nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Big Brother is born. And we find out 15 years too late to stop him

Elected MPs were deliberately misled by Brit spy agencies

By Duncan Campbell, 16 Dec 2015

Exclusive The "Big Brother" comprehensive national database system feared by many MPs has been built behind their backs over the last decade, and even has a name for its most intrusive component: a central London national phone and internet tapping centre called PRESTON.

PRESTON, which collects about four million intercepted phone calls a year, has also recently been used to plant malware on iPhones, according to disclosures by former NSA contractor Edward Snowden. The phones were then targetted for MI5 "implants" (malware), authorised by a ministerial warrant.

The location and role of the PRESTON tapping centre has never previously been publicly identified, although published Crown Prosecution Service guidance to senior prosecutors refers to secret "Preston briefings" which they can be given if tapping evidence in a case they are prosecuting reveals that a defendant may be innocent. (The guidance also notes that the briefing may be given after exculpatory intercept evidence has been destroyed.)

Located inside the riverside headquarters of the Security Service, MI5, in Thames House, PRESTON works alongside and links to massive databases holding telephone call records, internet use records, travel, financial, and other personal records held by the National Technical Assistance Centre (NTAC), a little known intelligence support agency set up by Tony Blair's government in a 1999 plan to combat encryption and provide a national centre for internet surveillance and domestic codebreaking.

Soon after, the Parliamentary Intelligence and Security Committee were told that the spy agencies would fund NTAC as "a twenty-four hour centre operated on behalf of all the law enforcement, security and intelligence agencies, providing a central facility for the complex processing needed to derive intelligence material from lawfully intercepted computer-to-computer communications and from lawfully seized computer data ... The NTAC will also support the technical infrastructure for the lawful interception of communications services including Internet Services."

The Home Office then commissioned and funded a technical plan to establish an interception network for the domestic internet, and allocated a £25m budget to get NTAC started.

In 2002, the Home Office announced that NTAC would continue to support the needs of law enforcement for a continuing flow of intelligence and evidence. Lingering concerns about NTAC's full planned role were shrugged off and forgotten after the 9/11 attacks.

Slurping and storing your bank card records ... because nobody's innocent

NTAC's officially authorised interception targets now also include international banks and airlines, in order to copy, decrypt and store personal credit card and banking transactions and flight bookings.

Some airlines such as BA have agreed to co-operate and voluntarily hand over their passengers' details to NTAC's data stores; those who do not agree, or have not been asked, have their data networks tapped under special warrants by NTAC in an operation codenamed CATSUP. Since 2006, NTAC has been managed by GCHQ and integrated into all agencies' operations.

Intercepted personal financial and banking information has been identified inside NTAC and GCHQ as FININT, and is subject to special handling arrangements, as is Travel Tracking Authorisations (TTA) which are based on similar sources.

In about 2008, Vodafone Cable, under its previous identity of Cable and Wireless, provided fibre optic cables to link intercepted internet communications and send communications data direct to NTAC.

According to engineers who have worked at major telecommunication companies' headquarters, including Orange in Bristol and Vodafone in Newbury, the companies were compelled by secret orders to connect optical fibre links direct to NTAC in London.

The links carry tapped internet and phone connections to NTAC, which acts as a distribution centre to other intelligence agencies and police forces. BT data centres are also directly linked to NTAC for the supply of subscriber information, telephone call records, and domestic internet interception.

Orders to install the secret connections to NTAC were issued using powers under the Regulation of Investigatory Powers Act (RIPA). In its 2014 Disclosure Report, Vodafone pointed out that "Section 19 of the Regulation of Investigatory Powers Act 2000 prohibits disclosing ... the existence of any requirement to provide assistance in relation to a warrant."

"This duty of secrecy extends to all matters relating to warranted lawful interception", the Vodafone report adds. 2,795 warrants were issued during 2014, roughly double the numbers issued annually before NTAC was created. Each warrant can cover multiple lines or e-mail addresses.

The fact of lawful telephone interception has been public since the Interception of Communications Act (IOCA) was passed in 1985. But another law passed the year before has secretly been used to build a massive database at NTAC of every telephone call everyone in Britain has made over the past 15 years.

The existence of the telephone call record database at NTAC was completely secret until March this year, when the government started to allow hints in a series of official reports that it had been using a special power under the Telecommunications Act of 1984 to require all UK telephone companies to hand over "bulk records" of everyone's telephone calls.

During the passage of RIPA, and in many debates since 2000, Parliament was asked to consider and require data retention by telephone companies, claiming that the information was vital to fighting crime and terrorism.

But Prime Minister Tony Blair and successive Home Secretaries David Blunkett and Jack Straw never revealed to Parliament that at the same time, the government was constantly siphoning up and storing all telephone call records at NTAC.

As a result, MPs and peers spent months arguing about a pretence, and in ignorance of the cost and human rights implications of what successive governments were doing in secret.

