GCHQ Surveillance: TEMPORA Program

By Aidan Booth

On June 21, 2013, it was reported by The Guardian that the UK Government Communications Headquarters (GCHQ), the equivalent of the American NSA, has been conducting a major surveillance operation. Codenamed “TEMPORA”, the program reportedly allows GCHQ the ability to create an “Internet buffer,” which one could think of as a temporary storage area that security analysts have access to, and thus store telephone conversation and Internet content for 3 days and metadata for 30 days.

Collecting and sharing intercepted data

The vast amounts of data are reportedly collected by tapping into the fibre optic cables that transport telephone and Internet traffic between the US and Europe with many of the lines connected via the UK. There is also tapping into the fibre optic cables connecting telecommunications and Internet traffic between the UK and Europe. This acquisition of data is supposedly achieved with the help of commercial companies who own the fibre optic cables, whom GCHQ has nicknamed “intercept partners”. Currently we are unable to ascertain whether this help from the intercept partners is voluntary or forced. The data is shared with many thousands of NSA workers and contractors, who play a leading role in defining and conducting searches, and is reportedly “the biggest internet access” of any member of the Five Eyes group.

Five Eyes

The Five Eyes group consists of the UK, US, Canada, Australia and New Zealand. In 1946, the UKUSA Signals Intelligence Program established cooperation in signals intelligence between the US and the UK that was later expanded to include Canada, followed by Australia and New Zealand. The Technical Cooperation Program, which implements the acquisition, searching, and sharing of Internet and telecommunications data within the Five Eyes Group, is described as “an international organization that collaborates in defence scientific and technical information exchange; program harmonization and alignment; and shared research activities for the five nations”.

How does it work?

According to The Guardian, GCHQ is able to “survey about 1,500 of the 1,600 or so high-capacity cables in and out of the UK at any one time”. The document seen by The Guardian reportedly shows that as of 2012, GCHQ was capable of extracting and collecting information from 200 of those cables at a time.  GCHQ’s goal is to double that capability to 400 cables at a time.  Each cable allegedly can transport 10Gb of data per second, in other words, more than the storage capacity of a dual-layer DVD every second.

The documents seen by The Guardian also allegedly show that in collecting data from the cables, GCHQ attempts to filter out UK-to-UK communications.  However, since UK-to-UK communications may take place on websites hosted outside the UK, GCHQ’s filtering system is highly unlikely to screen out all UK-to-UK traffic. For example, UK citizens who use Gmail might have their data stored on American servers and thus it would be very difficult to distinguish UK-to-UK email communications as it would appear to be UK-to-foreign.

As discussed in another posting on this website, the claim that the contents, but not the metadata, of telecommunications, are protected by the Fourth Amendment of the United States Constitution underlies the NSA’s dragnet collection of telephony metadata.  Similarly, GCHQ documents seen by The Guardian state that “there are extremely stringent legal and policy constraints on what we can do with content, but we are much freer in how we can store metadata”.  GCHQ’s interpretation of the distinction between the contents and metadata is questionable, however.  One document allegedly declares that in making the distinction, GCHQ “lean[s] on legal and policy interpretations that are not always intuitive” and that passwords are sometimes regarded as metadata.  The collection and storage of passwords would, of course, enormously increase the government’s ability to access the contents of Internet accounts and would, therefore hugely increase the risk of unwarranted intrusions on privacy.

A more fundamental question is whether the GHCQ’s policy of according less protection to metadata than contents contravenes the decision of the European Court of Human Rights in 2007 in Copland v. United Kingdom, 45 Eur. Ct. H,R. 253, Sec. 43. There, the Court held that “information relating to the date and length of telephone conversations and in particular the numbers dialled . . . constitutes an “integral element of the communications made by telephone” that the right to privacy of Article 8, Section 1 of the European Convention on Human Rights (“ECHR”) protects, and extended that principle to email and other Internet communications.

Relevant Legislation – Regulation of Investigatory Powers Act (RIPA)

The legislation that governs the reported surveillance activities is the Regulation of Investigatory Powers Act (RIPA).  Enacted in 2000, RIPA gives powers to intercept communications to the security services and police.  In addition, RIPA authorizes local authorities, such as county councils and district, borough or city councils, to intercept communications when needed “to prevent or detect criminal offences that are either punishable, whether on summary conviction or indictment, by a maximum term of at least 6 months’ imprisonment or are related to the underage sale of alcohol and tobacco”.

A major distinction between the powers of local authorities, on the one hand, and security services and police, on the other, was established by the enactment of the Protection of Freedoms Act 2012.  Under that Act, local authorities are required to obtain a warrant from a Justice of the Peace (JP), more commonly known as a magistrate, before carrying out any interceptions.  By contrast, security services and police remain free under RIPA to engage in interceptions without obtaining judicially authorized warrants. Different types of surveillance require different levels of authorization. Warrants that deal with the interception of communications such as a wiretap need to be signed by the Home Secretary.

