How British spies really spy: Information that didn't come from Snowden

GCHQ days of form-filling and 'bulk' intercept

66 Reg comments Got Tips?

Brit spies love gathering up masses of communications

GCHQ values bulk interception highly. It told Anderson that it contributes to about 55 per cent of its intelligence reports and is used mainly to find patterns in online communications that indicate involvement in threats to national security, in particular for “target discovery” – finding previously unknown people.

Anderson quotes Parliament’s Intelligence and Security Committee, which says GCHQ uses analysis of patterns in communications data (material other than the actual content of a message) gathered through bulk interception to spot online behaviour associated with planning attacks. He adds that automated data mining of the resulting material is less useful than human analysis, with GCHQ staff running several thousand queries on communications data every day.

Bulk interception also provides “the vast majority of all reporting on cyber threats and the basis for counter-activity,” GCHQ told Anderson – in one two-week period, it provided visibility of 96 cyber-attack campaigns – and is the only way to obtain information to develop effective responses. Based on case studies, Anderson says he is “not in the slightest doubt that bulk interception, as it currently practiced, has a valuable role to play in protecting national security.”

Those case studies remain secret, which Anderson describes as “unfortunate,” but he does include six outline examples. These include the detection and conviction of a UK-based airline worker who planned to use airport access to launch an al-Qaeda attack; a group who travelled to Pakistan for terrorism training, who were arrested and given lengthy sentences under the Terrorism Act; and the finding of two men overseas who had blackmailed children into exposing themselves online, who were subsequently arrested and jailed in their home country.

And bulk interception is not as wide-ranging as it sounds, Anderson writes: “GCHQ currently only has the capacity to intercept the data travelling through a small percentage of the 100,000 bearers, including undersea cables, which make up the global communications core infrastructure.” An estimated 10 to 25 per cent of global telecom traffic transits the UK through such undersea cables, although the agency reckons the correct figure is closer to 10 per cent. “For reasons of resource constraint as well as proportionality, GCHQ considers carefully what communications channels it seeks to intercept”, he adds, with limited storage capacity another constraint.

Next page: Where is the law?

Biting the hand that feeds IT © 1998–2020