Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged Tempora

Rss Feed Group items tagged

Paul Merrell

Leaked memos reveal GCHQ efforts to keep mass surveillance secret | UK news | The Guardian - 0 views

  • The UK intelligence agency GCHQ has repeatedly warned it fears a "damaging public debate" on the scale of its activities because it could lead to legal challenges against its mass-surveillance programmes, classified internal documents reveal.Memos contained in the cache disclosed by the US whistleblower Edward Snowden detail the agency's long fight against making intercept evidence admissible as evidence in criminal trials – a policy supported by all three major political parties, but ultimately defeated by the UK's intelligence community.Foremost among the reasons was a desire to minimise the potential for challenges against the agency's large-scale interception programmes, rather than any intrinsic threat to security, the documents show.
  • The papers also reveal that:• GCHQ lobbied furiously to keep secret the fact that telecoms firms had gone "well beyond" what they were legally required to do to help intelligence agencies' mass interception of communications, both in the UK and overseas.• GCHQ feared a legal challenge under the right to privacy in the Human Rights Act if evidence of its surveillance methods became admissible in court.• GCHQ assisted the Home Office in lining up sympathetic people to help with "press handling", including the Liberal Democrat peer and former intelligence services commissioner Lord Carlile, who this week criticised the Guardian for its coverage of mass surveillance by GCHQ and America's National Security Agency.The most recent attempt to make intelligence gathered from intercepts admissible in court, proposed by the last Labour government, was finally stymied by GCHQ, MI5 and MI6 in 2009.
  • Another top GCHQ priority in resisting the admission of intercepts as evidence was keeping secret the extent of the agency's co-operative relationships with telephone companies – including being granted access to communications networks overseas.In June, the Guardian disclosed the existence of GCHQ's Tempora internet surveillance programme. It uses intercepts on the fibre-optic cables that make up the backbone of the internet to gain access to vast swaths of internet users' personal data. The intercepts are placed in the UK and overseas, with the knowledge of companies owning either the cables or landing stations.The revelations of voluntary co-operation with some telecoms companies appear to contrast markedly with statements made by large telecoms firms in the wake of the first Tempora stories. They stressed that they were simply complying with the law of the countries in which they operated.
  • ...6 more annotations...
  • In reality, numerous telecoms companies were doing much more than that, as disclosed in a secret document prepared in 2009 by a joint working group of GCHQ, MI5 and MI6.Their report contended that allowing intercepts as evidence could damage relationships with "Communications Service Providers" (CSPs).In an extended excerpt of "the classified version" of a review prepared for the Privy Council, a formal body of advisers made up of current and former cabinet ministers, the document sets out the real nature of the relationship between telecoms firms and the UK government."Under RIPA [the Regulation of Investigatory Powers Act 2000], CSPs in the UK may be required to provide, at public expense, an adequate interception capability on their networks," it states. "In practice all significant providers do provide such a capability. But in many cases their assistance – while in conformity with the law – goes well beyond what it requires."
  • GCHQ's internet surveillance programme is the subject of a challenge in the European court of human rights, mounted by three privacy advocacy groups. The Open Rights Group, English PEN and Big Brother Watch argue the "unchecked surveillance" of Tempora is a challenge to the right to privacy, as set out in the European convention on human rights.That the Tempora programme appears to rely at least in part on voluntary co-operation of telecoms firms could become a major factor in that ongoing case. The revelation could also reignite the long-running debate over allowing intercept evidence in court.GCHQ's submission goes on to set out why its relationships with telecoms companies go further than what can be legally compelled under current law. It says that in the internet era, companies wishing to avoid being legally mandated to assist UK intelligence agencies would often be able to do so "at little cost or risk to their operations" by moving "some or all" of their communications services overseas.
  • As a result, "it has been necessary to enter into agreements with both UK-based and offshore providers for them to afford the UK agencies access, with appropriate legal authorisation, to the communications they carry outside the UK".The submission to ministers does not set out which overseas firms have entered into voluntary relationships with the UK, or even in which countries they operate, though documents detailing the Tempora programme made it clear the UK's interception capabilities relied on taps located both on UK soil and overseas.There is no indication as to whether the governments of the countries in which deals with companies have been struck would be aware of the GCHQ cable taps.
  • Evidence that telecoms firms and GCHQ are engaging in mass interception overseas could stoke an ongoing diplomatic row over surveillance ignited this week after the German chancellor, Angela Merkel, accused the NSA of monitoring her phone calls, and the subsequent revelation that the agency monitored communications of at least 35 other world leaders.On Friday, Merkel and the French president, François Hollande, agreed to spearhead efforts to make the NSA sign a new code of conduct on how it carried out intelligence operations within the European Union, after EU leaders warned that the international fight against terrorism was being jeopardised by the perception that mass US surveillance was out of control.Fear of diplomatic repercussions were one of the prime reasons given for GCHQ's insistence that its relationships with telecoms firms must be kept private .
  • Telecoms companies "feared damage to their brands internationally, if the extent of their co-operation with HMG [Her Majesty's government] became apparent", the GCHQ document warned. It added that if intercepts became admissible as evidence in UK courts "many CSPs asserted that they would withdraw their voluntary support".The report stressed that while companies are going beyond what they are required to do under UK law, they are not being asked to violate it.Shami Chakrabarti, Director of Liberty and Anthony Romero Executive Director of the American Civil Liberties Union issued a joint statement stating:"The Guardian's publication of information from Edward Snowden has uncovered a breach of trust by the US and UK Governments on the grandest scale. The newspaper's principled and selective revelations demonstrate our rulers' contempt for personal rights, freedoms and the rule of law.
  • "Across the globe, these disclosures continue to raise fundamental questions about the lack of effective legal protection against the interception of all our communications."Yet in Britain, that conversation is in danger of being lost beneath self-serving spin and scaremongering, with journalists who dare to question the secret state accused of aiding the enemy."A balance must of course be struck between security and transparency, but that cannot be achieved whilst the intelligence services and their political masters seek to avoid any scrutiny of, or debate about, their actions."The Guardian's decision to expose the extent to which our privacy is being violated should be applauded and not condemned."
  •  
    The Guardian lands another gigantic bomb squarely on target, with massive potential for diplomatic, political, and financial disruption. Well done, Guardian. 
Paul Merrell

MI5 feared GCHQ went 'too far' over phone and internet monitoring | UK news | The Observer - 0 views

