This document discusses government surveillance programs and civil liberties in the UK. It provides examples of surveillance programs operated by GCHQ and the NSA, such as programs that collect data from social media sites, smartphones, text messages, and more. The document questions whether surveillance is being conducted within proper legal and oversight guidelines, or if it has gone too far and infringed on citizens' privacy and civil liberties. It calls for stronger legal protections and more oversight of surveillance activities.
1. Civil liberties and security -
are they in balance?
in association with
ARE WE BEING
WATCHED?
01 Dont spy on us cover.indd 15 23/09/2014 12:12:08
2. FACTS & FIGURES
Worried about whether surveillance is happening? According to the evidence, it’s too late to be
concerned – it’s been going on for some time, as these examples illustrate.
Need to know
GRAPHICS:SHUTTERSTOCK.DESIGNBYLEONPARKS
Edgehill
A GCHQ programme used to decrypt
information and to gain access
to Gmail servers.
l Operational since 2012
l GCHQ hopes to have cracked codes
used by 15 major internet companies and
300 VPNs by 2015
http://www.theguardian.com/world/2013/sep/05/
nsa-gchq-encryption-codes-security
QuantumTheory
This is an attack vector that injects
packets into target computers to launch
Computer Network Attacks (CNA) and
Computer Network Defence (CND)
l GCHQ has used QuantumTheory
to gain access to Gmail, AOL, Yandex
(Russian web browser), Twitter, YouTube
and other sites
http://www.spiegel.de/fotostrecke/photo-gallery-
how-the-nsa-infiltrates-computers-
fotostrecke-105339-13.html
World of Warcraft spying
l GCHQ uses World of Warcraft to spy on
gamers, who, according to the agency’s
documents, amount to over ten million users
l NSA documents say GCHQ has developed
exploitation modules for Xbox Live (48
million-plus players) and World of Warcraft.
Had the ability to start producing reports
beginning in April 2008
https://www.eff.org/files/2013/12/09/20131209-nyt-nsa_games.pdf
Nosey Smurf, Dreamy
Smurf, Tracker Smurf
Series of programmes used to exploit
smartphone apps and to collect a “target’s”
information. Developed jointly by GCHQ and
the NSA; operational at least since 2010.
l Nosey: turns the phone’s microphone on
l Tracker: high-precision geolocation
l Dreamy: power management
l Paranoid: hides presence of spyware
l GCHQ can download data from users of Angry Birds (reported
to be roughly 1.7 billion users)
http://www.spiegel.de/fotostrecke/photo-gallery-how-the-nsa-infiltrates-
computers-fotostrecke-105339-13.html
Squeaky Dolphin
Collection programme owned by
GCHQ and used to monitor.
l Collects from Facebook, Twitter and
YouTube in real time
l Can collect addresses from videos
watched and other user information,
on a daily basis. Can also monitor the
URLs “liked” by visitors on blogger/
blogspot and Facebook visits
http://www.spiegel.de/fotostrecke/photo-
gallery-how-the-nsa-infiltrates-computers-
fotostrecke-105339-13.html
Royal Concierge
Owned by GCHQ, this is a collection
programme that exploits hotel
reservations to track the location of
foreign diplomats.
l Monitors 350 hotels worldwide
http://www.spiegel.de/international/europe/
gchq-monitors-hotel-reservations-to-track-
diplomats-a-933914.html
Optic Nerve
GCHQ programme that can collect still
images of Yahoo webchat.
l Saves one photo every five minutes
l 1.8 million users targeted in a
six-month period
http://www.theguardian.com/world/2014/feb/27/gchq-
nsa-webcam-images-internet-yahoo
Dishfire
Global text message collection database
operated by the NSA and GCHQ. GCHQ
has access to the database (though British
analysts are not legally permitted to read
the contents of SMS messages).
l Collects 200 million text messages from
across the world every daily
l Extracts location, contacts book, credit
card details and more
l Collecting five million missed calls
l Border crossings (roughly 1.6 million)
l Names from electronic bus cards (110,000 from electronic
business cards)
l Financial transactions (over 800,000 through text-to-text
transactions or credit card linkage to phone users)
l Geolocation (from more than 76,000 texts, including texts
from travel companies)
http://www.theguardian.com/world/2014/jan/16/nsa-collects-millions-
text-messages-daily-untargeted-global-sweep
2 | NEW STATESMAN | 26 SEPTEMBER – 2 OCTOBER 2014
02 facts & figures.indd 2 23/09/2014 10:58:14
4. 4 | NEW STATESMAN | 26 SEPTEMBER – 2 OCTOBER 2014
HEAD TO HEAD
E
arlier this year, the government
rammed emergency data retention
legislation through Parliament with-
in two days, forgoing proper debate and
scrutiny.Therewasjustoneproblemwith
this approach – there was no emergency.
