The stormiest current issues for GCHQ have little to do with the United States. Instead they have everything to do with the troubled business of domestic interception. While the British government tends to present GCHQ as a foreign intelligence service like SIS, mainly concerned with the interception of foreign communications, as we have seen, the distinction between foreign and domestic is eroding fast. The claim that all domestic interception is now authorised by individual warrants requires an increasingly ingenious interpretation of the law, and there is considerable evidence of wholesale collection of communications. Indeed, several new developments mean that GCHQ has little choice but to head down the road towards wholesale collection, since many international groups such as terrorists and criminal gangs overlap seamlessly, with dispersed elements within British society.22
The issue of what is a domestic communication and what is foreign has been further muddied by Britain’s membership of the European Union. In recent years Britain has been attempting to persuade Europe to take on some of the odious burden of legislating for electronic surveillance of its own population. British Ministers wanted Europe to pass legislation that would require mobile phone companies and internet service providers to retain vast amounts of records relating to personal emails, details of web pages accessed and telephone calls for ten years, and for these to be made accessible to the police and intelligence services on request. The proposals were denounced by privacy campaigners as among the most wide-ranging extensions of government security surveillance over private individuals.23 Their main opponent was the internet industry itself, which resisted them vehemently, again stressing issues of privacy. In reality, its anxieties reflected pressure from business customers, since the authorities have a track record of being cavalier with personal data. They also reflect concerns about the high cost of storing data including the names and addresses of customers, the source and destination of their emails, websites visited and phone numbers called. All of this would be freely available to the authorities, since only access to the actual content of emails and telephone calls would require a warrant. GCHQ continually pressed for this, and in 2006 it finally passed into European law.24
GCHQ has also constituted a powerful but hidden voice in the debate over the proposed use of telephone intercepts in court. The British police and customs would like to see this legalised, but Cheltenham is adamantly opposed, arguing that it would sensitise GCHQ targets to the fact that they were vulnerable to surveillance. This is an element of the age-old tension between secret knowledge and the active use of secret knowledge, which has bedevilled sigint since its inception. Since 2001, several Home Secretaries have pressed for a review of the law, and have questioned why intercepted telephone conversations can only serve in court as ‘intelligence’, with their existence concealed from the defence. In 2004, Cabinet Ministers were presented with an inter-agency study entitled ‘Review of Intercept as Evidence’, the fifth occasion in ten years on which this matter had been debated. In 2005, limited use of intercepts as evidence appeared about to be approved when GCHQ intervened at the last minute, citing new technical developments and, remarkably, exercising a veto.25 There are strange anomalies in the law as it stands. A conversation collected by a radio microphone bug is admissible in court, but telephone intercepts are not. Moreover, telephone intercepts collected in other countries are admissible in British courts: when a former Merseyside narcotics squad chief was convicted over his corrupt relationship with a drugs baron, the prosecution depended on wiretap evidence from Holland.26 Rather sniffily, GCHQ explained that intercept evidence from other European countries can be used freely because Britain ‘is the only country which has…a strategic intercept and SIGINT capacity that is worth protecting’.27
GCHQ’s bizarre policy on phone-tap evidence is highlighted by American attempts to extradite the radical Muslim cleric Abu Hamza al-Masri (known to the British tabloid press as ‘Hooky’) on terrorist charges. Cheltenham had allegedly intercepted telephone discussions between Abu Hamza and a group that had kidnapped Western tourists in Yemen. Secret recordings of these conversations were made in December 1998 by experts from GCHQ who listened in on a specially purchased satellite phone. The transcripts were passed to MI5 and Special Branch in early 1999. This material cannot be used in British courts. However, almost identical material collected by NSA is likely to be central to any case against Abu Hamza mounted by the Americans. The British authorities are reportedly highly embarrassed that they have been shown to have evidence suggestive of persons involved in kidnapping and murder, yet did not take stronger action.28 In March 2009 the use of telephone intercept evidence was revisited for the sixth time in a decade, and it is now technically permitted, but is subject to so many conditions – including a GCHQ veto – that experts believe that in practice it will never be used in court. Iain Lobban, the current Director of GCHQ, has continued to assert that its use would represent ‘a very, very serious blow back to our capability’.29
