Industry News

GCHQ took less than 10 minutes to covertly scoop up 70,000 emails – and it’s a disgrace

It’s a strange and disturbing world we are living in.

Politicians are calling for encrypted communications to be outlawed if they do not have a backdoor through which law-enforcement can spy upon conversations.

Intelligence chiefs are pronouncing that “We can’t stop terrorism, unless we spy on the innocent.”

What’s clear is that there is an almighty fight kicking off between those who believe the public should have their privacy protected, and those who feel the threat of terrorism and organised crime outweighs civil liberty concerns.

In my view, in the years since 9/11, some politicians have gone too far – exploiting fear and raising concerns about possible future terrorist attacks in order to chip away at freedoms that we should take for granted.

Suddenly, almost anything is acceptable for the intelligence services to do – if it can be argued to assist the “war on terror”.

Take, for instance, this report yesterday from James Ball of The Guardian.

GCHQ’s bulk surveillance of electronic communications has scooped up emails to and from journalists working for some of the US and UK’s largest media organisations, analysis of documents released by whistleblower Edward Snowden reveals.

Emails from the BBC, Reuters, the Guardian, the New York Times, Le Monde, the Sun, NBC and the Washington Post were saved by GCHQ and shared on the agency’s intranet as part of a test exercise by the signals intelligence agency.

The journalists’ communications were among 70,000 emails harvested in the space of less than 10 minutes on one day in November 2008 by one of GCHQ’s numerous taps on the fibre-optic cables that make up the backbone of the internet.

The communications, which were sometimes simple mass-PR emails sent to dozens of journalists but also included correspondence between reporters and editors discussing stories, were retained by GCHQ and were available to all cleared staff on the agency intranet. There is nothing to indicate whether or not the journalists were intentionally targeted.

The mails appeared to have been captured and stored as the output of a then-new tool being used to strip irrelevant data out of the agency’s tapping process.

It sounds like awfully clever stuff – but it also appears to be a gross infringement on the privacy of individuals (including citizens of the same country that GCHQ is supposed to be protecting) and organisations.

And bear in mind that Snowden’s revelations concern an incident which took place in 2008. That’s seven whole years ago.

One can only assume that the abilities of GCHQ, and its US counterpart the NSA, have grown considerably since then.

Which brings me back to the claim earlier from ex-MI6 head Sir Paul Sawers that “We can’t stop terrorism, unless we spy on the innocent.”

Clearly, the authorities already are spying on the innocent. They have the capability to snoop on many of our conversations online, and yet – terrorism still takes place.

Instead of blaming terrorism on an inability to spy on innocent people’s online communications, politicians and law-enforcement agencies should accept that stopping terrorism is impossible. Although some terrorists and organised criminals will be caught, and hopefully prevented from causing harm, there will be others who will not.

But meanwhile, GCHQ is apparently categorising journalists as potential “threats to security”, ranked alongside terrorists and hackers:

One restricted document intended for those in army intelligence warned that “journalists and reporters representing all types of news media represent a potential threat to security”.

It continued: “Of specific concern are ‘investigative journalists’ who specialise in defence-related exposés either for profit or what they deem to be of the public interest.

“All classes of journalists and reporters may try either a formal approach or an informal approach, possibly with off-duty personnel, in their attempts to gain official information to which they are not entitled.”

It goes on to caution “such approaches pose a real threat”, and tells staff they must be “immediately reported” to the chain-of-command.

GCHQ information security assessments, meanwhile, routinely list journalists between “terrorism” and “hackers” as “influencing threat sources”, with one matrix scoring journalists as having a “capability” score of two out of five, and a “priority” of three out of five, scoring an overall “low” information security risk.

Terrorists, listed immediately above investigative journalists on the document, were given a much higher “capability” score of four out of five, but a lower “priority” of two. The matrix concluded terrorists were therefore a “moderate” information security risk.

Scooping up thousands of emails of innocent people – yes, even journalists are innocent unless proven guilty – and making them available on GCHQ’s intranet for a number of people to access, is a gross attack on society itself.

Any thinking person would be appalled what the intelligence services are doing in their name, and wonder how on earth politicians who we put in power are allowing it to carry on.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

6 Comments

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Lord Acton correctly observed that power corrupts, and absolute power corrupts absolutely. It is axiomatic that all political states—even the so-called “democracies”—inevitably and unceasingly seek increasing power over the lives and property of the citizens they purport to protect.

    There can be no political solution because the political state itself is the problem. The founding principle of all states—that it is necessary to interfere with property in order to protect it—is the fallacy upon which all states ultimately fail. These coercive political clowns are cluelessly authoring their own demise.

    Unfortunately, unless people find less coercive, less authoritarian methods of self-governance, the political states will take down their respective societies with them.

  • I agree that absolute part corrupts absolutely. We must not allow our government to have so much power that it is impossible to oppose them. At the moment revolution seems unnecessary but one day. …

  • Well, now, is it true or false that “journalists and reporters representing all types of news media represent a potential threat to security”?

    Clearly it is true – The Guardian just published information from classified documents, and in the past has published much more documents and information from documents that Edward Snowden copied and removed unlawfully from US government facilities. Elsewhere and other times there have been cases both intentional and unintentional where journalists have reported information private to governments that exposed military or police activities. Guidance similar to that described in the Guardian story certainly represents standard practice in military services for as long as there have been journalists, including, for instance, the lead up to D-Day in early 1944. Can there really be any doubt that journalists constitute a threat to security?