Group items tagged

When it came to judging the necessity and proportionality of what they were allowed to look for, would-be American users were told it was "your call".The Guardian understands that a total of 850,000 NSA employees and US private contractors with top secret clearance had access to GCHQ databases.

For the 2 billion users of the world wide web, Tempora represents a window on to their everyday lives, sucking up every form of communication from the fibre-optic cables that ring the world.The NSA has meanwhile opened a second window, in the form of the Prism operation, revealed earlier this month by the Guardian, from which it secured access to the internal systems of global companies that service the internet.The GCHQ mass tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and internet servers in north America.This was done under secret agreements with commercial companies, described in one document as "intercept partners".The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. They were assigned "sensitive relationship teams" and staff were urged in one internal guidance paper to disguise the origin of "special source" material in their reports for fear that the role of the companies as intercept partners would cause "high-level political fallout".

The GCHQ documents that the Guardian has seen illustrate a constant effort to build up storage capacity at the stations at Cheltenham, Bude and at one overseas location, as well a search for ways to maintain the agency's comparative advantage as the world's leading communications companies increasingly route their cables through Asia to cut costs. Meanwhile, technical work is ongoing to expand GCHQ's capacity to ingest data from new super cables carrying data at 100 gigabits a second. As one training slide told new users: "You are in an enviable position – have fun and make the most of it."

The categories of material have included fraud, drug trafficking and terrorism, but the criteria at any one time are secret and are not subject to any public debate. GCHQ's compliance with the certificates is audited by the agency itself, but the results of those audits are also secret.An indication of how broad the dragnet can be was laid bare in advice from GCHQ's lawyers, who said it would be impossible to list the total number of people targeted because "this would be an infinite list which we couldn't manage".There is an investigatory powers tribunal to look into complaints that the data gathered by GCHQ has been improperly used, but the agency reassured NSA analysts in the early days of the programme, in 2009: "So far they have always found in our favour".

Historically, the spy agencies have intercepted international communications by focusing on microwave towers and satellites. The NSA's intercept station at Menwith Hill in North Yorkshire played a leading role in this. One internal document quotes the head of the NSA, Lieutenant General Keith Alexander, on a visit to Menwith Hill in June 2008, asking: "Why can't we collect all the signals all the time? Sounds like a good summer project for Menwith."By then, however, satellite interception accounted for only a small part of the network traffic. Most of it now travels on fibre-optic cables, and the UK's position on the western edge of Europe gave it natural access to cables emerging from the Atlantic.

The processing centres apply a series of sophisticated computer programmes in order to filter the material through what is known as MVR – massive volume reduction. The first filter immediately rejects high-volume, low-value traffic, such as peer-to-peer downloads, which reduces the volume by about 30%. Others pull out packets of information relating to "selectors" – search terms including subjects, phone numbers and email addresses of interest. Some 40,000 of these were chosen by GCHQ and 31,000 by the NSA. Most of the information extracted is "content", such as recordings of phone calls or the substance of email messages. The rest is metadata.

"The criteria are security, terror, organised crime. And economic well-being. There's an auditing process to go back through the logs and see if it was justified or not. The vast majority of the data is discarded without being looked at … we simply don't have the resources."However, the legitimacy of the operation is in doubt. According to GCHQ's legal advice, it was given the go-ahead by applying old law to new technology. The 2000 Regulation of Investigatory Powers Act (Ripa) requires the tapping of defined targets to be authorised by a warrant signed by the home secretary or foreign secretary.However, an obscure clause allows the foreign secretary to sign a certificate for the interception of broad categories of material, as long as one end of the monitored communications is abroad. But the nature of modern fibre-optic communications means that a proportion of internal UK traffic is relayed abroad and then returns through the cables.

