CASE STUDIES
BULK INTERCEPTION
Case study A8/1
GCHQ
Bulk interception/bulk acquisition data
Action268
Counter-terrorism
In 2015, GCHQ analysts used communications data obtained under bulk interception
warrants to search for potential new phones used by individuals known to be involved in
plotting terrorist acts in the UK. Following the identification of a new phone number,
GCHQ conducted further analysis to identify contacts and additional ‘selectors’ being
used by the same individual. Subsequent analysis, combining communications data
obtained under bulk interception warrants and communications data acquired under s94
TA 1984, enabled GCHQ to identify an operational cell. Further to this, the analysis of
the content of communications and other, more targeted techniques revealed that the
cell had almost completed the final stages of a terrorist attack. The police were able to
disrupt the plot in the final hours before the planned attack.
GCHQ provided the Review team with intelligence reporting which showed that, without
access to bulk data, GCHQ would not have been able to complete this work at all; the
exposure of the operational communications was made possible only because GCHQ
analysts were able rapidly to develop the contacts of every phone in the network as they
investigated. GCHQ staff explained that, on its own, each phone would not necessarily
have been identified as suspicious but, when taken as a network, the likely operational
nature of the phones was clear to see.
In this case, the SIAs had no other leads to follow.
GCHQ managers told the Review team that the ability to identify operational phones
through analysis of bulk data had been crucial in a number of similar operations.
268
In each case study I have highlighted the nature of the principal work involved, by reference to
the SIAs’ Structured Description of Intelligence Work (Annex 4).
158