Slurping and storing your bank card records ... because nobody's innocent
NTAC's officially authorised interception targets now also include international banks and airlines, in order to copy, decrypt and store personal credit card and banking transactions and flight bookings.
Some airlines such as BA have agreed to co-operate and voluntarily hand over their passengers' details to NTAC's data stores; those who do not agree, or have not been asked, have their data networks tapped under special warrants by NTAC in an operation codenamed CATSUP. Since 2006, NTAC has been managed by GCHQ and integrated into all agencies' operations.
Intercepted personal financial and banking information has been identified inside NTAC and GCHQ as FININT, and is subject to special handling arrangements, as is Travel Tracking Authorisations (TTA) which are based on similar sources.
In about 2008, Vodafone Cable, under its previous identity of Cable and Wireless, provided fibre optic cables to link intercepted internet communications and send communications data direct to NTAC.
According to engineers who have worked at major telecommunication companies' headquarters, including Orange in Bristol and Vodafone in Newbury, the companies were compelled by secret orders to connect optical fibre links direct to NTAC in London.
The links carry tapped internet and phone connections to NTAC, which acts as a distribution centre to other intelligence agencies and police forces. BT data centres are also directly linked to NTAC for the supply of subscriber information, telephone call records, and domestic internet interception.
Orders to install the secret connections to NTAC were issued using powers under the Regulation of Investigatory Powers Act (RIPA). In its 2014 Disclosure Report, Vodafone pointed out that "Section 19 of the Regulation of Investigatory Powers Act 2000 prohibits disclosing ... the existence of any requirement to provide assistance in relation to a warrant."
"This duty of secrecy extends to all matters relating to warranted lawful interception", the Vodafone report adds. 2,795 warrants were issued during 2014, roughly double the numbers issued annually before NTAC was created. Each warrant can cover multiple lines or e-mail addresses.
The fact of lawful telephone interception has been public since the Interception of Communications Act (IOCA) was passed in 1985. But another law passed the year before has secretly been used to build a massive database at NTAC of every telephone call everyone in Britain has made over the past 15 years.
The existence of the telephone call record database at NTAC was completely secret until March this year, when the government started to allow hints in a series of official reports that it had been using a special power under the Telecommunications Act of 1984 to require all UK telephone companies to hand over "bulk records" of everyone's telephone calls.
During the passage of RIPA, and in many debates since 2000, Parliament was asked to consider and require data retention by telephone companies, claiming that the information was vital to fighting crime and terrorism.
But Prime Minister Tony Blair and successive Home Secretaries David Blunkett and Jack Straw never revealed to Parliament that at the same time, the government was constantly siphoning up and storing all telephone call records at NTAC.
As a result, MPs and peers spent months arguing about a pretence, and in ignorance of the cost and human rights implications of what successive governments were doing in secret.
When former shadow home secretary David Davis MP asked Home Secretary Theresa May in March 2014 "whether she has given directions under Section 94 of the Telecommunications Act 1984 to the providers of telecommunications services for the acquisition of data in bulk relating to (a) thousands and (b) millions of people", he was fobbed off with the ritual excuse "as with the practice of previous Governments, we do not comment on security matters."
At the same time, telephone companies like BT also refused to confess as to whether they were handing over all customers' call records in bulk.
Finally, on November 4th, the Home Office took the lid off what had been going on secretly since 2000. Asking Parliament to allow mass surveillance of telephone records to continue, Home Secretary Theresa May admitted that "under Section 94 of the Telecommunications Act 1984 ... successive governments have approved the security and intelligence agencies’ access" to [bulk] communications data from communication service providers", claiming that it helped MI5 "thwart a number of attacks here in the UK"
The next day, former Deputy Prime Minister Nick Clegg revealed that he had been part of the deception: "When I entered government in 2010 ... a senior official took me aside and told me that the previous government had granted MI5 direct access to records of millions of phone calls made in the UK – a capability only a tiny handful of senior cabinet ministers knew about – I was astonished that such a powerful capability had not been declared either to the public or to parliament and insisted that its necessity should be reviewed."
It wasn't reviewed. Clegg blocked the failed 2012 Communications Data Bill, which the government has now reintroduced in a more ferocious and far-reaching form.
David Davis MP told The Register this week that "much of the debate for the last 15 years appears to have been a charade about data that the government very likely already held. It is also clear that the legislation that the government relied upon was being interpreted in ways that Parliament never imagined."
He intends to raise the significance of the long term concealment of the national call record centre in evidence to Parliament's review committee on the new Investigatory Powers Bill, which also seeks to legalise the massive collections of "Personal Bulk Datasets affecting millions of Britons" that the Home Office now admit has been taking place for a decade.
There are now dozens of intelligence "Bulk Personal Datasets" on millions of people, "the majority of whom are unlikely to be of intelligence interest", as the government has admitted in documents accompanying the draft Investigatory Powers Bill.
Intelligence agency staff have stated: "These datasets vary in size from hundreds to millions of records. Where possible, Bulk Personal Datasets may be linked together so that analysts can quickly find all the information linked to a selector", such as a telephone number or search query. The information retrieved "may include, but is not limited to, personal information such as an individual’s religion, racial or ethnic origin, political views, ... medical condition, sexual orientation, or any legally privileged, journalistic or otherwise confidential information."
NTAC has access to NHS information, according to official documents.
Sponsored: Ransomware has gone nuclear