GCHQ 'smart collection' would protect MPs from spies, says NSA expert

First published by The Register - http://www.theregister.co.uk/2015/11/04/gchq_smart_collection_nsa_man_bi...

Investigatory Powers tribunal was misled by 'horsesh*t'

Protecting members of Parliament from mass surveillance by bulk collection is “exceedingly simple”, according to the US co-inventor of the high technology devices and programs now used by GCHQ to intercept optical fibre cables carrying Internet data in and out of Britain.

Bill Binney, formerly Technical Director of the NSA’s Operations Directorate, dismissed as “absolute horseshit” claims by government lawyers to the Investigatory Powers Tribunal (IPT), reported in an adjudication last month, that “there is so much data flowing along the pipe” that “it isn’t intelligible at the point of interception”.

“These statements are false”, he told The Register. “They have been made by someone who does not understand the technology. The tribunal was misled.”

Green Party MP Caroline Lucas said: "These revelations from an ex-NSA operative are deeply concerning. It would appear that the Government has either willfully misled the public, or they simply don’t have a proper understanding of their own surveillance systems."

"Parliamentary protections should be built into law", she added. "Ministers must use the forthcoming Investigatory Powers Bill to enshrine the Wilson Doctrine protections into law and ensure that constituents and whistle-blowers can contact parliamentarians without fear of being spied upon."

Lucas, along with Green peer Jenny Jones and former MP George Galloway, brought the IPT case against the government, alleging that their parliamentary phone calls and e-mails had been intercepted in bulk by GCHQ using its mass surveillance systems, rather than by lawful individually named warrants.

The three had claimed that this was contrary to the Wilson Doctrine, a statement by former prime minister Harold Wilson in 1966 that parliamentarians' communications would not be subject to interception. The Wilson policy was re-affirmed by Margaret Thatcher, and again by Tony Blair in 2006, who confirmed that it applied to e-mails as well as phone calls. It was re-confirmed by Home Secretary Teresa May earlier this year.

Since then, GCHQ and the government have pushed back on parliamentary protections, including by claiming that the doctrine does not cover members of devolved parliaments, nor "bulk collection" covering all British citizens' communications, including MPs.

Government lawyer James Eadie QC, representing the intelligence agencies and the government, had told the tribunal that it was not possible to filter out parliamentarians’ communications from the mass of data scooped up by GCHQ’s bulk interception operations. He conceded that parliamentarians’ emails “may have been collected” by GCHQ in these operations, but claimed that, technically, this could not have been prevented because the data could not be understood.

Binney, who resigned from the NSA after becoming aware of illegal and unconstitutional surveillance programmes launched after 9/11, spoke out while visiting Europe to speak at an Amsterdam privacy conference.

As one of the NSA’s most senior and respected scientists, Binney says he was a frequent and welcome visitor to GCHQ's Cheltenham headquarters for thirty years. During the Cold War and the 1990s, he said, “I had many friends there. We co-operated extremely closely. I gave them the source code for our projects. They called me ‘the bottom line’”– meaning that they expected him to rule on the resolution of shared technical difficulties in intelligence gathering.

“I would be very happy to be invited back to GCHQ now to remind them how to manage bulk collection without violating privacy and the law“, he said. The key point is to “lose irrelevant data straight after sessionising.”

“Smart selection is smart collection”, he explained. “It’s essential to do it properly. Sessionised data is in fact highly intelligible, and can be automatically sorted in milliseconds or even less. You have to lose as much data and content as you can as quickly as you can, so as to stay focused on the communications that might really matter.”

“Selectors are the key. We use selectors to do smart selection and smart collection, to save resources. If you do unconstrained bulk collection, the amount content is not manageable. We use deselectors to minimize data.”

"Everything that wasn’t wanted wasn’t allowed to pass through and get stored", he added. “If it wasn’t on your zone of suspicion, you automatically did not take it in,” he added.

Binney said that secret NSA and GCHQ documents provided by Edward Snowden and published by news media around the world now confirmed that the selection and protection techniques he and his team helped develop were still in use, but only when the agencies had been legally compelled to use them.

These revelations showed that hardening existing domestic exclusion systems and extending them to throw away Congressional or Parliamentary communications would be “trivial in technology terms”, Binney said. “I could do it in an hour, using standard NSA and GCHQ methods.”

“What NSA and GCHQ are supposed to do is vitally important”, Binney added. “I want them to succeed - but they are doing the absolute wrong thing now. They are dooming themselves to failure by bulk acquisition.”

GCHQ said it did not want to comment.