Sophos Cloud Optix
In 2007 the UK gave the go-ahead to the US’s National Security Agency (NSA) to snoop on innocent Britons not suspected of any wrongdoing, new documents from NSA whistleblower Edward Snowden show.
In a joint investigation, The Guardian and Britain’s Channel 4 News report that the two documents are the “first proof in black and white” that the UK let the NSA sweep up, analyse and store the phone, internet and email records of friends of friends of friends who are targets of surveillance interest.
That reach illustrates the NSA’s so-called “pattern of life” or “contact chaining” analysis, which allows the agency to look up to three “hops” away from the primary target, as The Guardian’s James Ball describes it.
The Guardian has posted an interactive calculator to illustrate how these three degrees of separation can start with one primary target and lead to enormous networks of people.
For example, a typical Facebook user has 190 friends, which, three hops away, could pull more than 5 million people into the NSA’s data coffers.
Thus, a person doesn’t need to actually talk to terror suspects for his or her communications to be analysed.
Channel 4 writes that an unconfirmed assumption holds that Britain gained the reciprocal right to use data collected on US residents in the 2007 agreement.
One NSA memo from 2007, which the Guardian published on Wednesday, describes an agreement that allowed the NSA to “unmask” and hold on to personal data about Britons that had previously been off-limits under what’s known as the Five-Eyes intelligence-sharing alliance, which also includes Australia, New Zealand and Canada.
Under that formerly secret treaty – which had its roots in the 1941 Atlantic Charter and was only revealed to the public in 2005 – it had been generally understood that each member country’s citizens were protected from surveillance by the other alliance members.
The rules changed in 2007.
The 2007 NSA memo, titled “Collection, Processing and Dissemination of Allied Communications”, says that Britons’ mobile phone and fax numbers, emails and IP addresses collected in surveillance dragnets are being stored in databases and can be made available to other members of the US intelligence and military community.
Prior to that, the data was stripped out of NSA databases in accordance with agreed-upon rules between the UK and the US.
The UK Liaison Office, which is operated by GCHQ, signed off on the document, though it’s unclear whether it discussed the rule change before granting its approval.
The agreement didn’t remove the need for a warrant before the NSA looked at the content of Briton’s communications.
But it did authorize NSA agents in these new ways:
- “Are authorized to unmask UK contact identifiers resulting from incidental collection.”
- “May utilize the UK contact identifiers in Sigint development contact chaining analysis.”
- “May retain unminimized UK contact identifiers incidentally collected under this authority within content and metadata stores and provided to follow-on USSS (US Sigint System) applications.”
The newly revealed documents show that regardless of the British government’s say-so, the US was planning to spy on Britain “unilaterally” and without its knowledge.
As Channel 4 News reports, that intention is made clear in a paragraph of a separate, draft memo dated 2005.
One passage is marked “NOFORN”, which indicates “not even for British eyes.”
It states that the Five-Eyes agreement “has evolved to include a common understanding that both governments will not target each other’s citizens/persons”.
But, the draft memo goes on, governments “reserved the right” to conduct intelligence operations against each other’s citizens “when it is in the best interests of each nation”.
“Therefore,” the draft memo continues, “under certain circumstances, it may be advisable and allowable to target second party persons and second party communications systems unilaterally, when it is in the best interests of the US and necessary for US national security.”
UK readers, are you surprised by any of this? Or is it just another brick in the surveillance wall?
Let us know your thoughts in the comments section below.
Image of US and UK flags and NSA sign courtesy of Shutterstock.
I’m Australian, and totally unsurprised that a spy agency which is all about secrecy and is totally unaccountable would lie, cheat and steal. As for the NSA’s justifications for breaking an agreement, they are merely the excuses one might use if one intends to do whatever one wants whatever the rules might state.
I would actually be extremely surprised if the NSA waited until 2007 to spy on its Five Eyes partners.
