US and UK have history of mass surveillance

Britain and its allies have been secretly harvesting personal data since World War I. However, the latest leaks from whistle-blower Edward Snowden show that as states race to keep up with technology, they risk crossing ever more ethical and legal boundaries

By Peter Beaumont  /  The Observer, LONDON

Tue, Jun 25, 2013 - Page 9

Twelve years ago, in an almost forgotten report, the European Parliament completed its investigations into a long-suspected Western intelligence partnership dedicated to global signals interception on a vast scale.

Evidence had been taken from spies and politicians, telecommunication experts and journalists. In stark terms the report detailed a decades-old arrangement which had seen the US and the UK at first — later joined by Canada, New Zealand and Australia to make up the so-called “Five Eyes” — collaborating to access satellites, transatlantic fiber optic cables and radio signals on a vast scale.

This secretive (and consistently denied) cooperation was itself the product of a mutual agreement stretching back to World War I, expanded in World War II and finally ratified in 1948 in the so-called “UK-US Agreement.”

The problem for the authors of the Brussels report was that it had based its analysis on scattered clues and inferences: “It is only natural ... that secret services do not disclose details of their work... The existence of such a system thus needs to be proved by gathering as many clues as possible, thereby building up a convincing body of evidence.”

Despite the limitations of such detective work, the parliamentarians came to a deeply troubling conclusion: the “Five Eyes” were accessing the fiber optic cables running under the Atlantic Ocean.

Not only that, the report concluded tentatively, but it was the UK specifically among the five partners — and its Government Communications Headquarters (GCHQ) in particular — which it suspected had been given primary responsibility for intercepting that traffic.

“The practical implication,” the report said, “is that communications can be intercepted at acceptable cost only at the terminals of the underwater cables which land on their territory.”

“Essentially they can only tap incoming or outgoing cable communications. In other words, their access to cable communications in Europe is restricted to the territory of the UK,” it added.

That GCHQ was at the very heart of secret efforts to tap into the Internet and cable-carried telephony was confirmed in the most dramatic terms on Friday last week by the latest batch of documents to be leaked by former US National Security Agency (NSA) contractor Edward Snowden, who is now being sought by the US government for alleged theft and breaches of the US Espionage Act.

Those documents, published by the Guardian, not only describe the UK’s lead role in tapping the cables carrying global Internet traffic — enjoying the “biggest Internet access” of the “Five Eyes” — but its efforts to suck up ever-larger amounts of global data to share with its partners, principally with the US.

From a handful of cables at the beginning, the UK is now able, according to the documents, to access about 200 on a daily basis and store the information contained within for up to 30 days for analysis, including up to 600 million “telephone events” each day.

GCHQ’s own excitement at the scope of its reach is evident in the documents, in which there is an excited reference to an ability to collect “massive amount of data!” and to “producing larger amounts of metadata [the basic information on who has been contacting whom, without detailing the content] than [the] NSA.”

Up to the late 1980s, in excess of 90 percent of all international voice and data traffic, including diplomatic cables, was being carried by satellite and microwave networks. That began to change rapidly in 1988 when AT&T finished laying the first undersea fiber optic cable from New Jersey to the UK.

Even before that project was completed, the NSA was already experimenting with how to gain access to the cables, efforts that would lead to the US making its first attempts to bug one in the mid-1990s with an underwater vehicle.

Now, the documents seem to suggest, access is achieved through some degree of cooperation — voluntary or otherwise — from the companies operating the cables or the stations at which they come into the country. In addition to confirming details of how the partnership functions, the latest disclosures from Snowden also describe in detail what appears to be one of its latest iterations — Project Tempora — initiated about four years ago.

The direct descendent of earlier UK-US treaty programs, Project Tempora’s purpose remains the hoovering up of the largest amount of signals intelligence, principally in the form of metadata. Then, as now, it appears the priorities are not only related to national security, but also economic advantage — interventions which can be justified under UK law by reference to the ill-defined notion of “economic well-being.”

In one sense, GCHQ is simply trying to keep up with the dizzying pace of technological development in recent decades. As the most recent batch of leaked documents has made clear, interception, like drugs-testing in sport, has tended to lag one step behind technology.

“It is becoming increasingly difficult for GCHQ,” the authors of one memo write, “to acquire the rich sources of traffic needed to enable our support to partners within HMG [Her Majesty’s government], the armed forces and overseas.”

However, the dangers lie in the various legal and ethical thresholds being crossed in the race to catch up with the proliferating forms of communication. According to the leaked Snowden documents, the latest attempts to improve interception of Internet communications began in earnest in 2007. The first experimental project was run at GCHQ’s outpost at Bude in Cornwall, southwest England.

Within two years it would be judged enough of a success to allow analysts from the NSA to have access to the new project, which by 2011 would be capturing and producing more intelligence data in the UK than the NSA did in the US.

Other documents underline how the decades-old intelligence arrangement has worked, not least how within the UK-US treaty different roles have been subcontracted to partners for both practical and regulatory reasons.

Such potential subcontracting has long been at the heart of international legal concerns over how surveillance material is shared between the “Five Eyes.” The suspicion is that individual states within the agreement can produce material for partners that might be illegal to gather in the other collaborating states, including the US.

Shami Chakrabarti, the director of Liberty, said on Saturday: “The big point we should recognize is that states tend to have a broader license to snoop abroad and a tighter one at home. What we are seeing is states’ ability to subcontract their dirty work to others.”

Then there is the question of oversight. The UK government claims that the interception in such a broad fashion is authorized by ministers under at least 100 certificates issued under section 8(4) of the Regulation of Investigatory Powers Act (RIPA), which allows sweeping and indiscriminate trawls of data.

However, Alex Bailin QC, an expert on surveillance at the Matrix Chambers, is skeptical.

“We are told there is proper oversight, but the question is whether ministers simply sign these certificates. But I wasn’t even aware section 8(4) existed until Friday,” he said.

Like Chakrabarti, Bailin suspects that intelligence agencies are subcontracting out surveillance to foreign partners.

“The reality is that RIPA is incredibly complex and full of legal loopholes that permit this kind of thing,” he added.

The European Parliament’s thesis has been confirmed by the Guardian’s revelations. Now the legal and ethical scrutiny can begin in earnest.