The German, French, Spanish and Swedish intelligence services have all developed methods of mass surveillance of internet and phone traffic over the past five years in close partnership with Britain’s GCHQ eavesdropping agency.
The bulk monitoring is carried out through direct taps into fibre optic cables and the development of covert relationships with telecommunications companies. A loose but growing eavesdropping alliance has allowed intelligence agencies from one country to cultivate ties with corporations from another to facilitate the trawling of the web, according to GCHQ documents leaked by the former US intelligence contractor Edward Snowden.
The files also make clear that GCHQ played a leading role in advising its European counterparts how to work around national laws intended to restrict the surveillance power of intelligence agencies.
The German, French and Spanish governments have reacted angrily to reports based on National Security Agency (NSA) files leaked by Snowden since June, revealing the interception of communications by tens of millions of their citizens each month. US intelligence officials have insisted the mass monitoring was carried out by the security agencies in the countries involved and shared with the US.
The US director of national intelligence, James Clapper, suggested to Congress on Tuesday that European governments’ professed outrage at the reports was at least partly hypocritical. “Some of this reminds me of the classic movie Casablanca: ‘My God, there’s gambling going on here,’ ” he said.
Sweden, which passed a law in 2008 allowing its intelligence agency to monitor cross-border email and phone communications without a court order, has been relatively muted in its response.
The German government, however, has expressed disbelief and fury at the revelations from the Snowden documents, including the fact that the NSA monitored Angela Merkel’s mobile phone calls.
After the Guardian revealed the existence of GCHQ’s Tempora programme, in which the electronic intelligence agency tapped directly into the transatlantic fibre optic cables to carry out bulk surveillance, the German justice minister, Sabine Leutheusser-Schnarrenberger, said it sounded “like a Hollywood nightmare”, and warned the UK government that free and democratic societies could not flourish when states shielded their actions in “a veil of secrecy”.
However, in a country-by-country survey of its European partners, GCHQ officials expressed admiration for the technical capabilities of German intelligence to do the same thing. The survey in 2008, when Tempora was being tested, said the Federal Intelligence Service (BND), had “huge technological potential and good access to the heart of the internet – they are already seeing some bearers running at 40Gbps and 100Gbps”.
Bearers is the GCHQ term for the fibre optic cables, and gigabits per second (Gbps) measures the speed at which data runs through them. Four years after that report, GCHQ was still only able to monitor 10 Gbps cables, but looked forward to tap new 100 Gbps bearers eventually. Hence the admiration for the BND.
The document also makes clear that British intelligence agencies were helping their German counterparts change or bypass laws that restricted their ability to use their advanced surveillance technology.
“We have been assisting the BND (along with SIS [Secret Intelligence Service] and Security Service) in making the case for reform or reinterpretation of the very restrictive interception legislation in Germany,” it says.
The country-by-country survey, which in places reads somewhat like a school report, also hands out high marks to the GCHQ’s French partner, the General Directorate for External Security (DGSE).
But in this case it is suggested that the DGSE’s comparative advantage is its relationship with an unnamed telecommunications company, a relationship GCHQ hoped to leverage for its own operations.
“DGSE are a highly motivated, technically competent partner, who have shown great willingness to engage on IP [internet protocol] issues, and to work with GCHQ on a “cooperate and share” basis.”
Noting that the Cheltenham-based electronic intelligence agency had trained DGSE technicians on “multi-disciplinary internet operations”, the document says: “We have made contact with the DGSE’s main industry partner, who has some innovative approaches to some internet challenges, raising the potential for GCHQ to make use of this company in the protocol development arena.”
GCHQ went on to host a major conference with its French partner on joint internet-monitoring initiatives in March 2009 and four months later reported on shared efforts on what had become by then GCHQ’s biggest challenge – continuing to carry out bulk surveillance, despite the spread of commercial online encryption, by breaking that encryption.
“Very friendly crypt meeting with DGSE in July,” British officials reported. The French were “clearly very keen to provide presentations on their work which included cipher detection in high-speed bearers. [GCHQ’s] challenge is to ensure that we have enough UK capability to support a longer term crypt relationship.”
In the case of the Spanish intelligence agency, the National Intelligence Centre (CNI), the key to mass internet surveillance, at least back in 2008, was the Spaniards’ ties to a British telecommunications company (again unnamed. Corporate relations are among the most strictly guarded secrets in the intelligence community). That was giving them “fresh opportunities and uncovering some surprising results.
“GCHQ has not yet engaged with CNI formally on IP exploitation, but the CNI have been making great strides through their relationship with a UK commercial partner. GCHQ and the commercial partner have been able to coordinate their approach. The commercial partner has provided the CNI some equipment whilst keeping us informed, enabling us to invite the CNI across for IP-focused discussions this autumn,” the report said. It concluded that GCHQ “have found a very capable counterpart in CNI, particularly in the field of Covert Internet Ops”.
GCHQ was clearly delighted in 2008 when the Swedish parliament passed a bitterly contested law allowing the country’s National Defence Radio Establishment (FRA) to conduct Tempora-like operations on fibre optic cables. The British agency also claimed some credit for the success.
“FRA have obtained a … probe to use as a test-bed and we expect them to make rapid progress in IP exploitation following the law change,” the country assessment said. “GCHQ has already provided a lot of advice and guidance on these issues and we are standing by to assist the FRA further once they have developed a plan for taking the work forwards.”
The following year, GCHQ held a conference with its Swedish counterpart “for discussions on the implications of the new legislation being rolled out” and hailed as “a success in Sweden” the news that FRA “have finally found a pragmatic solution to enable release of intelligence to SAEPO [the internal Swedish security service.]”
GCHQ also maintains strong relations with the two main Dutch intelligence agencies, the external MIVD and the internal security service, the AIVD.
“Both agencies are small, by UK standards, but are technically competent and highly motivated,” British officials reported. Once again, GCHQ was on hand in 2008 for help in dealing with legal constraints. “The AIVD have just completed a review of how they intend to tackle the challenges posed by the internet – GCHQ has provided input and advice to this report,” the country assessment said.
“The Dutch have some legislative issues that they need to work through before their legal environment would allow them to operate in the way that GCHQ does. We are providing legal advice on how we have tackled some of these issues to Dutch lawyers.”
In the score-card of European allies, it appears to be the Italians who come off the worse. GCHQ expresses frustration with the internal friction between Italian agencies and the legal limits on their activities.
“GCHQ has had some CT [counter-terrorism] and internet-focused discussions with both the foreign intelligence agency (AISE) and the security service (AISI), but has found the Italian intelligence community to be fractured and unable/unwilling to cooperate with one another,” the report said.
A follow-up bulletin six months later noted that GCHQ was “awaiting a response from AISI on a recent proposal for cooperation – the Italians had seemed keen, but legal obstacles may have been hindering their ability to commit.”
It is clear from the Snowden documents that GCHQ has become Europe’s intelligence hub in the internet age, and not just because of its success in creating a legally permissive environment for its operations. Britain’s location as the European gateway for many transatlantic cables, and its privileged relationship with the NSA has made GCHQ an essential partner for European agencies.
The documents show British officials frequently lobbying the NSA on sharing of data with the Europeans and haggling over its security classification so it can be more widely disseminated. In the intelligence world, far more than it managed in diplomacy, Britain has made itself an indispensable bridge between America and Europe’s spies.
This article originally appeared on guardian.co.uk
Join the conversation about this story »