Documents

Operational Legalities – GCHQ Powerpoint Presentation

Jun. 22 2015 — 10:55a.m.

/156
1/156

E: E. E. at E: Operational Legalities

Not for display Beware: there are several hidden slides in this presentation. If you see this you will also see the other hidden ones. 0 To find which are hidden, use slide sorter View 0 There?s a print option to ignore hidden slides

Agenda Legal Framework Tasking Targeting incl Location/Nationality SD Coffee/tea What,s OUT g?condlpat?tiesgk I Data Protection Issemina Ion ISC osure . . ff Safeguards Oversight 0 ma secre Wrap_up FOIA Thia information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information leghlation. Refer any:r queries to GCHQ on - x- or [email protected]

Operational Legalities Legal Framework This information is exempt under the Freedom oflnformation Act 2000 FGIA) and may:r be exempt under other UK information legislation. Refer any:r queries in GCHQ on - x- or [email protected]

Legal Framework Intelligence Services Act 1994 - functions; property interference; oversight Human Rights Act 1998 - public authorities must act in accordance with ECHR Regulation of Investigatory Powers Act 2000 - interception; safeguards; oversight Wireless Telegraphy Act 2006 - interception/interference This information is exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r FGLA queries to GCHQ on - x- or [email protected]

Intelligence Services Act 0 applies to all operations under control of Director GCHQ defines SIGINT function prescribes purposes for SIGINT function: National Security Economic Well-being of the UK (EWB) Prevention/detection of serious crime under the Freedom oflnformatlon Act 2000 FGIA) and mayr be exempt under other UK information leg?Blation. Refer any:r queries to GCHQ on - x- or [email protected]

Human Rights Act 1998 incorporates the ECHR into UK law 0 requires all UK public authorities to act in accordance with the ECHR - allows actions against public authorities by aggrieved parties 0 RIPA, ISA and WTA are the vehicles through which ECHR or compatibility? are met under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information leg?Blation. Refer any:r queries to GCHQ on - x- or [email protected]

The European Convention on Human Rights (ECHR) Article 8 is of most obvious relevance to GCHQ: 7L 8.1. ?Everyone has the right to respect for his private and family life. his home and his correspondence. it 8.2. ?There shall be no inten?erence by a public authority With the exercise of this right except such as is in accordance with the law and is under the Freedom oflnformation Act 2000 FGIA) and manyr be exempt under other UK information leghlation. Refer newr . 1 .. I: - x- or [email protected]

The European Convention on Human Rights the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of public health and morals, or for the protection of the rights and freedoms of others.? under the Freedom eflnfermetmn Act 2000 FGIA an menr be exempt under other UK infermatien leghlatbn. Refer ?anyr queries In GCHQ en - ch . 5?

Need for authorisation ensures compliance with requirements of ECHR and HRA SIGINT intercept/CNE is illegal in UK without it offences) 0 gives visibility of operational activities to GCHQ seniors 505 under the Freedom oflnformation Act 2000 FGIA and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - i x- or [email protected]

Authorisation Regulation of Investigatory Powers Act 2000 Interception 8: surveillance Intelligence Services Act 1994 Effects Wireless Telegraphy Act 2006 Interception interference with wireless telegraphy under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r FGLA queries to GCHQ on - x- or [email protected]

Regulation of Investigatory Powers Act 2000 (RIPA) 9n interception in the UK of comms carried on a public or private telecommunications system i surveillance covert human intelligence source (CHIS) activity acquisition of comms data 9n not just applicable to GCHQ under the Freedom oflnformation Act 2000 FGIA and manyr be exempt under other UK information legislation. Refer ?any:r queries to GCHQ on - i x- or

RI PA warrants 5. 8(4) ?external? warrants authorise ?at least one end foreign? interception authorise selection according to Certificate entries 9t target must be outside the UK (absent additional authorisation) ensure individuals? ECHR rights are protected on a world-wide basis This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information leghlation. Refer amlr queries to GCHQ on - x- or [email protected]

RIPA warrants 5. 8(1) ?line-access' warrants 9n warrant authorises target (person or premises) in the UK schedules give telecomms addresses 9n schedules are served on those who can provide the communications (usually CSPs) 9L PRESTON This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information leg?Blation. Refer any:r queries to GCHQ on - or [email protected]

RI PA warra certificates 6 months? duration for N5, 3 months for SC 7t approval and renewal by Secretary of State 7t can be modified addresses, categories i urgency provisions This information exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - or [email protected]

ISA warrants authorisation Computer Misuse Act 1990 (CMA) s.5 warrant necessary if target computer is in the British Islands (NS only) - s.7 authorisation if elsewhere mimics RIPA warrantry - s.7 subject to internal procedures under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - x- or [email protected]

ISA warrants authorisation - 6 months? duration; only not SC for warrant but possible for authorisation approval and renewal by Secretary of State A modification A urgency/operational effectiveness provisions This information exempt under the Freedom oflnformatlon Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - or [email protected]

Wireless Telegraphy Act - authorises interception of wireless telegraphy, ie that not covered by RIPA - Secretary of State issues but without limit of time 0 still needs to be proportionate This information exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - x- or [email protected]

RIPA Directed Surveillance Authorisations - GCHQ does directed surveillance when it observes a target with intention of gathering private data on the target's private life, associates and/or activities - excludes historical research eg computer forensics This information fs exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - or [email protected]

Questions? Thi5 infermatien exempt under the Freedom eflnfarmetien Act 2000 FGIA) and manyr be exempt under other UK inferma?en leghlatien. Refer ?any:r queries In GCHQ en - x- or [email protected]

Operational Legalities Tasking and Targeting This information is exempt under the Freedom oflnformation Act 2000 FGIA) and may:r be exempt under other UK information legislation. Refer any:r queries to GCHQ on - x- or [email protected]

Principles . We operate within the law . We can demonstrate that we operate within the law . Staff have the information they need to be able to comply with the law under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer ?any:r queries to GCHQ on - x- or [email protected]

All we do has to be: 9? authorised where necessary, under law (ISA, RIPA, WTA), or policy 7? necessary NS, EWB or plus more specific intelligence requirements 9? proportionate manner and extent to which requirement is being met under the Freedom oflnformation Act 2000 FGIA) and moor be exempt under other UK information legislation. Refer ?any:r queries to GCHQ on - x- or [email protected]

What activities does that apply to? tasking access targeting retention database queries dissemination TD pioneering SD under the Freedom oflnformation Act 2000 FGIA) and menr be exempt under other UK information legklation. Refer ?anyr queries to GCHQ on - x- or [email protected]

Tasking A ?at least one-end foreign' interception is authorised by external RIPA 8(4) warrant A selection is authorised according to Certificate entries A individuals? ECHR rights are protected on a world-wide basis This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer amlr queries to GCHQ on - x- or [email protected]

Targeting name - communications addresses 0 web service authentication data 0 ID card number or passport number 0 driving licence number 0 car registration number 0 bank card/credit card account numbers This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - x- or [email protected]

BROAD OAK - strategic target knowledge database 0 users justify and review retention of target knowledge - justification of targeting selectors separate, but may be cascaded from target. Will be default in future iteration of BROAD OAK This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information leg?Blation. Refer any:r queries to GCHQ on - or [email protected]

