UK's mass-surveillance draft law grants spies incredible powers for no real reason – review
Despite umms and aahs, GCHQ is home free to hack
IPBill An independent review into bulk surveillance powers in the forthcoming Investigatory Powers Bill has warned that there is no proven case to let British snoops hack the planet.
The study group examined the UK government’s Operational Case for Bulk Powers [PDF], which provided the government’s reasons for needing the most intrusive and wide-reaching surveillance powers. The review panel questioned whether the information obtained via those powers could be gained by other, less intrusive means.
Published this morning, the 204-page study [PDF] found that bulk surveillance powers are indeed needed and are already in wide use by the security and intelligence agencies — but it warned that there was not yet a proven operational case for “bulk equipment interference.”
The power for the intelligence agencies to conduct enormous hacking campaigns has long been seen as one of the most controversial abilities the UK gives its spooks. The former terrorism legislation review, David Anderson QC, has advocated that “very considerable caution” over the power is needed, especially because of its ability particularly “when used at scale, to cause, even inadvertently … lasting harm to networks and to devices.”
As such, Anderson makes what he calls “a single, major, recommendation: that the Investigatory Powers Bill be amended to provide for a Technical Advisory Panel of security-cleared independent academics and industry experts to be appointed by the IPC ‘to advise the IPC and the Secretary of State on the impact of changing technology on the exercise of investigatory powers and on the availability of techniques to use those powers while minimising interference with privacy’.”
The first power examined, the bulk interception of communications is only exercised by GCHQ. It “can be dated back to the interception of messages carried on the international cable system during the First World War,” according to Anderson, who noted that “it is claimed that bulk access to that commercially operated system enabled the collection of the Zimmerman telegram, the final trigger for US entry into the First World War, and detected attempts to evade the UK’s economic blockade of Germany.”
Principally focused on “overseas-related communications”, bulk collection is a process which involves three stages: collecting; filtering; and selection for examination.
Collection involves GCHQ selecting which communication links to access “based on an assessment of the likely intelligence value of the communications they are carrying. GCHQ does not have the capacity, or legal authority, to access every [communication link] in the world.” Instead GCHQ reportedly “focuses its resources on those links that it assesses will be the most valuable.”
Filtering is applied to the traffic passing through these communications links, which is “designed to select communications of potential intelligence value while discarding those least likely to be of intelligence value. As a result of this filtering stage, the processing systems automatically discard a significant proportion of the communications on the targeted bearers.”
Selection for examination means applying simple and complex queries to the bulk intercepted communications. “Examples of a simple query are searches against a “strong selector” such as a telephone number or email address”, while complex queries would “combine a number of criteria, which may include weaker selectors but which in combination aim to reduce the odds of a false positive.”
The review had no mandate to examine the proportionality of these processes, but only whether the bulk power was, at its most basic level, useful. It found that “just under half of all GCHQ intelligence reporting is based on data obtained under bulk interception warrants” but was unable to give any more detail, as to do so “would damage national security by revealing too much about GCHQ’s capabilities.”
Having inspected a good number of intelligence reports and internal documents [which are specified in the report], I have no doubt that the bulk interception power continues to be used productively and on a large scale by GCHQ.
Anderson found that the power “has proven itself to be of vital utility across the range of GCHQ’s operational areas, including counter-terrorism in the UK and abroad, cyber-defence, child sexual exploitation, organised crime and the support of military operations.”
He states however that the “trend towards universal encryption and the anonymisation of devices may be making the bulk interception power into a (gently) diminishing asset.”
Bulk acquisition, which is currently practiced in secret under warrants issued in accordance with section 94 of the Telecommunications Act 1984, is being explicitly codified in statute for the first time by the Investigatory Powers Bill. Unlike bulk interception, acquisition is not required to be focused on international communications, but rather has involved the domestic collection of communications in the UK.
