3 min read

GCHQ took less than 10 minutes to covertly scoop up 70,000 emails - and it's a disgrace


January 20, 2015

Promo Protect all your devices, without slowing them down.
Free 30-day trial
GCHQ took less than 10 minutes to covertly scoop up 70,000 emails - and it's a disgrace

It’s a strange and disturbing world we are living in.

Politicians are calling for encrypted communications to be outlawed if they do not have a backdoor through which law-enforcement can spy upon conversations.

Intelligence chiefs are pronouncing that “We can`t stop terrorism, unless we spy on the innocent.”

What’s clear is that there is an almighty fight kicking off between those who believe the public should have their privacy protected, and those who feel the threat of terrorism and organised crime outweighs civil liberty concerns.

In my view, in the years since 9/11, some politicians have gone too far – exploiting fear and raising concerns about possible future terrorist attacks in order to chip away at freedoms that we should take for granted.

Suddenly, almost anything is acceptable for the intelligence services to do – if it can be argued to assist the “war on terror”.

Take, for instance, this report yesterday from James Ball of The Guardian.

GCHQ`s bulk surveillance of electronic communications has scooped up emails to and from journalists working for some of the US and UK`s largest media organisations, analysis of documents released by whistleblower Edward Snowden reveals.

Emails from the BBC, Reuters, the Guardian, the New York Times, Le Monde, the Sun, NBC and the Washington Post were saved by GCHQ and shared on the agency`s intranet as part of a test exercise by the signals intelligence agency.

The journalists` communications were among 70,000 emails harvested in the space of less than 10 minutes on one day in November 2008 by one of GCHQ`s numerous taps on the fibre-optic cables that make up the backbone of the internet.

The communications, which were sometimes simple mass-PR emails sent to dozens of journalists but also included correspondence between reporters and editors discussing stories, were retained by GCHQ and were available to all cleared staff on the agency intranet. There is nothing to indicate whether or not the journalists were intentionally targeted.

The mails appeared to have been captured and stored as the output of a then-new tool being used to strip irrelevant data out of the agency`s tapping process.

It sounds like awfully clever stuff – but it also appears to be a gross infringement on the privacy of individuals (including citizens of the same country that GCHQ is supposed to be protecting) and organisations.

And bear in mind that Snowden’s revelations concern an incident which took place in 2008. That’s seven whole years ago.

One can only assume that the abilities of GCHQ, and its US counterpart the NSA, have grown considerably since then.

Which brings me back to the claim earlier from ex-MI6 head Sir Paul Sawers that “We can`t stop terrorism, unless we spy on the innocent.”

Clearly, the authorities already are spying on the innocent. They have the capability to snoop on many of our conversations online, and yet – terrorism still takes place.

Instead of blaming terrorism on an inability to spy on innocent people’s online communications, politicians and law-enforcement agencies should accept that stopping terrorism is impossible. Although some terrorists and organised criminals will be caught, and hopefully prevented from causing harm, there will be others who will not.

But meanwhile, GCHQ is apparently categorising journalists as potential “threats to security”, ranked alongside terrorists and hackers:

One restricted document intended for those in army intelligence warned that “journalists and reporters representing all types of news media represent a potential threat to security”.

It continued: “Of specific concern are Ëœinvestigative journalists` who specialise in defence-related exposés either for profit or what they deem to be of the public interest.

“All classes of journalists and reporters may try either a formal approach or an informal approach, possibly with off-duty personnel, in their attempts to gain official information to which they are not entitled.”

It goes on to caution “such approaches pose a real threat”, and tells staff they must be “immediately reported” to the chain-of-command.

GCHQ information security assessments, meanwhile, routinely list journalists between “terrorism” and “hackers” as “influencing threat sources”, with one matrix scoring journalists as having a “capability” score of two out of five, and a “priority” of three out of five, scoring an overall “low” information security risk.

Terrorists, listed immediately above investigative journalists on the document, were given a much higher “capability” score of four out of five, but a lower “priority” of two. The matrix concluded terrorists were therefore a “moderate” information security risk.

Scooping up thousands of emails of innocent people – yes, even journalists are innocent unless proven guilty – and making them available on GCHQ’s intranet for a number of people to access, is a gross attack on society itself.

Any thinking person would be appalled what the intelligence services are doing in their name, and wonder how on earth politicians who we put in power are allowing it to carry on.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like