- Home /
- News /
- 2014 /
- January /
- UK: Interception, Intelligence and Surveillance reports: Interception Commissioner fails to report on Section 8(4) certificates authorising GCHQ's mass data collection
UK: Interception, Intelligence and Surveillance reports: Interception Commissioner fails to report on Section 8(4) certificates authorising GCHQ's mass data collection
09 January 2014
• Interception warrants and modifications at all-time high
• Collection of communications data ("metadata") at all-time high
• Surveillance Commissioner unable to monitor all undercover police as Home Office fails to provide details of exactly which units are to be overseen
Tony Bunyan, Statewatch Director, comments:
"The government claims that GCHQ's interception of fibre-optic cable telecommunications traffic (and of satellite communications) is lawful under under RIPA 2000 Section 8(4) certificates issued by the Foreign Secretary. These certificates grant sweeping general powers which are meant to be overseen by the Interception Commissioner who is responsible reporting on Sections 1-11 of RIPA 2000. His Report is silent on this crucial issue - this is yet another reason for a wholesale review of the role and accountability of the security and intelligence agencies in a democratic society."
The Interception of Communications Report
Annual Report of the Interception of Communications Commissioner (67 pages, pdf). The Commissioner, Sir Paul Kennedy, is responsible under RIPA 2000 for interception (phone, e-mail, text messages, communications data - who communicates to who and when by phone, mobile, and internet usage) by GCHQ, MI5, MI6, DIS (Defence intelligence Staff) and police forces.
Thus the Commissioner is responsible for interception carried out by GCHQ. The Guardian revealed in June 2013 that GCHQ was intercepting traffic using the fibre-optics cable networks to and from Europe and in and out of the USA and elsewhere via the
PRISM and
Tempora programmes.
The government argued that GCHQ's actions were lawful because it relied on Section 8 para 4 of RIPA 2000 whereby a Secretary of State (in GCHQ's case the Foreign Secretary) can issue a very broad Section 8(4) certificate and warrant not referring to named individuals but classes of data based on "descriptions of intercepted material the examination of which he considers necessary" for national security, serious crime and the "economic well-being" of the UK (under Section 5 (a), (b) and (c)). The issuing of certificates includes:
"the interception of external communications in the course of their transmission by means of a telecommunications system.." (S8.5.a) [emphasis added]
And the certificate can authorise:
"all such conduct (including the interception of communications not identified by the warrant) as is necessary to undertake in order to do what is expressly authorised or required by the warrant" (S5.6.a)
In other words a Section 8(4) certificate gives GCHQ a "blank cheque" to hoover up mass data (both communications data and content).
The Guardian reported that:
"Lawyers at GCHQ speak of having 10 basic certificates, including a "global" one that covers the agency's support station at Bude in Cornwall (GCHQ), Menwith Hill (NSA) in North Yorkshire, and Cyprus (GCHQ)."
It also reported the existence of a power not covered by RIPA 2000:
"GCHQ says it can also seek a sensitive targeting authority (STA), which allows it snoop on any Briton "anywhere in the world" or any foreign national located in the UK."
See:
The legal loopholes that allow GCHQ to spy on the world:William Hague has hailed GCHQ's 'democratic accountability', but legislation drafted before a huge expansion of internet traffic appears to offer flexibility (Guardian link)
The Commissioner's remit is to oversee the Part I Chapter I of RIPA 2000. He is expressly charged with overseeing Sections 1-11 of the Act including the issuing of Section 8(4) certificates to GCHQ by the Foreign Secretary - but his report is totally silent on this issue.
