GCHQ Surveillance: The Power of Britain's Data Vacuum

By

A British military base near Harrogate provides signals intelligence for Britain and the United States: "It snarfs everything." Zoom
Getty Images

A British military base near Harrogate provides signals intelligence for Britain and the United States: "It snarfs everything."

Britain's intelligence service stores millions of bits of online data in Internet buffers. In SPIEGEL, Edward Snowden explains GCHQ's "full take" approach. All data that travels through the UK is captured.

In an interview published in the latest edition of SPIEGEL, National Security Agency whistleblower Edward Snowden reports on how America's NSA intelligence service works together with Germany's federal intelligence agency, the BND, more intensively than previously known.

He also provides an in-depth account of the surveillance operations of the NSA and its British counterpart, the Government Communications Headquarters (GCHQ). Britain's Tempora system is the signal intelligence community's first "full-take Internet buffer," Snowden said in an interview.

The scope of this "full take" system is vast. According to the whistleblower and Britain's Guardian newspaper, Tempora stores communications data for up to 30 days and saves the content of those messages for up to three days, in a so-called Internet buffer. "It snarfs everything, in a rolling buffer to allow retroactive investigation without missing a single bit," Snowden said. If you send a single data packet, he further explains, "and it routes through the UK, we get it."

Asked if it is possible to get around this total surveillance of all Internet communication, he said: "As a general rule, so long as you have any choice at all, you should never route through or peer with the UK under any circumstances."

But is that a realistic scenario? Can one really escape the British data vaccuum cleaner by channelling one's own Internet data parcels through lines that are out of reach of British security authorities?

"There is no way that you as an ordinary Internet user can say: I want my data to be routed this or that way," said Philipp Blank of German telecommunications company Deutsche Telekom. Klaus Landedfeld, a board member in charge of infrastructure and networks at the German Internet industry association Eco, agreed. "You've got no influence over that as the end-user." Theoretically, one could try to influence the data flow by changing one's telecommunications provider -- "not every undersea cable runs via Great Britain." But the providers constantly change the cables they send their customers' data through, he added.

In addition, many of the most important services for private Internet users are based in the United States. "You can't get around the American companies," said Landefeld. Anyone using Facebook, Google, Microsoft services, Skype, AOL services or Yahoo could be an open book for the NSA thanks to its Prism spying program, should the organization be interested in taking a look.

Companies Can 'Make Certain Choices'

For commercial clients, Landefeld considers it possible that they can find targeted pathways for their data. Such companies generally have tech experts and they can directly negotiate with service providers on bandwidth issues and access. "If you have enough knowhow and ability, you can make certain choices," he says.

Practically, however, it is likely to be virtually impossible that data sets can be sent somewhere through a cable to which NSA and GCHQ has no access. Most trans-Atlantic cables with significant capacity run through the British isles. In addition, most providers simultaneously use several different cables to protect themselves should one of the channels fail. Redundancy is the best protection against significant service disruption.

"Deutsche Telekom sends data via six different channels to North America," says Telekom spokesperson Blank. Multiple channels can even be involved in merely calling up a single website from a single computer. "Essentially, routers and switches make specific decisions for each connection," says Landefeld. When five images can be seen on a single site, it represents five different connections.

None of that changes the fact that the service provider has control abilities and can determine which paths certain data takes to reach its endpoint. But content and geography are not considered in making those determinations. "We manage traffic flows, but only based on what the fastest route is at that moment," says Blank. Theoretically, he says, "data packets could be marked and sent by routers via specific channels." But that is currently not the standard practice, he adds. Telekom is considering the possibility of so-called Managed Services for its video service T-Entertain, for example. At the moment, however, this method is not being used, according to Blank.

Could the state order telecommunications providers to not use connections that are currently considered to be insecure? No, says Landefeld. "The state cannot tell me as a provider which undersea cable I should use." German law, he says, does not allow such a thing.

Article...
  • For reasons of data protection and privacy, your IP address will only be stored if you are a registered user of Facebook and you are currently logged in to the service. For more detailed information, please click on the "i" symbol.
  • Post to other social networks

Comments
Discuss this issue with other readers!
4 total posts
Show all comments
    Page 1    
1. In a world ruled Behind the Scenes through MONEY and CORRUPTION privacy is a MIRAGE
titus_norberto 07/08/2013
In a world ruled behind the scenes as described in my book Behind the Scenes, the absolute lack of PRIVACY is a given, spying is the modus operandi of the rulers of this world. In fact I am a person that likes to vote with his feet, namely I’ve bitten the bullet and I’ve decided since decades ago to express myself in forums such as this one at Der Spiegel comments, since I do not and I never believed that PRIVACY is truly possible in the internet era. Perhaps being OPEN has saved my life, since if I had “secured” my thoughts in an encrypted hard drive I would have been killed long time ago…. Thus, do not believe in PRIVACY, when the weasels rule, the lack of privacy is the call of the day since the weasels base their power in ESPIONAGE… The weasels lack ART for instance (an excellent way to convey data secretly though…) because ART IDENTIFIES and their way is to SEE WHAT I WORKS FIRST, and then STEAL IT without being NOTICED ! Thus, they need to know what is going around… it is THEIR JOB… and the DIGITAL era is ideal for SPYING… Controlling the mass media apparatus they can CLAIM PRECEDENCE (Isaac Newton did with Leibniz and Calculus, for instance…), helped as well with the “laws of copyright” which grants “rights” precisely to people who DID NOT INVENTED IT because they do not have TALENT ! But fear not ! The weasels will be cooked in their own ink like calamari and will be flooded by an excess of “information” that will be their own undoing since the way-out of this dilemma is NOT digital, it is ANALOG like the world of Huygens, and in the analog world (as opposite of the atomic materialistic one) what it counts is TALENT and ART, something that the weasels proved through millennia they utterly lack, as well as common sense…, the least common of the senses….
2. GCHQ Surveillance
rcdelan 07/08/2013
I lived for some time in Cheltenham the wealthy town where GCHQ is situated. As a visitor is was disquieting to hear that many CIA operatives lived in this area and were part of the fabric of this community. I can now see that this surveillance has played an important part in preventing further terrorism in Europe and the US. It is all very disquieting all the same that all of us are being monitored all the time, isn't this what the Stasi did in DDR (Deutsches Democratic Republic)? What happened next!
3. VPN Encrypted Tunneling might be an answer
greanknight 07/09/2013
Something like VPN, where data is encrypted at each end of the communication path might be an answer to at least part of the problem. The problem is that you need VPN at or near both ends of the route. So one end at your computer or router, and the other end at a trusted service provider in your destination country. That would make taping data on the internet backbone impossible. It would not prevent accessing the data elsewhere.
4. Lack of privacy used to mean targeted advertising
greanknight 07/09/2013
Up until 2 months ago, the "lack of privacy" people talked about was targeted advertising -- the "malicious threat" that you might be served up with advertising for products and services you might be interested in, rather than simply random advertising. Now lack of privacy means anything from industrial espionage to aid foreign companies, to espionage to suppress the journalists, to the targeting of lethal drone strikes by metadata (signature strikes).
Show all comments
    Page 1    
Keep track of the news

Stay informed with our free news services:

All news from SPIEGEL International
Twitter | RSS
All news from World section
RSS

© SPIEGEL ONLINE 2013
All Rights Reserved
Reproduction only allowed with the permission of SPIEGELnet GmbH




European Partners
Presseurop

Politiken

Corriere della Sera

The Truth about Conte

Report on Cost of Politics


Facebook
Twitter