The US National Security Agency (NSA) analysed phone, internet and email records of UK citizens under a secret deal with UK counterparts, according to documents leaked by whistleblower Edward Snowden.
An NSA memo published in a joint investigation by the Guardian and Channel 4 News is the first explicit confirmation that data of innocent UK citizens has been analysed under US mass surveillance schemes.
The latest Snowden revelations come just two weeks after the heads of the UK’s three intelligence agencies denied infringing the privacy of innocent UK citizens because that would be “illegal”.
GCHQ director Iain Lobban, MI5 head Andrew Parker, and MI6 head John Sawers told parliament’s Intelligence and Security Committee that all surveillance operations were within the confines of the law.
But the NSA document released by Snowden describes a 2007 agreement to allow the agency to "unmask" and store personal data about UK citizens, according to the Guardian.
"The new policy expands the previous memo issued in 2004 that only allowed the unminimising of incidentally collected UK phone numbers for use in analysis,” the memo said.
Under the new policy, all UK contact identifiers, including IP and email addresses, fax and mobile phone numbers, can be used for analysis, the memo said.
However, the NSA was still not allowed to make any UK citizen a target of surveillance programmes that would look at the content of their communications without getting a warrant.
The memo was sent to all NSA analysts and details how the material would be stored in databases open to other members of the US intelligence and military community.
Read more about Prism
- Security Think Tank: Prism fallout could be worse than security risks
- Security Think Tank: Prism is dangerous for everyone
- Security Think Tank: Prism – Sitting duck or elaborate honeypot?
- NSA surveillance whistleblower reveals identity
- US repeatedly hacked China, claims NSA whistleblower
- FBI spies on internet users
- UK links to US internet surveillance remain unclear
- Technology companies call for more transparency over data requests
- Compliance: The Edward Snowden, NSA program controversy continues
Prior to 2007, UK data collected through the NSA's Prism mass internet surveillance programme had been stripped out under rules agreed between the US and the UK.
According to the Snowden documents, the NSA has been using the UK data to conduct "pattern of life" or "contact-chaining" analyses that look at up to three "hops" away from a target of interest.
The document does not say whether GCHQ discussed this rule change with UK government ministers before granting approval or who within the intelligence agencies was responsible for the decision.
According to the Guardian, GCHQ and the Cabinet Office have not yet responded to requests for clarification made by the paper on 7 November.
A separate draft memo, marked "top secret" and dated 2005, reveals a proposed NSA procedure for spying on the citizens of the UK and other allies referred to as “second party” countries, even where permission had been denied.
"Under certain circumstances, it may be advisable and allowable to target second party persons and second party communications systems unilaterally, when it is in the best interests of the US and necessary for US national security,” the draft memo said.
The memo makes clear that partner countries must not be informed about this surveillance, or even the procedure itself.
The NSA declined to answer questions on whether the draft directive had been implemented and, if so, when, the Guardian said.