In simple terms bulk acquisition is the domestic version of the bulk interception power. Both allow for communications to be captured by the State, but additional protections are provided for domestic communications traffic.
Prime Minister Theresa May made it public last November that, since the turn of the millennium, secretaries of state have been issuing secret directions under section 94, without any judicial authorisation, to acquire domestic communications. The first glimpse of oversight these received was published in a report by the Interception of Communications Commissioner’s Office (IOCCO) last week, which revealed that at least 23 directions were currently in effect on national security grounds.
Under the Investigatory Powers Bill, section 94 of the Telecommunications Act will be repealed, but secretaries of state will have the new power to issue national security and technical capability notices to much the same effect. Section 94, as Earl Howe admitted in a debate in the House of Lords earlier this year, “has been used for a range of purposes, including for the acquisition of communications data in bulk.”
Anderson regretted that his report was “unable openly to describe” the categories of communications data and the specific purposes that the data collection under bulk acquisition currently serves, but adds that “it can safely be said however that:”
a) the existing power and the power in Part 6 Chapter 2 of the Bill both enable the SIAs [Security and Intelligence Agencies] to obtain large amounts of communications data, most of it relating to individuals who are unlikely to be of any intelligence interest; but that
(b) content cannot be obtained under either power, and it is not currently envisaged that the bulk acquisition power in the Bill will be used to obtain internet connection records.
Anderson stated that bulk acquisition “has been demonstrated to be crucial in a variety of fields, including counter-terrorism, counter-espionage and counter-proliferation”, as per the findings of oversight bodies. He noted that the changes in this area — potentially including the filtering arrangements provided by the Investigatory Powers Bill’s new “Request Filter” — meant that the bodies’ conclusions could not be guaranteed for the future.
Bulk personal datasets
Bulk personal datasets include the passport register, the electoral register, the telephone directory and data about individuals with access to firearms. These are acquired through both overt and covert channels
Anderson had “no hesitation in concluding that BPDs are of great utility” adding that “in some areas, particularly pattern analysis and anomaly detection, no practicable alternative to the use of BPDs exists. These areas of work are vital, since they can provide information about a threat in the absence of any other intelligence seed.”
Bulk equipment interference
Equipment interference (EI) is the term used to refer to the State’s aggressive hacking activities. These were previously covered by the phrase “computer network exploitation” and involved everything from “the implantation of software into endpoint devices or network infrastructure to retrieve intelligence” to “copying data directly from a computer.”
It it seen as the primary means to address the spooks’ difficulties in accessing information which is protected by encryption, especially that “rendered impossible or very difficult to intercept by end-to-end encryption.”
When targeted these hacking powers may be sought by the head of one of the security and intelligence agencies, but also by the chief of defence intelligence or by the chief constable of a police force. “There is no requirement for a link o the interests of national security: it is enough that the warrant be necesary for the purpose of preventing or detecting serious crime, or (in comes cases) preventing or mitigating death, injury or damage to a person’s physical or mental health.”
Bulk powers, on the contrary, may only be sought by the spooks, and must be necessary in the interests of national security, and a foreign focus is required. However the distinction between what is bulk and what is targeted is tightly contested.
“Thematic” warrants for EI are considered targeted, and yet as Anderson noted they may be “very broad in their scope: they may relate for example to ‘equipment in a particular location’, ‘equipment in more than one location, where the interference is for the purpose of a single investigation or operation’ and ‘equipment which is being, or may be, used for the purposes of a particular activity or activities of a particular description’.”
Thematic warrants for bulk hacking can take place “at scale” as the government has expressly acknowledged, which might cover a large geographic area or involve the collection of a large volume of data. Anderson has warned that thematic warrants may therefore be used to dodge the more stringent requirements placed on bulk hacking warrants.
According to Anderson, “the bulk EI power is unlike all the others, in that (though the dividing line between bulk and thematic is not always very clear) it has never been used.”
