The British Government Communications Headquarters, or GCHQ, maintains taps on fiber optic systems in the United Kingdom, according to the latest Guardian report from the Edward Snowden leaks. The scale of the operation and the centrality of the UK to global network traffic are one concern. How that data is used by the NSA is another.
Working closely with America’s National Security Agency, the GCHQ is about halfway done implementing “Project Tempora.” Comprised of two parts, suggestively dubbed “Mastering the Internet” and “Global Telecoms Exploitation,” the project aims to eventually allow the agency (and its partner) to survey over 90 percent of the cables that route through the United Kingdom, pulling data from 400 at once. “As of last year,” the Guardian reports, “the agency had gone half way, attaching probes to 200 fibre-optic cables each with a capacity of 10 gigabits per second. In theory, that gave GCHQ access to a flow of 21.6 petabytes in a day, equivalent to 192 times the British Library’s entire book collection.” Full content of transmissions is preserved for three days and metadata for 30. Between them, the GCHQ and NSA have 550 analysts poring over the data — and 850,000 people with top secret clearance can access it. We’ve known for weeks that the NSA shares its PRISM data with the UK; now we know it also goes in reverse.
But Tempora deals only with traffic in the United Kingdom, right? Well, no. Consider a highway, like Interstate 80 that runs from New York to San Francisco. It also runs through Des Moines. So if Des Moines decided to stop everyone passing on Route 80 to search their cars, they’d end up searching a lot of people who’d never planned on being in Des Moines at all.
In the GCHQ example, Interstate 80 would be one of the many fiber optic throughputs crossing the globe. You can see them all on SubmarineCableMap.com’s interactive graphic. When GCHQ wanted to get Tempora running, it first had to pick its Des Moines.
As the probes began to generate data, GCHQ set up a three-year trial at the GCHQ station in Bude, Cornwall. By the summer of 2011, GCHQ had probes attached to more than 200 internet links, each carrying data at 10 gigabits a second. “This is a massive amount of data!” as one internal slideshow put it. That summer, it brought NSA analysts into the Bude trials.
This is what the cables coming into the UK look like. Many of the lines that continue on to Northern Europe stop over in the UK first, waystations from which the GCHQ can take a sniff.
But there’s one waystation in particular that plays host to incoming traffic — especially from the United States.
Which raises a key question. By law, the NSA is only able to collect data on American citizens if it gets the approval of the Foreign Intelligence Surveillance Court — and only as long as the agency is targeting a foreigner. But can it use data collected on Americans by foreign countries? The Atlantic Wire spoke with Alex Abdo, staff attorney at the ACLU’s National Security Project. “I don’t know the answer,” he indicated, “but I suspect there are few” limitations to doing so.
The NSA has repeatedly assured members of Congress that its safeguards protect American privacy. The GCHQ has made no such assurances. And the Guardian reports, their intelligence agencies are pleased with the extent to which they can operate in the shadows.
In confidential briefings, one of [GCHQ]’s senior legal advisers, whom the Guardian will not name, made a note to tell his guests: “We have a light oversight regime compared with the US”.
The parliamentary intelligence and security committee, which scrutinises the work of the agencies, was sympathetic to the agencies’ difficulties, he suggested.
And American oversight mechanisms, of course, play no role at all. “When it came to judging the necessity and proportionality of what they were allowed to look for,” the Guardian reports, “would-be American users were told it was “your call”.”