  • Senior figures inside British intelligence have been alarmed by GCHQ's secret decision to tap into transatlantic cables in order to engage in the bulk interception of phone calls and internet traffic.According to one source who has been directly involved in GCHQ operations, concerns were expressed when the project was being discussed internally in 2008: "We felt we were starting to overstep the mark with some of it. People from MI5 were complaining that they were going too far from a civil liberties perspective … We all had reservations about it, because we all thought: 'If this was used against us, we wouldn't stand a chance'."The Guardian revealed on Friday that GCHQ has placed more than 200 probes on transatlantic cables and is processing 600m "telephone events" a day as well as up to 39m gigabytes of internet traffic. Using a programme codenamed Tempora, it can store and analyse voice recordings, the content of emails, entries on Facebook, the use of websites as well as the "metadata" which records who has contacted who. The programme is shared with GCHQ's American partner, the National Security Agency.
  • Internet traffic is also liable to be routed internationally even if the message is exchanged between two people within the UK. "At one point, I was told that we were getting 85% of all UK domestic traffic – voice, internet, all of it – via these international cables."
  • The source claimed that even the conventional warrant system has been distorted – whereas police used to ask for a warrant before intercepting a target's communications, they will now ask GCHQ to intercept the target's communications and then use that information to seek a warrant.There is a particular concern that the programme allows GCHQ to break the boundary which stopped it engaging in the bulk interception of internal UK communications. The Ripa requirement that one end of a communication must be outside the UK was a significant restriction when it was applied to phone calls using satellites, but it is no longer effective in the world of fibre-optic cables. "The point is that this is an island," the source said. "Everything comes and goes – nearly everything – down fibre-optic cables. You make a mobile phone call, it goes to a mast and then down into a fibre-optic cable, under the ground and away. And even if the call is UK to UK, it's very likely – because of the way the system is structured – to go out of the UK and come back in through these fibre-optic channels."
  • ...4 more annotations...
  • Interviews with the UK source and the NSA whistleblower Edward Snowden raise questions about whether the programme:■ Exploits existing law which was passed by parliament without any anticipation that it would be used for this purpose.■ For the first time allows GCHQ to process bulk internal UK traffic which is routed overseas via these cables.■ Allows the NSA to engage in bulk intercepts of internal US traffic which would be forbidden in its own territory.■ Functions with no effective oversight.
  • There are similar concerns about the role of the NSA. It could have chosen to attach probes to the North American end of the cables and documents shown to the Guardian by Edward Snowden suggest that key elements of the Tempora filtering process were designed by the NSA. Instead, the NSA agency has exported its computer programs and 250 of its analysts to operate the system from the UK.Initial inquiries by the Guardian have failed to explain why this has happened, but US legislators are likely to want to check whether the NSA has sought to bypass legal or policy requirements which restrict its activity in the US. This will be particularly sensitive if it is confirmed that Tempora is also analysing internal US traffic.The UK source challenges the official justification for the programme; that it is necessary for the fight against terrorism and serious crime: "This is not scoring very high against those targets, because they are wise to the monitoring of their communications. If the terrorists are wise to it, why are we increasing the capability?
  • Defenders insist that the mass of data is heavily filtered by the programme so that only that relating to legitimate targets is analysed.However, there are doubts about the effectiveness of this. First, according to the UK source, "written definitions for targeting and filtering are very elastic. They are wide open to interpretation." The target areas defined by the Ripa certificates are secret.Second, there is further room for interpretation when human analysts become involved in using the filtered intelligence to produce what are known as "contact chains". "Here is target A. But who is A talking to? Now we're into B and C and D." If analysts believe it is proportional, they can look at all the traffic – content and metadata – relating to all of the target's contact." GCHQ audits a sample of its analysts' work – believed to be 5% every six months – but even the statistical results of these audits are also secret.
  • Beyond the detail of the operation of the programme, there is a larger, long-term anxiety, clearly expressed by the UK source: "If there was the wrong political change, it could be very dangerous. All you need is to have the wrong government in place. It is capable of abuse because there is no independent scrutiny."
Paul Merrell

GCHQ taps fibre-optic cables for secret access to world's communications | UK news | gu... - 0 views