As a rapidly developing alternative to bulk interception, however, Anderson believes an operational case for its use has been made out in principle, but advocates “very considerable caution” especially because of its ability “particular when used at scale, to cause, even inadvertently … lasting harm to networks and to devices.”
What does this mean?
When the review was commissioned earlier this year by Theresa May, then the Home Secretary, it was in response to Parliamentary pressure by the opposition party to shift the bill through the House of Commons. The bill is now before the House of Lords and will enter its report stage when its members return from their summer holidays on 5 September.
The Liberal Democrat Home Affairs spokesperson, Alistair Carmichael MP, applauded the “in-depth and incredibly useful report in what was a very challenging time-frame, he and his team deserve all our thanks for their relentless hard work.”
"As Anderson himself states 'the Review was not asked to reach conclusions as to the proportionality or desirability of the bulk powers' it now falls to us in both the Commons and the Lords to assess whether the powers are proportionate and desirable in a democratic state. The government must table amendments to give effect to Anderson's recommendation to create a Technical Advisory Panel to advise on the impact of changing technologies and to ensure that the intrusion into privacy is always kept to the absolute minimum. A failure to do this would undermine the now Prime Minister's assertion that this Bill has privacy ‘hard-wired’ into it.” added Carmichael.
Carmichael added: “Despite it being one of the most intrusive powers, the provision to capture and store all of our web histories for 12 months has not been scrutinised in this report. Liberal Democrats continue to be utterly opposed to this excessive and authoritarian measure that not only erodes our privacy but will likely to prove to be a waste of money and fall foul of our courts."
Bella Sankey of human rights pressure group Liberty said: "The review panel consisted of former Agency staff effectively asked to mark their own homework and a Reviewer who has previously advocated in favour of bulk powers. The report provides no further information to justify the agencies’ vague and hypothetical claims and instead invites to the public to ‘trust us’. Post Chilcot, this won’t wash – hard evidence is required instead."
A question of trust
David Anderson QC, the independent reviewer of terrorism legislation, led the review. His appointment was positively received following last year’s publication of his thorough 374-page report into British State surveillance, titled A Question of Trust.
Anderson’s independence is far more obvious than that of the former reviewer of terrorism legislation, Lord Carlile, who held the position for more than nine years and came under heavy criticism last year when it was revealed that he co-owned a consultancy, SC Strategy, with the former head of MI6, Sir Richard Dearlove, whose work he effectively oversaw.
A report in the Guardian revealed that the pair had received £800,000 from their consultancy over the last three years, though Lord Carlile, a Liberal Democrat, has rejected claims that this was the reason for his surprisingly strong support for the State’s surveillance activities, claiming: “Our business relationship developed for reasons totally unconnected with Sir John having been chief of MI6.”
As part of the bulk powers review, Anderson was also able to appoint three specialists with top-level security clearance. The review’s leading counsel was Cathryn McGahey QC. McGahey is a national security barrister with extensive experience of working both with and against government departments.
Clickbait conspiracy theories attended Dr Robert Nowill’s [PDF] appointment as the review’s technical advisor. Though currently chair of Cyber Security Challenge UK, Nowill was formerly the director of technology and engineering at GCHQ.
Anderson’s investigatory advisor was Gordon Meldrum QPM, the former director of intelligence at the National Crime Agency whom Anderson stated “has the skills and investigatory experience to advise whether the advantages claimed for bulk could have been obtained by other, less intrusive means.”
Additional input into the review from was welcomed by Anderson, who stated he was “grateful for design ideas [regarding the structure of the review] from the Don’t Spy on Us Coalition, Liberty and Lord Strasburger.”
The report concludes that it “has declared the powers under review to have a clear operational purpose. But like an old-fashioned snapshot, it will fade in time. The world is changing with great speed, and new questions will arise about the exercise, utility and intrusiveness of these strong capabilities. If adopted, my recommendation will enable those questions to be answered by a strong oversight body on a properly informed basis.” ®