When former shadow home secretary David Davis MP asked Home Secretary Theresa May in March 2014 "whether she has given directions under Section 94 of the Telecommunications Act 1984 to the providers of telecommunications services for the acquisition of data in bulk relating to (a) thousands and (b) millions of people", he was fobbed off with the ritual excuse "as with the practice of previous Governments, we do not comment on security matters."

At the same time, telephone companies like BT also refused to confess as to whether they were handing over all customers' call records in bulk.

Finally, on November 4th, the Home Office took the lid off what had been going on secretly since 2000. Asking Parliament to allow mass surveillance of telephone records to continue, Home Secretary Theresa May admitted that "under Section 94 of the Telecommunications Act 1984 ... successive governments have approved the security and intelligence agencies’ access" to [bulk] communications data from communication service providers", claiming that it helped MI5 "thwart a number of attacks here in the UK"

The next day, former Deputy Prime Minister Nick Clegg revealed that he had been part of the deception: "When I entered government in 2010 ... a senior official took me aside and told me that the previous government had granted MI5 direct access to records of millions of phone calls made in the UK – a capability only a tiny handful of senior cabinet ministers knew about – I was astonished that such a powerful capability had not been declared either to the public or to parliament and insisted that its necessity should be reviewed."

It wasn't reviewed. Clegg blocked the failed 2012 Communications Data Bill, which the government has now reintroduced in a more ferocious and far-reaching form.

David Davis MP told The Register this week that "much of the debate for the last 15 years appears to have been a charade about data that the government very likely already held. It is also clear that the legislation that the government relied upon was being interpreted in ways that Parliament never imagined."

He intends to raise the significance of the long term concealment of the national call record centre in evidence to Parliament's review committee on the new Investigatory Powers Bill, which also seeks to legalise the massive collections of "Personal Bulk Datasets affecting millions of Britons" that the Home Office now admit has been taking place for a decade.

There are now dozens of intelligence "Bulk Personal Datasets" on millions of people, "the majority of whom are unlikely to be of intelligence interest", as the government has admitted in documents accompanying the draft Investigatory Powers Bill.

Intelligence agency staff have stated: "These datasets vary in size from hundreds to millions of records. Where possible, Bulk Personal Datasets may be linked together so that analysts can quickly find all the information linked to a selector", such as a telephone number or search query. The information retrieved "may include, but is not limited to, personal information such as an individual’s religion, racial or ethnic origin, political views, ... medical condition, sexual orientation, or any legally privileged, journalistic or otherwise confidential information."

NTAC has access to NHS information, according to official documents.

Before PRESTON, there was "TINKERBELL"

The Parliamentary Intelligence and Security Committee were told earlier this year that "Bulk Personal Datasets may be acquired through overt and covert channels" (such as by intercepting data links), and that the agencies, including NTAC, share Bulk Personal Datasets between them.

The legal authority for the acquisition and use of Bulk Personal Datasets was claimed to be authorised by the Intelligence Services Act 1994, but to be "implicit rather than explicit".

As the minister who arranged for the 1994 Intelligence Services Act to pass through Parliament, David Davis says that officials never conveyed, even secretly, how they saw the law as authorising the creation of a joined-up secret national database.

"What is becoming ever more clear in the latest revelations around the IP Bill is that the level of intrusive surveillance has for over ten years been massively more than the government ever admitted to Parliament, most particularly in the field of bulk data sets", he told The Reg.

Ironically, it was the revelation of Britain's first national telephone tapping centre, known to the police as "Tinkerbell", that forced the government to acknowledge and then legally regulate phone tapping. Tinkerbell was located in Chelsea, half a mile from where PRESTON now operates. I revealed the Tinkerbell centre in the New Statesman magazine in 1980, forcing the government to announce a white paper, appoint a judge, and finally to create the Interception of Communications Act.

That act also legalised bulk collection from overseas cables, I wrote at the time. Confirmation of that story has taken 30 years, to the time of Edward Snowden.

The Reg, seemingly alone in the UK press, has not been 15 years behind in hearing of and warning about the Big Brother national database. Our Christopher Williams, now at the Telegraph, got wind of the NTAC central database story in 2009, and also got the first scoop on the start of GCHQ's mass surveillance "Mastering the Internet" program, now revealed as Project Tempora in documents provided by Edward Snowden.

Vigilance on behalf of liberty has had little discernible impact, except in the field of semantics. Across 299 pages in the new Investigatory Powers Bill [PDF], the word "database" does not appear once.

Billions of call and internet records, stolen financial data, intercepted travel records, a heap of bulk personal datasets on matters including religion, racial or ethnic origin, political views, medical condition, sexual orientation, or legally privileged, journalistic or otherwise confidential information, all joined up together and archived in secret do not constitute a "database", whatever techie readers may think. And that's official. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing