A couple of weeks ago, the British government found itself under considerable fire at home for their connection to the NSA’s PRISM program. A number of MPs demanded answers from David Cameron’s Tory government about whether British intelligence was bypassing UK law in order to spy on its subjects by having the NSA collect the data from their Internet for them. At the time, I wondered whether the Brits were doing the same for the NSA on their own, comparing it to the Hitchcock thriller Strangers on a Train, with its famous “criss cross” murder plot (or the more humorous version in Throw Momma From the Train).
Criss … meet cross:
Britain’s spy agency GCHQ has secretly gained access to the network of cables which carry the world’s phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA).
The sheer scale of the agency’s ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.
One key innovation has been GCHQ’s ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months.
GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as well as targeted suspects.
This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user’s access to websites – all of which is deemed legal, even though the warrant system was supposed to limit interception to a specified range of targets.
The NSA isn’t just a passive beneficiary of the MTI and GTE programs, either. Hundreds of NSA analysts had been assigned to the work along with GCHQ analysts, with seemingly few limitations on what they could access:
By May last year 300 analysts from GCHQ, and 250 from the NSA, had been assigned to sift through the flood of data.
The Americans were given guidelines for its use, but were told in legal briefings by GCHQ lawyers: “We have a light oversight regime compared with the US”.
When it came to judging the necessity and proportionality of what they were allowed to look for, would-be American users were told it was “your call”.
Interestingly, the program disregarded P2P downloads, even though one might presume that this would be a potential method to use for illicit communication over the open-source Internet. That allowed GCHQ to reduce its storage requirements by 30% while analysts focused on “selectors” such as words and phrases in e-mail, phone numbers, and other content — which included recordings of phone calls. The result is that the NSA and the GCHQ both have capabilities to go after content on a wide scale while being able to specifically deny spying on their own citizens within their own programs.
Now, did either or both agencies break the laws in their own country in their cooperation with the parallel programs in the other? Did the two intel communities do the kind of spying for each other that each are barred from conducting themselves in their respective countries? Perhaps not, and the Guardian story doesn’t give enough specifics to reach a conclusion on that question. However, Congress and Parliament might want to start asking those questions.