- Interception warrants and modifications
The Report gives only two figures both of which are problematic. First, the number of interception warrants, signed by a Secretary of State, issued during the year was 3,372 as compared to 2,911 in 2011 (a 16% increase). However, the Commissioner again does not publish the number of "modifications", which were published between 1998-2010. He does not believe any additional figures should be given as this "could provide hostile agencies with information". "Modifications" (see:
How changes in procedure disguise true surveillance figures) include extensions to existing warrants which in 2010 were 6,409 (prior to 1998 any changes required a new warrant). Nor does he publish the number of warrants already in place at the beginning of the year, which need to be added to those issued during the year to get an accurate total of warrants in place. Historical extrapolated figures indicate that the number of warrants operating in 2012 was 3,372 plus 1,281 already in place giving a total of 4,653. The number of "modifications" were (when published) three times the number of warrants issued giving an estimate for 2012 of 13,959. Since 1998 warrants are issued for a single individual, a number of individuals or a group/organisation's premises (rather than being issued to different service providers) - thus further disguising the number of people placed under surveillance.
This gives an overall annual total of 18,612 warrants in place including "modifications" - the highest number on record (up from 12,138 in 2011). No figures are given of the number of arrests or convictions in which the interception of communications were used.
- "Communications data" = metadata
The Commissioner is also responsible for RIPA Part 1 Chapter II concerning the acquisition of communications data held by service providers by the agencies (GCHQ, MI5, MI6, DIS and police), which is authorised by a senior official. The figures for the number of requests for communications data in 2012 was 570,135, up 15% on 2011. Communications data includes records of all phone-calls, mobile calls and text messages (including location), faxes, e-mails, and internet usage (which includes by its nature the content, RIPA 2000, Section 48.1). The Commissioner notes that there was a rise in requests for internet usage data.
A different set of figures was given to the European Commission:
Statistics on Requests for data under the Data Retention Directive (pdf) including the figures for 2012. The UK figure provided covered not the calendar year but financial year (ie April 2012 – March 2013) and says that 728,852 requests for data were made.
When questioned about the use of communications data the government has said it is only covers who spoke to who when and not the content (which requires a warrant under RIPA 2000 signed by the Home Secretary or Foreign Secretary).
As a result of the Snowden revelations we know that "communications data" is in fact metadata as revealed by the Guardian on 6 June 2013: NSA collecting phone records of millions of Verizon customers daily:
The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America's largest telecoms providers, under a top secret court order issued in April (link) This turned out to be the first of many exposures showing that all the major communication service providers (Google, Microsoft, Apple, etc) were similarly involved. This covered any communication passing through a US-based company.
In a House of Commons
debate
Michael Meacher MP observed:
"“RIPA is so poorly drafted - one almost wonders whether that was deliberate - and is open to such broad interpretation that it allows Government agencies such as GCHQ to do whatever they like. We are assured by the Home Office that it is concerned only with the metadata - the technical wherewithal of communications systems [communications data], rather than the documents - but the Snowden documents, as reported, tell us the truth: "GCHQ policy is to treat it pretty much all the same whether it’s content or metadata.”" (Hansard, 31.10.13)
Metadata (including internet usage) can be used to build up a frighteningly detailed picture of an indvidual's life: all their friends and contacts - and their friends and contacts - and, by what is known as "three hops" - their friends and contacts too. This is critically examined in:
The Snowden files: why the British public should be worried about GCHQ: When the Guardian offered John Lanchester access to the GCHQ files, the journalist and novelist was initially unconvinced. But what the papers told him was alarming: that Britain is sliding towards an entirely new kind of surveillance society (link)
The collection, searching and analysing of individuals "metadata" (communications data) is not harmless it is highly intrusive.
It was then revealed that GCHQ is hoovering up megadata daily from fibre-optics cable traffic:
Tempora: GCHQ taps fibre-optic cables for secret access to the world's communications (Guardian, link) and see Chart:
Worldwide SIGINT/Defense Cryptologic Platform (jpg) which sets out the global "Classes of Accesses" including 6 of the 20 "Covert, Clandestine or Cooperative" world-wide accesses to high speed optical cables, and FORNSAT (foreign satellite collection). The "double-bubble" over the UK indicates interception of high speed optical cables and well as satellite collection by GCHQ Cheltenham and Cyprus (SOUNDER) and Bude (CARBOY) and the US base in Menwith Hill, Yorkshire (MOONPENNY). GCHQ's operations are said to have been authorised by Section 8(4) certificates issued by the Foreign Secretary.