  • Britain's spy agency GCHQ has secretly gained access to the network of cables which carry the world's phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA).The sheer scale of the agency's ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.One key innovation has been GCHQ's ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months.
  • GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as well as targeted suspects.This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user's access to websites – all of which is deemed legal, even though the warrant system was supposed to limit interception to a specified range of targets.The existence of the programme has been disclosed in documents shown to the Guardian by the NSA whistleblower Edward Snowden as part of his attempt to expose what he has called "the largest programme of suspicionless surveillance in human history"."It's not just a US problem. The UK has a huge dog in this fight," Snowden told the Guardian. "They [GCHQ] are worse than the US."
  • However, on Friday a source with knowledge of intelligence argued that the data was collected legally under a system of safeguards, and had provided material that had led to significant breakthroughs in detecting and preventing serious crime.Britain's technical capacity to tap into the cables that carry the world's communications – referred to in the documents as special source exploitation – has made GCHQ an intelligence superpower.By 2010, two years after the project was first trialled, it was able to boast it had the "biggest internet access" of any member of the Five Eyes electronic eavesdropping alliance, comprising the US, UK, Canada, Australia and New Zealand.UK officials could also claim GCHQ "produces larger amounts of metadata than NSA". (Metadata describes basic information on who has been contacting whom, without detailing the content.)By May last year 300 analysts from GCHQ, and 250 from the NSA, had been assigned to sift through the flood of data.The Americans were given guidelines for its use, but were told in legal briefings by GCHQ lawyers: "We have a light oversight regime compared with the US".
  • ...8 more annotations...
  • When it came to judging the necessity and proportionality of what they were allowed to look for, would-be American users were told it was "your call".The Guardian understands that a total of 850,000 NSA employees and US private contractors with top secret clearance had access to GCHQ databases.
  • For the 2 billion users of the world wide web, Tempora represents a window on to their everyday lives, sucking up every form of communication from the fibre-optic cables that ring the world.The NSA has meanwhile opened a second window, in the form of the Prism operation, revealed earlier this month by the Guardian, from which it secured access to the internal systems of global companies that service the internet.The GCHQ mass tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and internet servers in north America.This was done under secret agreements with commercial companies, described in one document as "intercept partners".The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. They were assigned "sensitive relationship teams" and staff were urged in one internal guidance paper to disguise the origin of "special source" material in their reports for fear that the role of the companies as intercept partners would cause "high-level political fallout".
  • The GCHQ documents that the Guardian has seen illustrate a constant effort to build up storage capacity at the stations at Cheltenham, Bude and at one overseas location, as well a search for ways to maintain the agency's comparative advantage as the world's leading communications companies increasingly route their cables through Asia to cut costs. Meanwhile, technical work is ongoing to expand GCHQ's capacity to ingest data from new super cables carrying data at 100 gigabits a second. As one training slide told new users: "You are in an enviable position – have fun and make the most of it."
  • The categories of material have included fraud, drug trafficking and terrorism, but the criteria at any one time are secret and are not subject to any public debate. GCHQ's compliance with the certificates is audited by the agency itself, but the results of those audits are also secret.An indication of how broad the dragnet can be was laid bare in advice from GCHQ's lawyers, who said it would be impossible to list the total number of people targeted because "this would be an infinite list which we couldn't manage".There is an investigatory powers tribunal to look into complaints that the data gathered by GCHQ has been improperly used, but the agency reassured NSA analysts in the early days of the programme, in 2009: "So far they have always found in our favour".
  • Historically, the spy agencies have intercepted international communications by focusing on microwave towers and satellites. The NSA's intercept station at Menwith Hill in North Yorkshire played a leading role in this. One internal document quotes the head of the NSA, Lieutenant General Keith Alexander, on a visit to Menwith Hill in June 2008, asking: "Why can't we collect all the signals all the time? Sounds like a good summer project for Menwith."By then, however, satellite interception accounted for only a small part of the network traffic. Most of it now travels on fibre-optic cables, and the UK's position on the western edge of Europe gave it natural access to cables emerging from the Atlantic.
  • The processing centres apply a series of sophisticated computer programmes in order to filter the material through what is known as MVR – massive volume reduction. The first filter immediately rejects high-volume, low-value traffic, such as peer-to-peer downloads, which reduces the volume by about 30%. Others pull out packets of information relating to "selectors" – search terms including subjects, phone numbers and email addresses of interest. Some 40,000 of these were chosen by GCHQ and 31,000 by the NSA. Most of the information extracted is "content", such as recordings of phone calls or the substance of email messages. The rest is metadata.
  • "The criteria are security, terror, organised crime. And economic well-being. There's an auditing process to go back through the logs and see if it was justified or not. The vast majority of the data is discarded without being looked at … we simply don't have the resources."However, the legitimacy of the operation is in doubt. According to GCHQ's legal advice, it was given the go-ahead by applying old law to new technology. The 2000 Regulation of Investigatory Powers Act (Ripa) requires the tapping of defined targets to be authorised by a warrant signed by the home secretary or foreign secretary.However, an obscure clause allows the foreign secretary to sign a certificate for the interception of broad categories of material, as long as one end of the monitored communications is abroad. But the nature of modern fibre-optic communications means that a proportion of internal UK traffic is relayed abroad and then returns through the cables.
  • British spy agency collects and stores vast quantities of global email messages, Facebook posts, internet histories and calls, and shares them with NSA, latest documents from Edward Snowden reveal
  •  
    Note particularly that the Brit criteria adds economic data to the list of categories categories the NSA trawls for and shares its data with the U.S. NSA. Both agencies claim to be targeting foreigners, so now we're into the "we surveil your citizens; you surveil our citizens, then we'll share the results" scenario that leaves both sides of the pond with a superficial excuse to say "we don't surveil our own citizens, just foreigners." But it's just ring-around-the-rosy. 850,000 NSA employees and U.S. private contractors with access to GCHQ surveillance databases.  Lots more in the article that I didn't highlight.
Paul Merrell

