Snowden Docs Show GCHQ, MI5 To Be All Haystack, No Needle

from the collections-so-bulky-they're-practically-immobile dept

"Collect it all," they said. "You can't find needles without haystacks," they proclaimed. "The more you know," they rainbowed. All well and good, except the NSA, GCHQ, et al. appear to have far more in common with the protagonists of "Hoarding: Buried Alive" than with effective, finely-tuned terrorism-fighting machines.

New documents from the Snowden stash show the UK's intelligence agencies love piling data on top of data, but seemingly have no idea how to utilize this massive haul.

MI5 “can currently collect (whether itself or through partners …) significantly more than it is able to exploit fully,” the report warned. “This creates a real risk of ‘intelligence failure’ i.e. from the Service being unable to access potentially life-saving intelligence from data that it has already collected.”

A followup report from a month later echoed these concerns:

“There is an imbalance between collection and exploitation capabilities, resulting in a failure to make effective use of some of the intelligence collected today,” the report noted. “With the exception of the highest priority investigations, a lack of staff and tools means that investigators are presented with raw and unfiltered DIGINT data. Frequently, this material is not fully assessed because of the significant time required to review it.”

This isn't just an MI5 problem. And it's not just a bulk surveillance problem. GCHQ uses the same "data broker" -- a program called PRESTON, run by the National Technical Assistance Center, which is supposed to act as a go-between for intelligence agencies in order to prevent the siloing of data. But it doesn't work. It has prevented agencies from walling each other off, but the info firehose is still too much for agencies to handle -- even with more-targeted surveillance.

Targeted collections fare little better than the bulk collections, in terms of needle location. The following chart shows how much data goes unutilized in cases where suspects are known and targeted with individualized warrants.

From the 2009 report detailing these problems:

[I]n one six-month period, the PRESTON program had intercepted more than 5 million communications. Remarkably, 97 percent of the calls, messages, and data it had collected were found to have been “not viewed” by the authorities.

Despite this failure to fully use the collections they already have, UK intelligence agencies are asking the government to give them more, supposedly to capture the "growing range of services available to internet users." But they've already shown they can't handle the data they already collect. Piling more hay on the stacks is only going to allow more "needles" to escape the attention of analysts. One solution would be to throw more people at the problem, but even this might cause its own issues, as every intelligence agency is increasingly wary of becoming the temporary home of the next Snowden. Vetting procedures have ramped up and security clearances have been scaled back.

More judicious collections are a better answer, but intelligence agencies -- just like many of the internet users they track -- apparently suffer from Fear of Missing Out. But an examination of their current collections/analysis shows they're "missing out" already, and expanded powers/collections would do nothing to better secure the nation. In fact, these reports show the more they collect, the less they know.

Filed Under: gchq, haystacks, information overload, mass surveillance, mi5, needles, surveillance

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 8 Jun 2016 @ 11:33am

    These programs were never about terrorism.

    NSA Surveillance Is about Power, Not "Safety"
    - by Edward S.

    "American Senators tell us that [we] should not worry, because this is not "surveillance," it's "data collection." They say it is done to keep you safe. They’re wrong. There is a huge difference between legal programs, legitimate spying, legitimate law enforcement — where individuals are targeted based on a reasonable, individualized suspicion — and these programs of dragnet mass surveillance that put entire populations under an all-seeing eye and save copies forever.

    These programs were never about terrorism: they're about economic spying, social control, and diplomatic manipulation. They're about power."

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.