Investigation Shows GCHQ Using US Companies, NSA To Route Around Domestic Surveillance Restrictions

from the introducing-MS-Loophole-365! dept

Late last year, UK Parliament members held an “emergency debate” over the GCHQ’s surveillance programs after learning that [gasp] their data and communications could be legally hoovered up as if they were mere commoners. Of course, were there any actual oversight of GCHQ’s activities, this shock would have been blunted by years of foreknowledge. But the GCHQ, like other intelligence agencies, preferred to keep its overseers in the dark about its access to the NSA’s PRISM firehose.

The mortified Parliament members claimed the GCHQ’s decision to include them in its data haul violated a long-held “gentlemen’s agreement” between the two entities — one that had no legitimate legal basis. Supposedly, this “agreement” forbade GCHQ from targeting Parliament members for surveillance. (Any incidental collection was considered unavoidable.) A panel review found GCHQ’s targeting of Parliament members to be completely legal, if a bit on the rude side.

Duncan Campbell and Bill Goodwin of Computer Weekly have performed their own examination of MP’s communications, finding that both GCHQ and the NSA have access to intercepted emails sent to and from Parliament members, including communications with their constituents.

GCHQ wouldn’t normally have access to these emails as it is not supposed to be collecting information about purely domestic communications. But thanks to the software Parliament uses and the location of data centers used to route the emails, it can comply with its surveillance restrictions while still collecting email data/communications sent from UK email addresses to other UK email addresses.

Part of the process involves Microsoft’s willing assistance in past domestic spying efforts, which preceded both Snowden’s document dumps and its current, more combative stance.

The controversial decision by Parliament to replace its internal email and desktop office software with Microsoft’s Office 365 service in 2014, means that parliamentary data and documents constantly pass in and out of the UK to Microsoft’s datacentres in Dublin and the Netherlands, across the backbone of the internet.

Computer Weekly performed forensic analysis of emails it had received from MPs, using header info to trace its path across the internet. It found that nearly two-thirds of “domestic” emails actually left the country on their way to local email addresses, allowing GCHQ — through its “Tempora” program — to intercept data and communications using its NSA-provided PRISM hookup.

Microsoft’s above-and-beyond assistance makes its widely-used Office products a valuable contributor to the agencies’ data haul.

The NSA’s Prism system offers access to all parliamentary documents and email through Microsoft Office 365 software, as a result of secret directives given to Microsoft under controversial US 2008 surveillance laws. The directives were implemented at the same time as Microsoft was selling its cloud system, Office 365, to the Houses of Parliament.

Post-Snowden, Microsoft is far more reluctant to continue acting as Little Brother. As Computer Weekly points out, leaked documents have led to the company’s hasty erection of two UK data centers in order to protect its UK users from GCHQ’s exploitation of normal communication routing techniques to bypass restrictions on domestic surveillance.

Microsoft isn’t the only US company assisting the UK intelligence agency in its harvesting of domestic data/communications.

Computer Weekly’s investigation also confirmed that MPs’ incoming and outgoing emails are automatically scanned through a network run by MessageLabs, a subsidiary of another US corporation, Symantec, which has been contracted by Parliament to provide services including spam filtering and malware detection.

MessageLabs provides GCHQ with direct access to parliamentary emails, through a secret cyber security network called Haruspex, according to GCHQ’s “Cyber Defence Operations” legal policy instructions disclosed by Edward Snowden. The scanning system has been in operation for at least a decade.

MessageLabs scans for keywords to prevent the circulation of spam and malware. But it also can be configured to flag other terms and return those results to intelligence agencies.

Once again, officials are not amused their positions do not exclude them from GCHQ surveillance.

Labour deputy leader Tom Watson MP told Computer Weekly: “This will shock many of my parliamentary colleagues and provides a further illustration of why it is right for the government to give additional protections in law to MPs, lawyers and journalists. Theresa May has the opportunity to do this during the passage of the IP Bill in Parliament.”

There’s a nice nod to a few other citizens not in elected positions contained in that statement, but there needs to be a solid, unified push from UK legislators during the debate over the Investigatory Powers Bill if this domestic surveillance loophole is going to be closed. As Computer Weekly notes, amendments have been made to the bill which prevent law enforcement agencies from accessing MPs’ communications data, but that concession would not apply to GCHQ.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Investigation Shows GCHQ Using US Companies, NSA To Route Around Domestic Surveillance Restrictions”

Subscribe: RSS Leave a comment
Anonymous Coward says:

perhaps, now this information has been released, coupled with what i read earlier about UK MPs being spied on also by GCHQ, these MPs will actually realise how dangerous it is to keep giving security forces carte blanche for surveillance. now that they are on the list i would think they will kick off but when it was just the ordinary population, no one gave a fuck!!

Jim B. says:

Very much predictable.

The US government requires that phone companies collect and maintain metadata about phone calls under the Freedom Act. The constitution says that they need a warrant.

A recent ruling by an appeals court says that they don’t need a warrant. Do you not see the problem? The federal government requires private companies maintain data on consumers under the law. According to the appeals court the consumer relinquishes their right to privacy (hence no warrant is needed), because these records are in the hands of 3rd parties. It is easy to see that this is deceptive.

This is the same thing type of thinking that the GCHQ is engaging in.

That One Guy (profile) says:

Oh you poor babies...

Treated the same as the commoners, what a travesty! /s

Yeah, I’ve got absolutely no sympathy for them here. Much like certain politicians in the US they didn’t care when the public was being spied on, which means they have no right whatsoever to expect the public to care when they are spied on in turn.

Want people to care about your privacy, then you’d best show that you care about the privacy of others otherwise you’re just exposing your hypocrisy by expecting special treatment for yourself that others don’t enjoy, treatment that you enabled and could stop at any time.

Anonymous Coward says:

Oh great

That thing that we thought they did

They did

Colour me disgustingly surprised

When the bad is predictable, when the character of government is predictable, when the nature is predictable……… about a fucking change and surprise us by doing something GOOD

when GOOD from a government is a surprise to so many, then that should be a good indication that your bloody doing it wrong….perhaps an itsy bitsy amount…….or simply continue to ignore, demonize and generally spit in the general vicinity of those ideals that get in the way of the conditioned society, the controlled society, the forced society

Mmmmmmmmm………..smells like freedom

Take the bloody money/lobbying out of politics
Stop catering the companies
Heres a concept, punish corruption, and fire some folks, no freaking to big to fire,

untouchable, the breeding grounds to corruption

Memoirs of a non consented


Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...