From Radio to Porn, British Spies Track Web Users' Online Identities - 0 views

  • HERE WAS A SIMPLE AIM at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.” Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs. The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ. The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear.
  • Amid a renewed push from the U.K. government for more surveillance powers, more than two dozen documents being disclosed today by The Intercept reveal for the first time several major strands of GCHQ’s existing electronic eavesdropping capabilities.
  • The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens — all without a court order or judicial warrant
  • ...17 more annotations...
  • A huge volume of the Internet data GCHQ collects flows directly into a massive repository named Black Hole, which is at the core of the agency’s online spying operations, storing raw logs of intercepted material before it has been subject to analysis. Black Hole contains data collected by GCHQ as part of bulk “unselected” surveillance, meaning it is not focused on particular “selected” targets and instead includes troves of data indiscriminately swept up about ordinary people’s online activities. Between August 2007 and March 2009, GCHQ documents say that Black Hole was used to store more than 1.1 trillion “events” — a term the agency uses to refer to metadata records — with about 10 billion new entries added every day. As of March 2009, the largest slice of data Black Hole held — 41 percent — was about people’s Internet browsing histories. The rest included a combination of email and instant messenger records, details about search engine queries, information about social media activity, logs related to hacking operations, and data on people’s use of tools to browse the Internet anonymously.
  • Throughout this period, as smartphone sales started to boom, the frequency of people’s Internet use was steadily increasing. In tandem, British spies were working frantically to bolster their spying capabilities, with plans afoot to expand the size of Black Hole and other repositories to handle an avalanche of new data. By 2010, according to the documents, GCHQ was logging 30 billion metadata records per day. By 2012, collection had increased to 50 billion per day, and work was underway to double capacity to 100 billion. The agency was developing “unprecedented” techniques to perform what it called “population-scale” data mining, monitoring all communications across entire countries in an effort to detect patterns or behaviors deemed suspicious. It was creating what it said would be, by 2013, “the world’s biggest” surveillance engine “to run cyber operations and to access better, more valued data for customers to make a real world difference.”
  • A document from the GCHQ target analysis center (GTAC) shows the Black Hole repository’s structure.
  • The data is searched by GCHQ analysts in a hunt for behavior online that could be connected to terrorism or other criminal activity. But it has also served a broader and more controversial purpose — helping the agency hack into European companies’ computer networks. In the lead up to its secret mission targeting Netherlands-based Gemalto, the largest SIM card manufacturer in the world, GCHQ used MUTANT BROTH in an effort to identify the company’s employees so it could hack into their computers. The system helped the agency analyze intercepted Facebook cookies it believed were associated with Gemalto staff located at offices in France and Poland. GCHQ later successfully infiltrated Gemalto’s internal networks, stealing encryption keys produced by the company that protect the privacy of cell phone communications.
  • Similarly, MUTANT BROTH proved integral to GCHQ’s hack of Belgian telecommunications provider Belgacom. The agency entered IP addresses associated with Belgacom into MUTANT BROTH to uncover information about the company’s employees. Cookies associated with the IPs revealed the Google, Yahoo, and LinkedIn accounts of three Belgacom engineers, whose computers were then targeted by the agency and infected with malware. The hacking operation resulted in GCHQ gaining deep access into the most sensitive parts of Belgacom’s internal systems, granting British spies the ability to intercept communications passing through the company’s networks.
  • In March, a U.K. parliamentary committee published the findings of an 18-month review of GCHQ’s operations and called for an overhaul of the laws that regulate the spying. The committee raised concerns about the agency gathering what it described as “bulk personal datasets” being held about “a wide range of people.” However, it censored the section of the report describing what these “datasets” contained, despite acknowledging that they “may be highly intrusive.” The Snowden documents shine light on some of the core GCHQ bulk data-gathering programs that the committee was likely referring to — pulling back the veil of secrecy that has shielded some of the agency’s most controversial surveillance operations from public scrutiny. KARMA POLICE and MUTANT BROTH are among the key bulk collection systems. But they do not operate in isolation — and the scope of GCHQ’s spying extends far beyond them.
  • The agency operates a bewildering array of other eavesdropping systems, each serving its own specific purpose and designated a unique code name, such as: SOCIAL ANTHROPOID, which is used to analyze metadata on emails, instant messenger chats, social media connections and conversations, plus “telephony” metadata about phone calls, cell phone locations, text and multimedia messages; MEMORY HOLE, which logs queries entered into search engines and associates each search with an IP address; MARBLED GECKO, which sifts through details about searches people have entered into Google Maps and Google Earth; and INFINITE MONKEYS, which analyzes data about the usage of online bulletin boards and forums. GCHQ has other programs that it uses to analyze the content of intercepted communications, such as the full written body of emails and the audio of phone calls. One of the most important content collection capabilities is TEMPORA, which mines vast amounts of emails, instant messages, voice calls and other communications and makes them accessible through a Google-style search tool named XKEYSCORE.
  • As of September 2012, TEMPORA was collecting “more than 40 billion pieces of content a day” and it was being used to spy on people across Europe, the Middle East, and North Africa, according to a top-secret memo outlining the scope of the program. The existence of TEMPORA was first revealed by The Guardian in June 2013. To analyze all of the communications it intercepts and to build a profile of the individuals it is monitoring, GCHQ uses a variety of different tools that can pull together all of the relevant information and make it accessible through a single interface. SAMUEL PEPYS is one such tool, built by the British spies to analyze both the content and metadata of emails, browsing sessions, and instant messages as they are being intercepted in real time. One screenshot of SAMUEL PEPYS in action shows the agency using it to monitor an individual in Sweden who visited a page about GCHQ on the U.S.-based anti-secrecy website Cryptome.
  • Partly due to the U.K.’s geographic location — situated between the United States and the western edge of continental Europe — a large amount of the world’s Internet traffic passes through its territory across international data cables. In 2010, GCHQ noted that what amounted to “25 percent of all Internet traffic” was transiting the U.K. through some 1,600 different cables. The agency said that it could “survey the majority of the 1,600” and “select the most valuable to switch into our processing systems.”
  • According to Joss Wright, a research fellow at the University of Oxford’s Internet Institute, tapping into the cables allows GCHQ to monitor a large portion of foreign communications. But the cables also transport masses of wholly domestic British emails and online chats, because when anyone in the U.K. sends an email or visits a website, their computer will routinely send and receive data from servers that are located overseas. “I could send a message from my computer here [in England] to my wife’s computer in the next room and on its way it could go through the U.S., France, and other countries,” Wright says. “That’s just the way the Internet is designed.” In other words, Wright adds, that means “a lot” of British data and communications transit across international cables daily, and are liable to be swept into GCHQ’s databases.
  • A map from a classified GCHQ presentation about intercepting communications from undersea cables. GCHQ is authorized to conduct dragnet surveillance of the international data cables through so-called external warrants that are signed off by a government minister. The external warrants permit the agency to monitor communications in foreign countries as well as British citizens’ international calls and emails — for example, a call from Islamabad to London. They prohibit GCHQ from reading or listening to the content of “internal” U.K. to U.K. emails and phone calls, which are supposed to be filtered out from GCHQ’s systems if they are inadvertently intercepted unless additional authorization is granted to scrutinize them. However, the same rules do not apply to metadata. A little-known loophole in the law allows GCHQ to use external warrants to collect and analyze bulk metadata about the emails, phone calls, and Internet browsing activities of British people, citizens of closely allied countries, and others, regardless of whether the data is derived from domestic U.K. to U.K. communications and browsing sessions or otherwise. In March, the existence of this loophole was quietly acknowledged by the U.K. parliamentary committee’s surveillance review, which stated in a section of its report that “special protection and additional safeguards” did not apply to metadata swept up using external warrants and that domestic British metadata could therefore be lawfully “returned as a result of searches” conducted by GCHQ.
  • Perhaps unsurprisingly, GCHQ appears to have readily exploited this obscure legal technicality. Secret policy guidance papers issued to the agency’s analysts instruct them that they can sift through huge troves of indiscriminately collected metadata records to spy on anyone regardless of their nationality. The guidance makes clear that there is no exemption or extra privacy protection for British people or citizens from countries that are members of the Five Eyes, a surveillance alliance that the U.K. is part of alongside the U.S., Canada, Australia, and New Zealand. “If you are searching a purely Events only database such as MUTANT BROTH, the issue of location does not occur,” states one internal GCHQ policy document, which is marked with a “last modified” date of July 2012. The document adds that analysts are free to search the databases for British metadata “without further authorization” by inputing a U.K. “selector,” meaning a unique identifier such as a person’s email or IP address, username, or phone number. Authorization is “not needed for individuals in the U.K.,” another GCHQ document explains, because metadata has been judged “less intrusive than communications content.” All the spies are required to do to mine the metadata troves is write a short “justification” or “reason” for each search they conduct and then click a button on their computer screen.
  • Intelligence GCHQ collects on British persons of interest is shared with domestic security agency MI5, which usually takes the lead on spying operations within the U.K. MI5 conducts its own extensive domestic surveillance as part of a program called DIGINT (digital intelligence).
  • GCHQ’s documents suggest that it typically retains metadata for periods of between 30 days to six months. It stores the content of communications for a shorter period of time, varying between three to 30 days. The retention periods can be extended if deemed necessary for “cyber defense.” One secret policy paper dated from January 2010 lists the wide range of information the agency classes as metadata — including location data that could be used to track your movements, your email, instant messenger, and social networking “buddy lists,” logs showing who you have communicated with by phone or email, the passwords you use to access “communications services” (such as an email account), and information about websites you have viewed.
  • Records showing the full website addresses you have visited — for instance, www.gchq.gov.uk/what_we_do — are treated as content. But the first part of an address you have visited — for instance, www.gchq.gov.uk — is treated as metadata. In isolation, a single metadata record of a phone call, email, or website visit may not reveal much about a person’s private life, according to Ethan Zuckerman, director of Massachusetts Institute of Technology’s Center for Civic Media. But if accumulated and analyzed over a period of weeks or months, these details would be “extremely personal,” he told The Intercept, because they could reveal a person’s movements, habits, religious beliefs, political views, relationships, and even sexual preferences. For Zuckerman, who has studied the social and political ramifications of surveillance, the most concerning aspect of large-scale government data collection is that it can be “corrosive towards democracy” — leading to a chilling effect on freedom of expression and communication. “Once we know there’s a reasonable chance that we are being watched in one fashion or another it’s hard for that not to have a ‘panopticon effect,’” he said, “where we think and behave differently based on the assumption that people may be watching and paying attention to what we are doing.”
  • When compared to surveillance rules in place in the U.S., GCHQ notes in one document that the U.K. has “a light oversight regime.” The more lax British spying regulations are reflected in secret internal rules that highlight greater restrictions on how NSA databases can be accessed. The NSA’s troves can be searched for data on British citizens, one document states, but they cannot be mined for information about Americans or other citizens from countries in the Five Eyes alliance. No such constraints are placed on GCHQ’s own databases, which can be sifted for records on the phone calls, emails, and Internet usage of Brits, Americans, and citizens from any other country. The scope of GCHQ’s surveillance powers explain in part why Snowden told The Guardian in June 2013 that U.K. surveillance is “worse than the U.S.” In an interview with Der Spiegel in July 2013, Snowden added that British Internet cables were “radioactive” and joked: “Even the Queen’s selfies to the pool boy get logged.”
  • In recent years, the biggest barrier to GCHQ’s mass collection of data does not appear to have come in the form of legal or policy restrictions. Rather, it is the increased use of encryption technology that protects the privacy of communications that has posed the biggest potential hindrance to the agency’s activities. “The spread of encryption … threatens our ability to do effective target discovery/development,” says a top-secret report co-authored by an official from the British agency and an NSA employee in 2011. “Pertinent metadata events will be locked within the encrypted channels and difficult, if not impossible, to prise out,” the report says, adding that the agencies were working on a plan that would “(hopefully) allow our Internet Exploitation strategy to prevail.”
Paul Merrell

