Legal proceedings brought by campaign groups including Privacy International has finally unveiled details of how two states, the UK and South Africa, have been conducting their mass online surveillance programmes.
The revelations confirm details leaked by Edward Snowden back in 2013 which suggested that governments were routinely tapping into undersea fibre optic cables to intercept all internet data which passes through their jurisdictions.
UK snooping on underseas cables
The Snowden files revealed a programme which was referred to as the ‘Tempora’ programme. It involved Government Communications Headquarters (GCHQ) attaching secret probes to all undersea internet cables which passed through UK territory. At the time, the UK government denied the programme’s existence.
Despite the denial, Privacy International and others challenged the legality of the programme shortly after it was revealed. This case, which claims that the programme is in breach of both the right to privacy and right to freedom of expression under the European Convention on Human Rights.
Ahead of the latest hearing in this case, the government has now finally confirmed the existence of ‘Tempora’. In submissions to the court, they have even gone into some detail about how it worked.
How ‘Tempora’ worked
While the GCHQ probes will hoover up all the data passing through the cables, this data is then filtered and selected for examination.
This examination system allows GCHQ to search for specific things and they make a distinction between simple and complex queries. Simple queries search all data for a ‘strong selector’ such as an email address of a telephone number.
Complex queries use combinations of weaker selectors and these are therefore used on more selected groups of data to try and filter out false positives. There is no explanation about how data is broken down and used to run these complex queries.
GCHQ does state that analysts of this data receive some training but they do not provide any details about what training or how comprehensive it is. They do however provide a little detail on how long this data is retained.
They claim that data subjected to the ‘strong selector’ process is discarded immediately unless it matches the query. Data used for ‘complex selector’ process is “retained for a few days” unless there is a match. There is no information about how the data is discarded and how permanent this process is.
What Tempora means
It is worth taking a deep breath here and thinking for a moment about what this bombshell confession means.
The UK Government is collecting all internet data that passes through cables in its jurisdiction. This means not just every piece of internet data generated in or sent to the UK, but also data from countless other countries that happens to pass down these cables.
They collect all this data and then have analysts search through it for an unknown number of unspecified searches.
This is done with absolutely no regard to user privacy, the right to freedom of speech and freedom of expression or corporate data sensitivity. The idea of striking a balance between privacy and security simply doesn’t apply here. Privacy is an irrelevance in the eyes of GCHQ.
One thing that this new information about ‘Tempora’ does tell us is the importance of encrypting all of your internet data. We now know that if you don’t, GCHQ definitely will be looking at it.
The best way to encrypt your online data is with a VPN. By connecting to a VPN such as ExpressVPN or NordVPN every time you use the internet you are ensuring that everything you do online is encoded and secure. GCHQ might collect this data but they have lesser chance of linking it to you.
The UK is not alone in tapping undersea cables
While it is shocking to learn how the UK government is brazenly intercepting and analysing internet data with no consideration to the privacy of internet users, they are far from the only government guilty of doing so.
The same court case has revealed that the South African government is also tapping undersea cables to intercept internet data as well as undertaking bulk data collection of all internet traffic in the country. This is something they have admitted doing since 2008.
The South African affidavit confirms that the government has been breaking the law for more than a decade. But one of the ways they have sought to justify it is by stating that it is a common international practice.
It will be interesting to see if there are any legal consequences for the South African government over their unconstitutional and illegal actions.
But the fact that South Africa has engaged in the practice is a clear indicator that tapping undersea cables is now common practice. It is inconceivable that the USA, other European states, and even the likes of Russia and Communist China are not doing the same thing.
It is a frightening prospect and a clear indicator of why online encryption and VPNs are more important than ever.