The judgment of the European Court
that overruled the old legislation came
three months before the government’s
purported “emergency” – providing am-
ple time for a full legislative process.
Our intelligence agencies have long ar-
gued that they have a “gap in coverage”,
which requires new powers. This argu-
ment was utterly rejected by a Joint Com-
mittee of both Houses of Parliament. As
a result, the government has been very
wary of holding a protracted debate on
surveillance powers. A manufactured po-
litical emergency was the perfect cover to
avoid just such a debate.
The aim should be, and I am sure that
this is a view shared by Dominic Grieve,
a system that protects the public while
having a minimal impact on the privacy
of citizens.
Unfortunately, our current system is
failing on both counts: it does not suffi-
ciently protect us and is highly intrusive.
Indeed, current mass surveillance tech-
niques may well be making our security
services less effective.
The fact of the matter is we collect far
more information than we can effectively
analyse or use, and we do not necessarily
use it well:
l Prior to 9/11, the NSA monitored com-
munication traffic through the al-Qaeda
communications hub in the Yemen, but
failed to pass on information to the FBI.
The CIA also knew that two of the hijack-
ers were in the US prior to the attack, and
deliberately failed to notify the FBI.
l Similarly, in the 7/7 attack in London,
the bombers were known to our intel-
ligence agencies, however our various
agencies and police forces mismanaged
that intelligence.
Both incidents might have been averted
or the impact lessened if we had made
better use of the information we had. We
will never know.
But it would benefit no one to give
our security services the ability to gather
more of our data without judicial con-
straint. After all, when you are searching
for a pin in a haystack, it does not help to
increase the size of the haystack. Instead,
we need to get much better at targeting
data interceptions and collection, and im-
proving our data analysis methods.
After the NSA whistleblower Edward
Snowden revealed the huge extent of rou-
tine surveillance carried out by western
intelligence agencies, an extraordinary
defence was rolled out to justify this gross
intrusion of our privacy – essentially, “we
may collect the data but we don’t look at
it, or if we look at it we don’t remember it,
or if we do remember it we don’t use it”.
There are simply too many flaws in our
current system:
l There is too little protection for the
public. And remember, it is not just state
agencies that may misuse these powers. It
could be a malevolent police officer, or an
intelligence agent, or an external hacker or
even a Snowden-style contractor.
l There is a propensity to protect the sys-
tem rather than the public. The secrecy of
our interception techniques appears more
important than effectively catching and
prosecuting those who would do us harm
– and so we are the only major country
in the world that forbids the use of inter-
cept evidence in courts. This protects the
spies, but not the public.
l The mechanisms of approval and over-
sight are wholly inadequate. The approval
mechanisms are essentially in-house for
the majority of metadata collection, and
there is no judicial approval process at all.
Of course, some collected data is vital
to the work of our intelligence agencies.
Phone location information, for exam-
ple, is massively important in kidnap
cases. But all such cases could be easily
and swiftly approved under an effective
judicial oversight system. I do not argue
that we should not use such data: but we
should use it more judiciously.
It is understandable that our police and
intelligence agencies always want more
powers, more data, more intrusive capa-
bility. But there are serious questions over
the efficacy of such methods.
The US agencies abandoned email data
collection some time ago on the grounds
that is was not cost-effective, and are
withdrawing from much of the phone
metadata programmes. Our agencies
would benefit from following suit.
In the words of one American intelli-
gence officer: “We are not a police state,
but the mechanisms are in place to create
one.” Instead of extending such mecha-
nisms, we should be concentrating on
the better use of less, but more effectively
targeted data. This would create more fear
among our enemies, and at the same time
more security for us. l
David Davis is the Conservative MP
for Haltemprice and Howden. He stood
against David Cameron in the 2005
Conservative leadership election
The best intelligence system would protect the public but have a minimal impact
on our privacy. Our current system fails on both counts
By David Davis
Liberty is all
When you are searching
for a pin in a haystack,
don’t enlarge the haystack
04 David Davis.indd 4 23/09/2014 10:30:21
5. THE LEGAL FRAMEWORK
T
here is one thing on which I know
David Davis and I will agree, and
this is that the issue of surveillance
and the interception of communications
is a legitimate matter of public debate. I
do not subscribe to the doctrine of “noth-
ing to hide, nothing to fear”. In a free and
civilised society, the right to privacy and
restrictions on state power to infringe it
are of central importance and need to be
upheld. And that is what our laws should
set out to provide.
