CHAPTER 7: PRACTICE
7.24.
The ISC noted in March 2015:
“We were surprised to discover that the primary value to GCHQ of bulk
interception was not in the actual content of communications, but in the
information associated with those communications.”22
By “the information associated with those communications”, the ISC was referring to
both “related communications data” as defined in RIPA, and also to other contentderived information, relating for example to the characteristics of a communication,
which is treated as content for the purposes of the law. This might for example be
another email address used by a subject of interest.
7.25.
GCHQ explained that its bulk access capabilities are the critical enabler for the cyber
defence of the UK, providing the vast majority of all reporting on cyber threats and the
basis for counter-activity. In a recent two week period bulk access provided visibility
to GCHQ of 96 distinct cyber-attack campaigns. Bulk access is also the only means
by which GCHQ can obtain the information it needs to develop effective responses to
these attacks.23
7.26.
GCHQ provided case studies to the ISC in order to demonstrate the effectiveness of
its bulk interception capabilities. I have been provided with the same case studies
and with other detailed examples, on which I have had the opportunity to interrogate
GCHQ analysts at length and by reference to detailed intelligence reports based on
the analysis of bulk data. They leave me in not the slightest doubt that bulk
interception, as it is currently practised, has a valuable role to play in protecting
national security. It does not of course follow that it is necessarily proportionate, which
is for the courts to decide. I return to this topic at 14.39-14.55 below.
7.27.
There are limits to what the public will (or should) take on trust. It is unfortunate,
therefore, that the examples which the ISC gave to demonstrate the effectiveness of
GCHQ’s bulk interception capabilities had to be redacted from the open version of its
report.24 The six outline examples at Annex 9 to this Report go a little way towards
remedying that defect. They illustrate the utility of bulk data capabilities more
generally, particularly to identify previously unknown perpetrators of suspicious
activity.
Interception capability and capacity
7.28.
22
23
24
The Government has established a “national authority” for interception: the National
Technical Assistance Centre [NTAC], which since 2006 is part of GCHQ. This was
set up in 1999 by the Home Office, in the first place to assist law enforcement in the
face of rapid technological change. It now supports all of the intercepting agencies,
other than the MoD. About half of its funding still comes from the Home Office, and
its work includes developing interception capabilities and infrastructure which are
ISC Privacy and Security Report, para 80.
Evidence from GCHQ, April 2015.
Ibid., paras 82-89.
130