Kris Hollington
June 2014
A detail from graffiti art is seen on a wall near the headquarters of Britain’s eavesdropping agency, Government Communications Headquarters, known as GCHQ, in Cheltenham, western England April 16, 2014. British media have attributed the new work to acclaimed British street artist Banksy, Eddie Keogh/Reuters
After an hour of friendly grilling by two press officers, access to the Doughnut — the largest secret ops building outside of the U.S. and home to 4,000 employees — is granted.
Cell phones are confiscated and swipe cards and pin numbers are issued to access two barriers.
Immediately ahead is the wall-mounted emblem of Government Communications Headquarters (GCHQ), which is based in Cheltenham, Gloucestershire in England. After ascending a poorly lit, narrow spiral staircase, one arrives at what is called “The Street” on the second floor. The Street, busy with agents, is a broad path, a third of a mile long, edged with palm trees and comfy chairs and sofas that circle the building’s interior.
First stop is the Museum of Cryptography, home to the famous Enigma machine, a reminder of how an earlier version of GCHQ cracked the Nazi codes in World War Two. It’s also a reminder of how drastically GCHQ’s remit has widened and how technology has developed. Hidden in the bunkered floors directly below are the much-maligned supercomputers that can collect and store 21 petabytes of data a day (192 times the contents of the British library).
Edward Snowden is an inevitable topic. The former National Security Agency (NSA) contractor and whistleblower has frustrated and angered a great many people in the Doughnut. Former director Sir David Omand, currently professor of national security and counter-terrorism at Kings College London, is frustrated by the media’s post-Snowden misinterpretation of how GCHQ operates.
"The distinction between mass surveillance and bulk access to data is confused in the media,” he says. “Mass surveillance would mean persistent observation of the population. Observation needs observers. There is no such mass surveillance team at GCHQ. Computers, not people, have access to bulk data, zillions of gigabytes, in order to find the very small amount of information relevant to the legally authorized intercept on the terrorist, criminal or other legitimate target.”
At the moment, a GCHQ analyst can only see the IP address of the suspect machine or email address of the user, when and from where the communication originated, and the server identity being accessed. The analyst can find out that the suspect searched Google but not the questions asked; that the suspect accessed Amazon but not what was purchased; the email address to which an email was sent but not the message’s title, nor the message itself.
If the analyst wants to look at content, he or she needs a warrant signed by the Home or Foreign Secretary.
The Doughnut was Omand’s brainchild. He had the idea of bringing the previously disparate agency under one roof. Opened in 2003, is cost just shy of £1 billion ($1.67 billion), almost half of which was taken up by the installation of technical equipment.
It’s an impressive building. Almost everyone hot-desks, going wherever the latest mission demands, wheeling their personal possessions in knee-high filing cabinets, and all gadgets are plug-and-play. And it’s a tough place to get a job.
Employee vetting is a bespoke process that takes nine months and involves testing for past drug use. The chefs, baristas and cleaners are vetted to the same level as agents, and even the vetted staff are subject to random searches by polite security guards.
A significant number of GCHQ staff score highly on the autistic spectrum. Managers accommodate unusual requirements, which in one case involved rearranging furniture into a specifically requested geometric pattern. Out of the few hundred staff observed on The Street, two are non-white, half-a-dozen are female, and only a handful over forty. The rest are male, in their early twenties, nervous looking (old GCHQ in-joke: an extrovert is someone who looks at your shoes when you’re talking to them) and about 5 percent wear T-shirts (many featuring Marvel and DC superheroes).
Put them next to a hacker and you wouldn’t be able to tell them apart. One such hacker was English teenager Jake Davis (AKA Topiary), a key player in hacktivist groups Anonymous and LulzSec. Betrayed by American hacker-turned-FBI-informant Hector Monsegur (AKA Sabu), Davis wore an electronic tag for two years (so authorities could monitor his activies) and ended up spending just over a month in prison in 2013.
Monsegur, spared from a long jail sentence for his extraordinary cooperation, was freed on May 28th after a year’s supervision.
We know, thanks to documents released by Snowden, that Davis was targeted by GCHQ’s once secret Human Science Operations Cell (HSOC), which fights fire with fire, disguising agents as hackers, infiltrating online groups, using distributed denial-of-service (DDoS) attacks, honey traps and viruses to take down their targets.
And here lies the moral dilemma. To catch the bad guy, how far can you go? Could innocents be caught up in a GCHQ HSOC operation? And what happens when GCHQ gets it wrong? According to reports by the Interception of Communications Commissioner, the body that inspects GCHQ’s work, GCHQ makes few mistakes when accessing personal data – eight total in 2011-12, which less than a 0.2 percent error rate.
The just-published 2012-13 report doesn’t reveal the number of errors. GCHQ believes that there’s robust oversight, which includes judicial inspections by the commissioner, alongside a culture of compliance, a strong moral compass and loyalty to the mission. But no one but GCHQ has the power to stop HSOC launching a wide-ranging virus-led mission.
On May 9th the U.K Parliament Home Affairs Select Committee published a critical report of the current system of oversight. Chairman Keith Vaz said: “It is designed to scrutinize the work of [fictional Cold War-era spy] George Smiley, not the 21st-century reality of the security and intelligence services.”
And changes, announced at the end of April, are already afoot. Current director Sir Iain Lobban, a GCHQ man since 1983, is to be replaced in the autumn by Robert Hannigan, director general of defence and intelligence at the Foreign Office since 2010.
Near the exit of the Doughnut is Employee Assistance, which provides counseling, including a specialist in ethical issues. There’s also a well being center and a recreation room with foosball, TV, papers, dominoes and playing cards. There’s a notice board advertising a gay employees group and a nearby Internet Café that allows access to Facebook and Twitter.
All normal enough—in an extraordinary office building in Cheltenham.
No comments:
Post a Comment