In my time as attorney general, a central
part of my work was to ensure that our
security agencies acted within the law.
The Regulation of Investigatory Powers
Act 2000 undoubtedly requires replace-
ment in view of the technological changes
that have taken place since it was enact-
ed. The need for this was highlighted by
the government’s being obliged to enact
emergency legislation with a two-year
sunset clause this year to cover gaps. But
that does not mean that there is a free-for-
all for the agencies in this area, as some
assertions made after the NSA whistle-
blower Edward Snowden’s allegations
have suggested.
All in proportion
Unless the Interception of Communica-
tions Commissioner, Sir Anthony May,
the Intelligence Services Commissioner,
Sir Mark Waller (both retired judges), the
intelligence and security committee of
parliament and government ministers,
including myself, have been system-
atically hoodwinked, which I find im-
probable, the agencies, and in particular
GCHQ, have been scrupulous in ensur-
ing they operate within the law and that
the interception of communications, in-
cluding the handling of metadata, is done
in a manner that meets the criteria of not
going outside the scope of an authorising
warrant and being necessary and propor-
tionate to the dangers from which we
need to be protected.
Late last year, Sir Iain Lobban, director
of GCHQ, gave evidence in public to the
intelligence and security select commit-
tee. He made clear that the post-Snowden
allegations of generalised access, or even
the possibility of such access, to commu-
nications metadata was a fantasy version
of their work. He also made clear that co-
operating with the US cannot be used to
circumvent legal requirements.
Part of the problem is any discussion
that involves revealing technical capac-
ity often risks compromising that capac-
ity, so of necessity it creates conditions
where some statements have to be taken
on trust. I doubt there is an easy solution
to this, but it would be helpful if in enact-
ing new legislation there could be greater
statutory clarity on what is permitted.
We could also do with a greater under-
standing of the threat to both our security
and privacy from cybercrime, some of
which is a state-sponsored and -directed
activity. We should be far more worried
about this than anything being done by
the UK government. It directly threat-
ens our security, privacy and economic
well-being. Countering it is going to need
sustained effort and underlines the need
for the agencies to have a role in this area
without which we cannot address it.
I am also convinced that the retention of
communications data for use in criminal
proceedings is absolutely necessary. We
have been able to do this for years, start-
ing with the records of numbers called
on fixed telephone lines. In prosecut-
ing drug importation cases, it was relied
on routinely, as I, then a junior barrister,
can confirm.
Further safeguards
The principle today remains the same,
even if the variety of methods available
to communicate is much greater. There
is certainly scope for considering what
further safeguards could reasonably be
added in relation to how access to this
data, which does not include content, is
authorised. But I think it is entirely rea-
sonable to require service providers to
retain it for a reasonable period of time.
The potential for any misuse simply does
not outweigh the evidential benefits for
investigating and prosecuting serious
crime and terrorism.
There are other areas of possible sur-
veillance away from communications
that should rightly trouble us. I was de-
lighted when the present government got
rid of the legal structure for identity cards.
We also need to be vigilant about intru-
sive bureaucratic snooping and knee-jerk
reactions to terrorist outrages promoting
pointless infringements of liberty.
But none of this means we cannot take
comfort in having laws and rules in place
at present which, in an imperfect world,
allow for both our security to be protect-
ed and our freedom respected. We should
build on them and not get mired in the
delusion that they are being ignored. l
Dominic Grieve is the Conservative MP
for Beaconsfield. He served as attorney
general for England and Wales and
advocate general for Northern Ireland
from May 2010 to July 2014
Britain should take comfort in knowing we have legislation which, however imperfect,
allows us to feel our security is protected and our right to privacy respected
By Dominic Grieve
Within the law
Cybercrime is more of a
worry than anything done
by the UK government
26 SEPTEMBER – 2 OCTOBER 2014 | NEW STATESMAN | 5
05 Dominic Grieve.indd 5 23/09/2014 10:30:06
6. 6 | NEW STATESMAN | 26 SEPTEMBER–2 OCTOBER 2014
THE CAMPAIGN
C
oncern over privacy in the age of
social media, Big Data and both
state and corporate surveillance is
not restricted to any single political per-
suasion. A number of influential NGOs
have come together in an unprecedented
coalition – the Don’t Spy On Us campaign
– to tackle these issues.
Thomas Hughes, executive director of
Article 19, is among them. “All of us have
a right to free expression and a right to
privacy, but these are violated by arbitrary
mass surveillance programmes that as-
sume guilt over innocence,” he says.
