Investigation Shows GCHQ Using US Companies, NSA To Route Around Domestic Surveillance Restrictions
from the introducing-MS-Loophole-365! dept
Late last year, UK Parliament members held an "emergency debate" over the GCHQ's surveillance programs after learning that [gasp] their data and communications could be legally hoovered up as if they were mere commoners. Of course, were there any actual oversight of GCHQ's activities, this shock would have been blunted by years of foreknowledge. But the GCHQ, like other intelligence agencies, preferred to keep its overseers in the dark about its access to the NSA's PRISM firehose.
The mortified Parliament members claimed the GCHQ's decision to include them in its data haul violated a long-held "gentlemen's agreement" between the two entities -- one that had no legitimate legal basis. Supposedly, this "agreement" forbade GCHQ from targeting Parliament members for surveillance. (Any incidental collection was considered unavoidable.) A panel review found GCHQ's targeting of Parliament members to be completely legal, if a bit on the rude side.
Duncan Campbell and Bill Goodwin of Computer Weekly have performed their own examination of MP's communications, finding that both GCHQ and the NSA have access to intercepted emails sent to and from Parliament members, including communications with their constituents.
GCHQ wouldn't normally have access to these emails as it is not supposed to be collecting information about purely domestic communications. But thanks to the software Parliament uses and the location of data centers used to route the emails, it can comply with its surveillance restrictions while still collecting email data/communications sent from UK email addresses to other UK email addresses.
Part of the process involves Microsoft's willing assistance in past domestic spying efforts, which preceded both Snowden's document dumps and its current, more combative stance.
The controversial decision by Parliament to replace its internal email and desktop office software with Microsoft’s Office 365 service in 2014, means that parliamentary data and documents constantly pass in and out of the UK to Microsoft’s datacentres in Dublin and the Netherlands, across the backbone of the internet.
Computer Weekly performed forensic analysis of emails it had received from MPs, using header info to trace its path across the internet. It found that nearly two-thirds of "domestic" emails actually left the country on their way to local email addresses, allowing GCHQ -- through its "Tempora" program -- to intercept data and communications using its NSA-provided PRISM hookup.
Microsoft's above-and-beyond assistance makes its widely-used Office products a valuable contributor to the agencies' data haul.
The NSA’s Prism system offers access to all parliamentary documents and email through Microsoft Office 365 software, as a result of secret directives given to Microsoft under controversial US 2008 surveillance laws. The directives were implemented at the same time as Microsoft was selling its cloud system, Office 365, to the Houses of Parliament.
Post-Snowden, Microsoft is far more reluctant to continue acting as Little Brother. As Computer Weekly points out, leaked documents have led to the company's hasty erection of two UK data centers in order to protect its UK users from GCHQ's exploitation of normal communication routing techniques to bypass restrictions on domestic surveillance.
Microsoft isn't the only US company assisting the UK intelligence agency in its harvesting of domestic data/communications.
Computer Weekly’s investigation also confirmed that MPs’ incoming and outgoing emails are automatically scanned through a network run by MessageLabs, a subsidiary of another US corporation, Symantec, which has been contracted by Parliament to provide services including spam filtering and malware detection.
MessageLabs provides GCHQ with direct access to parliamentary emails, through a secret cyber security network called Haruspex, according to GCHQ’s “Cyber Defence Operations” legal policy instructions disclosed by Edward Snowden. The scanning system has been in operation for at least a decade.
MessageLabs scans for keywords to prevent the circulation of spam and malware. But it also can be configured to flag other terms and return those results to intelligence agencies.
Once again, officials are not amused their positions do not exclude them from GCHQ surveillance.
Labour deputy leader Tom Watson MP told Computer Weekly: “This will shock many of my parliamentary colleagues and provides a further illustration of why it is right for the government to give additional protections in law to MPs, lawyers and journalists. Theresa May has the opportunity to do this during the passage of the IP Bill in Parliament.”
There's a nice nod to a few other citizens not in elected positions contained in that statement, but there needs to be a solid, unified push from UK legislators during the debate over the Investigatory Powers Bill if this domestic surveillance loophole is going to be closed. As Computer Weekly notes, amendments have been made to the bill which prevent law enforcement agencies from accessing MPs' communications data, but that concession would not apply to GCHQ.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: gchq, internet, nsa, parliament, surveillance, uk
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Waht would happen
If every phone call, every EMAIL, every place they went, was monitored and Photographed.. THEN placed on the internet..
Does anyone think this is a BAD IDEA??
[ link to this | view in thread ]
[ link to this | view in thread ]
Very much predictable.
A recent ruling by an appeals court says that they don't need a warrant. Do you not see the problem? The federal government requires private companies maintain data on consumers under the law. According to the appeals court the consumer relinquishes their right to privacy (hence no warrant is needed), because these records are in the hands of 3rd parties. It is easy to see that this is deceptive.
This is the same thing type of thinking that the GCHQ is engaging in.
[ link to this | view in thread ]
Oh you poor babies...
Yeah, I've got absolutely no sympathy for them here. Much like certain politicians in the US they didn't care when the public was being spied on, which means they have no right whatsoever to expect the public to care when they are spied on in turn.
Want people to care about your privacy, then you'd best show that you care about the privacy of others otherwise you're just exposing your hypocrisy by expecting special treatment for yourself that others don't enjoy, treatment that you enabled and could stop at any time.
[ link to this | view in thread ]
That thing that we thought they did
They did
Colour me disgustingly surprised
When the bad is predictable, when the character of government is predictable, when the nature is predictable...........how about a fucking change and surprise us by doing something GOOD
when GOOD from a government is a surprise to so many, then that should be a good indication that your bloody doing it wrong....perhaps an itsy bitsy amount.......or simply continue to ignore, demonize and generally spit in the general vicinity of those ideals that get in the way of the conditioned society, the controlled society, the forced society
Mmmmmmmmm...........smells like freedom
Take the bloody money/lobbying out of politics
Stop catering the companies
Heres a concept, punish corruption, and fire some folks, no freaking to big to fire,
untouchable, the breeding grounds to corruption
Memoirs of a non consented
Choice.Love.Liberty
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Hope they choke on it
NSA..."Oops!"
[ link to this | view in thread ]