GCHQ 'smart collection' would protect MPs from spies, says NSA expert

Investigatory Powers tribunal was misled by 'horsesh*t'

Protecting members of Parliament from mass surveillance by bulk collection is “exceedingly simple”, according to the US co-inventor of the high technology devices and programs now used by GCHQ to intercept optical fibre cables carrying Internet data in and out of Britain.

Bill Binney, formerly Technical Director of the NSA’s Operations Directorate, dismissed as “absolute horseshit” claims by government lawyers to the Investigatory Powers Tribunal (IPT), reported in an adjudication last month, that “there is so much data flowing along the pipe” that “it isn’t intelligible at the point of interception”.

“These statements are false”, he told The Register. “They have been made by someone who does not understand the technology. The tribunal was misled.”

Green Party MP Caroline Lucas said: "These revelations from an ex-NSA operative are deeply concerning. It would appear that the Government has either willfully misled the public, or they simply don’t have a proper understanding of their own surveillance systems."

"Parliamentary protections should be built into law", she added. "Ministers must use the forthcoming Investigatory Powers Bill to enshrine the Wilson Doctrine protections into law and ensure that constituents and whistle-blowers can contact parliamentarians without fear of being spied upon."

Lucas, along with Green peer Jenny Jones and former MP George Galloway, brought the IPT case against the government, alleging that their parliamentary phone calls and e-mails had been intercepted in bulk by GCHQ using its mass surveillance systems, rather than by lawful individually named warrants.

The three had claimed that this was contrary to the Wilson Doctrine, a statement by former prime minister Harold Wilson in 1966 that parliamentarians' communications would not be subject to interception. The Wilson policy was re-affirmed by Margaret Thatcher, and again by Tony Blair in 2006, who confirmed that it applied to e-mails as well as phone calls. It was re-confirmed by Home Secretary Teresa May earlier this year.

Since then, GCHQ and the government have pushed back on parliamentary protections, including by claiming that the doctrine does not cover members of devolved parliaments, nor "bulk collection" covering all British citizens' communications, including MPs.

Government lawyer James Eadie QC, representing the intelligence agencies and the government, had told the tribunal that it was not possible to filter out parliamentarians’ communications from the mass of data scooped up by GCHQ’s bulk interception operations. He conceded that parliamentarians’ emails “may have been collected” by GCHQ in these operations, but claimed that, technically, this could not have been prevented because the data could not be understood.

Binney, who resigned from the NSA after becoming aware of illegal and unconstitutional surveillance programmes launched after 9/11, spoke out while visiting Europe to speak at an Amsterdam privacy conference.

As one of the NSA’s most senior and respected scientists, Binney says he was a frequent and welcome visitor to GCHQ's Cheltenham headquarters for thirty years. During the Cold War and the 1990s, he said, “I had many friends there. We co-operated extremely closely. I gave them the source code for our projects. They called me ‘the bottom line’”– meaning that they expected him to rule on the resolution of shared technical difficulties in intelligence gathering.

“I would be very happy to be invited back to GCHQ now to remind them how to manage bulk collection without violating privacy and the law“, he said. The key point is to “lose irrelevant data straight after sessionising.”

“Smart selection is smart collection”, he explained. “It’s essential to do it properly. Sessionised data is in fact highly intelligible, and can be automatically sorted in milliseconds or even less. You have to lose as much data and content as you can as quickly as you can, so as to stay focused on the communications that might really matter.”

“Selectors are the key. We use selectors to do smart selection and smart collection, to save resources. If you do unconstrained bulk collection, the amount content is not manageable. We use deselectors to minimize data.”

"Everything that wasn’t wanted wasn’t allowed to pass through and get stored", he added. “If it wasn’t on your zone of suspicion, you automatically did not take it in,” he added.

Binney said that secret NSA and GCHQ documents provided by Edward Snowden and published by news media around the world now confirmed that the selection and protection techniques he and his team helped develop were still in use, but only when the agencies had been legally compelled to use them.

These revelations showed that hardening existing domestic exclusion systems and extending them to throw away Congressional or Parliamentary communications would be “trivial in technology terms”, Binney said. “I could do it in an hour, using standard NSA and GCHQ methods.”

“What NSA and GCHQ are supposed to do is vitally important”, Binney added. “I want them to succeed - but they are doing the absolute wrong thing now. They are dooming themselves to failure by bulk acquisition.”

GCHQ said it did not want to comment. ®

Narrower topics

Other stories you might like

  • US cyber chiefs: Moving to Shields Down isn't gonna happen
    Promises new alert notices but warn 'we can sometimes predict thunderstorms but not lightning strikes'

    RSA Conference A heightened state of defensive cyber security posture is the new normal, according to federal cyber security chiefs speaking at the RSA Conference on Tuesday. This requires greater transparency and threat intel sharing between the government and private sector, they added.

    "There'll never be a time when we don't defend ourselves –— especially in cyberspace," National Cyber Director Chris Inglis said, referencing an opinion piece that he and CISA director Jen Easterly published earlier this week that described CISA's Shields Up initiative as the new normal. 

    "Now, we all know that we can't sustain the highest level of alert for an extensive period of time, which is why we're thinking about, number one, what's that relationship that government needs to have with the private sector," Easterly said on the RSA Conference panel with Inglis and National Security Agency (NSA) cybersecurity director Rob Joyce.

    Continue reading
  • Beijing-backed baddies target unpatched networking kit to attack telcos
    NSA, FBI and CISA issue joint advisory that suggests China hardly has to work for this – flaws revealed in 2017 are among their entry points

    State-sponsored Chinese attackers are actively exploiting old vulnerabilities to "establish a broad network of compromised infrastructure" then using it to attack telcos and network services providers.

    So say the United States National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI), which took the unusual step of issuing a joint advisory that warns allied governments, critical infrastructure operators, and private industry organizations to hurry up and fix their IT estates.

    The advisory states that network devices are the target of this campaign and lists 16 flaws – some dating back to 2017 and none more recent than April 2021 – that the three agencies rate as the most frequently exploited.

    Continue reading
  • How ICE became a $2.8b domestic surveillance agency
    Your US tax dollars at work

    The US Immigration and Customs Enforcement (ICE) agency has spent about $2.8 billion over the past 14 years on a massive surveillance "dragnet" that uses big data and facial-recognition technology to secretly spy on most Americans, according to a report from Georgetown Law's Center on Privacy and Technology.

    The research took two years and included "hundreds" of Freedom of Information Act requests, along with reviews of ICE's contracting and procurement records. It details how ICE surveillance spending jumped from about $71 million annually in 2008 to about $388 million per year as of 2021. The network it has purchased with this $2.8 billion means that "ICE now operates as a domestic surveillance agency" and its methods cross "legal and ethical lines," the report concludes.

    ICE did not respond to The Register's request for comment.

    Continue reading

Biting the hand that feeds IT © 1998–2022