Security

PRISM, meet Tempora: the British spy agency’s program to capture calls, Facebook messages, emails, and more

Above: Bond. James Bond.

Why go to Internet companies like Facebook, Google, and Yahoo for their data if you can just intercept it on the world’s network of fiber-optic cables?

That, apparently, is what British spy agency GCHQ is doing, according to new revelations from NSA whistleblower Edward Snowden. According to documents revealed by Snowden to the Guardian, GCHQ has tapped 200 of the world’s fibre optic cables, is surveilling more than 600 million “telephone events” a day, can intercept emails, check Internet users’ access of websites, and can see what people are posting on Facebook.

It’s called the Tempora program, and the British agency’s sharing the data with 850,000 NSA employees and private contractors.

According to the latest revelations, Britain actually has greater capabilities than the U.S. spy agencies and few legal constraints, making it a leader among the “five eyes” intelligence community of the U.S., Britain, Canada, Australia, and New Zealand that is processing more metadata than the NSA.

Snowden’s documents indicate that GCHQ has built up this capability over five years by signing secret agreements with data transmission companies to attach probes to the trans-Atlantic cables where they hit British soil. As is the case with PRISM in the U.S., the companies are forbidden by law to either decline to participate or to reveal the spying to their customers or the general public.

Realistically, much of what GCHQ is reportedly intercepting must be difficult to understand and use. Internet traffic, of course, can be encrypted, and the massive flood of data — theoretically up to 21 petabytes a day — would be impossible to decrypt in any real-world useful time frame.

But much data is sent in the clear, like metadata about who is calling who, and often web browsing data about what sites you’re visiting. Your Facebook activity, as well, can be sent unencrypted over ordinary HTTP (hypertext transfer protocol), although a quick visit to Facebook’s security settings can enable secure browsing to encrypt your Facebook sessions.

The British spy agency’s legal justification for the Tempora program, like the NSA’s, lies in an interpretation of law that no one knew at the time would provide for such wide-scale surveillance. For the NSA, it was the Patriot Act. In GCHQ’s case, it was the Regulation of Investigatory Powers Act (RIPA), passed in 2000 … well before big data and massive Internet surveillance became technically possible.

When asked how many people the Tempora program has targeted, the agency’s lawyers replied that it would be impossible to say because “this would be an infinite list which we couldn’t manage.”

In other words, something you’ve done is likely in a British agency’s server somewhere.

Image credit: Rooner’s Toy Photography/Flickr

0 comments