“If the UK, which prides itself on being
an open and democratic nation, contin-
ues to carry out mass surveillance on this
scale, it gives carte blanche to oppressive
regimes to keep spying on their citizens.”
Jo Glanville, director of English PEN,
concurs. “The protection of the right to
a private life is crucial for freedom of ex-
pression,” she says. “None of us can freely
exchange or record information and ideas
without the expectation of privacy.
“It’s been over a year since we found out
that GCHQ has been engaging in blanket,
unwarranted surveillance and our politi-
cians have conspicuously failed to address
our concerns or to protect our rights.
They need to act now.”
Shami Chakrabarti, director of Liberty,
is blunt: “The game is up and the authori-
ties busted on blanket surveillance pur-
sued without democratic debate, let alone
legal authority. Those in power need to
know we care.”
The theme is developed by Jim Killock,
executive director of the Open Rights
Group. “The government needs to stop
sidelining the issue of mass surveillance,
hold a proper inquiry and bring in legisla-
tion that will make its agencies account-
able for their actions,” he says. “They’re
undermining everyone’s confidence in
the security services, parliament and the
technologies we use every day.”
Gus Hosein, executive director of Pri-
vacy International, adds: “Secret surveil-
lance is anathema to a democratic society,
as no real debate can take place without
an informed public. The Snowden docu-
ments have been critical in sparking this
debate,andwemustnowadvocateforlaws
that make the state’s actions transparent,
subject to independent authorisation
and effective oversight while outlining
clear legal frameworks in accordance with
democratic principles.”
Emma Carr, director of Big Brother
Watch, sums it up: “All of us have a right
to free expression and a right to privacy,
but these are violated by arbitrary mass
surveillance programmes that assume
guilt over innocence.
If the UK, which prides itself on
being an open and democratic nation,
continues to carry out mass surveillance
on this scale, it gives carte blanche to op-
pressive regimes to keep spying on their
citizens, restricting the space for free
expression.” l
Don’t Spy On Us calls for reform of
the legal framework so the intelligence
agencies reduce spying on the people of
Britain. Visit: dontspyonus.org.uk/org
Free expressions
“The game is up.
Those in power need
to know we care”
Stephen Fry
“There is
something
squalid and
rancid about
being spied on.
Nobody likes
it, the idea of
having your
letters read,
your telegrams,
your faxes, your
postcards intercepted. It was always
considered one of the beastliest,
meanest things a human being could
do – and for a government to do
without good cause.
“Using the fear of terrorism that
we all have, the fear of the unknown
that we all share, the fear of enemies
who hate us, is a duplicitous and
deeply wrong means of excusing
something as base as spying on citizens
of your own country.
“GCHQ and the NSA in America
co-operate through Prism, and
other systems, to listen in on, to read
and intercept everything we send.
It’s enough that corporations know
so much about us: our spending
habits, our eating habits, our sexual
preferences, everything else. But
that a government – something we
elect, something that should be
looking after our best interests –
should presume, without asking, to
take information that we swap, we
hope privately, among ourselves,
is frankly disgraceful.
“Those of us who at the very
beginning of the internet had the
highest hopes for it haven’t lost our
optimism. We still think that the
ability to call our masters to account,
to find things out, is incredibly
important. But it is very depressing
how much governments wish to
control the internet and it’s up to
us to speak out about it.
“And it’s up to the real leaders and
masters, as it were, in this field – the
ones we trust and know are on the side
of freedom, people such as Sir Tim
Berners-Lee – to lend their voice to
a campaign to urge governments,
everywhere in the free world, to step
back from the brink of totalitarianism
that is threatening to engulf us.” l
06 Soundbytes.indd 6 23/09/2014 11:41:32
7. OPINION: THE ROLE OF THE STATE
S
urveillance, once targeted at a small
number of individuals, has grown
in scope to encompass everyone
who uses a device to connect to the in-
ternet. This is a long-term trend. Privacy
International’s report Eyes Wide Open
demonstrates that the Five Eyes alliance
of states – comprising the signals intelli-
gence agencies of the United States, UK,
Canada, Australia and New Zealand – has
been growing unchecked for almost 70
years. The report shows how Five Eyes
has infiltrated every aspect of modern
global communications systems.
Much of it relates to the digital nature of
modern communications. A leaked strat-
egy document by the US National Secu-
rity Agency (NSA), published by the New
York Times in November 2013, exposes
the clear interest that the intelligence
agencies have in collecting and analysing
signals intelligence (SIGINT):
“Digital information created since 2006
grew tenfold, reaching 1.8 exabytes
in 2011, a trend projected to continue;
ubiquitous computing is fundamentally
changing how people interact as
individuals become untethered
from information sources and their
communications tools; and the traces
individuals leave when they interact
with the global network will define
the capacity to locate, characterise and
understand entities.”
