18
A Democratic Licence to Operate
intrusive as access to content data. There are two main arguments as to why this might
potentially be the case.
1.45
Firstly, there are greater volumes of communications data available on an individual
relative to content data. For every piece of content data (the content of an e-mail,
for example) there are multiple pieces of communications data that surround it (the
sender and recipient, the time, date, location of transmission and the priority, to name
but a few).48 Communications data is also generated even if no content is ultimately
communicated; mobile networks, for example, log the cell location to which a phone is
connected even if no call is being made or received.
1.46
Secondly, it is possible to infer a great deal of information from communications data,
allowing an analyst to generate a substantial picture of an individual and their patterns of
behaviour without ever reading the content of their communications. This can include,
for example, examining the location of an individual’s phone calls to identify frequently
visited locations or examining frequently visited web servers or phone numbers called to
reveal details about an individual’s private life.
Bulk Data and Bulk Interception
1.47
‘Bulk data’ is a misleading term as it most frequently refers to the interception of data in
bulk, rather than to the data itself (hence use of the term ‘bulk interception’). Under RIPA
2000, warrants granted under Section 8(4) allow for the collection of communications
in large volumes where the sender and/or recipient are located overseas.49 This bulk
collection is done for two reasons. The first reason is to reconstitute split communications;
given the nature of how information is transmitted via the Internet – broken down into
different packets which are sent over the network and reconstituted at destination –
data may need to be intercepted at multiple points in order to understand the whole
message. The second reason is to identify unknown threats to national security, or
unknown components of previously identified threats (such as members of a terrorist
or criminal network, for example), especially overseas. This process is known as ‘target
discovery’, and involves interrogating large volumes of data in order detect or learn more
about a particular threat. As described by the ISC:
GCHQ’s bulk interception capability is used primarily to find patterns in, or characteristics of,
online communications which indicate involvement in threats to national security. The people
involved in those communications are sometimes already known, in which case valuable extra
intelligence may be obtained (for example, a new person in a terrorist network, a new location to
48. Written submission from the Information Commissioner.
49. The interception of internal communications, where both the sender and recipient are
located within the UK, is subject to tighter controls and more rigorous safeguards than the
interception of external communications.