Investigation Shows GCHQ Using US Companies, NSA To Route Around Domestic Surveillance Restrictions

from the introducing-MS-Loophole-365! dept

Late last year, UK Parliament members held an "emergency debate" over the GCHQ's surveillance programs after learning that [gasp] their data and communications could be legally hoovered up as if they were mere commoners. Of course, were there any actual oversight of GCHQ's activities, this shock would have been blunted by years of foreknowledge. But the GCHQ, like other intelligence agencies, preferred to keep its overseers in the dark about its access to the NSA's PRISM firehose.

The mortified Parliament members claimed the GCHQ's decision to include them in its data haul violated a long-held "gentlemen's agreement" between the two entities -- one that had no legitimate legal basis. Supposedly, this "agreement" forbade GCHQ from targeting Parliament members for surveillance. (Any incidental collection was considered unavoidable.) A panel review found GCHQ's targeting of Parliament members to be completely legal, if a bit on the rude side.

Duncan Campbell and Bill Goodwin of Computer Weekly have performed their own examination of MP's communications, finding that both GCHQ and the NSA have access to intercepted emails sent to and from Parliament members, including communications with their constituents.

GCHQ wouldn't normally have access to these emails as it is not supposed to be collecting information about purely domestic communications. But thanks to the software Parliament uses and the location of data centers used to route the emails, it can comply with its surveillance restrictions while still collecting email data/communications sent from UK email addresses to other UK email addresses.

Part of the process involves Microsoft's willing assistance in past domestic spying efforts, which preceded both Snowden's document dumps and its current, more combative stance.

The controversial decision by Parliament to replace its internal email and desktop office software with Microsoft’s Office 365 service in 2014, means that parliamentary data and documents constantly pass in and out of the UK to Microsoft’s datacentres in Dublin and the Netherlands, across the backbone of the internet.

Computer Weekly performed forensic analysis of emails it had received from MPs, using header info to trace its path across the internet. It found that nearly two-thirds of "domestic" emails actually left the country on their way to local email addresses, allowing GCHQ -- through its "Tempora" program -- to intercept data and communications using its NSA-provided PRISM hookup.

Microsoft's above-and-beyond assistance makes its widely-used Office products a valuable contributor to the agencies' data haul.

The NSA’s Prism system offers access to all parliamentary documents and email through Microsoft Office 365 software, as a result of secret directives given to Microsoft under controversial US 2008 surveillance laws. The directives were implemented at the same time as Microsoft was selling its cloud system, Office 365, to the Houses of Parliament.

Post-Snowden, Microsoft is far more reluctant to continue acting as Little Brother. As Computer Weekly points out, leaked documents have led to the company's hasty erection of two UK data centers in order to protect its UK users from GCHQ's exploitation of normal communication routing techniques to bypass restrictions on domestic surveillance.

Microsoft isn't the only US company assisting the UK intelligence agency in its harvesting of domestic data/communications.

Computer Weekly’s investigation also confirmed that MPs’ incoming and outgoing emails are automatically scanned through a network run by MessageLabs, a subsidiary of another US corporation, Symantec, which has been contracted by Parliament to provide services including spam filtering and malware detection.

MessageLabs provides GCHQ with direct access to parliamentary emails, through a secret cyber security network called Haruspex, according to GCHQ’s “Cyber Defence Operations” legal policy instructions disclosed by Edward Snowden. The scanning system has been in operation for at least a decade.

MessageLabs scans for keywords to prevent the circulation of spam and malware. But it also can be configured to flag other terms and return those results to intelligence agencies.

Once again, officials are not amused their positions do not exclude them from GCHQ surveillance.

Labour deputy leader Tom Watson MP told Computer Weekly: “This will shock many of my parliamentary colleagues and provides a further illustration of why it is right for the government to give additional protections in law to MPs, lawyers and journalists. Theresa May has the opportunity to do this during the passage of the IP Bill in Parliament.”

