LONDON – The U.K.’s electronic spy agency is legally allowed to track the online activities of millions of Britons who use U.S.-based platforms such as Facebook, Twitter and Google, Britain’s top counterterrorism official has said.
In a witness statement made public Tuesday, Office for Security and Counterterrorism chief Charles Farr said data sent on those services is classed as “external” rather than “internal” communications because the companies’ servers are based outside Britain.
Amnesty International said that amounted to “industrial-scale intrusion,” but Farr said this did not amount to mass surveillance because the vast majority of messages intercepted in this way are not read.
The distinction between external and internal interactions is significant because Britain’s electronic intelligence agency, GCHQ, has broad powers to intercept communications outside the country, but needs a warrant and suspicion of wrongdoing to monitor domestic Internet traffic.
A broad definition of what constitutes “external” communications expands the amount of data GCHQ can scoop up to include the daily activities of millions of British Internet users.
In the first public explanation of the rules used by Britain’s cyber-spies, Farr said that emails sent between two people in Britain would usually be classed as internal even if they travelled by route outside the country. But Facebook and Twitter posts or searches on Google or YouTube that went to data centres outside the British Isles would fall under the external category.
Farr said data scooped up in this way “cannot be read, looked at or listened to” except in strictly limited circumstances. Rules exist to limit the way harvested data can be searched and how long it can be retained, but the full details of the regulations have never been made public.
“It is important to note the significant distinction between the act of interception itself, and a person actually reading, looking at or listening to intercepted material,” Farr wrote.
Britain’s Home Office confirmed the document was genuine. It was written in response to a legal action by civil liberties groups including Amnesty, Liberty, Privacy International and the American Civil Liberties Union, who are seeking to curb cyber-spying, and was published by the groups.
James Welch, legal director of Liberty, said Farr’s document revealed that Britain’s intelligence agencies “are operating in a legal and ethical vacuum.”
“If there was any remaining doubt that our snooping laws need a radical overhaul there can be no longer,” he said.
Simon McKay, a criminal lawyer and author of a leading textbook on covert policing, said Farr’s statement provided a “lifting of the veil of secrecy” on spying.
“The statement admits GCHQ are routinely intercepting communications from what are commonly known as social networking sites,” McKay said. “The suggestion that they do not monitor them is a little harder to swallow.”
Britain’s Home Office, which is responsible for security and counterterrorism, said it could not comment on an ongoing legal challenge.
The rights groups launched their legal action after leaks about cyber-snooping from former U.S. National Security Agency contractor Edward Snowden. He revealed details of a program called PRISM, which gives the NSA access to Internet companies’ customer data, and a British operation, TEMPORA, that allows GCHQ to harvest data from undersea cables.
Farr would not confirm or deny the existence of TEMPORA or say whether GCHQ had received information from PRISM.
Associated Press Writer Raphael Satter contributed to this report.