Britain’s electronic spy agency, Government Communications Headquarters (GCHQ), and its American counterpart, the National Security Agency (NSA), are working together to “Master the Internet”, the British newspaper The Guardian reports (Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davies & James Ball, “GCHQ taps fibre-optic cables for secret access to world’s communications,” Guardian, 21 June 2013). The project is part of a broader effort to gain access to as much of the world’s telephone and internet traffic as possible.
The sheer scale of the agency’s ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.
One key innovation has been GCHQ’s ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months.
GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as well as targeted suspects.
This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user’s access to websites – all of which is deemed legal, even though the warrant system was supposed to limit interception to a specified range of targets.
The existence of the programme has been disclosed in documents shown to the Guardian by the NSA whistleblower Edward Snowden as part of his attempt to expose what he has called “the largest programme of suspicionless surveillance in human history”.
“It’s not just a US problem. The UK has a huge dog in this fight,” Snowden told the Guardian. “They [GCHQ] are worse than the US.”
However, on Friday a source with knowledge of intelligence argued that the data was collected legally under a system of safeguards, and had provided material that had led to significant breakthroughs in detecting and preventing serious crime.
Britain’s technical capacity to tap into the cables that carry the world’s communications – referred to in the documents as special source exploitation – has made GCHQ an intelligence superpower.
By 2010, two years after the project was first trialled, it was able to boast it had the “biggest internet access” of any member of the Five Eyes electronic eavesdropping alliance, comprising the US, UK, Canada, Australia and New Zealand.
As the Guardian story notes, Canada is also a participant in the “Five Eyes” (or UKUSA) intelligence community.
Does the Communications Security Establishment Canada (CSEC) also take part in the “Master the Internet” project?
Here’s what the agency’s then-Chief, John Adams, told the Standing Senate Committee on National Security and Defence on April 30th, 2007:
The volume and type of communications is literally endless. That combination is the challenge for us. Our vision is security through information superiority. We want to master the Internet. That is a challenge that no one institution — be it ours or the National Security Agency, NSA, for that matter — can manage on their own. We try to do that in conjunction with our allies.
At the same time, we have a threat that is very diverse, very distributed around the world — similar to needles in haystacks. We have the combination of the technology and the threat that, together, make it virtually impossible for any one organization to manage it on its own. That is what we mean by working together. If we are to master that Internet, we will have to do it together; and we are focusing on that. [Emphasis added]
It sounds an awful lot like CSEC is on board.
Is it a bad thing for governments to want to know more about what is going on in the world?
Of course not. A well-informed government has a better chance of making good decisions and of protecting Canadians from actual threats to our security. We here at Ceasefire.ca often wish that our government showed more interest in actual facts (e.g., the looming threat to Canadian and global security posed by anthropogenic climate change; the folly of the Afghanistan intervention).
But the privacy rights of Canadians are also important. The potential value of information does not negate the importance of personal privacy.
The already extraordinary and still rapidly growing power of the UKUSA signals intelligence agencies to intrude into the private communications and activities of every citizen calls for extraordinary privacy protections as well.
Extensive privacy provisions are in fact in place, although the details of those provisions, including the details of the exceptions they contain, have not been revealed. (Information about the parallel provisions in the United States demonstrates that the exceptions can be numerous and large.) And the protections surrounding metadata (information about the communication, such as sender, receiver, and their locations) appear even less adequate.
The amount of personal information potentially available to governments will continue to grow year after year. And the ability of intelligence agency computers to store and process that information will also continue to grow.
Canada needs to debate where to draw the line between the information demands of security agencies and the right of individuals to control the government’s access to information about themselves. And to have a proper debate, we need the government to release much more information about what CSEC and other agencies are up to, about their plans for the future, and about the privacy protections needed to ensure that their powers of intrusion are not abused.
Even if you trust Canadian agencies never to abuse their access to our information, and even if you trust CSEC’s allies never to abuse their access to our information, other governments around the world, a wide range of corporations, and even criminal organizations will increasingly be able to access information about us as it streams around the planet. When will the Canadian government take action to reduce the vulnerability of Canadians to privacy intrusions from all these directions?
Surely a government that thinks it’s far too intrusive for a Canadian police officer to know whether a long-gun is present as he approaches the scene of a violent domestic dispute — a government that considers a mandatory census form too intrusive! — ought to be able to understand why Canadians might be concerned as the entire record of their telephone communications and internet activities becomes increasingly available to the scrutiny of others.