Lid lifted on how UK tries to protect itself
Its most prominent (and controversial) role is the tracking of terrorist threats to the UK by intercepting and analysing ‘‘bulk data’’, the great mass of electronic communications, a process its opponents call snooping, and which GCHQ insists is necessary to keep Britain safe.
GCHQ performs myriad other functions less apparent to the public: using electronic interception to combat serious and organised crime, liaising with MI5 and MI6 to provide internal security and external intelligence, tackling online child abuse, working with the military on operations worldwide, developing new technological tools, liaising with outside business, and training up a new generation of digital spooks. GCHQ is also increasingly preoccupied with cyberthreats.
In the words of Robert Hannigan, GCHQ’s director: ‘‘The organisation detects a wide range of cyberattacks every day. The threat is growing in number, sophistication and impact.’’
The Doughnut is like a vast and incongruous spaceship, surrounded by car parks, on the edge of Cheltenham. Visitors approach via a series of security gates, and then up a broad avenue of beeches and lavender beds.
GCHQ employs about 6000 people, as well as heavily vetted outside contractors. Some are in business suits and ties, but most are casually dressed.
The impression is of a highly successful internet technology company that has dispensed with normal corporate behaviour in favour of informality, innovation and working on the move.
The Doughnut consists of three circular floors running around the entire building. In case of emergency, the building can be divided into separate sections, meaning operations could continue in one area even if disabled in another.
Beneath our feet is the most powerful computing facility in the country, bank after bank of processors covering an area the size of two football pitches, crunching data of staggering scale and complexity. GCHQ’s essential role is twofold, and in a way combines the two functions of MI6 and MI5: intelligence and security, discovering secret information that will serve and protect British interests, and defending the nation against external and internal threats.
The technique by which this is done is, broadly speaking, the same, whether the target is a terrorist, drug smuggler, Taliban fighter or child abuser.
GCHQ’s priorities are set by the government, in the Joint Intelligence Committee and the weekly meetings of the National Security Council, chaired by the prime minister. Bulk data are gathered and maximised to collect foreign communications, suspicious patterns of behaviour are sought and identified, often working on a tip-off or other sources of intelligence.
GCHQ is not in the business of routinely reading emails. It is a myth that Britain is subject to mass surveillance by GCHQ, or that certain trigger words set off alarm bells in the Doughnut.
The data harvested are foreign in focus; given the global nature of internet traffic, that may well include communications to and from people in Britain.
To investigate an individual in Britain any further, an additional warrant is needed. Having identified a target, additional steps must be taken before any content can be examined – to go after a specific internet user, mobile phone or Facebook account.
At each stage, the hunters must explain and justify why the action being taken is both ‘‘necessary’’ and ‘‘proportionate’’, that it will achieve the desired result, that the outcome is demonstrably important, and that the process intrudes upon privacy no more than required.
But the process of turning raw intercepted data into usable intelligence also requires a host of linguists, lawyers, psychologists, anthropologists, international affairs specialists, trained analysts and experts in the entire range of human life. My guide is a music graduate. Some people in the building speak eight languages; some virtually speak in computer code.
The emergency rapid-response hub of GCHQ is the GCHQ Sigint Operations Centre, or Gsoc (this is an organisation that cherishes its acronyms). This event response centre operates around the clock in reaction to crises. If a hacker launches a cyberattack on a key element of the country’s economic infrastructure, if a bomb goes off, if a known terrorist suddenly pops up, this is the first line of electronic action.
In a boardroom a few doors away, the head of tradecraft outlines the sheer magnitude of the task facing GCHQ.
‘‘Going back to Bletchley Park and the Cold War, GCHQ has always found ways to exploit vulnerabilities in the communications system and turn that into intelligence. But the exponential growth of digital communications is unprecedented in history.’’
The collection of bulk data is not new; but the definition of what ‘‘bulk’’ actually means has changed utterly and the scale of communications data today is on an unimaginably vast scale.
Half the world – more than three billion people – are active internet users. Between 2006 and 2013 online data increased tenfold.
‘‘The amount we can process is tiny, because big data is really big,’’ my guide says. ‘‘It’s about trying to keep up.’’
The contrast between what the private sector is investing in the internet, and what government can afford to spend, poses another dilemma.
The head of technology says: ‘‘The growth of the internet is relentless; US$3.7 trillion (NZ$5.54t) is being invested every year on developing the internet. The only way we can keep up is to be clever.’’
Internet communications are now routinely encrypted, vastly complicating the job of GCHQ.
Moreover, even when data are decoded, it is increasingly difficult to pinpoint who really sent it, and who actually received it, because it is extraordinarily easy to hide.
‘‘It’s not like looking for a needle in a haystack. It’s like looking for a piece of hay in a haystack.’’
‘‘Our job is about finding the new threats and tying them to real people and real targets that others can do something about,’’ the head of tradecraft says.
‘‘If the internet is being used to sell you things, why is it wrong for little GCHQ to use a tiny bit of the data to stop you being blown up on holiday?’’