All of these intelligence agencies need to be thoroughly investigated, and their actual work brought into the open. The justifications for their existence need to be examined, and we need to ask whether a modern, civilised country actually needs to spy on its friends (or indeed any other government). We also need to start asking whether the “war on terror” is worth the price.
“I would actually be extremely surprised if the NSA waited until 2007 to spy on its Five Eyes partners.”
Agreed
haha!!! And I suppose people find this shocking! everyone should just automatically assume that all our information is free game.if you don’t want to be spied on, you going to have to become armish. I on one hand hand have nothing to hide so I don’t care. (although it does violate my right to privacy)
Oh no, not the old “nothing to hide” argument.
See Bruce Schneier’s “The Eternal Value of Privacy”
http://www.wired.com/politics/security/commentary/securitymatters/2006/05/70886
In which he quotes Cardinal Richelieu: “If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.”
Or see Daniel Solove’s book: Nothing to Hide: The False Tradeoff between Privacy and Security.
So, “Anonymous” (wait, why is your name not on your post if you have nothing to hide?), why didn’t you include your email address on your post? Have you published the IP of your shower-cam? Are you saying you have never done anything that might be construed as illegal?
Maybe you should read Three Felonies a Day, and then reconsider your incredibly naive statement.
“UK readers, are you surprised by any of this?”
Nope
We are the 51st state but without any constitutional rights.
I suspect we gave up a lot when we could no longer afford an independent deterrent so wanted an American developed one (there must have been a pound of flesh). That then set a mind-set at the highest level in both Whitehall (Civil Service) and Westminster (politicians), whether it was Tory Thatcher and her love for Reagan or Tony Blair and his love for Bush.
Sorry but I beg to differ 🙂 Canada has always been the 51st state, but you may claim the 52nd. And Thatcher was the first to come to mind when I read the article. It amazes how easily the US can, cajole, manipulate and seduce other governments. Like idolizing rock stars!
I’m not surprised at all. Considering what’s been happening for the past 12 years minimum, any form of communications is/can be tracked around the world. The “West” is in my opinion, likely near the top of when it comes to everything people do being followed by one organization or another. Phones, computer, GPS in autos, right down to television viewing habits.
It’s one of the negative sides to people adopting so many new technologies they rarely ever think about.
“It’s one of the negative sides to people adopting so many new technologies they rarely ever think about.”
That’s the thing. People don’t care about it until it’s too late.
If it helps to catch terrorists, paedophiles and wholesale drug traders I’m all for it.
You trust those in power to exercise absolute power with no oversight?
So far it hasn’t helped catch any terrorists or paedophiles. It’s not supposed to be used for paedophiles and drug dealers, but the “law enforcement” agencies get around that by perjuring themselves.
Still all for it?
The BBC is reporting:
“And in September the FBI admitted that it had planted hidden code on the dark net, a part of the internet favoured by cybercriminals because it is unreachable by standard search engines.
Security researchers who dissected the code found it exploited a security hole in Firefox, which reported back to a mysterious server in northern Virginia.”
So:
1) is this security hole still there available to hackers attacking those of in the “light net”?
2) if we stay off the “dark net”, we have nothing to fear (at least from this snippet of code!)?
You could always install Wireshark and watch what IP packets are going out from your PC or laptop to remote locations.
If our country had courage, it would have told the USA to get lost, as we have our own laws when it comes to the privacy of our citizens. Alas no guts, goes to show our Government at that time is and was a bunch of cowards. How can any of us Trust UK politics is the question I have, even now they still allow our privacies to be destroyed. What this country really needs is a genuine revolution to be rid of all the corruption and politicians that keep lying to all of us.
I know people will all say that security is a problem and yes it is but spying for the sake of spying is unjust. Spying on known crims, paedo’s and drug pushers and known terrorists is fine. If people are not known to law enforcement then they should be left alone until such time that evidence is found to prove that they are guilty of some crime only then should they be spied on only then is there justification for searching e-mail and alike
I hope you leave your curtains open at your house. There might be a terrorist drug dealer hiding under your bed!