UK Spies Say They're Dropping Bulk Data Collection For Bulk Equipment Interference

from the I-mean,-they'll-still-use-both... dept

UK spies are changing their minds. Rapidly. Sure, bulk data collection is cool. But you know what's really cool? Mass interference with electronic devices.

At the time the Investigatory Powers Bill was passing through Parliament – it was signed into law in 2016 – EI [Electronic Interference] hadn't been used, but it was already seen an alternative to bulk interception.

However, it was expected to be authorised through targeted or targeted thematic warrants; as then-independent reviewer of terrorism David Anderson wrote at the time, "bulk EI is likely to be only sparingly used".

[...]

During the passage of the Investigatory Powers legislation, he said, the government anticipated bulk EI warrants would be "the exception", and "be limited to overseas 'discovery' based EI operations".

But with encryption increasingly commonplace, the spies want the exception to edge towards becoming the rule.

"Used sparingly" is now "used by default." Why? The good old baddie, encryption. A letter [PDF] written by security minister Ben Wallace says encryption is making bulk data collections less useful.

Following a review of current operational and technical realities, GCHQ have revisited the previous position and determined that it will be necessary to conduct a higher proportion of ongoing overseas focused operational activity using the bulk EI regime than was originally envisaged.

The lawfulness depends on the "double lock" process. The government alone can't give GCHQ permission to engage in bulk EI. There's a judge involved now, making this more of a warrant process than a subpoena process, to make a somewhat clumsy analogy. According to this report, bulk EI is still waiting in the wings. If true, it's a good thing because the double-lock process didn't actually go into effect until the end of November.

What bulk EI is remains somewhat of a mystery. But some of what's described in a 2016 report [PDF] containing several hypotheticals sounds like a lot of large-scale intrusion, ranging from Stingray-esque device location to tactics that have been left up to the imagination thus far.

This sounds a bit like the FBI's child porn hunting Network Investigative Technique: serving up malware to collect information on devices and their users.

Intelligence from sources including bulk interception identified a location in Syria used by extremists. However the widespread use of anonymisation and encryption prevented GCHQ from identifying specific individuals and their communications through bulk interception. GCHQ then used EI under an ISA authorisation (under the Bill this would be done using a targeted thematic EI warrant) to identify the users of devices in this location.

This may be a theoretical Stingray deployment:

A group of terrorists are at a training camp in a remote location overseas. The security and intelligence agencies have successfully deployed targeted EI against the devices the group are using and know that they are planning an attack on Western tourists in a major town in the same country, but not when the attack is planned for. One day, all of the existing devices suddenly stop being used. This is probably an indication that the group has acquired new devices and gone to the town to prepare for the attack. It is not known what devices the terrorists are now using. The security and intelligence agencies would use bulk EI techniques to acquire data from devices located in the town in order to try to identify the new devices that are being used by the group.

Whatever bulk electronic interference ends up being when it's actually deployed, GCHQ is sure of one thing: the less it knows about its targets, the more justified it is using it in bulk.

As the cell members can only be identified following considerable target discovery effort, a bulk EI warrant is suitable.

Whatever civil liberties concerns this program raises will probably be dismissed quickly. GCHQ's hypotheticals involve terrorism suspects overseas and child porn site operators -- the least sympathetic targets available. Foreigners are fair game for bulk anything and no one wants to side with child exploiters, even if they technically share the same civil liberties/rights.

The exception is the rule. This is how it works for those who promise the most worrying aspects of surveillance programs will be saved for the edge cases. Sooner or later, the edge cases are just cases, and no one is interested in walking anything back.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bulk collection, electronic interference, investigatory powers, mass surveillance, uk


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    That One Guy (profile), 12 Dec 2018 @ 3:42am

    Collateral damage: Not just for the opposition anymore

    Mass-malware deployment to grab everything they can and only then narrow their focus, along with spying on entire towns just in case that allows them to find targets that their own hypothetical would indicate are smarter than them and not likely to be caught by such bumbling...

    Oh yeah, I'm sure they can be totally trusted with tools and techniques that are by design meant to grab massive amounts of information, with large amounts of it from innocent people.

    link to this | view in thread ]

  2. icon
    DannyB (profile), 12 Dec 2018 @ 6:12am

    Warrant process?

    There's a judge involved now, making this more of a warrant process

    I think you meant a rubber stamp process.

    To do high volume rubber stamping, the UK should study from the master: the USPTO.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 12 Dec 2018 @ 7:23am

    "double lock" process

    So, the government has to give itself permission first.

    link to this | view in thread ]

  4. icon
    Anonymous Anonymous Coward (profile), 12 Dec 2018 @ 7:35am

    Circular reasoning turns into an ever closing circle.

    If one limits themselves to doing the things their enemies do, then they will only be able to accomplish what their enemies can. If, however, one eliminates limits and do whatever, the possibility to create new enemies becomes endemic. If one is unconcerned about how many enemies one has, then there is no downside to creating new enemies, in fact there is very likely an upside.

    The thing is, when those new enemies are in fact yourselves, finding ways to battle yourself creates new creative opportunities. After all, one can only shoot their selves in the foot so many times. At some point there is no foot left, and at some further points, the targets become fewer and fewer. For those who are bent on domination, there eventually will be nothing left to dominate. Then it becomes necessary to be creative when proclaiming who the winner is. I have no doubt those bent on domination have not thought this through, thoroughly.

    What a world...what a world...

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 12 Dec 2018 @ 7:54am

    So tell me...

    ... how "bulk" and "sparingly" can be used in the same sentence without contradiction.

    link to this | view in thread ]

  6. icon
    James Burkhardt (profile), 12 Dec 2018 @ 8:11am

    slight vocabulary change

    Tim,

    I think you might get better traction with an article like this if you highlight that the EI techniques are targeted not at child pornographers but "supposed" or "suspected" child pornographers (or perhaps even shift verbage to CP collectors...Id imagine most individuals downloading CP from a website don't/cant make their own). Then you can highlight this can and likely will be deployed against those innocent of such crimes.

    link to this | view in thread ]

  7. icon
    James Burkhardt (profile), 12 Dec 2018 @ 8:15am

    Re: So tell me...

    Simple. EI operations were expected to be enacted rarely (sparingly), even if the result was lots of data (bulk collecction). Moreover, an EI operation is expected to be more tailored because a judge is involved, but the techniques used can be directed toward broader bulk collections than would likely be approved.

    link to this | view in thread ]

  8. icon
    James Burkhardt (profile), 12 Dec 2018 @ 8:17am

    Re: Re: So tell me...

    And if I want to be pedantic - Out of respect I expose my bulk to others sparingly and so choose to wear a shirt to the pool. You probably want to be more specific.

    link to this | view in thread ]

  9. identicon
    Anonymous Hero, 12 Dec 2018 @ 8:31am

    stringray hypothetical

    I can see how this might work. You bulk capture from the group and use machine learning to learn their communication patterns. Then the group switches phones. You monitor everyone in the area in bulk, then use the machine learning to find probable matches for people in the group.

    False positives be damned!

    link to this | view in thread ]

  10. icon
    ECA (profile), 12 Dec 2018 @ 12:35pm

    Senerio above..

    Demands that the EI has access to the system in 1 form or another..
    Think hard about that.
    Willingly the company GAVE them access..
    Unwillingly, covertly, Unknowingly...They got access another way..

    Hmmm..
    Who is putting Strange hardware into systems..

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.