NSA funds UK’s spying operations

By Robert Stevens

10 August 2013

Material provided to the Guardian by US whistleblower Edward Snowden and released last week includes the fact that the US National Security Agency (NSA) paid the UK’s Government Communications Headquarters (GCHQ) at least £100 million over the past three years.

In 2009 the NSA gave GCHQ £22.9 million, increasing that figure to £39.9 million the following year—including £4 million for GCHQ’s work for NATO forces in Afghanistan.

A further £17.2 million went to GCHQ’s “Mastering the Internet” project, which is critical to enabling the collection of internet data globally. Set up in 2007, by the time of GCHQ’s 2010/11 mid-year review the project was facilitating the collection and recording of 39 billion separate pieces of information during a single day.

Another £15.5 million was paid by the NSA towards spying at GCHQ’s sister site in Bude, north Cornwall. Bude intercepts communications from the transatlantic cables that carry internet traffic.

In 2011/12 the NSA paid another £34.7 million to GCHQ.

Without the NSA’s money, Britain’s spying network would not be able to operate on the vast scale it does. The Guardian cited a top secret GCHQ document which stated, “Securing external NSA funding for Bude has protected (GCHQ’s core) budget.”

In 2011/12 GCHQ wrote, “The portfolio will spend money supplied by the NSA and UK government departments against agreed requirements.”

Also revealed is the fact that the NSA pays half the costs of one of the UK’s main eavesdropping capabilities in Cyprus.

The millions handed over to GCHQ by the NSA put the recent cuts at the organisation into context. In 2010, GCHQ’s budget was cut by £60 million as part of the government’s spending cuts. The money provided by the NSA more than makes up for that cut.

The documents reveal that the NSA was very concerned that GCHQ needed to increase its capability in order to fulfil its obligations. A 2010 GCHQ document stated that the US government had “raised a number of issues with regards to meeting NSA’s minimum expectations” and that GCHQ “still remains short of the full NSA task.”

This year the UK government ensured—no doubt with US insistence—that GCHQ’s budget was substantially increased. Chancellor George Osborne announced a 3.4 percent funding increase to the intelligence services’ £1.9 billion budget. This equates to an additional £100 million in funding annually from 2015, with the vast majority going to GCHQ.

In 2011 GCHQ stated it had given the NSA 36 percent of all the raw information it had intercepted from computers it monitored. “We can now interchange 100% of GCHQ End Point Projects with NSA,” it boasted.

The previous week the German daily Süddeutsche Zeitung, based on its viewing of a GCHQ PowerPoint presentation from 2009, revealed that major global telecoms firms, including BT and Vodafone, secretly pass GCHQ data from their customers. This data includes phone calls, email messages and Facebook entries. Other providers named were Verizon Business, Global Crossing, Level 3, Viatel and Interoute.

The Guardian reported it had seen documents suggesting some “telecoms companies allowed GCHQ to access cables which they did not themselves own or operate, but only operated a landing station for.”

The main concern of the GCHQ/NSA spy network is that ever increasing internet usage and growing bandwidth access to the world’s population had resulted in there being more data than could be physically harvested. A PowerPoint explanation cited by the Guardian dated August 12 explained how GCHQ’s “mission role had changed.” The GCHQ officer responsible “reported that new techniques had given it access to vast amounts of new data or ‘light’ – emails, phone calls and Skype conversations garnered from internet cables.”

“Over the last five years, GCHQ’s access to ‘light’ [has] increased by 7,000%,” he explained. “The amount of the material being analysed and processed had increased by 3,000%, he said – another startling admission,” reported the Guardian .

The PowerPoint presentation warned, “GCHQ is breaking new ground and in doing so, testing our systems and processes to the full. Our challenge today is to achieve success against tomorrow’s demands starting from yesterday’s capability.”

The central aim of GCHQ is to ensure it is able to monitor all data related to the use of mobile phones, including all data associated with applications that run on them. Its stated mission is to “exploit any phone, anywhere, anytime.”

GCHQ calculates that by 2015, 90 percent of all internet traffic will come from mobile phones, with 100 million smart phones already being used across the world.

A GCHQ 2011/12 internal review documents report that that the plan to control and monitor every single mobile phone is bound up with its efforts to overcome encryption technologies that are increasingly available. It states, “The two major technology risks that GCHQ has to face next year are the spread of ubiquitous encryption on the internet and the explosion in the use of smartphones as mobile internet devices. Over time both of these technologies could have significant effect on our current trade craft.”

On the basis that “[o]ur exploitation of mobiles is fragmented, uncoordinated,” the review announced that GCHQ had launched a new “mobile” project designed to “exploit mobile devices.”

This was not only based on “collecting voice and SMS and geo-locating phone… but getting intelligence from all the extra functionality that iPhones and BlackBerrys offer. Mobile is all about staying one step ahead of how our targets are sharing info on the go.”

The mobile phone spying operation is now part of the GCHQ “Mastering the Internet” programme.

Other documents referred to GCHQ’s capability of “attacking” hundreds of mobile apps. A “mobile capability map” was launched last June, the Guardian states, capable of “looking at the search patterns, emails and conversations on many commonly used phone services.”

Without giving further details the Guardian reports, “GCHQ staff working on one sensitive programme expressed concern about ‘the morality and ethics of their operational work, particularly given the level of deception involved.’”

The NSA has long relied on the fact that GCHQ is able to operate virtually without legal restraint. Under the Regulatory Investigatory Powers Act 2000, surveillance can go ahead provided merely that a minister signs off on it. A GCHQ strategy document from July 2010 revealed “a desired end state” it would be able to offer the NSA within three years.

GCHQ stated, “In 2013, we will have access to and make readily available, data of the highest possible value to facilitate cyber operations. We will have exploited to the full our unique selling points of geography, partnerships, the UK’s legal regime and our skilled workforce.”