:9 ?reeling - Hines!? lrnemel Ehimwl=m1mnu=b .. . .. mg gal-1mm; gnaw radium-mung; ?MimF-?ql {lab-1mm ?ne-emu 35mm. ~5.33m gignwm?q. gamma {?1me ?mum gm TBP UH '5 [lr-lL'I' @9033: Hg; . stun-1i Ina-u El'r'i 'Ti-nr'qa - New Heleuur nary-?ing a mm mm um Ma whip. Err-6i" 1.ralIu-au? Description: 'Businm Email Fm"- H'au?mum El?n-1mm; Pas-.1qu Ella! sum Ea'fgrium Frog: nac- Claw-lat: - ??hm?l?MaHR?I?Iislnq - . Team DelaierF? - Weaiiltll'ls Tar-lath: Hame- Suing: Targeted. an: Eiuim: m: l' m?eulew my: [Iain-?Eons HM Retell-jawed m: El 6F her-15 FRDH 1-in- Ju?Im a! In. cumming -- ?emerge; 1132.311. ma. rm mama" EW: mum; Inn-:4 Hit-alumina?; . sheen ?utllu. warmr? hri?l?dl?r- Warrant Expiry: .-. nge? Mpli?m?un: Elia. urn- I - ,El mm Fm,? ?Mu Fae-seen OH. E. Date Deaem'a'te?. mamabau Eli. Date Suhnitted: immune LasLUMateu ay- Lee: mama-unam: museum it it I: . . gun-1 rm D-hner?ip t-c- uin Urunnrr: WIUREEHT Primh: ?3 eunirll?rp if ail-dun . rlupunzbl-I 31D: 7 Eat: 253':'5 eF ?mi-?lm] Fur 'Ihle 'Ii . I I Luv?; Hen C?urh'y [Mr-ap'h. -EE- Chm. HJA . .. .. .. "Linn main? Jar.? Tia-?ileum Fmtelxm Sew-1t? Lat-El: I SEERET unmercnwauemz Ewe mm Illa-den: ?lm-HH- m?mw In {E'Iim??ent?elemunin any-me rit D-I'l'n-5cm; eel: Lu ruler-E sans :r samurai]: 553-! HME 5M5 31' EMWM SAHDICT LR: EH HGHE 53E 3 This inform-alien is exempt under the Freedom ref Infurn?taljen Act FDIAII and man.r be exempt under ether UH: infunnatiun legislation. Refer any FDIA 'quen'? to GEHQ en- -er .1'1

This i nfo rmation Source field - be specific GCHQ report ref and date SRI id and date call records including root number unique customer reference ALWAYS INCLUDE A DATE e-mail from customer voice CRA ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and menr be exempt under other UK information leg?Blation. Refer ?any:r queries to GCHQ on - x- or [email protected]

Intelligence requirements 0 use MIRANDA number that equates to intelligence requirement 0 TD - improving specific target knowledge, identifying new sources etc is justified by the intelligence requirement for that target 0 BOT - tick ?SigDevt' box under the Freedom oflnformation Act 2000 FGIA and mayr be exempt under other UK information leg?Blation. Refer any:r queries to GCHQ on - i x- or [email protected]

HRA justification explain exactly why you are targeting this individual don?t just repeat the MIRANDA number but add value BOT - cascade of target-level HRA justi?cation to selectors your responsibility to amend if necessary indirect targeting This information exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legBIation. Refer anyr queries to GCHQ on - or [email protected]

HRA justification Russian Minster for Foreign affairs dialling analysis links to Senior Russian energy policymaker wife of Russian Minister, targeted to provide travel details of target Employee at Chinese Embassy in London Presidential Administration Experts Directorate; access to info on Russian policy affecting UK Russian energy Chinese weapons programme This information exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legBIation. Refer anyr queries to GCHQ on - or [email protected]

This Revalidating targeting make sure it is clear why you are continuing to invade this person?s privacy, so: record your justification for continuing targeting make sure all ?elds contain the most recent information available ongoing process if you can no longer justify targeting, record your reason for deactivating and then deactivate information exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer anyr queries to GCHQ on - or [email protected]

Data content retrieval UDAQ, DISHFIRE, IIB not all data in these bases is ?selected? retrieval must be: authorised (lawful) necessary proportionate HRA screens; audit logs 0 target in UK datamining STA This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - or [email protected]

:3 . EH Edi anew Fay-mm Innhluel: I Audra-as mums ?gmemewn ??ier ?e 5 ?555 'jri'f Wen-la tool-i Lit. Item New Query Manager FreFereznces Help Intercept: IUpensc-Lurce I Recoverantere-epl: l? Famdalejieese ll? Famdale_l:24: I Select All I Deselect ell I I SEAR-EH TERMS. Hateh Operator ICentent ?le" er 1 Puter'naljcnalltr adde mu betweer?l all tel-mi :l enter?'? Free-Text Add Te Query I emu-[? NGTI I Query Type: Tran silent query- Name Description i] Unclassi?ed srene Cen?den tial DEN REESE I HESSE SUUNDER Top Secret Hesse sceeEL JUSTIFICATICHN a: Mir-andcl'ligle ?gene gtm? JIC Izl-rierll?lr Furpnse - ngal Guld?l??f view mew me?: under other .LI 7" - Dee trip-Hen Expiry Date QUERY I Dnly Reeulta. Limit to apprux Ilia?I iteme {Mex HEDGE): Schedule: F5 Notify C'l'l Sis-rel I search I lnfunnatiun legislatiun. Refer any FDIA qua-H's In GCHQ cm.- IEI fl?EW

UDAQ A JIC purpose A use appropriate MIRANDA number explain why you are running this query 9L principle applies to use of any Sigint database This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer anyr queries to GCHQ on - or [email protected]

Questions you should ask yourself 0 would my justification record be clear to a coHeague? 0 have I justified invading this person?s privacy? 0 will my successor understand? This information is exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - or [email protected]

Audits IPTs currently carry out targeting audit 10% of entries each year, randomly chosen all UK entries each year, wildcards each audit 0 quick check of record key HRA aspects: source field HRAjustification MIRANDA number revalidation - UDAQ Events also audited This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information leg?Blation. Refer anyr queries to GCHQ on - x- or [email protected]

Questions? Thi5 infermatien exempt under the Freedom eflnfarmatien Act 2000 FGIA) and manyr be exempt under other UK inferma?en leghlatien. Refer ?any:r queries In GCHQ en - x- or [email protected]

Operational Legalities Targeting: location and nationality This information is exempt under the Freedom oflnformation Act 2000 FGIA) and may:r be exempt under other UK information legislation. Refer any:r queries to GCHQ on - x- or [email protected]

Location, location, location A Law: specific RIPA authorisation for interception of a target located in the UK 9L Policy: internal authorisation (STA) for a target outside the UK if nationality and/or location is sensitive 9n all targets require HRA justification (GCHQ is a public authority interfering with individuals? human rights) This information ?5 exempt under the Freedom oflnformatlon Act 2000 FGIA) and mayr be exempt under other UK information leg? - ran ueries lo GCHQ on - x- or [email protected]

Location? without other information, assume: individual is in their country mobile phone is in country of registration email address with country digraph is there This information is exempt under the Freedom oflnformation Act 2000 FOIA) and mayr be exempt under other UK information legislation. Refer anyr queries to GCHQ on - or [email protected]

Location: belief knowledge 7t belief is n_ot 100% knowledge with hindsight; you must not ?turn a blind eye? 7t based on the information available at any particular time 7t this may vary - so should our response This information is exempt under the Freedom oflnformation Act 2000 FOIA) and mayr be exempt under other UK information legislation. Refer anyr queries to GCHQ on - or [email protected]

Target arrives or is discovered to be in the next? Consider authorisation options continuation targeting RIPA s.16(5) 5 working days (1 for SC) signed by GCHQ Directorate then over to customer RIPA 5.8(1) warrant under the Freedom oflnformation Act 2000 FOIA and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - ch . 5?

Target in the s.16(3) 9n frequent visitors to the UK or known targets 505 signature required modification to 8(4) certificate 7L new selectors may be used indirect targeting is not allo wed This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information leg?Blation. Refer any:r queries to GCHQ on - x- or [email protected]

If no authorisation is 7L examine and report traffic intercepted up to time you knew target was in UK 7L use B3M HRA ?register? to alert 7L check location using events or THUGGEE 9L examine a cut (B3M UDAQ) every 48 to check whereabouts under the Freedom oflnformation Act 2000 FOIA and mayr be exempt under other UK information legislation. Refer any:r - . i x- or [email protected]

Policy authorisations 0 STA and provide records of actions where UK &/or British Overseas Territory law does not require authorisation respect 2nd Party sensitivities actions are validated by a GCHQ senior (or nominated GC8s in ITT) we can justify targeting if challenged QC is mandatory 7 ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer anyr queries to GCHQ on - x- or [email protected]

Datamining STA Datamining STA for target in UK valid for two days named SCS officer signs STA one-off search - Count-only searches: no authorisation needed This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information leg?Blation. Refer any:r queries to GCHQ on - x- or [email protected]

Special C2C authorisations - special access to email communications 0 NS only; limited criteria 0 16(3) or STA also required if location or nationality sensitive - SCS or GC6 approval This information is exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - or [email protected]

SRA - authorises receipt of 2 or 3P intelligence on UK?based targets where GCHQ has no authorisation avoids indirect targeting 0 limited period only This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - or [email protected]

Operational Legalities SIGINT Development This information is exempt under the Freedom oflnformation Act 2000 FGIA) and may:r be exempt under other UK information legislation. Refer any:r queries to GCHQ on - x- or [email protected]

