Nmedia - Fotolia
An independent review into plans to introduce wide-ranging bulk surveillance powers for UK intelligence agencies and law enforcement should be filed under “fiction”, according to a former director of the US National Security Agency.
The Bulk Powers Review, conducted by the independent reviewer of terrorism legislation, David Anderson, and a small team of security cleared experts, concluded that there was “a proven operational case” to give intelligence and law enforcement agencies bulk surveillance powers.
But William Binney, a former technical director at the NSA, told Computer Weekly that the Anderson Review had failed to consider the underlying technology behind bulk powers, which will be introduced in the Investigatory Powers Bill.
“This report reads like a novel,” he told Computer Weekly. “Most of it should be filed in the fiction section. It is mostly obfuscation of the underlying technical issues, which they seem to want to avoid.”
The Investigatory Powers Bill introduces four key bulk powers: bulk interception of phone and internet communications outside the UK, the bulk acquisition of phone call and internet metadata of UK citizens, bulk equipment interference (hacking), and bulk personal datasets – databases about the population, which by the government’s admission contain details of mostly innocent people.
“The bulk powers they are to assess are those that the NSA and GCHQ have used since 2001,” said Binney. “So this bill and study are to review and then authorise something that they have been doing for 15 years and, yes, we are joining the Russians and Chinese in monitoring our populations.”
Computer Weekly invited David Anderson, an independent barrister, to respond to Binney’s claims, but he told us he did not wish to comment.
What the Anderson Review failed to consider
For Binney, who gave evidence to Anderson, there is a major omission in the Bulk Powers Review – it takes no account of the existing intelligence-sharing agreements between GCHQ and the NSA.
Under these arrangements, GCHQ will have far more extensive access to records of phone calls, emails and internet browsing than has been publicly disclosed, he said.
“They imply [in Anderson] that GCHQ only has the content available for a short period of time, but with the access to the NSA database, GCHQ could have access to data for an indeterminate period. That is a major issue that has not been discussed,” he said.
According to Binney, the NSA harvests email, phone call and web browsing data from British and foreign nationals through a network of tapped fibre-optic cables.
Much of the data is stored at a $1.2bn data storage facility in Ft Williams, Utah, which will have a capacity of several zetabytes of data, and, in the near future, at a second larger data storage facility at Ft Meade, Maryland.
The sheer size of the storage facilities showed the NSA was not filtering electronic communications before storing them, but was in fact collecting everything, said Binney.
He quoted a former director of the FBI, who told a senate hearing that the FBI had the ability to “pull together” all past and future emails about an individual.
UK intelligence analysts are able to access internet data and content collected in the US through systems known as XKeyscore and ICReach, which provide a Google-like interface to enable analysts to search troves of data about UK and other citizens.
But these tools, like Google itself, produce so many results that bulk collection is deluging analysts with data, making it difficult to spot the clues that could prevent terrorist attacks, said Binney.
“When you do a Google-type search over bulk data, you get everybody that has any of the terms you use in the search. That buries everybody,” he said.
Secret internal documents released by Edward Snowden in 2013, reported in The Intercept, show that intelligence analysts have struggled to manage the volume of data.
“This report reads like a novel. Most of it should be filed in the fiction section”
One draft document prepared by MI5 warns that the agency “can currently collect…significantly more than it is able to exploit fully – this creates a real risk of ‘intelligence failure’ from the service being unable to access potentially life-saving intelligence from data that it has already collected”.
In the US, NSA intelligence analysts have privately complained in documents released by Snowden that they are suffering from “cognitive overload” and are having to deal with a “tsunami of information”.
Binney said: “You are burying your people with meaningless drivel from people who are not even related to any kind of activity you are interested in, and analysing it. So that is the real issue. You need to find relevant data – smart, concise, relevant, related data that can help you solve the problem. And you can do that by software.”
Why GCHQ should focus on targeted interception
Targeted collection of data, based on probable cause, is a more effective way of detecting and preventing terrorism and serious crime, said Binney.
At the NSA, Binney was responsible for the first internet surveillance programme, codenamed ThinThread, which used sophisticated analytical techniques to identify and capture internet behaviour that fell into a “zone of suspicion”.