Snooper's charter has practically zero chance of becoming law, say senior MPs | UK news... - 0 views

  • The chances of Theresa May reintroducing her "snooper's charter" communications data bill are practically zero in the wake of the Guardian's disclosures on the scale of internet surveillance, leading Tory and Labour civil liberties campaigners have said.David Davis, a former contender for Conservative leadership, and Tom Watson, the Labour deputy chair, both said on Thursday they felt there had been a change in the atmosphere at Westminster compared with the "great rush" to legislate in the immediate aftermath of the Woolwich murder of Drummer Lee Rigby.Both MPs said the disclosure of the mass harvesting of personal communications, including internet data, by the American National Security Agency and Britain's eavesdropping agency, GCHQ, had shown that the existing UK regulatory framework was completely ineffective.Davis said in particular that GCHQ's Tempora operation, which harvests global phone and internet traffic by tapping into the transatlantic fibre-optic cables, had "put up a big red flag" indicating it was time to think again from scratch about the legal oversight arrangements.
  • He said it was necessary to look at ways of rewriting the Regulation of Investigatory Powers Act 2000, which sets out the legal oversight arrangements for the interception and surveillance of communications.But the former shadow home secretary and staunch Eurosceptic also praised the efforts of Viviane Reding, the EU commissioner for justice, who wrote to the foreign secretary, William Hague, on Wednesday giving him until the end of the week to answer the charge that the fundamental rights of citizens across Europe were being flouted."I hope that Viviane Reding keeps up the pressure. This is the only time you will hear me say that the European Union might be the answer," said Davis.Watson said he shared Davis's analysis of the poor prospects for the reintroduction of May's communications data bill, which would require internet and phone companies to store for up to 12 months data tracking everyone's use of email, phone and internet.
  • The meeting heard from surveillance experts Casper Bowden, a former chief privacy adviser to Microsoft, and solicitor/advocate, Simon McKay. Bowden said a huge debt was owed to Snowden, who had made the most important disclosures about surveillance for more than 25 years.He said the disclosures had serious implications for the corporate and individual stampede towards the use of "cloud computing" storage, much of which was housed in the US. He said that there was a real danger now that Britain would be left in an exposed position, with the rest of Europe not willing to allow their data to be stored through the UK. "Keep your cloudbase close and local and keep it in your jurisdiction," he said, adding that encryption was very limited as a defence.Bowden, who has worked as an adviser to the EU on its new data protection directive, which has yet to come into force principally because of British opposition, said he had secured an amendment giving protection for whistleblowers.He had also argued for a warning "pop-up" to be required when data was being transferred outside the EU's borders.
  •  
    Finally, acknowledgement that the growth of the cloud computing industry will likely be affected greatly by disclosures of widespread US and UK storage and surveillance of digital data. But will this be enough to turn cloud computing companies into staunch advocates of reining in the NSA and GCHQ? Note that the emerging E.U. position creates an economic advantage for cloud computing companies with their server farms located in the E.U. (likely excluding the UK). 
Paul Merrell

EU votes to support suspending U.S. data sharing agreements, including passenger flight... - 0 views