Each time the use of intercept evidence in court has been suggested, it has been supported by the Prime Minister and the Home Secretary. The current Director of Public Prosecutions, Keir Starmer, and his predecessor, Ken Macdonald, are also in favour, and recently blamed ‘the spying agencies’ for the lack of progress. The ability of GCHQ to block the proposal is testimony to its considerable secret power within Whitehall and Westminster. Quite apart from the issue of secrecy, GCHQ does not wish to be drawn into the time-consuming business of preparing evidence for court proceedings. However, intercepts would resolve many difficult cases, including some of those relating to people currently held under what is effectively house arrest by means of controversial Control Orders. Many believe that the intercepts that supported these Control Orders would also have facilitated effective prosecutions.30
In 2008 the Home Secretary Jacqui Smith unveiled a new domestic intercept plan of truly breathtaking proportions when she announced the remarkable Intercept Modernisation Programme, or ‘IMP’. Costing an estimated £12 billion pounds, this project dwarfed even the massive Cheltenham ‘Doughnut’, and amounted to a surveillance concept so vast that it was beyond the bounds of the imagination. Given that intelligence-related IT projects have routinely run over budget by several times their agreed cost, it is hardly surprising that the Treasury squeaked with fear at the very mention of such an idea. The oddest feature of the IMP was that, despite the fact that Europe had finally agreed to compel internet service providers to retain all of their customers’ communications data within their own companies, the plan was to build a vast government-run silo to duplicate exactly the same function, recording and storing the details of every telephone call, email, text message and instance of web access by every person in Britain. The scheme was initially associated with the innocuously titled Communications Data Bill scheduled for 2009. Its stated purpose was bland – to ‘allow communications data capabilities for the prevention and detection of crime and protection of national security to keep up with changing technology’. However, Lord Carlile of Berriew QC, Britain’s independent reviewer of anti terrorist legislation, immediately expressed anxiety about the new government-run database: ‘As a raw idea it is awful.’ He added that it would lead to the authorities undertaking searches ‘willy-nilly’ and without review. Richard Thomas, the Information Commissioner, also denounced the IMP plans as ‘a step too far’, and entirely contrary to the British way of life.31
In late 2008, growing public hostility to IMP prompted the government to withdraw the Bill at the last minute. Instead, it has resolved to advance the plan by stealth. Remarkably, and without any legislation, a pilot scheme at an estimated cost of £2 billion is already under way, with sample ‘probes’ established at the facilities of one major fixed line telecom operator and one major mobile phone provider. The Home Office Minister, Lord West, has emphasised the important place of the private sector in this scheme. One alleged beneficiary is the security company Detica, which was bought in 2008 by BAE Systems Ltd. L
ocated in Guildford, it manufactures the strange black boxes – which enjoy the unlikely title of ‘deep packet sniffers’ – that enable intelligence services to siphon off material from the internet. Unlike the current black boxes that vacuum up content, the IMP would be a vast database of ‘who contacted who’ and ‘who looked at what’. By analysing a person’s social network as defined by their telephone calls, texts and emails, and then overlaying their internet use or combining it with their credit-card activity, an enormously detailed picture can be constructed of every individual and those they associate with.32
The British government has always insisted that IMP is merely about maintaining an existing and traditional capability to carry out interception in a world of rapidly changing technology. However, the reality looks rather different. In April 2009 the government advertised for senior staff to direct an ambitious programme called ‘Mastering the Internet’. With a title that might well have been borrowed from an episode of Doctor Who, this initiative could have been deliberately calculated to provoke anxiety on the part of privacy campaigners. Indeed, there was so much controversy in the press that, unusually, in May 2009 GCHQ had to issue an express denial. It stated: ‘GCHQ is not developing technology to enable the monitoring of all internet use and phone calls in Britain, or to target everyone in the UK.’ GCHQ’s argument is that the nature of telephone calls is changing, and they are increasingly passed over the internet. Without this new programme it will lose the intercept capability it has always had. However, this glosses over the fact that because it is difficult to separate out telephone calls from other kinds of internet traffic, and equally difficult to separate out records of who called who from actual call content, this modernisation unavoidably means a vast increase in collection.33
In August 2009, GCHQ’s denial that it had ambitions for massive surveillance met a direct challenge when Britain’s own telecommunications firms and internet service providers, including British Telecom and Virgin, condemned the IMP plan as an unwarranted intrusion into people’s privacy. The very companies that the British government was depending upon to help it to implement the scheme asserted strongly that government officials were not being straight with the public about the vast scale of monitoring they were planning. Their statement told the government that:
We view the description of the government’s proposals as ‘maintaining’ the capability as disingenuous: the volume of data the government now proposes [we] should collect and retain will be unprecedented, as is the overall level of intrusion into the privacy of citizenry…This is a purely political description that serves to win consent by hiding the extent of the proposed extension of powers for the state.
