’t have that!

  9. Andre Kenji says:

    @stonetools:

    We actually do have the power to assure privacy, if we really wanted to. We could use Anonymizer or our Internet browsing. We could use Hushmail for our email. We could use the many (paid and free) encryption tools available for download over Internet (Many of those programs claim that their encryption is NSA proof). We could learn the joys of the one time pad.

    I don´t use these tools because I´m not to blow up buildings and air planes. If I were going to organize a terrorist attack I would be using these tools.

  10. stonetools says:

    @michael reynolds:

    I don’t care if the NSA knows who I call. I just don’t. It doesn’t harm me. And despite a lot of huffing and puffing no one has yet made a case that it harms anyone

    I must admit that I am amazed that not one “privacy advocate” has been able to make such a case. Just about all that they have said is to whine that the government should not be able to do this. Now there are a lot of things that the government does that I don’t like. I don’t like getting parking tickets.I don’t like the long lines at the DMV. I don’t like having to take off shoes to go on an airplane. All this bother me much more than the NSA data mining my phone logs. This is why I think this stuff is likely to fade away once Snowden gets asylum somewhere and drops off the front pages.

  11. Ben Wolf says:

    This means the U.S. government uses foreign governments to spy on its citizens and it is highly likely we return the favor.

    Is anyone familiar with the history of societies which aim for total surveillance of their own people. Is someone under the impression any of those places turned out well? The assertion that loss of privacy is an inevitable outcome of the 21st Century is ahistorical, ignoring that totalitarian states have created such conditions many times in the past. What is happening in this country is policy choice, not a law of physics.

  12. michael reynolds says:

    @Ben Wolf:
    Ben, get over Orwell. He was a brilliant writer and may well have helped to forestall the world he portrayed so vividly. But the Big Brother state has not only failed to materialize, but the balance of power has shifted dramatically in favor of the individual. As pointed out (by stone tools IIRC) Big Brother couldn’t stop a 29 year old junior contractor from spilling the Crown Jewels to the entire world. Is that your Orwellian state?

  13. James in Silverdale, WA says:

    @michael reynolds: “I don’t care if the NSA knows who I call. I just don’t. It doesn’t harm me.”

    That’s a fine choice. You have enjoyed the freedom to make it. One might even consider it to contain some rationality.

    And, it’s not a choice for you or government to make for anyone else. The reasons are irrelevant. “If you’re not doing anything wrong then you have nothing to worry about” is not freedom. Proof is required.

    One is innocent until proven guilty, and warrantless anything is in direct opposition to that.

    9/11 was a preventable tragedy pre-Patriot Act, so the snake eats its own tail when we use 9/11, e.g. “keep us safe” as an excuse to permit government to lie to us without any oversight, and condemn those who dare say, “well now hold on a second, no warrants, you say? No privacy, you say?” That it’s been going on for 12 years in the numb political dumbness following 9/11 is likewise irrelevant. That cannot be allowed to steer the future.

    Michael, I do not want you to start using encryption if you do not want to. It’s a burden, even now, because easy-to-use encryption is not part of our toolbox that contains every other fabulous instrument. We do not need it, once we admit we have no privacy, now and until the world is unmade, or the ‘lectricicle goes on the Fritz.

    I would much rather the feds mandate VPNs for all in keeping with our Constitutional protections of privacy.

    Demand for that is now exploding. It is something we can “do” about it, no matter one’s political stripe.

  14. michael reynolds says:

    @James in Silverdale, WA:

    Of course using a VPN actually increases the odds of the actual content of your calls being sampled by NSA since it does not identify you as a US citizen. You end up losing whatever protections are in place.