  • The European Parliament on Thursday adopted a joint, cross-party resolution to begin investigations into widespread surveillance of Europeans by the U.S. National Security Agency (NSA). Read this EU to vote to suspend U.S. data sharing agreements, passenger records amid NSA spying scandal Read more In the vote, 483 voted for the resolution, 98 against, and 65 abstained on a vote that called on the U.S. to suspend and review any laws and surveillance programs that "violate the fundamental right of EU citizens to privacy and data protection," as well as Europe's "sovereignty and jurisdiction." The vote also gave backing to the suspension of data sharing deals between the two continents, should the European Commission take action against its U.S. ally.
  • The U.S. government faces continued criticism and pressure from its international allies following news that its intelligence agencies spied on foreign nationals under its so-called PRISM program. The U.K. government was also embroiled in the NSA spying saga, after its signals intelligence intercepting station GCHQ tapped submarine fiber optic cables under its own secret program, code named Tempora. Reuters reported on Wednesday that the Commission is examining whether the U.K. broke EU law, which could lead to fines imposed by the highest court in Europe.
  • Should the Commission decide it necessary to suspend the data sharing agreement of passenger details — including personal and sensitive individual data — it could ultimately lead to the grounding of flights between the EU and the U.S. Dutch MEP Sophie in 't Veld said in a statement after the vote: "We must consider now if the PNR and SWIFT agreements are still tenable in the circumstances." Critics say PNR data has never helped catch a suspected criminal or terrorist before. SWIFT data sharing, which provides U.S. authorities with secure banking details in a bid to crack down on terrorist financing, could also be suspended. A spokesperson for the D66 delegation in Brussels confirmed by email that the English version of the joint motion is "the right one and is leading," despite claims that there were "translation error[s]" between the different versions of the joint resolution.
  • ...3 more annotations...
  • Members of the European Parliament (MEPs) in a plenary session in Strasbourg voted in favor of a section of the resolution that called on the Commission to "give consideration to all the instruments at their disposal in discussions and negotiations with the U.S. [...] including the possible suspension of the passenger name record (PNR) and terrorist finance tracking program (TFTP) agreements."
  • An EU source familiar with proceedings confirmed that the Commission now has the authority from the Parliament to suspend PNR and TFTP, but it falls at the Commission's discretion. Resolutions passed by the Parliament are not legally binding, but give backing to the Commission should the executive body wish to enact measures against a foreign power or entity. A Commission spokesperson confirmed that there are "no deadlines" on deciding whether it will follow up on the Parliament's resolution.
  • The Parliament's Civil Liberties, Justice and Home Affairs committee was given the authority by Thursday's vote to set up an inquiry to gather evidence from both U.S. and EU sources to assess the impact of the surveillance activities on EU citizens' fundamental right to privacy and data protection.
Gary Edwards

Take A Break From The Snowden Drama For A Reminder Of What He's Revealed So Far - Forbes - 0 views

  • Here’s a recap of Snowden’s leaked documents published so far, in my own highly subjective order of importance.
  • The publication of Snowden’s leaks began with a top secret order from the Foreign Intelligence Surveillance Court (FISC) sent to Verizon on behalf of the NSA, demanding the cell phone records of all of Verizon Business Network Services’ American customers for the three month period ending in July. The order, obtained by the Guardian, sought only the metadata of those millions of users’ calls–who called whom when and from what locations–but specifically requested Americans’ records, disregarding foreigners despite the NSA’s legal restrictions that it may only surveil non-U.S. persons. Senators Saxby Chambliss and Diane Feinstein defended the program and said it was in fact a three-month renewal of surveillance practices that had gone for seven years.
  • A leaked executive order from President Obama shows the administration asked intelligence agencies to draw up a list of potential offensive cyberattack targets around the world. The order, which suggests targeting “systems, processes and infrastructure” states that such offensive hacking operations “can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging.” The order followed repeated accusations by the U.S. government that China has engaged in state-sponsored hacking operations, and was timed just a day before President Obama’s summit with Chinese President Xi Jinping.
  • ...6 more annotations...
  • Another leaked slide deck revealed a software tool called Boundless Informant, which the NSA appears to use for tracking the origin of data it collects. The leaked materials included a map produced by the program showing the frequency of data collection in countries around the world. While Iran, Pakistan and Jordan appeared to be the most surveilled countries according to the map, it also pointed to significant data collection from the United States.
  • In a congressional hearing, NSA director Keith Alexander argued that the kind of surveillance of Americans’ data revealed in that Verizon order was necessary to for archiving purposes, but was rarely accessed and only with strict oversight from Foreign Intelligence Surveillance Court judges. But another secret document published by the Guardian revealed the NSA’s own rules for when it makes broad exceptions to its foreign vs. U.S. persons distinction, accessing Americans’ data and holding onto it indefinitely. Those exceptions include anytime Americans’ data is judged to be “significant foreign intelligence” information or information about a crime that has been or is about to be committed, any data “involved in the unauthorized disclosure of national security information,” or necessary to “assess a communications security vulnerability.” Any encrypted data that the NSA wants to crack can also be held indefinitely, regardless of whether its American or foreign origin.
  • Documents leaked to the Guardian revealed a five-year-old British intelligence scheme to tap transatlantic fiberoptic cables to gather data. A program known as Tempora, created by the U.K.’s NSA equivalent Government Communications Headquarters (GCHQ) has for the last 18 months been able to store huge amounts of that raw data for up to 30 days. Much of the data is shared with the NSA, which had assigned 250 analysts to sift through it as of May of last year.
  • Another GCHQ project revealed to the Guardian through leaked documents intercepted the communications of delegates to the G20 summit of world leaders in London in 2009. The scheme included monitoring the attendees’ phone calls and emails by accessing their Blackberrys, and even setting up fake Internet cafes that used keylogging software to surveil them.
  • Snowden showed the Hong Kong newspaper the South China Morning Post documents that it said outlined extensive hacking of Chinese and Hong Kong targets by the NSA since 2009, with 61,000 targets globally and “hundreds” in China. Other SCMP stories based on Snowden’s revelations stated that the NSA had gained access to the Chinese fiberoptic network operator Pacnet as well as Chinese mobile phone carriers, and had gathered large quantities of Chinese SMS messages.
  • The Guardian’s Glenn Greenwald has said that Snowden provided him “thousands” of documents, of which “dozens” are newsworthy. And Snowden himself has said he’d like to expose his trove of leaks to the global media so that each country’s reporters can decide whether “U.S. network operations against their people should be published.” So regardless of where Snowden ends up, expect more of his revelations to follow.
  •  
    Nice tight summary
Paul Merrell

NSA Spies on 500 Million German Data Connections - SPIEGEL ONLINE - 0 views

  • America's National Security Agency (NSA) is apparently spying on Germany more than previously believed. Secret documents from the US intelligence service, which have been viewed by SPIEGEL journalists, reveal that the NSA systematically monitors and stores a large share of the country's telephone and Internet connection data. Internal NSA statistics indicate that the agency stores data from around half a billion communications connections in Germany each month. This data includes telephone calls, emails, mobile-phone text messages and chat transcripts. The metadata -- or information about which call or data connections were made and when -- is then stored at the NSA's headquarters in Fort Meade, near Washington, DC.
  • The documents show for the first time the scope of American surveillance in Germany. Previously, it had only been clear that Germany had been one of the major targets of NSA spying. A map published by the Guardian shows that Germany is on a par with targets such as China, Iraq and Saudi Arabia in terms of the intensity of electronic snooping. For weeks now, new details have emerged from documents collected by whistleblower Edward Snowden about the NSA's Prism and Britain's Tempora digital spying programs. The statistics, which SPIEGEL has also seen, show that data is collected from Germany on normal days for up to 20 million telephone calls and 10 million Internet data exchanges. Last Christmas Eve, it collected data on around 13 million phone calls and about half as many online exchanges. On the busiest days, such as January 7 of this year, the information gathered spiked to nearly 60 million communication connections under surveillance.
  • The NSA, it turns out, is more active in Germany than in any other of the EU's 27 member states. By comparison, during the same time frame, the Americans only recorded data on an average of 2 million connections in France each day. The documents also show that the NSA is primarily interested in important Internet hubs in southern and western Germany. Frankfurt, for example, plays an important role in the global Internet infrastructure, and the city is listed as a central base for the country. One top secret document also states that while Germany may be a partner, it is still also a target of the NSA's electronic snooping. According to the document, Germany is a so-called "3rd party foreign partner." The only countries that are explicitly excluded from spying attacks are Australia, Canada, New Zealand and the UK. "We can, and often do, target the signals of most 3d party foreign partners," a slide from an internal presentation states.
Paul Merrell

