GCHQ 'smart collection' would protect MPs from spies, says NSA expert

Investigatory Powers tribunal was misled by 'horsesh*t'

Protecting members of Parliament from mass surveillance by bulk collection is “exceedingly simple”, according to the US co-inventor of the high technology devices and programs now used by GCHQ to intercept optical fibre cables carrying Internet data in and out of Britain.

Bill Binney, formerly Technical Director of the NSA’s Operations Directorate, dismissed as “absolute horseshit” claims by government lawyers to the Investigatory Powers Tribunal (IPT), reported in an adjudication last month, that “there is so much data flowing along the pipe” that “it isn’t intelligible at the point of interception”.

“These statements are false”, he told The Register. “They have been made by someone who does not understand the technology. The tribunal was misled.”

Green Party MP Caroline Lucas said: "These revelations from an ex-NSA operative are deeply concerning. It would appear that the Government has either willfully misled the public, or they simply don’t have a proper understanding of their own surveillance systems."

"Parliamentary protections should be built into law", she added. "Ministers must use the forthcoming Investigatory Powers Bill to enshrine the Wilson Doctrine protections into law and ensure that constituents and whistle-blowers can contact parliamentarians without fear of being spied upon."

Lucas, along with Green peer Jenny Jones and former MP George Galloway, brought the IPT case against the government, alleging that their parliamentary phone calls and e-mails had been intercepted in bulk by GCHQ using its mass surveillance systems, rather than by lawful individually named warrants.

The three had claimed that this was contrary to the Wilson Doctrine, a statement by former prime minister Harold Wilson in 1966 that parliamentarians' communications would not be subject to interception. The Wilson policy was re-affirmed by Margaret Thatcher, and again by Tony Blair in 2006, who confirmed that it applied to e-mails as well as phone calls. It was re-confirmed by Home Secretary Teresa May earlier this year.

Since then, GCHQ and the government have pushed back on parliamentary protections, including by claiming that the doctrine does not cover members of devolved parliaments, nor "bulk collection" covering all British citizens' communications, including MPs.

Government lawyer James Eadie QC, representing the intelligence agencies and the government, had told the tribunal that it was not possible to filter out parliamentarians’ communications from the mass of data scooped up by GCHQ’s bulk interception operations. He conceded that parliamentarians’ emails “may have been collected” by GCHQ in these operations, but claimed that, technically, this could not have been prevented because the data could not be understood.

Binney, who resigned from the NSA after becoming aware of illegal and unconstitutional surveillance programmes launched after 9/11, spoke out while visiting Europe to speak at an Amsterdam privacy conference.

As one of the NSA’s most senior and respected scientists, Binney says he was a frequent and welcome visitor to GCHQ's Cheltenham headquarters for thirty years. During the Cold War and the 1990s, he said, “I had many friends there. We co-operated extremely closely. I gave them the source code for our projects. They called me ‘the bottom line’”– meaning that they expected him to rule on the resolution of shared technical difficulties in intelligence gathering.

“I would be very happy to be invited back to GCHQ now to remind them how to manage bulk collection without violating privacy and the law“, he said. The key point is to “lose irrelevant data straight after sessionising.”

“Smart selection is smart collection”, he explained. “It’s essential to do it properly. Sessionised data is in fact highly intelligible, and can be automatically sorted in milliseconds or even less. You have to lose as much data and content as you can as quickly as you can, so as to stay focused on the communications that might really matter.”

“Selectors are the key. We use selectors to do smart selection and smart collection, to save resources. If you do unconstrained bulk collection, the amount content is not manageable. We use deselectors to minimize data.”

"Everything that wasn’t wanted wasn’t allowed to pass through and get stored", he added. “If it wasn’t on your zone of suspicion, you automatically did not take it in,” he added.

Binney said that secret NSA and GCHQ documents provided by Edward Snowden and published by news media around the world now confirmed that the selection and protection techniques he and his team helped develop were still in use, but only when the agencies had been legally compelled to use them.

These revelations showed that hardening existing domestic exclusion systems and extending them to throw away Congressional or Parliamentary communications would be “trivial in technology terms”, Binney said. “I could do it in an hour, using standard NSA and GCHQ methods.”

“What NSA and GCHQ are supposed to do is vitally important”, Binney added. “I want them to succeed - but they are doing the absolute wrong thing now. They are dooming themselves to failure by bulk acquisition.”

GCHQ said it did not want to comment. ®

Similar topics

Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021