The technology was able to identify the warning signs of potential threats and bring them to the attention of analysts automatically.
Take, for example, the Orlando shooting, night-club massacre in July this year, said Binney.
“The fellow was on the FBI list for a couple of years, and had stated intent to do harm,” he said. “Then, when he bought an AR15, it was obviously capability, so now you have intentions and capabilities, so that should have raised him right to the top immediately.”
The NSA cancelled ThinThread just before the 9/11 attacks, but a subsequent test-run on the NSA’s own data showed that programme would have prevented the 9/11 attacks by spotting critical information overlooked by NSA intelligence analysts.
Read more about William Binney
- If some campaigners against the UK’s Investigatory Powers (IP) Bill are to be believed, the use of bulk powers (or mass surveillance) by UK intelligence agencies is not only bad for your privacy, but the powers are also ineffective. A former GCHQ intelligence officer argues that Bill Binney has got it wrong.
- He started his career as a patriot and ended it as a patriot – and he thinks Ed Snowden is a patriot as well. Computer Weekly talks to Bill Binney, the senior NSA official who blew the whistle before Snowden.
- Director Friedrich Moser draws some conclusions on mass surveillance from his documentary on the work of NSA whistleblower, Bill Binney.
The technology behind ThinThread has never been implemented and, as a result, Binney argues that intelligence agencies find it difficult to separate critical information from the mass of data collected.
“The consequence means that people die first and then they go after the bad guys once they know who did the deed,” he said. “This means they have lost the purpose of intelligence, which is to give an alert of threats in advance so that action can be taken to stop attacks.”
The Anderson Review examined 60 case studies, put forward by the intelligence services, and concluded that bulk surveillance powers were the most effective answer to terrorism.
Proposed bulk powers
Allows the security and intelligence agencies to intercept the communications of individuals and organisations outside the UK and then filter and analyse that material in order to identify communications of intelligence value. The intercepted material includes contents, and data, for example including the sender and recipient of a communication, the time the message was sent, and technical details about the network.
This power was a tightly controlled secret until November 2015. It allows security services and law enforcement agencies to obtain data about phone calls and emails of UK citizens from phone and internet providers. Under the Investigatory Powers Bill, records will be aggregated into a single database.
Bulk equipment interference
The Investigatory Powers Bill authorises bulk hacking or the insertion of malware into computers or network infrastructure to retrieve intelligence. The power is designed to circumvent encryption technologies. It was allowed for the first time in February 2015.
Bulk personal datasets
Bulk personal datasets contain personal data relating to a number of individuals, the majority of whom are unlikely to be of intelligence interest. They include databases on individual’s travel, financial transactions and databases on companies. They can be obtained through overt or covert channels.
Source: Report of the Bulk Powers Review
“The bulk powers play an important part in identifying, understanding and averting threats in Great Britain, Northern Ireland and further afield,” the report said. “Where alternative methods exist, they are often less effective, more dangerous, more resource-intensive, more intrusive or slower.”
But Binney argued that, on the contrary, the case studies proved the case for targeted data intelligence, rather than bulk collection.
“They were all [about] people that were known, so a targeted approach would have identified them all right away,” he said. “And you would get the data as it happens, not after the fact. So none of the cases really prove the case for bulk mass surveillance. They prove the case basically for a targeted approach.”
Binney’s response to counter-arguments by MPs and GCHQ
Binney rejected arguments by MPs scrutinising the Investigatory Powers Bill, and former GCHQ intelligence officer David Wells, writing in this publication, that his knowledge of current interception technology was out of date.
Binney said the projects he and his team were working on at the Signals Intelligence Automation Research Center (SARC) in the NSA before 2001 were, in many ways, more advanced than current technology.
“That whole set of programmes was the design I left them in 2001,” he said. “And nothing in the [leaked] NSA inspector general’s report in 2009 or any of the follow-on material from Snowden has shown them to be making progress at all, as far as I am concerned.
“I basically think they don’t know how to write rules for selection of data, for target development or detecting new threats.”
MPs have ‘not been told the whole truth’
Parliaments and legislatures in the US, Germany and the UK have not been told the whole truth about the capabilities of state surveillance, said Binney.
