The Guardian reported Friday the agency is tapping into fiber-optic Internet and phone cables to process reams of personal information to share with the National Security Agency (NSA). The data includes call recordings, contents of emails, Facebook updates, and people's Web browsing histories.
The agency stores content for up to three days and metadata for up to 30, sifting and analyzing it as part of the operation codenamed Tempora. The program has run for the last 18 months or so, according to the report.
"GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as well as targeted suspects," the Guardian said.
Around 850,000 NSA employees and private contractors (of which Snowden was one) who have top secret clearance are believed to have had access to GCHQ databases. U.S. officials were provided with guidelines on the use of the databases, though were told by GCHQ lawyers "We have a light oversight regime compared with the U.S." and when "judging the necessity and proportionality of what they were allowed to look for, would-be American users were told it was 'your call'."
It is the latest bombshell report in a series of spying revelations over the last two weeks. Tempora's existence was divulged by Snowden, who previously disclosed the NSA's Internet spying program PRISM. That operation allows the NSA access to the servers of nine Internet companies.
Tempora collected data legally, according to a Guardian source, and has helped detect and prevent "serious crime." For instance, it's helped identify people planning terror attacks, uncovered new methods terrorists use to avoid security checks, and been used to target child exploitation networks.
As with PRISM and a Swedish surveillance operation, the system is only meant to target foreign communications. "There is no intention in this whole programme to use it for looking at U.K. domestic traffic – British people talking to each other," according to the source, who has knowledge of intelligence.
Documents leaked by Snowden indicated GCHQ had tapped more than 200 fiber-optic cables (each of which transmits vast quantities of data) and was handling 600 million "telephone events" each day by last year.
The GCHQ reportedly placed intercept probes "to transatlantic fiber-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and Internet servers in North America."
A number of private corporations were seemingly obliged to cooperate with the data interception, with some apparently being paid to cover the costs of helping, while the GHCQ worked to keep their identities secret. They are not allowed to disclose the warrants allowing the agency access to the cables.
"Essentially, we have a process that allows us to select a small number of needles in a haystack. ... There are certain triggers that allow you to discard or not examine a lot of data so you are just looking at needles," the Guardian's source said. "If you had the impression we are reading millions of emails, we are not."
GCHQ's legal grounds for the program are based on an old law. A clause in the 2000 Regulation of Investigatory Powers Act (RIPA), which requires monitoring of specific targets to be authorized by the home secretary or foreign secretary, enables the latter to allow "interception of broad categories of material," only if one side of the information being monitored is outside the country.
Those categories have included terrorism, fraud, and drug trafficking.
It's not the first time GCHQ has found itself in the spotlight over spying this month. It was revealed the agency set up fake Internet cafes to spy on diplomats during the G20 summit of global leaders in London in 2009. GCHQ was also reported to have been spying with PRISM for three years. In November, meanwhile, it was hiring security specialists to help it snoop on Twitter and Facebook.
Since the NSA and GCHQ are collaborating, and each is technically only allowed to spy on foreigners, privacy advocates might be forgiven for thinking each country is gathering intelligence on its own citizens through the partnership.
Photo via sludgeulper/Flickr