SD justification - Enhancing GCHQ's capabilities is a national security purpose 0 TD improving specific target knowledge, identifying new sources etc is justified by the intelligence requirement for that target This information ?5 exempt under the Freedom oflnformatlon Act 2000 FGIA) and mayr be exempt under other UK information leg?Blation. Refer any:r queries to GCHQ on - or [email protected]

SD proportionality Restrict to the minimum necessary: 0 refine wide initial terms 0 define length of task and/or volumes - limit dissemination and retention Aim: sustained targeting as soon as practicable This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information leg?Blation. Refer any:r queries to GCHQ on - or [email protected]

SD reporting 0 you may report from SD traffic - reporting guidelines reflect HRA requirements This information exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - or [email protected]

Content or metadata? voice mail boxes 0 SMS text 0 an email inside a message 0 email subject line 0 URL beyond the domain name (eg an attached routing diagram This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information leg?Blation. Refer any:r queries to GCHQ on - x- or [email protected]

Content or metadata? - IP address 0 email address - DTMF (tone dialling) - a URL up to the domain (eg - location This information exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legBIation. Refer any:r queries to GCHQ on - x- or [email protected]

Content or metadata? password authentication to a communications service communications data other passwords content cookie depends on data may be either This information ts exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - or [email protected]

Questions? Thi5 infermatien exempt under the Freedom eflnfarmetien Act 2000 FGIA) and manyr be exempt under other UK inferma?en leghlatien. Refer ?any:r queries In GCHQ en - x- or [email protected]

Second Parties Australia, Canada, New Zealand USA . . it: This information is exempt under the Freedom oflnformatien Act 2000 FGIA) pt under other UK informa?nn legislation. Refer ?any:r queries in GCHQ on - . and mayr be exem - or hq galgemuk

GCHQ and Second Parties - partners respect each others? laws and policies 2nd parties treat UK nationals as their own - GCHQ must not ask a 2r"d party to do something for which we would need a warrant - we must not task a 2nd party with targeting that would be unlawful in that country I . i - L533: This information is exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information leghlation. Refer any:r queries to GCHQ on - or [email protected]

USSID SP0018 No interception of persons in US without a warrant - Court order needed to intercept US persons outside the USA 0 your use of NSA collection databases mUSt reSQt Party laws _d o icies all .FE. - 7 kg This information is exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - x- or [email protected]

Operational Legalities Dissemination 8: Disclosure This information is exempt under the Freedom oflnformation Act 2000 FGIA) and may:r be exempt under other UK information legislation. Refer any:r queries to GCHQ on - x- or [email protected]

Dissemination A EP is sole vehicle for passing intelligence to customers Reporting Standards applies proportionality principle to EP This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information leg?Blation. Refer any:r queries to GCHQ on - or [email protected]

Disclosure SIGINT collected under RIPA may not be used in court Relevance to prosecutions A Public Interest Immunity PII certificates This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information leg?Blation. Refer any:r queries to GCHQ on - or [email protected]

Questions? Thi5 infermatien exempt under the Freedom eflnfarmetien Act 2000 FGIA) and manyr be exempt under other UK inferma?en leghlatien. Refer ?any:r queries In GCHQ en - x- or [email protected]

Operational Legalities Safeguards and Oversight This information is exempt under the Freedom oflnformation Act 2000 FGIA) and may:r be exempt under other UK information legislation. Refer any:r queries to GCHQ on - x- or [email protected]

RIPA safeguards 9n intercepted material must be destroyed as soon as its retention is no longer 9L it must be looked at, copied and disseminated to the minimum ?n a purpose authorised under the Act A as a matter of policy, GCHQ applies this ethos to all material it acquires, regardless of source policies for EP and data retention This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer anyr queries to GCHQ on - x- or [email protected]

Errors and breaches 7L mistakes happen and we report them A OPP-LEG and LA role: help advice A an apparent error may be: i? breaking the law . a breach of RIPA safeguards nothing to worry about! . A response: procedures, processes training This information exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - x- or [email protected]

Political oversight 7L Executive - a Secretary of State exercises authority over the I 5 services and is answerable to Parliament A Parliament - Intelligence 8: Security Committee examines expenditure, administration and policy (not operations); members within the circle of secrecy; reports annually to Parliament This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information leg?Blation. Refer anyr queries to GCHQ on - or [email protected]

Judicial oversight: Commissioners 7t Senior Judges: independent of HMG and Parliament 9n review Secretary of State's use of powers under 7L guaranteed access to agencies 9n annual reports to the Prime Minister This information exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - x- or [email protected]

Investigatory Powers Tribunal (IPT) comprises 8 independent lawyers investigates complaints against Agencies, law enforcement etc 0 anyone, anywhere may complain more than 40 people within GCHQ assist in responding to complaint; audit logs This information ts exempt under the Freedom oflnformatlon Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer anyr queries to GCHQ on - x- or [email protected]

The Tribunal will what did we do? 0 was the action authorised? was it necessary? 0 was it proportionate? - did GCHQ act reasonably within its powers? This information ?5 exempt under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information leg?Blation. Refer any:r queries to GCHQ on - or [email protected]

Operational Legalities Wrap up This information i5 exempt under the Freedom oflnformation Act 2000 FGIA) and ma?yr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - x- or [email protected]

Key points: does it legally? 1. Your work must be: - authorised - necessary - proportionate 2. Location: beware UK UKUSA seek authorisation 3. Errors: we are honest and report them under the Freedom oflnformation Act 2000 FGIA) and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - x- or [email protected]

What does this mean for me? 0Collection/technical staff: know what you can and cannot intercept -Collection mana? help ensure selectors are justified and proportionate oAnalyst/linguist: justify your targeting, seek warrant or STA where necessary oReporter: report only what is necessary to address the requirement This information entempt under 'Freemm of information Act 2000 FGIA) and mayr be exempt under other UK information legBIation. Refer anyr queries to GCHQ on - or [email protected]

Contacts 0 visit OPP-LEG in B4a - call 36559 0 email laigchq - OPP-LEG web pages compliance website speak to your Legal POC .. This information is exempt under the Freedom oflnformation Act 2000 FOIA) and mayr be exempt under other UK information legislation. Refer any:r queries to GCHQ on - or [email protected]

Legal 8: Policy Leads UPC-CHE erl: Freedom :15 Information Act Film] and men.r be exempt under other UK inl?omaticln legislation. Refer any FDIA queria tn GCHQ cm - a Dr

Questions? Thi5 infermatinn ?5 exempt under the Freed-3m eflnfarmatien Act 2000 FGIA) and manyr be exempt under other UK inferma?nn leghlatinn. Refer ?any:r queries 13:: GCHQ en - x- or [email protected]

Operational Legalities II I Protective marking of these notes: SECRET STRAPI Protective marking of slides: UNCLASSIFIED CORINTH Intro; welcome; aims legal framework and how to apply this in day- to-day work GCHQ operates within the law; everyone?s responsibility; but we?re here to help Training is part of that But we also: -Offer advice (desk, legal inbox, etc) aim for prompt service; lawyers always on hand as well; -Deal with warrantry and disclosure -Help shape new tools and applications -Develop new policy as new requirements emerge, esp. with new techniques, accesses etc that want to exploit Our job is to enable Sigint: we have processes that enable us to do things that would be illegal to the man on the street But with that comes responsibilities.

