One of a series of posts on the forthcoming Investigatory
Powers Bill
Previous: Bulk Interception, Part 2
Next: Targeted Interception
Selection of intercepted material for examination. Whereas RIPA Section 8(4) controls what can be captured to form the pool of intercepted
material, Section 16(2) limits the kinds of hook that can be used to fish in
it: the selection factors. Section 16 is among the most obscure in RIPA.
Furthermore when deciphered it is not as limiting as might be thought on first
impression. That is especially true of the restrictions on searches relating to
people within the British Isles. (See discussion here at [19] to [23].)
An important aspect of the selection factors system is that
it can be and is used not just to find communications of persons against whom
there are existing grounds for suspicion, but to look for new targets. The agencies refer to this as ‘target
discovery’.
The agencies are fond of the analogy of finding a needle in
a haystack. The supposition is that a
needle is recognisably different from the surrounding hay. But to revert to the fishing metaphor, when
you wind in the line it is not necessarily obvious whether your target
discovery algorithm has caught a fish or a rusty tin. It may have found a
genuine malefactor. But even if the material looks suspicious it may in fact be
entirely innocent. An analyst cannot necessarily be certain about what s/he is
looking at.
This is true both of the content of communications and of
communications data analysis, in which the agencies try to join myriad dots to
spot a suspicious pattern, or (say) to home in on a possible identity for an
unrecognised associate of a known terrorist.
This can be seen from GCHQ’s own description of target discovery, in
which the end point of the communications analysis process is an ‘investigative
lead’:
“Signals Intelligence can be a powerful tool to answer seemingly impossible questions. The ability to use fragmentary information to build theories and perform complex searches against our metadata can narrow down thousands of options quickly. We can hone in on the most likely targets and only when we have sufficient justification that a lead is suspicious do we have the ability and resource to dig deeper and look at content to progress our investigations. …
Example case study continues
Although still at the theory stage, we now have a possible real life identity for our stranger overseas. We can report the findings so far and pass the information to MI5 as an investigative lead.”
"The examples GCHQ have provided, together with the other evidence we have taken, have satisfied the Committee that GCHQ’s bulk interception capability is used primarily to find patterns in, or characteristics of, online communications which indicate involvement in threats to national security. The people involved in these communications are sometimes already known, in which case valuable extra intelligence may be obtained (e.g. a new person in a terrorist network, a new location to be monitored, or a new selector to be targeted). In other cases, it exposes previously unknown individuals or plots that threaten our security which would not otherwise be detected." [90]
Criticisms of broad interception powers are sometimes
answered along the lines of “well in reality we don’t do that”. So for instance, although Section 8(4)
undoubtedly empowers algorithmic data mining to search from scratch for
suspicious behaviour, and the above extract from the ISC report appears to describe something of that nature, the agencies told the Anderson Review that that is
unrealistic for intelligence analysis.
"It is sometimes assumed that GCHQ employs automated data mining algorithms to detect target behaviour, as is often proposed in academic literature. That, it would say, is realistic for tasks such as financial fraud detection, but not for intelligence analysis."[14.43]
Typically they are said to start with a
seed – in the GCHQ website case study quoted above, a stranger who was given a
concerning message by a known terrorist group member. The Anderson report goes on:
“Much of [GCHQ’s] work involves analysis based on a fragment of information which forms the crucial lead, or seed, for further work. GCHQ’s tradecraft lies in the application of lead-specific analysis to bring together potentially relevant data from diverse data stores in order to prove or disprove a theory or hypothesis.” [14.43]
In a similar vein the Anderson report records that internal
communications may be read if they are selected to be examined by reference to
a factor not prohibited by Section 16(2), “although GCHQ inform me that they
may not use this route in order to deliberately seek access to internal
communications and that it is unlikely to occur in practice.” [6.57(c)]
Should broad powers be narrowed to correspond with actual practice? The Anderson report is entitled ‘A Question of Trust’. Sometimes broad powers may be thought useful as a way of maintaining the secrecy of specific techniques. However it could also be
corrosive of trust if a government body armed with broad intrusive powers were stoutly to resist any narrowing of powers to match what is said to happen in
practice.
The recommendations of the reviews in relation to selection
and examination of material collected under a bulk interception warrant
are:
ISC
|
Searching for and examining the
communications of a person known to be in the UK should always require a
specific warrant, authorised by a Secretary of State. (Recommendation Q)
The communications of UK nationals
should receive the same level of protection under the law, irrespective of
where the person is located. The interception and examination of such
communications should therefore be authorised through an individual warrant
like an 8(1), signed by a Secretary of State. (Recommendation R)
The Interception of Communications
Commissioner should be given statutory responsibility to review the various
selection criteria used in bulk interception to ensure that these follow
directly from the Certificate and valid national security requirements. (Recommendation
S)
|
Anderson
|
Content that relates to a communication
involving a person believed to be in the UK should be made available to be
read, looked at or listened to only on the basis of a specific interception
warrant issued by a Judicial Commissioner. (Recommendation 79)
The new law should in addition
provide for appropriately rigorous and rights-compliant procedures for the
purposes of authorising access to:
(a) content
that is acquired pursuant to a bulk warrant and that does not relate to a
communication involving a person believed to be in the UK; and
(b) (if Recommendation 42(b) is
adopted), communications data that are obtained pursuant to a bulk warrant.
(Recommendation 80)
|
RUSI
|
No
specific recommendation
|
[Updated 13 August 2015 with additional extract from ISC report.]
No comments:
Post a Comment
Note: only a member of this blog may post a comment.