There's a nice nod to a few other citizens not in elected positions contained in that statement, but there needs to be a solid, unified push from UK legislators during the debate over the Investigatory Powers Bill if this domestic surveillance loophole is going to be closed. As Computer Weekly notes, amendments have been made to the bill which prevent law enforcement agencies from accessing MPs' communications data, but that concession would not apply to GCHQ.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: gchq, internet, nsa, parliament, surveillance, uk

Reader Comments

Subscribe: RSS

View by: Time | Thread

  • identicon
    Anonymous Coward, 3 Jun 2016 @ 9:50am

    Will the politicians realize that the only way to protect their data is to ensure that the spies carry out very targeted data collection, as gather everything will always result in their data being gathered, and targeted dropping of data will be ignored whenever it suites the spies.

    reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 3 Jun 2016 @ 10:21am

    Waht would happen

    What would happen if our congress and representatives, were treated the SAME as movie stars and Popular people??

    If every phone call, every EMAIL, every place they went, was monitored and Photographed.. THEN placed on the internet..

    Does anyone think this is a BAD IDEA??

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Jun 2016 @ 10:23am

    perhaps, now this information has been released, coupled with what i read earlier about UK MPs being spied on also by GCHQ, these MPs will actually realise how dangerous it is to keep giving security forces carte blanche for surveillance. now that they are on the list i would think they will kick off but when it was just the ordinary population, no one gave a fuck!!

    reply to this | link to this | view in chronology ]

  • identicon
    Jim B., 3 Jun 2016 @ 10:57am

    Very much predictable.

    The US government requires that phone companies collect and maintain metadata about phone calls under the Freedom Act. The constitution says that they need a warrant.

    A recent ruling by an appeals court says that they don't need a warrant. Do you not see the problem? The federal government requires private companies maintain data on consumers under the law. According to the appeals court the consumer relinquishes their right to privacy (hence no warrant is needed), because these records are in the hands of 3rd parties. It is easy to see that this is deceptive.

    This is the same thing type of thinking that the GCHQ is engaging in.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 3 Jun 2016 @ 1:06pm

    Oh you poor babies...

    Treated the same as the commoners, what a travesty! /s

    Yeah, I've got absolutely no sympathy for them here. Much like certain politicians in the US they didn't care when the public was being spied on, which means they have no right whatsoever to expect the public to care when they are spied on in turn.

    Want people to care about your privacy, then you'd best show that you care about the privacy of others otherwise you're just exposing your hypocrisy by expecting special treatment for yourself that others don't enjoy, treatment that you enabled and could stop at any time.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Jun 2016 @ 1:20pm

    Oh great

    That thing that we thought they did

    They did

    Colour me disgustingly surprised

    When the bad is predictable, when the character of government is predictable, when the nature is about a fucking change and surprise us by doing something GOOD

    when GOOD from a government is a surprise to so many, then that should be a good indication that your bloody doing it wrong....perhaps an itsy bitsy amount.......or simply continue to ignore, demonize and generally spit in the general vicinity of those ideals that get in the way of the conditioned society, the controlled society, the forced society

    Mmmmmmmmm...........smells like freedom

    Take the bloody money/lobbying out of politics
    Stop catering the companies
    Heres a concept, punish corruption, and fire some folks, no freaking to big to fire,

    untouchable, the breeding grounds to corruption

    Memoirs of a non consented


    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Jun 2016 @ 1:38pm

    laws are for those the "elite" treat as slaves

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Jun 2016 @ 4:15pm

    B-b-b-b-ut terrorists.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous UK Resident #5424743871, 3 Jun 2016 @ 4:50pm

    Why should these fuckers be exempt anyway?!? If it's good enough for the rest of us, nothing to hide, etc...

    reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 3 Jun 2016 @ 7:45pm

    Hope they choke on it

    And when the GCHQ discovers they've been given bad intelligence, what then?


    reply to this | link to this | view in chronology ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)


Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.