David Rosenthal ~ “The most important targets for a spy agency are their own legislators, who control the budget and the rules. Once targeted, they control neither.”.
Investigation Shows GCHQ Using US Companies, NSA To Route Around Domestic Surveillance Restrictions from the introducing-MS-Loophole-365! dept
By Tim Cushing Jun 3 2016
Late last year, UK Parliament members held an “emergency debate” over the GCHQ’s surveillance programs after learning that [gasp] their data and communications could be legally hoovered up as if they were mere commoners. Of course, were there any actual oversight of GCHQ’s activities, this shock would have been blunted by years of foreknowledge. But the GCHQ, like other intelligence agencies, preferred to keep its overseers in the dark about its access to the NSA’s PRISM firehose.
The mortified Parliament members claimed the GCHQ’s decision to include them in its data haul violated a long-held “gentlemen’s agreement” between the two entities — one that had no legitimate legal basis. Supposedly, this “agreement” forbade GCHQ from targeting Parliament members for surveillance. (Any incidental collection was considered unavoidable.) A panel review found GCHQ’s targeting of Parliament members to be completely legal, if a bit on the rude side.
Duncan Campbell and Bill Goodwin of Computer Weekly have performed their own examination of MP’s communications, finding that both GCHQ and the NSA have access to intercepted emails sent to and from Parliament members, including communications with their constituents.
GCHQ wouldn’t normally have access to these emails as it is not supposed to be collecting information about purely domestic communications. But thanks to the software Parliament uses and the location of data centers used to route the emails, it can comply with its surveillance restrictions while still collecting email data/communications sent from UK email addresses to other UK email addresses.
Part of the process involves Microsoft’s willing assistance in past domestic spying efforts, which preceded both Snowden’s document dumps and its current, more combative stance.
The controversial decision by Parliament to replace its internal email and desktop office software with Microsoft’s Office 365 service in 2014, means that parliamentary data and documents constantly pass in and out of the UK to Microsoft’s datacentres in Dublin and the Netherlands, across the backbone of the internet.
Computer Weekly performed forensic analysis of emails it had received from MPs, using header info to trace its path across the internet. It found that nearly two-thirds of “domestic” emails actually left the country on their way to local email addresses, allowing GCHQ — through its “Tempora” program — to intercept data and communications using its NSA-provided PRISM hookup.
Microsoft’s above-and-beyond assistance makes its widely-used Office products a valuable contributor to the agencies’ data haul.
The NSA’s Prism system offers access to all parliamentary documents and email through Microsoft Office 365 software, as a result of secret directives given to Microsoft under controversial US 2008 surveillance laws. The directives were implemented at the same time as Microsoft was selling its cloud system, Office 365, to the Houses of Parliament.
Post-Snowden, Microsoft is far more reluctant to continue acting as Little Brother. As Computer Weekly points out, leaked documents have led to the company’s hasty erection of two UK data centers in order to protect its UK users from GCHQ’s exploitation of normal communication routing techniques to bypass restrictions on domestic surveillance.