Not for display - Beware: there are several hidden slides in this presentation. If you see this you will also see the other hidden ones. - To find which are hidden, use slide sorter View - There?s a print option to ignore hidden slides

Agenda Legal Framework Tasking Targeting incl Location/Nationality SD Co?ee/tea What?s OUT Second Parties Data Protection Dissemination Disclosure Of?cial Secrets Safeguards 8i Oversight 01A Wrap-up Thu .5 unir rim or his ma?a-minim: bim?g?ff "r?m'm him-?m- m? mm ?3 - Structure Blue lawyer, green (red audience) 30-minute brief intro to legal framework - lawyer 30 minutes on how this is applied to tasking and targeting OPP-LEG 15 minutes coffee-tea break when you can pick up and read quiz sheets 15 minutes on SD and Second Parties OPP-LEG 15 minutes in groups to consider quiz 15 minutes led discussion on quiz questions 15 minutes on legal safeguards and oversight 15 minutes for wrap-up and further questions Handouts on targeting and feedback sheet at the end Reporting governed by same principles as targeting so covered in general terms, but IPUL do the detailed guidance Happy to take questions as we go along but if they?re on other areas please leave sure we?ye covered the main material ?rst. Ask about jargonll

Operational Legalities Legal Framework Thu Irfn'matnn l5 mn? I11.- Df Ad .2053 WWII.) and rncqur mnp! untr uU'rrLH nl'n'milm hgula?m. Rzl'rr arrf FCIHI. in GIHQ l'.l'l - JI- :Ir 9:1.le

Legal Framework Intelligence Services Act 1994 - functions; property interference; oversight Human Rights Act 1998 - public authorities must act in accordance with ECHR Regulation of Investigatory Powers Act 2000 - interception; safeguards; oversight Wireless Telegraphy Act 2006 - interception/interference The Irl'nn'nabnn l5 emf! umbrle Freedom Dl" ha! zoos and maybe Hermit u'lcbr ull'lrLN Irfn'rnallmlegubllm. Refer err,? FDTII. qumuz In ECHQ on - - - This is the legal framework that affect GCHQ Sigint operations and sets out the 3 main Acts. - ISA - governs the functions of GCHQ - HRA - helps protect people?s privacy in general NOT just their communications eg people round Heathrow?s new terminal feel their privan is being violated - it gained Roval Assent in 1998 but didn?t come into effect until 2 October 2000 when RIPA was set up. - RIPA is the mechanism we use by which we make it ok to carrv out interception - WTA covers interception of am; wireless telegraphv not covered by RIPA Background: - HRA was a manifesto commitment of the new labour govt in 199? to allow people under ECHR to pursue a case through the UK courts if grievance claim that their HR have been interfered with; rather than taking it to Strasbourg - Roval assent - act on statute books - signed by Queen - RIPA 2000 covered for interception and surveillance comms data provided for 5 Januarv 2004

Intelligence Services Act - applies to all operations under control of Director GCHQ - defines SIGINT function - prescribes purposes for SIGINT function: National Security Economic Well-being of the UK (EWB) Prevention/detection of serious crime This Is mm! unir of Irfn'rnatm Ad map! untr nl'n'rnatlm hgula?m. Rzl'rr in IIHQ on - '3 zero momma maybe -a-nr- mum-m Until 1994, GCHQ and SIS did not have an act in law to de?ne their function. BSS have the Security Services Act; ISA followed this. De?nition: to monitor or interfere with electromagnetic, acoustic and other emissions and any equipment producing such emissions and to obtain and provide information derived from or related to such emissions or equipment and ?om material Advice and assistance about languages and Broad covers passive collection; now also covers computer network exploitation; rare to ?nd something that it doesn?t cover. BUT Act does closely preso?ibe purposa for which GCHQ can exercise this function. 3 purposes. Jonny stealing a Mars Bar example! We are driven by customer requirements and need to make sure that what we are asked to do falls within these 3 categories (SC has four de?nitions, de?ned under RIPA). This is the hard law; it?s the basic starting point; once we have established that work meets this, move onto other considerations.

Human Rights Act 1998 - incorporates the ECHR into UK law - requires all UK public authorities to act in accordance with the ECHR - allows actions against public authorities by aggrieved parties - RIPA, ISA and WTA are the vehicles through which ECHR or compatibility? are met bl.- amp! u'lchr :Itl'lrrUH nl'n'rr?lm hgula?m. Refer mfFCIllI. [cl IIHQ - may - JI- :Ir 91rd?; Th5 Irl'cln'na?m I5 Freedom DfIrl'cln'nanm Ad .2 ECHR: post WW2, nations combined to ensure atrocities didn?t happen again -as a public authority it is unlawful for GCHQ to act in a way which is incompatible with a convention right - Public authorities are of 3 types: - government depts/health authorities/armed forces/police (NUT parliament) - courts and tribunals - personlorg carrying out functions of public nature (eg Railtrack when acting as safety regulator but not as commercial property developer) - Some are absolute: eg. right to life, to protection from torture, inhuman and degrading treatment and punishment - Some are limited eg. the right to liberty (unless you commit an offence) and to a fair trial can be limited under explicit and ?nite circumstances de?ned in the Convention itself. - Others are .. Term HRA will be known to many of you if you target, use Corinth easy to forget that this is part of UK law Point 3: compliance and oversight more later

The European Convention on Human Rights (ECHR) Article 8 is of most obvious relevance to GCHQ: 8.1. ?Everyone has the right to respect for his private and family life, his home and his correspondence. 8.2. ?There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic Thu mm"! E1: Front-n ofIrfn'rr?m hi1 cal:an bgulanm.2053 WWII.) and may l1- -a-nr- mam-m .- psal- Obvious why relevant to GCHQ examining forms of intercept; very intrusive. e.g. Heathrow night ?ights; partially successful. 8.2 is key right to privacy is not absolute. Public authorities may interfere 1with this if certain conditions are met. Brings concept of proportionality into UK law for ?rst time. Ends mustjuslify means; Sigint as last resort.

The European Convention on Human Rights the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of public health and morals, or for the protection of the rights and freedoms of others.? Thu mrr? H1: Fr?ch'n Ad .2053 mm untro?trLK nl'brrnatlm bgulanm. Rziirr In IIHQ on - gonad-z ?Just? 3 at the moment. No reason why remit could not be changed in future but this is 1what we are allowed to do at the moment.

Need for authorisation - ensures compliance with requirements of ECHR and HRA - SIGINT intercept/CNE is illegal in UK without it offences) - gives visibility of operational activities to GCHQ seniors 505 Thu Irfn'matnn new H1.- of Irfn'rr?m Ad .2053 WOW.) drna'rlr mm urltr nrn'rnatlm bgulanm. Rzl'cr n: GCHQ on - an - 1-Dr '?gi'lqgu grand-z 1. Hard reason criminal offence. Give example of journalist recentlv jailed. Civil servants are not immune from prosecution. 2. Soft reason. Means that someone, usuallv makes a judgement of proportionality and necessity. 3. Policy. 10

Authorisation Regulation of Investigatory Powers Act 2000 Interception surveillance Intelligence Services Act 1994 Effects Wireless Telegraphy Act 2006 Interception interference with wireless telegra phy Thu Irformotnn I5 mm! Eh.- cf Irfn'rr?m Ad .2053 Elmo'be map! untr nl'n'rr?lm hgulanm. Refer n: GZHQ on - on W1qu Lt (Other considerations e.g. oversight) but this is what each one authorises. More detail on RIPA and ISA to follow Surveillance for GCHQ, tends to be electronic surveillance (JTRIG) although covers more ?traditional? forms of surveillance WTA e.g. police broadcasts 11

Regulation of Investigatory Powers Act 2000 (RIPA) interception in the UK of comms carried on a public or private telecommunications system 9? surveillance covert human intelligence source (CHIS) activity 9? acquisition of comms data i not just applicable to GCHQ Th: Irrnn'nonm I: min-nit! umbrle Freedom Di" Irl'nrrnabm Sui zoos and maybe Hermit u'lcbr Irfn'rnallmlegslallm. Refer arr,? FDTII. qumuz In on - - gunk. IRIPA - - provides for interception and surveillance by public authorities since HRA came into force - It focuses on rights of individuals located in the UK (regardless of nationality) and provides for warrants to be issued to authorise interception of comms (including comms outside UK) -Point 2 GCHQ could do this in law but hasn?t to date; Joint Section work with covered by their warrants. -Point 3 covers data direct from CSPs -Also police, fraud of?ce, anvone carrying out intercept 12

RI PA warrants 5. 8(4) ?external' warrants authorise ?at least one end foreign? interception authorise selection according to Certi?cate entries 1 target must be outside the UK (absent additional authorisation) ensure individuals? ECHR rights are protected on a world-wide basis Thu new H1.- of Irfn'rr?m hi: .2 drna'rlr mm urltr nrn'rnatlm bgulanm. Rzl'cr n: GCHQ on - - :I-or '?gi'lqgu gourd-z [Pass round copy of certi?cate - later] Mention SD and DefMon are covered We have 10 one ?global? that covers Bude, MHS, Cyprus -others for special source accesses Selection of material governed by Certi?cate, specifying general categories of material, rather than a speci?c individualiselectors. Categories broadly mirror JIC requirements. Slide 4 individual?s rights protected on world-wide basis; also allows for anyone anywhere in the world to complain about our actions; means we can demonstrate to Tribunal that we have acted lawfully. 13