The companies also boggled at the mammoth scale of the private information they were being asked to retain on the telephone and internet use of British citizens: they complained that they did not even know of any equipment that would enable them to acquire and retain such a wide range of data.34
What does government want with all this detail? Even more puzzling is the fact that it is prepared to spend vast amounts of money to store this data itself, when it has already compelled the telecom companies and internet service providers to hold the same information. The answer is ‘data-mining’, the use of computers to comb through unimaginable amounts of information looking for patterns and statistical relationships. This practice now constitutes the most insidious threat to personal liberty. What makes surveillance different in the age of ubiquitous computing and the mobile phone is that our data is never thrown away. Machines routinely store millions of details about our everyday lives, and at some point in the future it will be possible to bring these all together and search them. Devices which were introduced to make life more convenient are also generating a detailed electronic narrative of our lives. In 2009 the British public sent sixty billion text messages, a fantastically detailed record of our personal interactions. At ‘Googleplex’, the corporate headquarters of Google, located at Mountain View in California, the company retains a record of every Google search a person has made on the internet for two years. In other words, in its memory banks Google effectively contains ‘virtual individuals’ that consist of a cross section of each user’s interests, tastes and thoughts. A decade ago, such data was discarded by many companies, but with the cost of warehousing it halving every two years, many now choose to retain it.35
NSA is already close to completing its own mammoth data silo. Located in a remote desert area of Utah, this facility is ‘above top secret’ and boasts a million square feet of space. Here, America’s largest intelligence agency stores the electronic detritus of the everyday lives of the nation’s citizens. Billons of phone calls, text messages, emails, web searches, passenger lists and parking tickets will be warehoused here forever. Super-computers will use elaborate programmes to trawl for suspicious relationships and patterns within this data.36 Where NSA goes today, GCHQ will go tomorrow. Sure enough, industry insiders have alleged that a similar centre is now being created inside ‘the Doughnut’ at Cheltenham, where a vast room of super-computers will hold an immense pool of personal information and protected data. Because it is not actual call or email content, no warrants are required for the authorities to gain access to this material, allowing limitless trawling of everyone.37 This is a whole new world of intelligence. Indeed, it is not really intelligence as we have traditionally understood it. In one sense it is a kind of sigint, given that much of it is derived from telephone calls, emails, texts and internet activity sent by means of a signal. However, very little of it is in code, so it is merely private or ‘protected information’ rather than ‘top secret’. Moreover, much of this information is from passenger transport lists and credit-card transactions, so it is initially collected by corporations, not government. What governments now wish to do is take this data over and use it to produce a wholly new kind of intelligence.
Data-mining, which allows governments to search for individuals or groups of people with particular types of behaviour, and to profile them as suspicious, is as powerful as it is dangerous. It is powerful because it allows the sifting of titanic amounts of private information, and it is dangerous because it often throws up ‘false positives’. In other words, some people will look suspicious because a number of chance activities have coalesced to generate something which a computer thinks is a problem.38 At present, data-mining is limited because government can only access so much information. But the appetite is clearly there. Under the Regulation of Investigatory Powers Act (RIPA) 2000, the British authorities can ask internet service providers or mobile phone companies to hand over details of the phone, email and internet habits of specific individuals without seeking a warrant. A staggering 504,073 such requests were made in 2008. Although this is too many, it is still ‘retail surveillance’, because it relates to individual persons. Data-mining is the next step, and to do this the authorities need constant access to everyone’s data.
IMP has been presented as a Home Office project, but just like GTAC, it will be impossible to implement without the participation of GCHQ. Predictably, GCHQ is now recruiting more experts in data-mining. Recent job advertisements for Cheltenham state: ‘At GCHQ, we are leaders in the emerging field of data stream mining,’ and that ‘the next few years are guaranteed to be an exciting time’ because of several new technologies which are ‘set to dramatically change the way large volumes of information are analysed’. Areas in which GCHQ is currently looking for skilled personnel include ‘development and interrogation of large databases’, ‘data-warehousing’ and ‘machine learning’. The latter is defined as ‘classification, prediction, clustering, pattern finding’.39
The growth of this powerful technical surveillance has alarmed senior lawyers and judges. On 20 October 2008, Sir Ken Macdonald QC, the Director of Public Prosecutions, delivered a public lecture shortly before his retirement. Entitled ‘Coming Out of the Shadows’, its subject was nothing less than technology and the future of freedom. He explained that the s
ame technology that has given us the impression that everything in the world is at our fingertips, and has made our lives immeasurably richer, has simultaneously given the state enormous powers. Because mobile phones and computers are ubiquitous, the government now has access to information about each one of us, and the ability to collect and store it at will ‘every second of the day, in everything we do’. He added that while this technology is important in the struggle against serious crime, the public also needs to understand that we are rapidly approaching a cliff-edge. He warned that
GCHQ Page 58