valuable to GCHQ at this stage, whether singularly, together or when
combined with other, more targeted techniques.
Interception – remain the same for cyber defence / decline for
non-cyber defence
EI – increasing
BPD – remain the same for GCHQ
CD – remain the same / decline
By operational area265
The utility of the bulk powers is the same across the majority of GCHQ’s operational
areas. For geo-political teams (including economic security, weapons and
counter-proliferation), Serious Crime, Cyber Defence and Counter Terrorism,
the ability to use bulk powers to identify and understand our adversaries relies on a
combination of the bulk powers. Bulk interception remains an important capability,
and the importance of bulk equipment interference will increase in the coming years.
Both the bulk acquisition of communications data and bulk personal datasets allow
GCHQ to minimise intrusion into privacy when seeking to identify new leads and can
also be used to provide GCHQ with the assurance that an account targeted for more
intrusive content collection does not belong to a UK individual.
Additionally, for geo-political teams and serious crime, the bulk powers can also be
used to identify other previously unknown communications of existing targets – for
example a new phone or email address – and can provide valuable intelligence on
the plans and actions of subjects of interest.
For our work in support of counter terrorism, it is GCHQ’s ability to interrogate the
communications data obtained through bulk interception that provides the crucial
capability to answer questions about developing incidents as they occur and identify
the individuals involved.
“We have examined cases which demonstrate that [bulk interception] has been used
to find communications indicating involvement in threats to national security. Bulk
interception has exposed previously unknown threats or plots which threatened our
security and which would not otherwise have been detected.”266
Communications data obtained through bulk interception is crucial to GCHQ’s ability
to protect the UK against cyber-attack from our most savvy adversaries and to track
them down in the vast morass of the Internet (Cyber Defence).
“The speed of events in cyber space and the vast size of the internet limit the utility of
more targeted powers and make bulk capabilities essential to the UK’s efforts to
detect and defend against such attacks. 95% of the cyber-attacks on the UK
detected by the agencies over the last six months were only discovered through the
collection and analysis of bulk data.”267
265
266
267
[Areas taken from allocation of effort breakdown in ISC Annual Report, 2015-16 (5 July 2016).]
2015 ISC Report, Overview para x.
[Attribute quote: GCHQ to provide reference to “OCBP”].
154