RI PA warrants 5. 8(1) ?line-access' warrants warrant authorises target (person or premises) in the UK 9? schedules give telecomms addresses 9? schedules are served on those who can provide the communications (usually CSPs) PRESTON Thu Irfn'mdnn I5 mm! unir cf Irfn'rr?m in map! urltr nl'n'rr?lm hgula?m. Refer [n IIHQ on - 205: -a-nr- mum-m RIPA makes no distinction based on nationality (cf. there?ll be a slide on this later. The address can be a tel no or an email address warrant signed by but Schedules can be modi?ed by WLD (Whitehall liaison department) or by a Director in an emergencv GCHQ all current warrants are against premises rather than individuals because of demarcation of responsibilities (us: foreign intel; BSS internal UK although we may do intercept for them) GCHQ must have schedule served on it to target selectors on our external warrant; see error report in legal inbox 26/10/2001 Expand CSPs if not mentioned alreadv once served by a schedule, have to comply with it (law). GCHQ can also be served bv schedules. GCHQ therefore insists on seeing copies of warrant schedules before taking action because of previous muck-ups which have had to be repented to the Commissioner. Involves simple, well-established comms process between LEG and SS warrantrv team. Sav: No schedule No targeting! 14

RI PA wa rra nts/ certificates 6 months? duration for 3 months for SC approval and renewal by Secretary of State at can be modified addresses, categories i urgency provisions The mrr? H1: :fIrfn'rr?m hi: .2 drnaq'lr mm! bgulonm. Refer turtles In ECHQ on - - 1-Dr I?gi'lqgu grand-z Urgency: -GCHQ senior of?cial (on list) may sign: -urgent 8(1) warrant if expressly authorised by schedule modi?cation -16(3) urgent modi?cation 15

ISA warrants 8: authorisation - Computer Misuse Act 1990 (CMA) - s.5 warrant necessary if target computer is in the British Islands (NS only) - s.7 authorisation if elsewhere - mimics RIPA warrantry - s.7 subject to internal procedures This Irfn'rnatnn new H1.- cf Irfn'rr?m hi: .2 drna'rlr mm urltr nrn'rnatlm bgulanm. Rzi'cr n: GCHQ on - - :I-or @911un grand-z 1. Criminal offence to interfere with someone?s computer unless properly authorised. Viewed seriously in the possible jail terms due to increase to between 5-10 years. 2. Signed by 3. Signed by but individual operations signed by DD, allows CNE more ?exibility. 16

ISA warrants 8: authorisation - 6 months? duration; only not SC for warrant but possible for authorisation - approval and renewal by Secretary of State modification 1 urgency/operational effectiveness provisions Thu mrr? H1: DfIrfn'rr?m hi: .2 drna'rlr marl bgulanm. Rzi'cr turtles In ECHQ on - - :I-or I?gi'lqgu grand-z Urgency: - GCHQ senior of?cial (on list) may sign: - Urgent s.5 warrant to do something alreadv authorised abroad under a authorisation - 5-day grace extension when machine enters UK 1?

Wireless Teleg raphy Act - authorises interception of wireless ie that not covered by RIPA - Secretary of State issues but without limit of time - still needs to be proportionate Thu I: cum"! E1: ?nch-n of Irfn?rr?m Ad .2053 and marl].- urltr nil-Irrle n?a'rr?lm haul-anon. Rz?rr In IIHQ on - JI- :Ir -I?g:hqg5 93-41le 18

RIPA Directed Surveillance Authorisations - GCHQ does directed surveillance when it observes a target with intention of gathering private data on the target?s private lifejr associates and/or activities - excludes historical research eg computer forensics Thu Irfn'rr?nn l5 mun-rt! E1: cf Irfn'rr?m Ad .2053 mrr? untr n?a'rr?lm bgulanm. Rzlirr In IIHQ on - 1-Dr I?gi'lqgu guard-z - SI gn ed Internally JTRIG including JEDI pods Passive internet monitoring 19

Questions? Thu mrr? H1: ?nch-n DfIrfDm?m Ad .2053 mm! untru?rrLH nl'm'mtlm JI- :Ir -I?g:hqg5 93-4:le hgulmm. Rz?rr qumes n: GEHQ - 20

Operational Legalities Tasking and Targeting Thu l5 mn? I11.- pf Ad .2053 WWII.) and maybe mnp! untr uU'rrLH nl'n'matlm hgulmm. Refer arrf FCIHI. [cl GIHQ l'.l'l - 1 - So you?ve heard about the principal laws that affect our work. So the next pant i5 1what that means to us in practice. 21

Principles 1. We operate within the law 2. We can demonstrate that we operate within the law 3. Staff have the information they need to be able to comply with the law Thu I: cum"! E1: Fruit-n cf Irfn'rr?m Ad .2053 mm'I urltr u?'rrLN n?a'rr?lm bgulmn'l. Rz?rr In IIHQ - - 22

All we do has to be: authorised where necessary, under law (ISA, RIPA, WTA), or policy it necessary NS, EWB or plus more speci?c intelligence requirements proportionate manner and extent to which requirement is being met Thu mrr? H1: DfIrfn'rr?m m1 .2 drna'rlr mm! bgulonm. Rzl'cr oanCIIlI. turtles In ECHQ on - - :I-or ?911un 93w.le Some ?elds in Corinth/UDAQ (and others in due course) are there for legal compliance reasons. Not a Used by LEG to audit actions. Proportionate often the most challenging. Given the aim, the conduct proposed is reasonable. 23

What activities does that apply to? tasking access targeting retention database queries dissemination TD pioneering SD Thu l5 mrr? H1: ?nch-n of Irfn'rr?m Ad .2053 and marl].- mrr? urltr u?'rrLH nl'm'l?lm bgulanm. Rziirr In IIHQ on - JI- :Ir -I?g:hqg5 93-41th 24

Tasking ?at least one-end foreign? interception is authorised by external RIPA 8(4) warrant 1 selection is authorised according to Certi?cate entries 1 individuals? ECHR rights are protected on a world-wide basis Thu Is mm! of Irfn'rr?m Ad .2053 WOW.) clrna'rlr map! untr :Iltl'rrLN nl'n'rr?lm hgulanon. Rz?rr n: ECHQ on - an - :I-or '?gi'lqgu 9:7.le Pass round copy of certi?cate NB ?eyes' marking Mention SD and DefMon are covered We have about ten one?global? that covers Bude, MHS, Cyprus -others for special source accesses -Renewal every 6 months you might have been asked for highlights -Certi?cate entries re?ne Intelligence topics -New entries can be made e.g. Electronic Attack 25

Targeting - name - communications addresses - web service authentication data In ID card number or passport number - driving licence number - car registration number - bank card/credit card account numbers Thu l5 mrr? H1: of Irfn'rr?m Ad .2053 WOW.) drna'rlr mm! urltr bgulanm. Rzi'cr turtles In ECHQ on - an - 1-Dr I?gi'lqgu grand-z Any of these terms are referable to an individual so need to the A, N, rule. 26

BROAD OAK - strategic target knowledge database - users justify and review retention of target knowledge - justification of targeting selectors separate, but may be cascaded from target. Will be default in future iteration of BROAD OAK Thu l5 mrr? H1: of Irfn'rr?m Ad .2053 drna'rlr mm! urltr bgulonm. Rzl'cr Lyme: In ECHQ on - an Lt Storage of TK not quite so sensitive/intrusive but still need to justify. BOT will replace Corinth (Release 4, Mar 09). 2?

a .3341] I All? I I . . I In?ll-alum aim?lib [?unk-lulu min-Ivan [Ii-run [11. ljl'hI-I-I. [hill mu enamel-1' ava-uu-n- um- unm- I?w 1n.- In? hullitumm mu mh- Inl? 1mm! l' I?W'urm '31 Elli?IN maker-? Hamil-- . m-Ilun mum H-H. t-w' - amen}. laminae-- infra-Fm" nan-Luau ?nu-HI: A we "h - [in-m: cmm- 1 human. Imam .- mun-n ll'l I-u?u-nn-Ith-?u- fl" .- . WEBB-LI. [Ag-m um HH- mmlui-I- ill ?all. ?t Shaw the '?e'tds that are there for Hegel cemplEa-nce reasons: - Se-u-rce number -JIC purpese {in this. case 3 NS) -HRA Justi?cation -Authen'5at?nn: fin th'ie caee a Warrant number ens target in UK 2.3