The Five Eyes intelligence agencies ap-
pear to be the most powerful they have
ever been. Operating with little oversight
from our elected politicians and mislead-
ing the public, the agencies boasted in this
secret strategy document how they “have
adapted in innovative and creative ways”
that have led some to describe these times
as “the golden age of SIGINT”.
GCHQ is playing a dirty game; not
content with following the already per-
missive legal processes under which it
operates, it has found ways, according to
disclosures by the whistleblower Edward
Snowden, to infiltrate all aspects of mod-
ern communications networks. Thanks
to Snowden, we have a great deal of de-
tail on these programmes, including code
names.Thoughmanyoftheprogramsand
documents he exposed have now been ac-
knowledged publicly by the NSA, GCHQ
has refused to comment. The projects
were never disclosed to parliament. Only
by understanding them can we work out
how surveillance affects us personally:
The Prism programme forces major
internet companies to hand over their
customers’ data under secret orders. The
Muscular programme enables the NSA to
secretly tap fibre-optic cables between the
data centres of some of the globe’s most
popular online platforms.
GCHQ has co-opted the world’s largest
telecommunications companies, such as
Vodafone and BT, to intercept the trans-
atlantic undersea cables as they land in
Cornwall under the Tempora programme.
Tempora scans and filters every commu-
nication that passes through these cables.
It is the equivalent of downloading the
entire British Library 192 times every day.
The Bullrun programme sabotages en-
cryption standards and standards bodies,
undermining the ability of internet users
to secure information. Encryption is used
for everything from online banking to our
personal emails.
Even your mobile phone can be ac-
cessed directly. Dreamy Smurf can infil-
trate our smartphones and turn them on
(even when we’ve switched them off).
Nosey Smurf can turn on the microphone
in a mobile remotely to listen in to our
conversations, and Tracker Smurf can
track our location in real time.
None of the capabilities listed above
has ever been scrutinised by parliament.
By remaining in the shadows, our intel-
ligence agencies – and the governments
that are supposed to control them – have
removed both our ability to challenge
their actions and their impact on our indi-
vidual human rights.
Can we fight back? You can encrypt
your email using free open-source tools
such as GPG, your phone calls using apps
such as Signal and your text messages
with TextSecure from Open Whisper
Systems, making mass passive surveil-
lance that much harder to do. But, to
achieve meaningful change, the policies
and practices of GCHQ and others in the
Five Eyes alliance must change, too.
Secret law has never been acceptable
law, and we cannot allow our intelligence
agencies to justify their activities on the
basis of it. l
Eric King is the deputy director of
Privacy International
Technology has made us vulnerable to snooping. So what exactly are the security
agencies able to do – and what can we do to protect ourselves?
By Eric King
They’ll be
watching you
The intelligence agencies
work with little oversight
from elected politicians
26 SEPTEMBER – 2 OCTOBER 2014 | NEW STATESMAN | 7
07 Eric King.indd 7 23/09/2014 10:29:15
8. “Don’t worry,
it’s just metadata”
Metadata is data about data. Not what is written in the
email, but information on who the email is to, whether
they read it, the time it was sent and from which computer
or device. Governments around the world, including the
British Government, are now demanding access to this
type of data on a mass scale, proclaiming it is not intrusive
as it is not the same as listening in to a phone call. So, what
is metadata and why should you care?
Your phone is a spying device – it has two microphones,
2 cameras, telephony, GPS, Bluetooth and WiFi capability.
Most people are more honest with their internet searches
than they are with their own family.
The Government’s surveillance
services can now know:
l EVERYTHING you have searched for online and the
page addresses you visited from those search results,
your location when you were online, how long you
stayed on a page
l Your login details if you have the auto-fill feature
switched on
l Who you are with and the duration you were with them.
l Who you are emailing, the subject line, whether it has
been read and whether it has been replied to.
l Every person you call, their location and how long the
call lasted
l When and where you took photos which are now
online, plus all the information you tag it with
l The apps you use
TAKE BACK CONTROL OF THE INTERNET
Download F-Secure Freedome now! Get 3 months free
with this unique code cnt5nze8
F-Secure Freedome
• Ensures that nobody can track you when you are online
• Encrypts your data so that no one else can read it when using
Public WiFi
• Allows you to browse safely online by blocking harmful sites
and apps
• Automatically blocks viruses and malware
freedome.f-secure.com
F-secure back page.indd 1 23/09/2014 12:28:32