CHAPTER 10: INTELLIGENCE
Together with other information, bulk data allows a more complete intelligence picture
to be drawn. Without it, it may not be possible to discover new threats and follow a
lead to a point of closely targeted intervention.
10.26. During my Review, the US National Academies Report on Bulk Collection of Data was
published in response to President Obama’s request to address whether software
could be created to allow the US intelligence community more easily to conduct
targeted information acquisition of signals intelligence, rather than bulk collection. The
Academies said:
“No software-based technique can fully replace the bulk collection of signals
intelligence, but methods can be developed to more effectively conduct
targeted collection and to control the usage of collected data... Automated
systems for isolating collected data, restricting queries that can be made
against those data, and auditing usage of the data can help to enforce privacy
protections and allay some civil liberty concerns…”22
GCHQ told me, when drawing this to my attention, that they already practise the
additional approaches suggested by the Academies.23
Access to communications data
10.27. The Agencies are currently able to obtain communications data, including through
their bulk interception powers, and they look forward to the future legal framework
maintaining their ability to do so. They face the same problems as law enforcement
in obtaining the communications data that they need concerning their targets,
particularly from overseas companies but also where data are not currently retained.
10.28. But as the ISC noted (with surprise) in its recent report:
“the primary value to GCHQ of bulk interception was not in reading the actual
content of communications, but in the information associated with those
communications”.24
GCHQ has therefore suggested that there should be a new power to intercept only
this information rather than, as at present, all content as well. It points out that such
an approach would intrude less into privacy. It also left me in no doubt, however, that
the ability to intercept technical elements of communications, such as cookies and
web logs (sometimes described as “content derived metadata”), which fall outside the
definition of communications data in RIPA and so must be treated as content (despite
being less sensitive than content as ordinarily understood) was essential to their target
discovery work.25
22
23
24
25
National Academies Report, Bulk Collection of Signals Intelligence: technical options, (January 2015).
Letter from Robert Hannigan, 20 January 2015.
ISC Privacy and Security Report, para 80.
Evidence to the Review, April 2015.
197