Source field - be specific v? GCHQ report ref and date SRI id and date call records including root number unique customer reference ALWAYS INCLUDE A DATE e-mail from customer voice CRA Thu Irfn'mdnn l5 mrr? E1: of Irfn'rr?m Ad .2053 mrr? urltr haul-anon. Refer In ECHQ on - - sum Needs to be traceable as well as speci?c 29

Intelligence requirements - use MIRANDA number that equates to intelligence requirement - TD improving specific target knowledge, identifying new sources etc is justified by the intelligence requirement for that target - BOT - tick ?SigDevt" box This l5 mrr? E1: :Ilr Irfn'rr?m Ad .2053 mrr? untr bgulanm. Refer In ECHQ - - an? Address indirect targeting issues; will come onto UK issues 30

HRA justification explain exactly why you are targeting this individual don"t just repeat the MIRANDA number but add value BOT - cascade of target-level HRA justification to selectors your responsibility to amend if necessary indirect targeting Thu Irfn'mdnn Is mm! Eh.- cf Irfn'rr?m hi: .2 untr nl'n'rr?lm legislation. Refer n: GZHQ on - go 931'. War-?straws Address indirect targeting issues; will come onto UK issues Indirect targeting the use of a selector to identify and select the communications of one individual with a view to selecting and reporting the activities of another individual the target; such targeting requires an authorisation appropriate to the location and nationality of the real target Indirect targeting is getting sustained intelligence on A by targeting B. (Wanting intelligence on as well doesn?t get you off the hook.) Point to note: it is using another selector to get at the communications ofthe target, not to ?nd information about him. So it is fine to target a Swedish girl-friend of a person in the UK to ?nd out info about him, as long as you defeat communications between the two of them. 31

HRA justification Russian Minster for Foreign affairs v? dialling analysis links to Senior Russian energy policymaker v? wife of Russian Minister, targeted to provide travel details of target v? Employee at Chinese Embassy in London v? Presidential Administration Experts Directorate; access to info on Russian policy affecting UK Russian energy Chinese weapons programme Thu Irformatnn l5 mm! H1.- of in mud untr o?'rrLN nrn'rnatlm hgulanon. Refer n: GCHQ on - 205: momma maybe -a-nr- mam-m All about proportionality I hid two lines at the foot of this slide reset font colour) not sure I can justify rejecting them! .. We could do with some non-I'I'I' examples suspected terrorist temporarin removed 32

Revalidating targeting - make sure it is clear why you are continuing to invade this person?s privacy, so: record your justification for continuing targeting make sure all fields contain the most recent information available ongoing process - if you can no longer justify targeting, record your reason for deactivating and then deactivate Thu l5 marl E1: of Irfn'rr?m m1 .2 urltr bgulanm. Rz?rr In ECHQ on - g5 gnu: marl -a-=-r-ozw Revalidation new requirement in it will be audited 33

Data content retrieval UDAQ, DISHFIRE, IIB - not all data in these bases is ?selected? - retrieval must be: authorised (lawful) necessary proportionate - HRA screens; audit logs target in UK datamining STA Thu I5 mm! cf Irfn'rr?m hi1 map! untr nl'n'rnatlm haul-anon. Rz?rr n: GZHQ on - '3 2m: momma maybe -a-nr- mum-m Basis: data from authorised intercept, normally selected using a TND but scope could include some unselected data, eg from a survey Includes UDAQ (mixed), SAMDYCE (selected), DISH FIRE (mixed), MAMBOOKIE (selected) Issue: database users run queries and have potential to infringe human rights of innocent people through reading their communications Normal A implemented by the analyst Hence HRA screen Also logging of queries for audit and queries (more later) Querying is a form of targeting hence STA requirement 35

Jlnul E's-95% din-ff 4' I13- IW I MdIImLI'rLIiwlilL .Jl run-.1 . . In. Fi?m Hi- f'url?rilil'J? I ?3:5 mm. Tin-?int helm-mu 13-min!- . 'Hlil MRI-HH- Emhnh ?-l'llf lam-Tm 1.9 gm r-I-In 1i: Hurt: I 'F'I-rnml- Lani-Edits: WISH-IN Currently crew-rum? a hidden sEide tum-Ll Ian: ll mi?m hEE-Emu 1mm Emu-1M: Hone mum ?an I. I I 36

UDAQ JIC purpose 1 use appropriate MIRANDA number 1 explain why you are running this query 1 principle applies to use of any Sigint database Thu mm"! E1: :fIrfn'rr?m Ad .2053 drna'rlr mm n?a'rr?lm bgulanm. Rz?rr In IIHQ on - It. an W1qu 3?

Questions you should ask yourself - would my justification record be clear to a colleague? - have I justified invading this person?s privacy? - will my successor understand? Thu mm! E1: :fIrfn'rr?m Ad .2053 drna'rlr mm"! n?IrnatIm bgulanm. Rzlirr aanCIIlI. In IIHQ on - Ir. an Lt Hidden replaced by previous slide 38

Audits - IPTs currently carry out targeting audit 10% of entries each year, randomly chosen all UK entries each year, wildcards each audit - quick check of record at key HRA aspects: source field HRA justification MIRANDA number revalidation - UDAQ Events also audited Thu new H1.- cf Irfn'rr?m Ad .2053 mm untr nrn'rnatlm bgulonm. Rzl'cr n: GCHQ on - - 1-Dr-?9d1q9? we? Audit mandated by SUB Not meant to be onerous IPTs conduct audit in different ways. Now ?nding that fewer entries need changing compliance levels going up (education) Next stage audit of other databases. 39

Questions? Thu Irfn'mdnn l5 mrr? H1: cf Irfn'rr?m Ad .2053 and maybe mm! urltr bguldlm. Rzl'cr L?u?ll?' In ECHQ - 1 :Ir I?gi'lqgu 93w.le 15 minute break 40

Operational Legalities Targeting: location and nationality Thu Irforrnatnn Is mm! unir H1.- of Irforrnatm Ad .2 drna'lrlr map! urltr oLl'IrrLH nl'n'rnatlm hgula?m. Rzl'rr [n GIHQ on - egmqgugnmm Pick up from lawyer?s 1words on territoriality. RIPA location matters Policies address nationality issues Cause of a great many queries to 41

Location, location, location 1 Law: specific RIPA authorisation for interception of a target located in the UK 9? Policy: internal authorisation (STA) for a target outside the UK if nationally and/or location is sensitive 9? all targets require HRA justification (GCHQ is a public authority interfering with individuals? human rights) I drna'rbemrr?urdrr . - - seamen-.- En El -a-=-r-ozmum Distinguish serendipity from indirect targeting. (Don?t scare people off doing valid and legal reporting) Location Iavv Nationality policy Any 2Ps in the audience? Expand on Sensitive target not covered later. May wish to mention here policy that a target entering a Second Party country must be detasked from all Second Party collection systems 42

Location? - without other information, assume: individual is in their country mobile phone is in country of registration email address with country digraph is there Thu mrr? E1: :fIrfn'rr?m hi: .2 dma'rlr mm! bgulanm. Rz?rr In ECHQ on - - 1-Dr I?gi'lqgu gnu.th Sensitive always trumps non-sensitive 43

Location: belief 8: knowledge 1 belief is mi 100% knowledge with hindsight; you must not ?turn a blind eye? based on the information available at any particular time 1 this may vary - so should our response Tl'ls Irl'nn'nanm Is amp! Freedom Dl" he! zoos and maybe Hemp: u'lcbr oll'lrLN Refer arr,? FDTII. qumuz In on - - 1-Dr-?sd1qs?wwk -Not going into religion or philosophy frequent topic of questions to OPP-LEG -The main thing is to record 1why you made your decision so that, if later it turns out to be incorrect, you have noted the reasons for believing what you did. - possibly BROAD OAK comments ?eld - relies on honesty from - in good faith - it?s your judgement call try to get collateral if possible to help make the decision - but do the best you can possibly do 44

Target arrives or is discovered to be in the next? Consider authorisation options continuation targeting RIPA s.16(5) 9n 5 working days (1 for SC) 1? signed by GCHQ Directorate 9? then over to customer RIPA 5.8(1) warrant This I5 mm! I11.- Front-n of hi: .2 drna'rlr map! untr o?'rrLN nl'prrnatlm hgulanon. Rzi'rr n: ECHQ on - - :I-or '?gi'lqgu 93w}; Target comes to UK no longer have to take targeting off cover. In fact we should probably be more interested in why a target has come to the UK and want to do some work on this. There are other options. 16(5) 5 days from moment analyst realises target is in UK (1 day for SC). After this, need to apply for a warrant or drop targeting. Warrant could have schedule served on us. 16(5) on 8(4) collection. Only selectors you know about at the time, can?t add new ones in. 45

