(b) The utility of the bulk powers (including bulk interception) was said to be “the
same across the majority of GCHQ’s operational areas”, including economic
security, weapons and counter-proliferation, serious crime, cyber defence
and counter-terrorism.
(c) Cyber-defence was given particular emphasis: GCHQ state that 95% of the
cyber-attacks on the UK detected by the SIAs in the first half of 2016 were
only discovered through the collection and analysis of communications data
obtained through bulk interception.
(d) The value of bulk interception was said to be constant where cyber-defence
is concerned, and to be constant or declining in other respects.
5.5.
Recalling the ISC’s comment that “the primary value to GCHQ of bulk
interception was not in reading the actual content of communications”,198 no
specific mention was made in GCHQ’s statement of utility of the value (if any)
attached to content obtained by use of bulk interception. This raises the
question of whether it is necessary for bulk interception warrants to permit the
recovery of content at all. I was assured that it did, in two respects:
(a) The initial recovery of communications data may be used as “building block”
information to assist in determining whether to access content under the
same warrant; and
(b) The process described at 2.19(b) above allows content-based criteria (for
example, the use of complex criteria with three or more elements that is used
to identify individuals possibly breaching UN sanctions) for selecting
communication items for analysis.
5.6.
GCHQ emphasised, in discussions with members of the Review team, that its
ability to provide speedy information on incidents as they were occurring
depended on its ability to interrogate the communications data obtained through
the process described at 2.19(b) above.
5.7.
MI6 records in its own statement of utility (Annex 6) that it depends on GCHQ’s
use of bulk interception to provide targeted information that it can then develop to
understand intelligence threats and opportunities. Without this, it claims that its
“operations across all areas (counter-terrorism, counter-proliferation, cyber,
serious crime and geographical requirements for intelligence collection) would be
significantly damaged, including the ability to understand operational risks and
manage them appropriately”.
198
2015 ISC Report, para 80; 3.26 above.
81