Intelligence Services Commissioner
The Commissioner, the Rt Hon Sir Mark Waller, has had a very limited role under Sections 59 and 60.2 of RIPA 2000, to review the issuing of warrants by a Secretary of State ( internally the Home Secretary:
Code of Practice for the police and outside the UK by the Foreign Secretary) for intrusive surveillance and interference with property including "wireless telegraphy" (the placing of "bugs" or cameras), and "other authorisations (such as for covert human intelligence sources)" to GCHQ, MI5, MI6 and DIS/MOD.
The
Intelligence services Commissioner Report for 2013 (pdf) states that there were 2,838 authorisations in 2012 (2,142 in 2011).
Included in the above figure are authorisations for CHIS (Covert Human Intelligence Source):
"A CHIS is essentially a person who is a member of, or acts on behalf of, one of the intelligence or armed services and who is authorised to obtain information from people who do not know that this information is for the intelligence services or armed service. He may be a member of the public or an undercover officer." [emphasis added]
It should be noted that these CHIS authorisations are for the intelligence (MI6), security (MI5) agencies and the MOD (military) and not for the law enforcement agencies who are under Chief Surveillance Commissioner (see below)
Under the
Justice and Security Act 2013 the Commissioner's role will be greatly extended to "oversee
any aspect of the function of the Agencies" so might it be expected that next year's report will contain a lot more information?
Chief Surveillance Commissioner
In his
Report (pdf) the Surveillance Commissioner, Rt Hon Sir Christopher Rose, makes reference to the responsibility of his office to oversee undercover police officers (Mark Kennedy et al):
"necessary legislation is not yet implemented to enable the Commissioners to give prior approval to some authorisations relating to a law enforcement Covert Human Intelligence Source (CHIS - commonly termed an undercover officer). My inspectors continue to scrutinise the authorisation of any such undercover officer who has been authorised for an uninterrupted period exceeding 12 months."
The Commissioner has taken on a new role in this respect following his acceptance of a recommendation by Her Majesty's Inspector of Constabulary but is unable to start work because:
"The Home Office deduced the need for improvements in relation to undercover officers deployed on matters wider that the activities which were the focus of the National Domestic Extremist Unit. This clearly involves a larger number of officers than either HMIC or myself had contemplated. Until details of the number of undercover officers who require improved oversight and the timing and nature of the oversight are defined, I am not able to identify the resources I need to provide effective oversight." [emphasis added]
The Commissioner is, as usual, very frank: "The capability of my office has been reduced to a point where regular and frequent publication of guidance is not possible", opposes what he calls "inaccurate dogma" and in a reference to the Home Office and ACPO views on Guidance says:
"I am unlikely to be persuaded by guidance which is contrary to the opinions produced after careful consideration by my Commissioners. I'm am even less likely to be persuaded by guidance designed for the convenience of practitioners. Continuous assertion of a view by practitioners does not change the law."
The report provides figures on the following:
- property interference was authorised in new 2,440 cases (excluding renewals);
- "intrusive" (the placing of recording device inside a home, hotel bedroom, place of work) authorisations decreased to 362 from 408;
- the use of "urgency provisions" to conduct surveillance rose from under 400 to almost 1,000 "for reasons that are not presently apparent";
- "directed" (external surveillance by law enforcement agencies) was authorised on 9,515 occasions in the year and 1,188 were in place already - down from 12,015 and 1,830 in the previous year
- authorisation by non-law enforcement agencies (eg DWP or locals Councils) was given on 5,827 occasions;
- 4,333 CHIS were recruited by law enforcement agencies during the year, 2,328 were ended and 2,816 remained at the end of the reporting period.
The Appendices on pages 22 and 24 list the offences where authorised powers are exercise and it is worth noting that terrorism involves a very small number of authorisations (it appears most counter-terrorism authorisations are covered by the Intelligences Services Commissioner report).
Reports
1.
Interception of Communications Commissioner Report for 2012 (pdf)
2.
Intelligence services Commissioner Report for 2013 (pdf)
3.
Chief Surveillance Commissioner Report 2012-2013 (pdf)
4.
Regulation of Investigatory Powers Act 2000 (pdf)