British spy agency collects and stores vast quantities of global email messages, Facebook posts, internet histories and calls, and shares them with NSA, latest documents from Edward Snowden reveal

Despite growing opposition in some quarters to ending the NSA’s program, a “clean” authorization — one that would enable its continuation without any changes — is unlikely, lawmakers from both parties say. Sen. Ron Wyden (D-Ore.), a leading opponent of the NSA’s program in its current format, said he would be “surprised if there are 60 votes” in the Senate for that. In the House, where there is bipartisan support for reining in surveillance, it’s a longer shot still. “It’s a toxic vote back in your district to reauthorize the Patriot Act, if you don’t get some reforms” with it, said Rep. Thomas Massie (R-Ky.). The House last fall passed the USA Freedom Act, which would have ended the NSA program, but the Senate failed to advance its own version.The House and Senate judiciary committees are working to come up with new bipartisan legislation to be introduced soon.

The tech firms and privacy groups’ demands are a baseline, they say. Besides ending bulk collection, they want companies to have the right to be more transparent in reporting on national security requests and greater declassification of opinions by the Foreign Intelligence Surveillance Court.

Some legal experts have pointed to a little-noticed clause in the Patriot Act that would appear to allow bulk collection to continue even if the authority is not renewed. Administration officials have conceded privately that a legal case probably could be made for that, but politically it would be a tough sell. On Tuesday, a White House spokesman indicated the administration would not seek to exploit that clause. “If Section 215 sunsets, we will not continue the bulk telephony metadata program,” National Security Council spokesman Edward Price said in a statement first reported by Reuters. Price added that allowing Section 215 to expire would result in the loss of a “critical national security tool” used in investigations that do not involve the bulk collection of data. “That is why we have underscored the imperative of Congressional action in the coming weeks, and we welcome the opportunity to work with lawmakers on such legislation,” he said.

The Freedom Act ultimately sped to passage in the House on May 22 by a bipartisan 303-121 vote. NSA advocates who had blasted its earlier version as hazardous to national security dropped their objections – largely because they had no more reason.Accordingly, the compromise language caused civil libertarians and technology groups not just to abandon the Freedom Act that they had long championed, but to question whether it actually banned bulk data collection. The government could acquire call-records data up to two degrees of separation from any "reasonable articulable suspicion" of wrongdoing, potentially representing hundreds or thousands of people on a single judicial order." That was not all.

"As the bill stands today, it could still permit the collection of email records from everyone who uses a particular email service," warned a Google legislative action alert after the bill passed the House. In a recent statement, cloud-storage firm Tresorit lamented that "there still has been no real progress in achieving truly effective security for consumer and corporate information."No one familiar with the negotiations alleges the NSA or its allies broke the law by amending the bill during the technical-fix period. But it is unusual for substantive changes to be introduced secretly after a bill has cleared committee and before its open debate by the full Senate or House."It is not out of order, but major changes in substance are rare, and appropriately so," said Norman Ornstein, an expert on congressional procedure at the American Enterprise Institute.Steve Aftergood, an intelligence policy analyst at the Federation of American Scientists, said the rewrites to the bill were an "invitation to cynicism."

"There does seem to be a sort of gamesmanship to it. Why go through all the troubling of crafting legislation, enlisting support and co-sponsorship, and adopting compromises if the bill is just going to be rewritten behind closed doors anyway?" Aftergood said.

Civil libertarians and activists now hope to strengthen the bill in the Senate. Its chief sponsor, Patrick Leahy of Vermont, vowed to take it up this month, and to push for "meaningful reforms" he said he was "disappointed" the House excluded. Obama administration officials will testify in the Senate intelligence committee about the bill on Thursday afternoon, the first anniversary of the Guardian's disclosure of bulk domestic phone records collection. That same day, Reddit, Imgur and other large websites will stage an online "Reset The Net" protest of NSA bulk surveillance.But the way the bill "morphed behind the scenes," as Lofgren put it, points to the obstacles such efforts face. It also points to a continuing opportunity for the NSA to say that Congress has actually blessed widespread data collection – a claim made after the Snowden leaks, despite most members of Congress and the public not knowing that NSA and the Fisa court secretly reinterpreted the Patriot Act in order to collect all US phone records.