US technology companies facing growing UK pressure over internet spying

Tension is growing between the UK and US over Prism spying

GCHQ has stepped up the pressure on US internet giants to stop spying in the UK.

In a statement released exclusively to Computer Weekly, GCHQ, the UK’s signals intelligence agency, said: "It is expected that all multinational firms operating in the UK act in accordance with our laws, including RIPA [Regulation of Investigatory Powers Act 2000].The Data Retention and Investigatory Powers Act 2014 makes clear that those companies that provide communications services to British users have an obligation to comply with our legislation. We expect all communication service providers to now comply with the law."

The point behind GCHQ’s comments is that US companies running the Prism interception and data collection programme in the UK are doing things that GCHQ cannot legally do.

This includes intercepting emails without a UK warrant, which is a breach of the Regulation of Investigatory Powers Act. It is also a breach of the Data Protection Act, and, according to the interception of communications commissioner Anthony May, is a violation of Article 8 of the Human Rights Act.

The statement follows an extraordinarily savage piece in the Financial Times in November 2014, in which GCHQ director Robert Hannigan described the US technology companies which dominate the web as “hosting the material of violent extremism or child exploitation” and as “command and control centres for crime and terrorism”.

No such criticism of American institutions, much less companies, has ever been made before by a senior British government official.

According to John Hemming, the Liberal Democrat MP for Birmingham and a cryptographer, "this statement from GCHQ is without precedent". 

"The US has an unfortunate track record of ignoring other countries' laws, in the area of high tech especially. It is good that they have been given a clear message from the UK that this must stop happening in the UK. I welcome GCHQ's openness and clarity on this matter. This is a very welcome development," he said.

Malcolm Rifkind, the chair of the Parliamentary Intelligence and Security Committee, accused Facebook of failing to report a conversation between one of the killers of the soldier Lee Rigby and a terrorist in the Yemen.

Rifkind did not explain how Facebook could have done this legally, as Facebook cannot obtain an interception warrant under UK law.

And Rifkind did not mention that this call should have been picked up by GCHQ’s Cyprus listening station, which is assumed to monitor all communications traffic between the UK and the Yemen.

None of the US giants criticised by the GCHQ director have made any statements to the press, and all are refusing to comment despite what might be seen as the most libellous critique ever made of them. They are accused of harbouring and assisting terrorists and paedophiles.

US corporations cannot get interception warrants in the UK. Computer Weekly understands that Hannigan’s unprecedented squeeze on the companies is about Prism. This is the international interception and surveillance programme run by nine US companies – Apple, Microsoft, Google, Facebook,Yahoo, YouTube, AOL, Paltalk and Skype – on behalf of the US National Security Agency (NSA).

The programme is paid for by the NSA and orders the companies to intercept the communications and obtain data belonging to their clients and customers. Most of the requests involved the interception of communications as well as data.

Methods of communication intercepted include email, chat, video and voice, photos, stored data, VoIP, file transfers, video conferencing, notification of target activity, logins and social networking details.

The row about Prism has scarcely been touched upon since the Guardian first revealed the existence of the programme in June 2013, but it is unlikely to have been off David Cameron’s agenda since. 

In a report in April 2014, interception of communication commissioner May told the prime minister: “Section 1(1) of Ripa makes it an offence for a person intentionally and without lawful authority to intercept at any place in the United Kingdom, any communication in the course of transmission by means of a public postal service or public telecommunications system. My statutory role concerns interception within the United Kingdom.”

The US has an unfortunate track record of ignoring other countries' laws, in the area of high tech especially

John Hemming, MP

He then wrote that: “Public concern has centred on potential intrusive invasion of privacy. [Arising from the Snowden revelations] such concerns have been expressed publicly in the United States, Europe and other countries with greater force perhaps than in the UK.

“But unjustified and disproportionate invasion of privacy by a public authority in the UK would breach Article 8 of the European Convention of Human Rights just as much here as in other parts of the European Union.”

This was widely seen as a warning about the activities of GCHQ, but informed insiders now say that May, the former president of the Queen’s Bench division of the High Court, had picked up information about Prism and was warning the prime minister, however obliquely, to do something about it.

Despite intense pressure from some parts of the UK intelligence structure, Cameron has dithered – while the communications of about half the country, and the data of most UK internet users, were intercepted and stolen by the Prism companies.

Computer Weekly understands that the problem landed on Cameron’s desk after a confrontation last year between Rifkind and Ian Lobban, previously director of GCHQ. This followed brief reports in the Guardian that Rifkind and Lobban had quarrelled over US spying in the UK, which Lobban had apparently failed to understand.

Prism was running in the UK, despite the rules of the Five Eyes Intelligence treaty which prohibits any of the five eyes countries – the US, the UK, Canada, Australia and New Zealand – from spying on each other. Prism is a clear breach of this agreement in four of the five member countries.

Lobban announced his retirement at 53 from GCHQ in November 2014, just after the row, and has been replaced by Robert Hannigan who made his FT attack on the corporations on his first day in his new job.  

The whole matter is thought to have led to a serious crisis in the relations between the US and the UK, one that has affected the intelligence partnership between the two countries and which has gone unreported in the UK media.

It is thought to be one of the reasons that William Hague swapped his role as foreign secretary for the less onerous and fraught job of leader of the House of Commons, only to run head-on into the problem when raised by Hemming.

Kevin Cahill is a journalist and former systems analyst with a special interest in supercomputers.

Read more on IT legislation and regulation