    If people want to fight the future, cool by me, go for it. But it won’t work. You’ve already lost your privacy to Google and a dozen other companies. Not sure why it’s so important to keep the NSA from learning a tenth of what Google already knows about you. The NSA just wants to know if you’re making a bomb. Google already knows exactly what kind of porn you like and down to the minute how long it takes you to get off. Amazon knows how far you read into Dan Brown’s latest and where you got bored, and where you skipped ahead. Target knows whether your wife has a yeast infection and whether you suffer from allergies. Citibank knows where your mistress lives and what gift you bought her at Victoria’s Secret. Everything you imagine is secret is already in a dozen different databanks being analyzed.

    You’re straining at gnats to hold onto something you lost a long time ago.

  15. michael reynolds says:

    One more point. Now that we know (surprise!) that the UK is looking, and we can intuit pretty easily that every other capable intel service on earth is doing likewise, and that therefore your notions of privacy are effectively obsolete, all you’re really fighting for is a way to place our own government at a comparative disadvantage.

  16. steve says:

    AFAICT, they have broken every encryption tool or anonymity tool, even Tor, at least when it comes to metadata stuff. Once we have quantum computing pretty much all modern encryption can be broken. As long as the private providers have the data, I dont see how we keep it from geting out and being used.

    Steve

  17. James in Silverdale, WA says:

    @michael reynolds: “that therefore your notions of privacy are effectively obsolete”

    As I said, expect resistance. This is not an automatic outcome of the digital age. Nor is it Constitutional.

    Why you cannot be bothered to “fight for the future” is beyond reasoning, however. At least one of your hands appears to still work, unless you are taking dictation.

  18. michael reynolds says:

    @James in Silverdale, WA:
    James, you and the rest on your side can’t even explain what it is you think you’re fighting for in any practical sense. You fail to show harm. You fail to explain why you hand Google the keys to the kingdom then are horrified that the NSA has a sliver of the same data.

    There will be some legal tweaking around the edges and then you and the rest will forget about it because your lives won’t be harmed and you won’t want in the end to tolerate the inconvenience.

  19. Argon says:

    I keep thinking about all those people who were misclassified and put on lists to receive heightened reviews during travel or even on ‘no fly’ notices because some agency confused the names. Never underestimate the power of bureaucracies to screw up some tiny detail and make life miserable for people through no fault of their own. I mean, crap, we barely have recourse when credit agencies mess up… What’s the route for correcting an NSA cock up?

  20. @michael reynolds: I won’t lie: the way you simply bend your knee and accept this Orwellian environment makes me lose a lot of respect for you. And a lot of liberals, for that matter.

  21. Gustopher says:

    @Christopher Bowen: I think there’s a difference between bending one’s knee and accepting reality.

    We live in a surveillance state — and I thank Snowden for making that clear to those who didn’t recognize it — and the important questions remaini aren’t whether the government gathers this data, but what they do with it. Keeping it out of routine prosecution, keeping it out of the IRS, keeping it confidential and secret — these all seem like good things.

    I’m willing to trade a bit more security for the governm knowing my porn habits, who I call, who I email, my drugs, my fondness for prostitutes of both genders, etc — so long as they are discrete about it.

    But the discussion of what is done with the data — I think that’s a much more important discussion than Michael seems to, and I think it needs to happen sooner rather than later. So, good for Mr. Snowden, destroying his life so people begin thinking about it, even though that’s probably not his intention…

  22. @Gustopher: I didn’t know the Fourth Amendment had a footnote that says it’s OK to do something if we really believe the government has a right to do it.

    Now, I know what the argument is going to be – I can almost see the words being formed by Michael, for one – that the fourth amendment in this case – the giving of our information to corporations in exchange for the service of cellular communication – is settled law. That does not make it a good law. Conservatives argue this with Roe v. Wade all the time, and I argue it with every single law that chips away at our rights in the fourth amendment.

    You’re willing to accept that our data is being taken, but only so far as it’s being used for the side of good, to keep us safe. My argument is that the data being taken by the government will inevitably be used for ill purposes, and it will be too late to object by then.