CCC | GCHQ to face European Court over mass surveillance - 0 views

  • Three of Britain’s most prominent campaign groups have today announced the launch of a legal challenge against the actions of GCHQ, alleging it has illegally intruded on the privacy of millions of British and European citizens. Big Brother Watch, the Open Rights Group and English PEN, together with German internet activist Constanze Kurz, have filed papers at the European Court of Human Rights bringing an action against the UK Government.

 They allege that by collecting vast amounts of data leaving or entering the UK, including the content of emails and social media messages, the UK’s spy agency has acted illegally. When details recently emerged in the media about the Prism and Tempora programmes, codenames for previously secret online surveillance operations, it was revealed that GCHQ has the capacity to collect more than 21 petabytes of data a day – equivalent to sending all the information in all the books in the British Library 192 times every 24 hours. The disclosures have raised serious parliamentary concerns both in Britain and at the EU level. Deighton Pierce Glynn solicitors represent the applicants, instructing Helen Mountfield QC of Matrix Chambers and Tom Hickman and Ravi Mehta of Blackstone Chambers. The legal action will be funded through donations at www.privacynotprism.org.uk
  •  
    One I missed from October 3, 2013. The case was later filed with the European Court of Human Rights as "Joint Application Under Article 34 of Big Brother Watch, Open Rights Group, English Pen Dr Constanze Kurz (Applicants) - v - United Kingdom (Respondent)." There is no appeal from decisions of this Court.
Paul Merrell

Private firms selling mass surveillance systems around world, documents show | World ne... - 0 views

  • Private firms are selling spying tools and mass surveillance technologies to developing countries with promises that "off the shelf" equipment will allow them to snoop on millions of emails, text messages and phone calls, according to a cache of documents published on Monday.The papers show how firms, including dozens from Britain, tout the capabilities at private trade fairs aimed at offering nations in Africa, Asia and the Middle East the kind of powerful capabilities that are usually associated with government agencies such as GCHQ and its US counterpart, the National Security Agency.The market has raised concerns among human rights groups and ministers, who are poised to announce new rules about the sale of such equipment from Britain.
  • The documents are included in an online database compiled by the research watchdog Privacy International, which has spent four years gathering 1,203 brochures and sales pitches used at conventions in Dubai, Prague, Brasilia, Washington, Kuala Lumpur, Paris and London. Analysts posed as potential buyers to gain access to the private fairs.The database, called the Surveillance Industry Index, shows how firms from the UK, Israel, Germany, France and the US offer governments a range of systems that allow them to secretly hack into internet cables carrying email and phone traffic.The index has details from 338 companies, including 77 from the UK, offering a total of 97 different technologies.
  • The documents include a brochure from a company called Advanced Middle East Systems (AMES), based in Dubai. It has been offering a device called Cerebro – a DIY system similar to the Tempora programme run by GCHQ – that taps information from fibre-optic cables carrying internet traffic.AMES describes Cerebro as a "core technology designed to monitor and analyse in real time communications … including SMS (texting), GSM (mobile calls), billing data, emails, conversations, webmail, chat sessions and social networks."The company brochure makes clear this is done by attaching probes to internet cables. "No co-operation with the providers is required," it adds."Cerebro is designed to store several billions of records – metadata and/or communication contents. At any time the investigators can follow the live activity of their target with advanced targeting criteria (email addresses, phone numbers, key words)," says the brochure.
  • ...2 more annotations...
  • Another firm selling similar equipment is VASTech, based in South Africa, which has a system called Zebra. Potential buyers are told it has been designed to help "government security agencies face huge challenges in their combat against crime and terrorism".VASTech says Zebra offers "access to high volumes of information generated via telecommunication services for the purposes of analysis and investigation".It has been designed to "intercept all content and metadata of voice, SMS, email and fax communications on the connected network, creating a rich repository of information".
  • It is now possible, from a single laptop computer, to locate where a mobile phone is calling from anywhere in the world, with an accuracy of between 200 metres and a mile. This is not done by attaching probes, and it is not limited to the area where the laptop is working from. The "cross border" system means it is now theoretically possible to locate a mobile phone call from a town abroad from a laptop in London.
Paul Merrell

REVEALED: GCHQ's BEYOND TOP SECRET Middle Eastern INTERNET SPY BASE * The Register - 0 views

  • Exclusive Above-top-secret details of Britain’s covert surveillance programme - including the location of a clandestine British base tapping undersea cables in the Middle East - have so far remained secret, despite being leaked by fugitive NSA sysadmin Edward Snowden. Government pressure has meant that some media organisations, despite being in possession of these facts, have declined to reveal them. Today, however, the Register publishes them in full.The secret British spy base is part of a programme codenamed “CIRCUIT” and also referred to as Overseas Processing Centre 1 (OPC-1). It is located at Seeb, on the northern coast of Oman, where it taps in to various undersea cables passing through the Strait of Hormuz into the Persian/Arabian Gulf. Seeb is one of a three site GCHQ network in Oman, at locations codenamed “TIMPANI”, “GUITAR” and “CLARINET”. TIMPANI, near the Strait of Hormuz, can monitor Iraqi communications. CLARINET, in the south of Oman, is strategically close to Yemen. British national telco BT, referred to within GCHQ and the American NSA under the ultra-classified codename “REMEDY”, and Vodafone Cable (which owns the former Cable & Wireless company, aka “GERONTIC”) are the two top earners of secret GCHQ payments running into tens of millions of pounds annually.
  • The actual locations of such codenamed “access points” into the worldwide cable backbone are classified 3 levels above Top Secret and labelled “Strap 3”. The true identities of the companies hidden behind codenames such as “REMEDY”, “GERONTIC”, “STREETCAR” or “PINNAGE” are classified one level below this, at “Strap 2”.After these details were withheld, the government opted not to move against the Guardian newspaper last year for publishing above-top-secret information at the lower level designated “Strap 1”. This included details of the billion-pound interception storage system, Project TEMPORA, which were revealed in 2013 and which have triggered Parliamentary enquiries in Britain and Europe, and cases at the European Court of Human Rights. The Guardian was forced to destroy hard drives of leaked information to prevent political embarrassment over extensive commercial arrangements with these and other telecommunications companies who have secretly agreed to tap their own and their customers’ or partners’ overseas cables for the intelligence agency GCHQ. Intelligence chiefs also wished to conceal the identities of countries helping GCHQ and its US partner the NSA by sharing information or providing facilities
  • According to documents revealed by Edward Snowden to journalists including Glenn Greenwald among others, the intelligence agency annually pays selected companies tens of millions of pounds to run secret teams which install hidden connections which copy customers' data and messages to the spooks’ processing centres. The GCHQ-contracted companies also install optical fibre taps or “probes” into equipment belonging to other companies without their knowledge or consent. Within GCHQ, each company has a special section called a “Sensitive Relationship Team” or SRT.BT and Vodafone/C&W also operate extensive long distance optical fibre communications networks throughout the UK, installed and paid for by GCHQ, NSA, or by a third and little known UK intelligence support organization called the National Technical Assistance Centre (NTAC).
  •  
    Report on GCHQ documents that The Guardian had agreed not to write about. Nice picture of the secret Seeb base.
Paul Merrell

