Britain’s electronic surveillance agency, Government Communications Headquarters, has long presented its collaboration with the National Security Agency’s massive electronic spying efforts as proportionate, carefully monitored, and well within the bounds of privacy laws. But according to a top-secret document in the archive of material provided to The Intercept by NSA whistleblower Edward Snowden, GCHQ secretly coveted the NSA’s vast troves of private communications and sought “unsupervised access” to its data as recently as last year – essentially begging to feast at the NSA’s table while insisting that it only nibbles on the occasional crumb.
The document, dated April 2013, reveals that GCHQ requested broad new authority to tap into data collected under a law that authorizes a variety of controversial NSA surveillance initiatives, including the PRISM program.
PRISM is a system used by the NSA and the FBI to obtain the content of personal emails, chats, photos, videos, and other data processed by nine of the world’s largest internet companies, including Google, Yahoo!, Microsoft, Apple, Facebook, and Skype. The arrangement GCHQ proposed would also have provided the British agency with greater access to millions of international phone calls and emails that the NSA siphons directly from phone networks and the internet.
The Snowden files do not indicate whether NSA granted GCHQ’s request, but they do show that the NSA was “supportive” of the idea, and that GCHQ was permitted extensive access to PRISM during the London Olympics in 2012. The request for the broad access was communicated at “leadership” level, according to the documents. Neither agency would comment on the proposed arrangement or whether it was approved.
Last June, in the wake of the Guardian‘s PRISM disclosures, British Foreign Secretary William Hague issued a lengthy statement declaring that “the arrangements for oversight and the general framework for exchanging information with the United States are the same as under previous governments.” Warrants to intercept the communications of any individual in the United Kingdom, the statement read, must be personally signed by a cabinet secretary.
Likewise, the British Intelligence and Security Committee reported in July that, after reviewing “GCHQ’s access to the content of communications, the legal framework which governs that access, and the arrangements GCHQ has with its overseas counterparts for sharing such information,” the spy agency’s collaboration with the NSA was within the bounds of British law.
But the broader access secretly sought by GCHQ only months earlier appears to have been unprecedented – and would have placed fewer restrictions on how the NSA’s surveillance data is obtained and handled by British spies.
In response to the revelation, British member of Parliament Julian Huppert has accused government officials of issuing statements intended to “deliberately mislead” about GCHQ’s surveillance programs and called for an overhaul of the current system of oversight.
Eric King, head of research at London-based human rights group Privacy International, said that the latest disclosure raised “serious concerns” about whether GCHQ has pushed for the ability to sift through data collected by the NSA in a bid to circumvent British laws restricting the scope of its surveillance.
“GCHQ’s continued insistence that it is following the law becomes less credible with every revelation,” King told The Intercept, adding that he believed the agency was “stretching its legal authorities with help from international partners.”
GCHQ’s request is outlined in an NSA memo marked “top secret” and “noforn” – agency jargon for “no foreigners.”
It was prepared last year for Gen. Keith Alexander, then director of the NSA, in advance of a visit by Sir Iain Lobban, chief of GCHQ. Lobban was scheduled to attend a dinner at Alexander’s home on April 30, 2013. The following day, the two spy chiefs were to have a “one-on-one discussion,” and Lobban was to be given a tour of NSA headquarters in Fort Meade, Maryland, complete with demonstrations of the agency’s operations.
The memo includes talking points for Alexander on issues related to Syria and Iran, and also warns that GCHQ is being “challenged with their activities and operations being subject to increased scrutiny and oversight from their government (and public).” Alexander was told that Lobban might ask about the safeguards in place to prevent any data that GCHQ shared with the NSA from being handed to others, such as Israel, who might use it in “lethal operations.”
Under the heading “key topic areas,” the document notes that gaining “unsupervised access” to data collected by the NSA under section 702 of the Foreign Intelligence Surveillance Act “remains on GCHQ’s wish list and is something its leadership still desires.”
Section 702 of FISA grants the NSA wide latitude to collect the email and phone communications of “persons reasonably believed to be located outside the United States.” It authorizes PRISM and several other programs – with codenames such as BLARNEY and STORMBREW – that covertly mine communications directly from phone lines and internet cables.