“We are not being honest with each other. We are not telling everybody the truth, or the complete truth of what we are doing, and we are trying to confuse people and keep them uninformed,” he said.
Binney called it a “matastasing malignancy” of misinformation and gave some examples.
Intelligence agencies spent over 2,000 hours preparing for Anderson
- 800 person hours spent supporting the review
- 52 officers planned and prepared the Anderson team visit
- Anderson team met with 19 MI5 officers
- 130 person hours spend supporting the review
- 30 officers planned and prepared the Anderson team visit
- Anderson team met with 11 people at MI6
- 1,340 person hours spend supporting the review
- 75 staff, at least, planned and preparing Anderson team visit
- Anderson team met with 55 people
Source: Report of the Bulk Powers Review
In the UK, barrister James Eadie told a hearing of the Investigatory Powers Tribunal that it was impossible for GCHQ to prevent MPs’ emails being swept up in bulk interception “because there is so much data flowing down the pipe”.
That claim was simply false, said Binney. “We were able to do that in the 1990s and that was not a problem for us with high fibre-optic rates,” he said. “Further, commercially available equipment, like Narus, was capable of doing the same thing at fibre rates as early as 2002. This is a line of crap they are feeding Parliament, just like they did with Congress over here.”
After the Snowden revelations, for example, the NSA said publicly that it had found more than 50 incidents from telephone interception where it was able to find clues to terrorist plots. But when the claims were subject to scrutiny, only one proved to have substance.
And in the US, the solicitor general told the Supreme Court that when NSA data was used against anyone in a court of law, the defendant would be always told about it, in line with the constitution. The claim – part of an attempt to have a legal challenge against the NSA thrown out – was subsequently shown to be untrue.
“The court did absolutely nothing about it,” said Binney. “I am ashamed of that court. If I were them, I would have reinstated that case with prejudice against the government and held the government in contempt of court.”
Policing the police
The Anderson Review had no remit to make recommendations on oversight of the bulk surveillance powers, or their compliance with EU law and the European Convention on Human Rights.
But Binney claimed that external controls were lacking in the UK and in the US.
Narus, a company formed in Israel in 1997, developed commercially available equipment, used by the NSA to eavesdrop on internet traffic. The company’s Semantec Traffic Analyzer and Insight devices – which evidence suggests may be based on leaked source code from the NSA – were able to reconstruct emails an attachment, VoIP phone calls and web histories from data packets travelling on telecommunications cables.
Narus was sold to Boeing in 2010, and then to US IT security company Symantec in 2014. It emerged that the NSA was using the equipment to collect email traffic of US citizens, when Mark Klein, a technician turned whistleblower, discovered a secret room containing the equipment at an A&T office in San Francisco. Before its takeover, Narus openly published details of its technology on its website.
Capability of Narus equipment, measured by ability to reassemble 1000 character emails:
Per sec: 1,250,000
Per day: 108,000,000,000
Per year: 39,420,000,000,000
Narus STA 6400
Per sec: 77,750
Per day: 6,717,600,000
Per year: 2,451,924,000,000
Source: Calculations by Bill Binney, based on publicly available data.
The Investigatory Powers Bill introduces a “double lock” which requires both the home secretary and a judicial commissioner to sign warrants authorising bulk powers.
“I will give you my basic view of that,” said Binney. “That is a joke. There is actually very little to no oversight in that process at all. It is the same over here.”
When Binney and others have had discussions with the US Privacy and Civil Liberties Oversight Board (PCLOB), which has an oversight role over US intelligence gathering, it has said it has no reliable way to verify what it is being told by the US intelligence services, said Binney.
“They simply said, ‘We do the best we can’. In essence, no country has in place a means of verifying what their intelligence agencies tell them,” he said.
Binney pointed to Judge Reggie Walton, former chief judge on the US Foreign Intelligence Surveillance Court, who told the Washington Post that he and the court had only a limited capability to verify what they were being told by US intelligence services.
“When agencies do things in secret, you can’t trust them,” said Binney. “You have to have a way of prescribing what they are doing for sure. And right now, having one person here, one person there, or a small court here, that is not going to hack it. That will never do it, that will never make it oversight.”