  23. rudderpedals says:

    I think it’s absolutely too late already. To really secure something you’re just going to have to use self-help. It is not convenient. It is like waving a red flag — the GCHQ for ex claims to shed communications content received in the clear after 30 days but it’s going to archive the encrypted take — so its use might (would have, if applied to Snowden’s reported online communications with journalists) raise enough attention to make the user interesting. At the end of the day however, if you don’t take responsibility for securing your private information then no one else will.

  24. rudderpedals says:

    I think it’s absolutely too late already. To really secure something you’re just going to have to use self-help. It is not convenient. It is like waving a red flag — the GCHQ for ex claims to shed communications content received in the clear after 30 days but it’s going to archive the encrypted take — so its use might (would have, if applied to Snowden’s reported online communications with journalists) raise enough attention to make the user interesting. At the end of the day however if you don’t take responsibility for securing your private information you’re out of luck because no one else is going to do it. [slight edit here]

  25. JohnMcC says:

    @Christopher Bowen: I see, sir, that after vague references to “the Constitution” as a source of your objection to the NSA’s analyzing metadata — all of which was voluntarily placed in ‘the cloud’ by the persons whose metadata is being analysed — you have actually cited this:

    The right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures shall not be violated, and no Warrents shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched and the persons or things to be seized.

    The government has had the authority ever since the Post Office was founded to examine the envelopes that your mail comes and goes in. They can subject it to Xrays and sensors. They can keep lists of the people you write to and who write to you. All without a warrent. If they do this enough to a great many people, their data become metadata.

    You expect the govenment to have no authority to explore your opinions of Xbox systems? You think that your opinion of Asperger/Autism sufferers should be off limits to those who we count on to catch terrorists? You yourself put this on a billboard in front of your house, freely and for fun. Your ‘mobile device’ is a beacon informing any retailer who cares to know it when you are on the sidewalk in front of their store and what they should show on the big flat screen in the window that has the best chance of luring you to shop. They know what credit cards you use and what brand of game system you are interested in. But the govenment is somehow menacing your liberty by treating your electronic data pretty much exactly as they can treat your mail? Somehow based on that amendment, you are outraged that the FISA court conducts itself in secrecy? And those of us who disagree with you are willing serfs?

    Wake up.

  26. James in Silverdale, WA says:

    @michael reynolds: “James, you and the rest on your side”

    OK, Michael, now you drift into fantasy. I have no “side.” I am a single person with one vote.

    I do not have to show you harm. In fact, I do not have to show you a damn thing. You seem to be missing that very crucial point where privacy is concerned.

    When you say, “show me the harm,” it’s the same as saying, “if you aren’t doing anything wrong, you have nothing to worry about.” That is not freedom. It is also unconstitutional.

    And if I disagree with government stripping privacy out of the Constitution upon arrival in the digital age, how long will it be before I hear, “papers, please?” Why isn’t Congress agitating to protect our privacy? The technology is certainly there and has been for some time. The NSA needn’t be the only outcome.

    I am baffled by one with whom I agree with so many other things fails so miserably at seeing this fundamental point; who is willing to just say “it’s over, privacy lost,”; and one who now leaves it to “others” to “fight for the future.”

    Moore’s Law assures the future is coming about 10 minutes from now. Do you still have fight in you or not?

  27. James in Silverdale, WA says:

    @rudderpedals: “I think it’s absolutely too late already. ”

    This need not be true. Acts of Congress could reverse much of it. But they have to turn towards protecting privacy, not giving it away. The whole mindset is backwards just now.

  28. rudderpedals says:

    @James in Silverdale, WA: I prefer a European-like privacy solution where ownership of most data collected by a business or government vests in the user/subject and the information collector is liable for damages if it doesn’t secure the info. I think that would have to happen in a serious attempt to deal with the commoditization of private information even though it’s un-American and implicates serious Constitutional issues (taking, for ex).

  29. Nick R. says:

    oh… very nice 11ef

  30. Rick says:

    @michael reynolds: Best comment. People need to wake up and realize that privacy stops at the edge of the bathroom door.