FACING DATA DELUGE, SECRET U.K. SPYING REPORT WARNED OF INTELLIGENCE FAILURE
MI5 “can currently collect (whether itself or through partners …) significantly more than it is able to exploit fully,” the report warned. “This creates a real risk of ‘intelligence failure’ i.e. from the Service being unable to access potentially life-saving intelligence from data that it has already collected.”
A draft copy of the report, obtained by The Intercept from National Security Agency whistleblower Edward Snowden, is marked with the classification “U.K. Secret” and dated February 12, 2010. It was prepared by British spy agency officials to brief the government’s Cabinet Office and Treasury Department about the U.K.’s surveillance capabilities.
The leaked report outlines efforts by British agencies to conduct both “large-scale” and “small-scale” eavesdropping of domestic communications within the U.K. It focuses primarily on an MI5 program called DIGINT, or digital intelligence, which was aimed at transforming the agency’s ability to covertly monitor internet communications.
DIGINT was established for counterterrorism purposes, and “more generally for wider national security purposes,” the report said. The program was described as being focused on “the activities of key investigative targets, and on those exploitation activities that will drive greatest investigative benefits with respect to U.K. domestic threats.”
A top-secret 2009 study found that, in one six-month period, the PRESTON program had intercepted more than 5 million communications. Remarkably, 97 percent of the calls, messages, and data it had collected were found to have been “not viewed” by the authorities.
As part of a program named MILKWHITE, GCHQ made some of its huge troves of metadata about people’s online activities accessible to MI5, London’s Metropolitan Police, the tax agency Her Majesty’s Revenue and Customs, the Serious Organized Crime Agency (now merged into the National Crime Agency), the Police Service of Northern Ireland, and an obscure Scotland-based surveillance unit called the Scottish Recording Centre.
Metadata reveals information about communications — such as the sender and recipient of an email, or the phone numbers someone called and at what time — but not the written content of the message or the audio of the call. GCHQ’s definition of metadata is broad and also encompasses location data that can be used to track people’s movements, login passwords, and website browsing histories, as The Intercept has previously revealed.