Target in the s.16(3) frequent visitors to the UK or known targets 1 signature required modification to 8(4) certi?cate 1 new selectors may be used it indirect targeting is not allowed Thu Irformotnn Is mm! unir H1.- of .2 untr oLl'IrrLH hgula?m. Refer to GIHQ on - go gov. map! NB currently used only for counter-terrorism, serious crime, CP and Russian intelligence of?cers (March 2008) 16(3) you might know the name of the target; or it?s a suspicious selector used by one or more unknown targets; business case from IPT, goes through various internal checks; OPPNLEG puts it into appropriate format renewed every 6 months (3 for update it with current knowledge. Directorate may authorise urgent additions Indirect targeting the use of a selector to identify and select the communications of one individual with a view to selecting and reporting the activities of another individual the target; such targeting requires an authorisation appropriate to the location and nationality of the real target Indirect targeting is getting sustained intelligence on A by targeting B. (Wanting intelligence on as well doesn?t get you off the hook.) Point to note: it is using another selector to get the communications of the target, not to find information about him. So it is fine to target a Swedish girl-friend of a person in the UK to ?nd out info about him, as long as you defeat communications between the two of them. e.g. Your target?s in South Africa, his wife?s in India. Targeting her phone no. to get his comms indirect targeting, but is ok as long as you can demonstrate necessity and proportionality. But if target comes from SA to UK, you?ll need additional authorisation to continue to target the wife?s phone no. 46

If no authorisation is sought. . . 9t examine and report traffic intercepted up to time you knew target was in UK 3i- use B3M HRA?register" to alert check location using events or THUGGEE examine a cut (33M UDAQ) every 48 to check whereabouts Thu Irforrnatnnl: mm! H1.- ofIrfn'rrutm Ad .2053 WOW.) drna'rlr mm untro?'rrLN nrn'rnatlon hgulanon. Rzl'cr - 1 an - :I-or '?gi'lqgu grand-z All this assumes they can?t be bothered with any of the authorisation options . Ask what this says about the level of justi?cation of the target in the ?rst place. Note no alert system on text repositories, only voice [and we don?t know how widely used the BBM mark up is used, tho I think it?s reasonably well known] These days, esp for voice, call records are a better way of tracking where someone is, and they?re less intrusive NB 33M ?ag only for target in the UK 4?

Policy authorisations - STA and provide records of actions where UK &/or British Overseas Territory law does not require authorisation - respect 2nd Party sensitivities - actions are validated by a GCHQ senior (or nominated GCBs in - we can justify targeting if challenged . - QC is mandatory Thu Irforrnatnn l5 mm"! lh: of Irfn'rr?m Ad .2053 WWII.) and marl].- urltr bgulanm. Rz?rr In ECHQ on - - 1-Dr I?gi'lqgu 93v.th No legal authorisations required but ad:ion is still sensitive. Reassurance to Commissioner/1PT. 48

Datamining STA Datamining STA for target in UK valid for two days named SCS of?cer signs STA one-off search Count-only searches: no authorisation needed Thu Irforrnotnn I5 mm! Eh.- of hi: .2 urltr nl'orrnotlm hgulonm. Rz?rr n: GZHQ on - go gov. meiosis is handled by UPA-DCSD SCS sign TTA and datamining STA for targets in the UK save Directorate 1when novel or sensitive For out of hours authorisations the BBC) oan approve all STA and TTA requests as appropriate but authority from one of the above of?cers must be obtained at the earliest opportunity. Datamining for targets in the UK a one-off searoh per repository; must perform search within 2 days but can go back further; can examine all hits returned; count-only ZTA ITT only 49

Special C2C authorisations - special access to email communications - NS only;r limited criteria - 16(3) or STA also required if location or nationality sensitive - SCS or GC6 approval This Irforrnaton Is mm! unir Front-n of hi: .2 untr nl'orrnatlon tool-mm. Rz?rr [flfIE?J n: GZHQ on - go 931'. Wan-?seams is handled by UPA-DCSD SCS sign TTA and datamining STA for targets in the UK save Directorate 1when novel or sensitive For out of hours authorisations the BBC) can approve all STA ancl TTA requests as appropriate but authority from one of the above of?cers must be obtained at the earliest opportunity. Datamining for targets in the UK a one-off search per repository; must perform search within 2 days but can go back further; can examine all hits returned; count-only ZTA ITT only 50

SRA - authorises receipt of 2 or 3P intelligence on UK?based targets - where GCHQ has no authorisation - avoids indirect targeting - limited period only Thu l5 mrr? E1: of Irfn'rr?m Ad .2053 drna'rlr mm! urltr haul-anon. Rz?rr In ECHQ on - an Wmus Lt Max 6 months 51

Operational Legalities SIGINT Development Thu Irformatnn Is mn? url:i:r I11.- Front-n of Irformim Ad .2053 WWII.) and rncqur mnp! untr oU'rrLH nl'n'milm hgulmm. Rzl'rr arrf FCIHI. [cl GIHQ on - JI- or gov.th By its nature, SD can be intrusive to many people?s human rights, as it can involve large-scale interception of manv innocent people, cf. interception using strong, known selectors with valid HRA justi?cations. SD can be for technical development or to ?nd target communications from bulk data. 52

SD justification - Enhancing capabilities is a national security purpose - TD improving specific target knowledge, identifying new sources etc is justi?ed by the intelligence requirement for that target Thu Irfn'rnatnn l5 mrr? H1: cf Irfn'rr?m Ad .2053 WOW.) drna'rlr mm! urltr bgulanm. Rzi'cr turtles In ECHQ - an - 1-Dr I?gi'lqgu gas.le Capabilities vital for the future of may embrace research Both are referred to in RIPA certi?cate. If asked, MIRANDA number for system testing is 20141 53

SD proportionality Restrict to the minimum necessary: - re?ne wide initial terms I de?ne length of task and/or volumes - limit dissemination and retention Aim: sustained targeting as soon as practicable Thu mrr? lh: DfIrfn'rr?m hi: .2 drna'rlr mm! bgulanm. Rzl'cr Lyme: In ECHQ on - - 1-Dr I?gi'lqgu 91:.le Capabilities vital for the future of may embrace research If asked, MIRAN DA number for system testing is 20141 54

SD reporting - you may report from SD traffic - reporting guidelines reflect HRA requirements Thu new H1.- of Irfn'rr?m Ad .2053 WOW.) drna'rlr mm urltr nrn'rnatlm bgulanm. Rzl'cr n: GCHQ on - an - 1-Dr '?gi'lqgu 9:7.le Capabilities vital for the future of may embrace research If asked, MIRAN DA number for system testing is 20141 55

Content or metadata? - voice mail boxes SMS text - an email inside a message - email subject line - URL beyond the domain name (eg an attached routing diagram Thu I: cum"! E1: ?nch-n of Irfn?rr?m Ad .2053 mm'I urltr nil-Irrle n?a'rr?lm haul-anon. Rz?rr In IIHQ on - JI- :Ir -I?g:hqg5 93-41le 56

Content or metadata? - IP address - email address - DTMF (tone dialling) - a URL up to the domain (eg - location Thu Irfn'mdnn l5 mm! H1.- of Irfn'rr?m Ad .2053 WOW.) drnaq'lr mrru urltr hguldlm. Refer n: GCHQ on - an - 1-Dr '?gi'lqgu grand-z DTMF dual tone multi-frequency touch-tone dialling - usually metadata but can be content (credit card number) URL: not for acquisition - yes for queries Location is generally metadata too. policy is to treat it pretty much all the same whether it?s content or metadata] 5?