The memo adds: “NSA and SID [Signals Intelligence Directorate] leadership are well aware of GCHQ’s request for this data, and the steps necessary for approval. NSA leadership could be asked whether we’re still supportive of this initiative.”
GCHQ was previously reported to have had some level of access to PRISM since at least June 2010, generating 197 intelligence reports from the data in 2012. However, the British agency appears to have been unsatisfied with limits placed on its use of the system.
While GCHQ’s ultimate aim was to gain “unsupervised” access to the NSA’s FISA databases, as of April 2013 it had already successfully lobbied for increased access to the trove “supervised” by the NSA. The newly disclosed Snowden document indicates that GCHQ was close to concluding a deal to gain the supervised access to communications collected under FISA as part of a program called “Triage 2.0.” This deal, under unspecified conditions imposed by the NSA, was “awaiting signature” from the British agency in April 2013, according to the document.
In addition, the top-secret memo notes that the NSA had separately agreed with GCHQ to share data on a broader “unsupervised” basis as part of a program called Olympic Option.
Olympic Option was a surveillance program operated during the London Olympics in 2012, under which at least 100 GCHQ operatives were given access to the PRISM system “throughout the Olympic timeframe,” ostensibly to identify potential terror threats. In a single six-day period in May 2012, according to a top-secret PowerPoint slide, GCHQ received 11,431 “cuts of traffic” from communications intercepted using PRISM. (“Cuts” is a term used by the NSA to describe extracts of conversations that it collects.) The memo prepared for Alexander describes the British request for unsupervised access to FISA 702 data as “in a manner similar to Olympics Option [sic].”
The data sharing between the agencies during the Olympics, though, was not isolated to PRISM. It also encompassed large volumes of metadata – such as the “to” and “from” details from an email but not the content of the message itself – as part of a more expansive Olympics surveillance effort. The NSA was funneling troves of intercepted data to GCHQ from a system called GHOSTMACHINE, a massive cloud database used by the NSA to analyze metadata and store, according to one document in the Snowden archive, “100s of billions of entries.”
The NSA declined to answer a series of questions from The Intercept about its surveillance cooperation with GCHQ or comment on whether the arrangement has involved sharing information on Americans’ communications.
In a statement, NSA spokeswoman Vanee Vines said that the agency is legally barred from sharing intelligence collected under PRISM and similar programs “unless the Foreign Intelligence Surveillance Court has first approved minimization procedures, which must comply with the Fourth Amendment and limit the collection, retention and dissemination of information about U.S. persons.” Vines added that, in response to a “genuine threat of terrorist attack” surrounding the 2012 Olympics, the U.S.intelligence community “took steps authorized by law and consistent with the Constitution to protect Americans and citizens of other countries.”
Similarly, GCHQ refused to answer any questions on the record about the documents. The agency issued its boilerplate response to inquiries, insisting that its work “is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight.”
Earlier this month, a report by the U.K. government’s communications interception commissioner deemed GCHQ’s arrangements with the NSA to have been within the law and said that the agency was not engaged in “indiscriminate random mass intrusion.”
But the newly revealed documents raise questions about the full extent of the clandestine cooperation – key details about which appear to have been withheld from lawmakers.
Huppert, the member of Parliament, served on a committee that reviewed – and recommended against – a push from the British government for more powers to access private data before the Snowden materials became public last year.
At no point during that process, Huppert says, did GCHQ disclose the extent of its access to PRISM and other then-secret NSA programs. Nor did it indicate that it was seeking wider access to NSA data – even during closed sessions held to allow security officials to discuss sensitive information. Huppert says these facts were relevant to the review and could have had a bearing on its outcome.
“It is now obvious that they were trying to deliberately mislead the committee,” Huppert told The Intercept. “They very clearly did not give us all the information that we needed.”
Decrying the process as a “good example of how governments should not behave,” the Liberal Democrat parliamentarian is calling for significant reform of the U.K.’s current surveillance regime.
“I want to see much greater clarity on how we have oversight, because it is currently not fit for purpose,” he says. “We need much more transparency about what is happening. And we need to revise our laws, because our laws clearly have too many loopholes in them.”
Documents published with this article: