CHAPTER 10: INTELLIGENCE
10.40. GCHQ provided a set of features with supporting justification which it considered
essential in future legislation, incorporating:
(a)
The continued ability to acquire bulk data from a variety of sources, including
through the use of new techniques, such as CNE, and through the exploitation
of commercially available Big Data, to deliver the intelligence requirements of
the future. Analysis of bulk data - usually communications data or contentderived metadata (see 10.28 above) - is essential to the discovery of unknown
or only very partially understood threats to the UK. As communications
technologies evolve, GCHQ's techniques will need to respond and develop
accordingly.
(b)
The ability to combine such data acquired from a variety of sources and using
a variety of techniques into a single intelligence picture. A single legislative
framework covering all of this activity would be preferable to the current mix of
arrangements in terms of enabling greater transparency and ensuring
consistency, as far as is possible, of authorisation regimes, safeguards and
oversight.
(c)
The ability to intercept communications data and content-derived metadata
other than as a by-product of content interception. This is not provided for in
all circumstances in the current legislation. On average, communications data
and content-derived metadata is less intrusive than content, and there are
various scenarios and applications - notably but by no means exclusively in the
context of GCHQ's cyber defence role - where it is not always necessary to
examine content in order to derive intelligence insight. In such circumstances,
it would therefore be more proportionate, and clearly preferable, only to acquire
the communications data or in some cases the content-derived metadata, and
not the whole content.
(d)
A two-stage authorisation process for bulk data (acquisition and access),
with the weight of the authorisation burden falling at the point of acquisition, and
access to specific data subject to rigorous retrospective review. GCHQ
acknowledges the need for, and values, a robust and accountable end-to-end
process to govern their exploitation of intelligence material. In the case of bulk
untargeted data, they accept that intrusion occurs at two stages: first at the
point of acquisition; and then at the point at which material is actually seen or
listened to by a human being. The overall framework for authorisation,
accountability and oversight must be compatible with an approach to this
second stage that achieves target discovery through the agile testing of
hypotheses against the full range of available intelligence data, rather than the
simple searching for already known target identifiers such as an email address
or telephone number. GCHQ argues strongly that this can best be achieved by
a rigorous audit process after the event.
(e)
An explicit basis for sharing data with other Agencies and with foreign
partners. The ability to share data with both domestic and foreign partners is
vital: no single organisation, or state, is able to acquire all the intelligence it
200