British Spies Allowed to Access U.S. Data Without a Warrant - NationalJournal.com - 0 views

  • British authorities are capable of tapping into bulk communications data collected by other countries' intelligence services—including the National Security Agency—without a warrant, according to secret government documents released Tuesday. The agreement between the NSA and Britain's spy agency, known as Government Communications Headquarters or GCHQ, potentially puts the Internet and phone data of Americans in the hands of another country without legal oversight when obtaining a warrant is "not technically feasible."   The data, once obtained, can be kept for up to two years, according to internal policies disclosed by the British government. GCHQ was forced to reveal that it can request and receive vast quantities of raw, unanalyzed data collected from foreign governments it partners with during legal proceedings in a closed court hearing in a case brought by various international human-rights organizations, including Privacy International, Liberty U.K., and Amnesty International. The suit challenges certain aspects of GCHQ's surveillance practices.
  • It is well known that the NSA and GCHQ closely share intelligence data with one another, as part of a long-standing surveillance partnership. Some details of the agencies' spy pact were exposed by former NSA contractor Edward Snowden last year, including the existence of GCHQ's Tempora program, which taps into fiber-optic cables to scoop up online and telephone traffic across the Web for up to 30 days. But this is the first time the British government has disclosed that it does not require a warrant to access data collected and maintained by its American counterparts. The revelation appears to counter statements made by an oversight committee of the British Parliament in July of last year that "in each case where GCHQ sought information from the U.S., a warrant for interception, signed by a minister, was already in place."   It is unclear whether any restrictions on Britain's access to NSA surveillance data is imposed by the U.S. However, documents provided by Snowden to The Guardian last year reveal that the NSA shares raw intelligence data with Israel without removing information about U.S. citizens.
  • In a statement, the NSA said it works with a number of partner countries to further its "foreign intelligence mission." But it did not specify whether it was aware of or condoned Britain's apparent warrantless access of its data. "Whenever NSA shares intelligence information, we comply with all applicable rules, including rules designed to safeguard U.S. person information," the agency said. "NSA does not ask its foreign partners to undertake any intelligence activity that the U.S. government would be legally prohibited from undertaking itself." American privacy advocates quickly condemned any warrantless access of U.S. communications data by British authorities.   "The 'arrangement' disclosed today suggests that the two countries are circumventing even the very weak safeguards that have been put in place," Jameel Jaffer, deputy legal director of the American Civil Liberties Union, said in a statement to National Journal. "It underscores both the inadequacy of existing oversight structures and the pressing need for [surveillance] reform."
  •  
    Note that this came out in a court case; it is not a Snowden leak. 
Paul Merrell

Bureau files ECHR case challenging UK government over surveillance of journalists' comm... - 0 views

  • The Bureau of Investigative Journalism is asking a European court to rule on whether UK legislation properly protects journalists’ sources and communications from government scrutiny and mass surveillance. The Bureau’s application was filed with the European Court of Human Rights on Friday. If the court rules in favour of the application it will force the UK government to review regulation around the mass collection of communications data. The action follows concerns about the implications to journalists of some of the revelations that have come out of material leaked by Edward Snowden. These have made it clear that by using mass surveillance techniques and programs such as Tempora government agencies can not only collect, store and scrutinise the content of electronic communications but also analyse masses of metadata – the details about where digital communications such as emails originate and the subject area of those communications. Gavin Millar QC, who is working on the case with the Bureau, believes UK authorities are routinely carrying out such data collection and analysis and says this enables a sophisticated picture to be developed of a journalist’s or organisation’s network of contacts, sources and lines of enquiry as well as materials, subjects and persons of interest to them.
  • The Bureau’s Christopher Hird says: “We understand why the government feels the need to have the power of interception. “But our concern is that the existing regulatory regime to control the interception of communications data – such as phone calls and emails – by organisations such as GCHQ does not provide sufficient safeguards to ensure the protection of journalists’ sources, and as a result is a restriction on the operation of a free press.” The collection of data by authorities is governed in the UK by the Regulation of Investigatory Powers Act, known as RIPA. This is primarily focused on internal communications. Many of the investigations undertaken by Bureau journalists involve foreign sources and stories, which are more vulnerable to interception as RIPA does not provide the same safeguards as it does for internal communications. The Bureau is working with lawyers from Doughty Street chambers and law firm Leigh Day, who have advised that there is little protection or rigorous scrutiny provided by current UK legislation for these “external” communications.
  •  
    Note that this case was filed with the ECHR in September 2014.  Quote from a prior decision of the ECHR involving Dutch journalists and government surveillance that will give UK government a steep hill to climb in persuading the ECHR to give GCHQ a pass:  "…where, as here, a power of the executive is exercised in secret, the risks of arbitrariness are evident. Since the implementation in practice of measures of secret surveillance is not open to scrutiny by the individuals concerned or the public at large, it would be contrary to the rule of law for the legal discretion granted to the executive to be expressed in terms of an unfettered power. Consequently, the law must indicate the scope of any such discretion conferred on the competent authorities and the manner of its exercise with sufficient clarity, having regard to the legitimate aim of the measure in question, to give the individual adequate protection against arbitrary interference."
1 - 13 of 13
Showing 20 items per page