Under RIPA Sections 8(1) and 8(2), an interception warrant needs to be specifically targeted.  According to RIPA Section 8 (1), the warrant must “name or describe either one person as the interception subject or a single set of premises as the premises in relation to which the interception to which the warrant relates is to take place”. Section 8 (2) follows up with requiring specifics “that are to be used for identifying the communications that may be or are to be intercepted

The possibility of mass surveillance arises, however, because Sections 8 (1) and (2) are not applicable when, pursuant to Section 8 (4) and 8(5), a warrant is allowed to be issued for the interception of “external communications.” An external communication “means a communication sent or received outside the British Islands,” according to Section 20 of RIPA.  Under Section 8(4), a warrant may be issued only if it is accompanied by a certification by the Secretary of State that the warrant is necessary for one of the three purposes delineated in Section 5(3): “in the interests of national security,” “for the purpose of preventing or detecting serious crime,” or “for the purpose of safeguarding the economic well-being of the United Kingdom”. Under Sections 9(2) and 9(6),  certifications have to be renewed by the Secretary of State every 6 months.

The interpretation of the words “considered necessary” in RIPA Section 8(4) is crucial to whether and when that Section can be used to allow external communications to be intercepted without the protection of the specific targeting required by Sections 8(1) and 8(2). What the intelligence services and the Secretary of State, whose responsibilities include keeping the country safe and secure, consider necessary could be far different from what an ordinary member of the public and/or the judicial authorities would deem necessary.

An additional major interpretative issue arises in regard to the requirement in RIPA Section 5 (2) (b) that a warrant only be issued by the Secretary of State if “the conduct authorised by the warrant is proportionate to what is sought to be achieved by that conduct”.  As with “necessity,” the surveillance that the Secretary of State might consider proportional to a threat could be far different from what an ordinary member of the public and/or the judicial authorities would consider proportional.

Has RIPA Been Violated by TEMPORA’s Mass Surveillance?

Whilst it is unlikely that the legislators who enacted RIPA foresaw the massive surveillance that has occurred under TEMPORA, it is not clear whether TEMPORA contravenes RIPA’s requirements.  The UK charity group Privacy International has filed a claim in the Investigatory Powers Tribunal (IPT), the group set up to oversee any abuses of RIPA, challenging both the UK TEMPORA program and GCHQ’s utilization of data acquired by the NSA under the PRISM program, whose surveillance of the contents of Internet communications will be described in further posts on this website. .According to Privacy International, TEMPORA’s acquisition, storage and use of Internet and telecommunications data fails to satisfy RIPA’s requirements of “proportionality” and “necessity.”

A claim against the British Intelligence Services has also been issued by Liberty, a UK civil liberties group which is similar to the ACLU.  Liberty has asked the IPT to decide “whether the British Intelligence Services have used PRISM and/or TEMPORA to bypass the formal UK legal process which regulates the accessing of personal material”.

GCHQ, however, firmly believes that they are acting within the law and boundaries of UK legislation. A spokesman for GCHQ stated that, “GCHQ takes its obligations under the law very seriously. Our work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Intelligence and Security Committee”.

The concerns that have been raised are being looked into by the Intelligence and Security Committee (ISC), who have the ability to look at classified material, as all members are subject to Section 1 (1) (b) of the Official Secrets Act 1989. The chairman of the group, Sir Malcolm Rifkind MP, stated: “The Intelligence and Security Committee is aware of the allegations surrounding data obtained by GCHQ via the US Prism programme. The ISC will be receiving a full report from GCHQ very shortly and will decide what further action needs to be taken as soon as it receives that information”. As of now, there has been no further comment from the Committee.

EU Data Protection Directive / UK Data Protection Act

Another consideration is whether the TEMPORA surveillance violates the EU Data Protection Directive (the “Directive”), which the UK enacted into legislation in the Data Protection Act 1998 .  Although the Directive does not regulate government “processing operations concerning public security, defence, State security…and the activities of the State in areas of criminal law,” Article 4 of the Directive puts protections in place against private companies.  The question is whether the activities of the private companies that are GHCQ’s “intercept partners” in TEMPORA conform to the requirement in Article 4 sub section 1. (a) “that the data controller on the territory of a member state… must take the necessary measures to ensure that each of those establishments complies with the obligations laid down by the national applicable law”.

The principal problem with arguing that Article 4 sub section 1. (a) is violated is that the “national applicable law,” the Data Protection Act 1998, includes a very broad national security exception. Section 28 (1) of the Act notes that “personal data are exempt from any of the provisions of the data protection principles if the exemption from that provision is required for the purpose of safeguarding national security”.  Once again, whether TEMPORA’s massive, general surveillance contravenes legislation hinges on the interpretation of what “is required for the purpose of safeguarding national security.” Ultimately, it will be up to the courts to decide this question.

Human Rights concerns

Articles 8 of both the ECHR and the legislation that incorporates the ECHR into UK law, the Human Rights Act of 1998, both establish a right to respect for one’s private and family life and one’s home and correspondence.  There is to be no interference with such rights by a public authority, “except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others”.

Privacy International has claimed before the IPT that there are not “sufficient safeguards” to render [TEMPORA’s interference with private and family life and the privacy of correspondence] in accordance with the law, as required by Section 8 of the ECHR.  Liberty has also claimed that the group’s rights under Article 8 of the Human Rights Act 1998 have been breached.

It remains to be seen what will happen, but it is likely that the Intelligence Services will use the national security exemption to claim that their activities under TEMPORA were perfectly legal. It is also now clear that it will be up to the IPT and, possibly, the courts to interpret ambiguous language and decide on the relative protections that UK statutes and the ECHR accord to private life and national security.

I would like to place on record my thanks to Adina Schwartz who took the time to provide valuable feedback and contributed to the editing of this piece.