Government Commmunications Headquarters (GCHQ)
“They are worse than the U.S.” – Edward Snowden
The widespread surveillance practices of the British and U.S. governments, unveiled by Edward Snowden in June last year, put Britain’s Government Communications Headquarters (GCHQ) and its U.S. equivalent, the National Security Agency (NSA), at the centre of a worldwide scandal. As part of its project “Mastering the Internet”, GCHQ has developed the world’s biggest data monitoring system. Supported by the NSA and with the prospect of sharing data, the British agency brushed aside all legal obstacles and embarked on mass surveillance of nearly a quarter of the world’s communications.
Tempora: interception of source data
The UK lies in a geographically advantageous position to access the hardware “backbone” of the Internet. This consists of 263 submarine cables that criss-cross the world and are owned by the big names of the World Wide Web, such as Verizon, Orange and Alcatel-Lucent. Most of the world’s telecommunications are carried on this network. Some of these cables – 49 to be precise – run under British beaches. Thus the United Kingdom is an unparalleled transit point for telecommunications between Europe and North America.
There are a number of landing stations for these submarine cables around the British coast. The best-known is at Bude in Cornwall, which host seven cables including Apollo North which links the UK and the United States, and more particularly TAT-14, which connects the United States and Europe. The latter showed up in one of the U.S. diplomatic cables disclosed by WikiLeaks in a list of “essential resources”. Bude is no ordinary small coastal town. It hosts a satellite monitoring station built in the 1960s, known as GCHQ Bude.
The NSA has been particularly interested in it, since the proximity of a monitoring facility and a submarine cable landing station provides a unique opportunity to monitor vast quantities of data. It even provided a budget of £15.5m for its technical redevelopment.
According to The Guardian, the Tempora program was launched in 2011. The Bude monitoring station became a pilot scheme for the mass interception of data carried by the submarine cables. Seven terabytes of data per day transit via Bude, 10 percent of global Internet traffic.
The Guardian understands that 300 analysts sift through the data. However, the success of the Tempora project is mainly thanks to assistance from the telecoms companies that manage the cables. Among them are British Telecom, Global Crossing, Interoute, Level 3, Verizon, Viatel and Vodafone Cable, all of which are known to have links with the British intelligence service.
Some of these companies have made their infrastructure available to GCHQ, allowing it to place hundreds of wiretaps in submarine cable landing stations.
GCHQ thus gathers an unprecedented quantity of information including data on British and foreign citizens whose exchanges have transited, for example, via servers based in the United States.
Millions of emails, telephone calls, browsing histories and all types of digital content have thus been intercepted by GCHQ and shared with the NSA. Documents disclosed by Snowden explain that the British agency keeps the content, including the contents of emails and telephone conversations, for three days and the metadata, such as login times, telephone numbers, originators and addressees and email subjects, are kept for 30 days, a boon for both GCHQ and the NSA.
EdgeHill: decryption on a vast scale
There are several methods of encrypting Internet traffic. The simplest is to use the protocol https, which works by using digital certificates supplied by companies known as certification authorities. The certificates guarantee the confidentiality of online exchanges. Documents published by Edward Snowden showed that GCHQ has a program, known as EdgeHill, designed to break the encryption provided by the three main certification authorities.
The use of a Virtual Private Network (VPN) is another method of encrypting Internet data. EdgeHill’s other objective is to target the encryption keys of some 30 VPN providers.
As part of the same program, GCHQ targeted the encryption installed to protect information hosted by Hotmail, Google, Yahoo and Facebook in 2012.It expects to crack the encryption of 15 certification authorities and 300 VPN providers by 2015.
According to the security expert Bruce Schneier, confidence in the Internet is based on cryptography. Uncertainty about the confidentiality of Internet communications can lead to self-censorship, and ultimately lead to an end to the use of the network for communications. By targeting the means of ensuring the confidentiality of online information exchanges, GCHQ has undermined the very basis of users’ confidence in the Internet.
Confusing journalism and terrorism
Snowden’s disclosures exposed the activities of the U.S. and the UK. The possession by The Guardian of files provided by Snowden, some of which proved that GCHQ carried out widespread surveillance of ordinary citizens, incurred the wrath of Prime Minister David Cameron’s government. The paper’s editor Alan Rusbridger spoke of the pressure from Whitehall to suppress the scandal of the GCHQ wiretaps. Rusbridger was contacted by Sir Jeremy Heywood, the cabinet secretary, who gave him an ultimatum: hand over the files or face legal action.
Faced with these threats, issued in June last year just after the first stories in the “NSA files” series appeared, Rusbridger agreed to destroy the data, having previously sent copies to two publications based in the United States under the protection of the First Amendment to the U.S. constitution. A surreal scene unworthy of British democracy then took place in the basement of The Guardian’s offices, where GCHQ officials supervised the destruction of computer hard disks containing the files.
The British government did not stop there. On 18 August last year, David Miranda, the partner of former Guardian blogger Glenn Greenwald, was detained at Heathrow Airport on his way home to Rio de Janeiro from a business trip to Berlin. He was held for nine hours under the UK’s Terrorism Act and all his equipment was seized.
The wrongful arrest of Miranda, although clearly linked to his and Greenwald’s activities and unrelated to any alleged terrorist activities, was not ruled unlawful when he challenged it in the High Court. However, Frank La Rue, the UN special rapporteur on freedom of expression, expressed concern about the abuse of anti-terrorism powers in the UK: “The protection of national security secrets must never be used as an excuse to intimidate the press into silence and backing off from its crucial work in the clarification of human rights violations.”
Earlier this month, leaked documents published by Greenwald showed how GCHQ and the NSA persecuted WikiLeaks and the “human network” that supports it.
A presentation used by GCHQ to explain the capabilities of its unit the Joint Intelligence Threat Research Group shows screenshots of a program codenamed “Anticrisis Girl”, allowing the analysis of data gathered as part of Tempora.
WikiLeaks features prominently among the “targets” exposed by these screenshots. Those who use and visit WikiLeaks, whose only “wrongdoing” was gathering and publishing information in the public interest, have thus been victims of active surveillance. Similarly, users of the file-sharing website Pirate Bay have also been monitored.
The law be damned
The interception of telecommunications is enshrined in British law through the Regulation of Investigatory Powers Act 2000. This specifies that authorised surveillance must be proportionate to what is sought to be achieved by carrying it out, and that authorisation for legal telecommunications interceptions must be granted with the assurance that they are:
in the interests of national security
for the purpose of preventing or detecting serious crime
in the interests of the economic well-being of the United Kingdom
The large-scale wiretapping carried out by GCHQ under the Tempora program clearly contravenes these principles since they are carried on a large scale and systematically, and are thus disproportionate. In order to comply with the law, GCHQ uses a loophole in the 2000 RIP Act which exempts the monitoring of foreign telecommunications.
Privacy International lodged a complaint against the British government in July last year, alleging data collection under the Tempora program was disproportionate. In January, a report by the European Parliament said GCHQ’s surveillance activities appeared to be illegal. A member of the British Parliament, David Heath, has called for new legislation to ensure Britain’s intelligence agencies can never intercept phone calls or email data without a specific warrant.
In a report on Internet surveillance published in June last year, the UN’s Frank La Rue said the legal framework for surveillance must adhere to the principles of necessity and proportionality. Extreme surveillance measures should be used only as a last resort and when all other means have been exhausted.