Content or metadata? password authentication to a communications service communications data other passwords content - cookie depends on data may be either Thu Irfn'rnatnn Is mm! Eh.- cf Irfn'rr?m hi: .2 untr nl'n'rnatlm hgulancn. Refer n: GZHQ on - cm 931'. WWII.) and maybe map! -a-=-r-ozw Current ruling: content moving towards metadata, need to ?esh out a few examples passwords to web sites are metadata; banking etc would be content. There are speci?c exemptions, eg PILBEAM, PRIMORDIAL SOUP, NED PUDDING (but getting to be too many exceptions for liking) Future of CZC exploitation WIP to rede?ne as metadata if possible Other measures possible, eg limit access to these elements of content being explored for HAUSTO RIUM 58

Questions? Thu mrr? H1: ?nch-n DfIrfDm?m Ad .2053 mm! untru?rrLH nl'm'mtlm JI- :Ir -I?g:hqg5 93-4:le hgulmm. Rz?rr qumes n: GEHQ - 59

Second Parties Australia, Canada, New Zealand USA Thu Irfn'rnatnnl: El?l'l'? unir H1: Fruit-n Ad .2053 Inn-rd! urtbru?'crLH nl'brrnallm bgulanm. Rz?rr In IIHQ - 1 - -I?g:hqgs 935'.le 60

GCHQ and Second Parties I partners respect each others? laws and policies 2"cl parties treat UK nationals as their own - GCHQ must not ask a 2'1d party to do something for which we would need a warrant - we must not task a 2rld party with targeting that would be unlawful in that country THEE El?l'l'? unir H1: Fruit-n Ad .2053 Inn-rd! urtbru?'crLI'l bgulanm. Rz?rr In GCHQ - 1-Dr-I?gi1qg: 935311 Example: a target entering a Second Party country must be detasked from all Second .- -. . 61

USSID SP0018 - No interception of persons in US without a warrant - Court order needed to intercept US persons outside the USA - your use of NSA collection databases must respect 2nd Party laws and policies THEE El?l'l'? unir H1: Firm-n Ad .2053 Inn-rd! unison-crud bgulanun. Rz?rr Lyme: In IIHQ on - 1-Dr-I?gi1qg: 935311 62

Operational Legalities Dissemination Disclosure Thu Irformatnn l5 mun unir H1.- of Irfn'rmtm Ad .2053 WWII.) and rncqur map! urltr hgula?m. Rzl'rr in GIHQ on - - 1-Dr-?9d1q9u Wm 63

Dissemination EP is sole vehicle for passing intelligence to customers i? Reporting Standards applies proportionality principle to EP Thu mrr? E1: DfIrfn'rr?m hi: .2 drna'rlr mm! bgulanm. Rz?rr In ECHQ on - - :I-or @911un gnu.le Do not send intelligence in emails! - you could end up in court? 64

Disclosure iu SIGINT collected under RIPA may not be used in court Relevance to prosecutions 9? Public Interest Immunity PII certificates Thu Irfn'rnatnn Is mm! unir H1.- of Irfn'rnatm hi: .2 untr nl'n'rnatlm hgula?m. Rzl'rr in GIHQ on - go 931'. Weir-wee it Do not send intelligence in emails! - you could end up in count? Warranted intercept under RIPA can not be used in court (at the moment) PII used for other intelligence not covered by RIPA eg second party reissues. Pabiic Interest Immunity (PH) certi?cate. This document sets out the damage that could be caused by exposing GCHQ capabilities. Whilst the Foreign Secretary signs the certi?cate, it is the Judge who has the ultimate say as to whether it is upheld (See for further details). If the Judge orders in favour of disclosure, the only remaining option is to drop part or all of the case; Drop the case. If the Judge rejects the P11 certi?cate and orders that disclosure should be made in the public interest, we would seek to have that part of the case, or in extreme circumstances the case in its entirety, dropped. 65

Questions? Thu mrr? H1: ?nch-n DfIrfDm?m Ad .2053 mm! untru?rrLH nl'm'mtlm JI- :Ir -I?g:hqg5 93-4:le hgulmm. Rz?rr qumes n: GEHQ - 66

Operational Legalities Safeguards and Oversight drnaqur map! urltr ELI-crud hgula?m. Rzi'rr in GIHQ - g: 2 - {Tl-Dr '?gi'lqgu 1'.th 6?

RIPA safeguards intercepted material must be destroyed as soon as its retention is no longer it it must be looked at, copied and disseminated to the minimum 1 a purpose authorised under the Act Pu as a matter of policy, GCHQ applies this ethos to all material it acquires, regardless of source 9? policies for EP and data retention Thu Irfn'mdnn I: cum"! E1: of Irfn'rr?m Ad .2053 mrr? urltr n?a'rr?lm bgulanm. Rz?rr In IIHQ on - - i-W-?wwu Hum 68

Errors and breaches mistakes happen and we report them and LA role: help 8L advice an apparent error may be: 3L breaking the law it a breach of RIPA safeguards 0 FL nothing to worry about! . response: procedures, processes training Thu l5 mrr? H1: ?nch-n of Irfn'rr?m Ad .2053 urltr nl'm'mtlm haul-mm. Rz?rr In IIHQ on - JI- :Ir -I?g:hqg5 93-41le 69

Political oversight 1 Executive - a Secretary of State exercises authority over the I 5 services and is answerable to Parliament Parliament - Intelligence 8: Security Committee examines expenditure, administration and policy (not operations); members within the circle of secrecy; reports annually to Parliament Thu mm"! unir E1: :fIrfn'rr?m Ad .2053 drna'rlr mm! n?IrnatIm bgulanm. Rzlirr In IIHQ on - Ir. an

Judicial oversight: Commissioners A Senior Judges: independent of HMG and Parliament 1 review Secretary of State?s use of powers under guaranteed access to agencies at annual reports to the Prime Minister Thu Irforrnatnn l5 mrr? E1: of Irfn'rr?m Ad .2053 WWII.) and marl].- mrr? untr bgulanm. In ECHQ on - - :I-or I?gi'lqgu gym}; Interception Commissioner Sir Paul Kennedy Intelligence Services Commissioner Sir Peter Gibson ?1

Investigatory Powers Tribunal (IPT) - comprises 8 independent lawyers - investigates complaints against Agencies, law enforcement etc - anyone, anywhere may complain - more than 40 peOple within GCHQ assist in responding to complaint; audit logs Thu Irforrnatnn I: cum"! E1: of Irfn?rr?m Ad .2053 and marl].- mrr? urltr nil-Irrle n?IrnatIm bgulanm. In IIHQ on - JI- :Ir -I?g:hqg5 93-41le ?2

The Tribunal will what did we do? was the action authorised? was it necessary? was it proportionate? did GCHQ act reasonably within its powers? Thu Irformatnn I: cum! E1: Preach-n of Irfn?rr?m Ad .2053 and marl].- urltr nil-Irrle n?IrnatIm bgulanm. Rziirr In IIHQ on - JI- :Ir -I?g:hqg5 gland-z TF3

Operational Legalities Wrap up Thu Irfn'matnn l5 mn? I11.- Df Irfn'mim Ad .2053 WWII.) and rncqur mnp! untr uU'rrLH nl'n'milm hgula?m. Rzi'rr arrf FCIHI. in GIHQ - - 1 931'.le ?4

- authorised necessary proportionate 2. Location: beware UK UKUSA seek authorisation 3. Errors: we are honest and report them Thu l5 mrr? E1: of .2053 mrr? urltr haul-anon. Rz?rr In ECHQ on - - :I-or @911un 91ml?; 1. You are responsible for this 2. Location law nationality policy 3. We will help you and agree measures to prevent recurrence ?5

What does this mean for me? staff: know what you can and cannot intercept -Collectlon manager: help ensure selectors are justified and proportionate justify your targeting, seek warrant or STA where necessary - eporter: report only what is necessary to address the requirement Irforrnatnn l5 H1: ?nch-n hi1 mrr? untr u?'rrLH nl'orn?lm haul-anon. Rz?rr In IIHQ on - JI- :Ir -I?g:hqg5 93-41le ?6

Contacts ViSit OPP-LEG in B48 call 36559 - email [email protected] - OPP-LEG web pages compliance website - speak to your Legal POC .. Thu Irfn'mdnn I5 mm! U1.- :Ilr Irfn'rr?m .2053 WOW.) drnaq'lr map! urltr nl'n'rr?lm hguldlm. Rz?rr n: ECHQ - an - 1-Dr '?gi'lqgu 931'.le Don?t forget to sign the attendance sheet or you?ll have to come all over again! add your name if it?s not there. 7?

Legal 8: Policy [Leads - DPC-CHE wag-lunulrmnulmnce? Den?t forget to Sign the attendance sheet er yeu'll' have to tame all ever again! add 1Fleur name it its net there. ?3

Questions? Thu mrr? H1: Ad .2053 mrr? urthru?'ErLH haul-mun. Lfl?? In IIHQ - 1-Dr-I?gi1qgn gait.le ?9

Filters SVG