In 2007 the UK gave the go-ahead to the US’s National Security Agency (NSA) to snoop on innocent Britons not suspected of any wrongdoing, new documents from NSA whistleblower Edward Snowden show.
In a joint investigation, The Guardian and Britain’s Channel 4 News report that the two documents are the “first proof in black and white” that the UK let the NSA sweep up, analyse and store the phone, internet and email records of friends of friends of friends who are targets of surveillance interest.
That reach illustrates the NSA’s so-called “pattern of life” or “contact chaining” analysis, which allows the agency to look up to three “hops” away from the primary target, as The Guardian’s James Ball describes it.
The Guardian has posted an interactive calculator to illustrate how these three degrees of separation can start with one primary target and lead to enormous networks of people.
For example, a typical Facebook user has 190 friends, which, three hops away, could pull more than 5 million people into the NSA’s data coffers.
Thus, a person doesn’t need to actually talk to terror suspects for his or her communications to be analysed.
Channel 4 writes that an unconfirmed assumption holds that Britain gained the reciprocal right to use data collected on US residents in the 2007 agreement.
One NSA memo from 2007, which the Guardian published on Wednesday, describes an agreement that allowed the NSA to “unmask” and hold on to personal data about Britons that had previously been off-limits under what’s known as the Five-Eyes intelligence-sharing alliance, which also includes Australia, New Zealand and Canada.
Under that formerly secret treaty – which had its roots in the 1941 Atlantic Charter and was only revealed to the public in 2005 – it had been generally understood that each member country’s citizens were protected from surveillance by the other alliance members.
The rules changed in 2007.
The 2007 NSA memo, titled “Collection, Processing and Dissemination of Allied Communications”, says that Britons’ mobile phone and fax numbers, emails and IP addresses collected in surveillance dragnets are being stored in databases and can be made available to other members of the US intelligence and military community.
Prior to that, the data was stripped out of NSA databases in accordance with agreed-upon rules between the UK and the US.
The UK Liaison Office, which is operated by GCHQ, signed off on the document, though it’s unclear whether it discussed the rule change before granting its approval.
The agreement didn’t remove the need for a warrant before the NSA looked at the content of Briton’s communications.
But it did authorize NSA agents in these new ways:
- “Are authorized to unmask UK contact identifiers resulting from incidental collection.”
- “May utilize the UK contact identifiers in Sigint development contact chaining analysis.”
- “May retain unminimized UK contact identifiers incidentally collected under this authority within content and metadata stores and provided to follow-on USSS (US Sigint System) applications.”
The newly revealed documents show that regardless of the British government’s say-so, the US was planning to spy on Britain “unilaterally” and without its knowledge.
As Channel 4 News reports, that intention is made clear in a paragraph of a separate, draft memo dated 2005.
One passage is marked “NOFORN”, which indicates “not even for British eyes.”
It states that the Five-Eyes agreement “has evolved to include a common understanding that both governments will not target each other’s citizens/persons”.
But, the draft memo goes on, governments “reserved the right” to conduct intelligence operations against each other’s citizens “when it is in the best interests of each nation”.
“Therefore,” the draft memo continues, “under certain circumstances, it may be advisable and allowable to target second party persons and second party communications systems unilaterally, when it is in the best interests of the US and necessary for US national security.”
UK readers, are you surprised by any of this? Or is it just another brick in the surveillance wall?
Let us know your thoughts in the comments section below.Follow @NakedSecurity