

GCHQ taps fibre-optic cables for secret access to world's communications - __hudson__
http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa?CMP=twt_gu

======
tjaerv
"This was done under secret agreements with commercial companies, described in
one document as 'intercept partners'. […] some companies have been paid for
the cost of their co-operation and GCHQ went to great lengths to keep their
names secret. They were assigned 'sensitive relationship teams' and staff were
urged in one internal guidance paper to disguise the origin of 'special
source' material in their reports for fear that the role of the companies as
intercept partners would cause 'high-level political fallout'."

~~~
mtgx
It's nice to see that giving all their users data to the spy agencies is a
_business model_ for these companies.

~~~
sambe
"Paid for the cost" \- to me - means no profit.

------
DanBC
Since this is part of GCHQ's mission, and publicly declared on their
recruitment website, it shouldn't be that surprising.

([http://www.gchq-careers.co.uk/about-gchq/about-gchq/](http://www.gchq-
careers.co.uk/about-gchq/about-gchq/))

> As one of the UK's intelligence and security agencies, we gather and analyse
> digital and electronic signals from many channels, from all corners of the
> world. Converting this information into intelligence material, we play a
> significant role in informing national security, military operations, police
> activity and foreign policy.

------
tptacek
This being more or less the entire stated mission of GCHQ, I wonder who's
actually surprised by this revelation.

~~~
doe88
Yes but one month ago they still had plausible deniability, not anymore. In
short the term it may change nothing but in the long run it will have an
impact, no doubt.

~~~
tptacek
I'm confused as to how anyone could have believed that one of the 5 largest
signals intelligence agencies in the world could _not_ have been tapping
Internet backbone cables.

Can we just resolve this right here? The Internet backbone is tapped. To
whatever extent NSA isn't looking at our traffic (or is pretending not to, or
pantomiming not doing it), some other foreign SIGINT agency is.

To believe otherwise is to believe that state-sponsored intelligence agencies
somehow believe the Internet is off limits to surveillance because I don't
know freedom and progress or something. Of course they don't believe that.

~~~
xtrumanx
> I'm confused as to how anyone could have believed that one of the 5 largest
> signals intelligence agencies in the world could not have been tapping
> Internet backbone cables.

I feel bad for conspiracy theorists. Had they made the same statement a month
ago, they would have been called tin-foil hat wearing nuts and now people say
things like the above so casually and pretend like it was obvious all along.

I wouldn't be surprised if tomorrow it is revealed that the NSA has
collaborated with Verisign and other certificate authorities so as to decrypt
SSL certificates a whole bunch of people would come out of the woodworks to
claim "of course the NSA can decrypt your SSL connection".

> To believe otherwise is to believe that intelligence agencies believe the
> Internet is off limits ... Of course they don't believe that.

Of course they don't. People probably doubted they had the capability to sort
through and and find useful information inside an internet backbone. It's a
tremendous effort collecting and querying that much data.

~~~
Phlarp
So much this. People on this forum have consistently presented very compelling
arguments that they don't have SSL keys and couldn't retroactively decrypt
collected traffic even if they did. Unsettling then that people I generally
considered trustworthy in the crypto community (say, Matt Blaze) previously
were adamant to claim that large scale duplication and retention of backbone
traffic was not only highly unlikely to be attempted, but technically
unfeasible.

Because of this I'm almost ashamed of how much credit I've been doling out to
other allegedly shady accusations that get made and dismissed as passing
conspiracy theories.

~~~
coldtea
Just because someone is an expert in the field, doesn't mean what he says is
to be trusted. Some are just supporting the status quo and the "government
wisdom". Some might even be paid to say what they say or be linked by
contracts to such stuff.

------
weinzierl
The TL;DR is, quote:

"The GCHQ mass tapping operation has been built up over five years by
attaching intercept probes to transatlantic fibre-optic cables where they land
on British shores carrying data to western Europe from telephone exchanges and
internet servers in north America."

~~~
BgSpnnrs
A couple more eyebrow-raising tidbits:

"One key innovation has been GCHQ's ability to tap into and store huge volumes
of data drawn from fibre-optic cables for up to 30 days so that it can be
sifted and analysed. That operation, codenamed Tempora, has been running for
some 18 months."

"UK officials could also claim GCHQ "produces larger amounts of metadata than
NSA"."

------
abdulhaq
"The Guardian understands that a total of 850,000 NSA employees and US private
contractors with top secret clearance had access to GCHQ databases."

850,000 employees/contractors?? - That can't be correct can it?

~~~
Phlarp
Roughly 1.5 million people have top secret clearance[1], I would personally be
alarmed if over half of them had access to data like this, although I can't
say it would surprise me at this point.

[1] [http://news.clearancejobs.com/2011/09/26/how-many-people-
hav...](http://news.clearancejobs.com/2011/09/26/how-many-people-have-
security-clearances/)

~~~
aspensmonster
I'm personally alarmed that so many people (presumably) have had access to
this material and yet these leaks are only _now_ coming out.

~~~
kryten
Most government employees with top secret clearance (DV in the UK) like I was
are scared of the consequences of breaking the rules.

When someone puts their life on the line and opens their mouth, there is
enough attention on the matter for other people to come forward safely.

If the attention is not there, people disappear (without trial in some cases)
and end up rotting in jail somewhere.

~~~
Phlarp
Comments like this are really telling of how far down that slippery slope we
already are. Troubling.

~~~
kryten
It's always been like it. It is just publicised now thanks to free
communication over the Internet.

------
majke
"... This includes recordings of phone calls, the content of email messages,
entries on Facebook and the history of any internet user's access to websites
..."

Isn't Facebook using SSL these days?

~~~
peter487
Not by default on every account. I have recently changed settings on couple of
my friends account to force SSL.

~~~
juraj24
What is the current understanding regarding the crackability of SSL?

~~~
peter487
It has been discussed over and over on hackernews recently so just tldr
version. Let’s consider two scenarios. 1) NSA forces CA to issues a
certificate for google.com and decide to man-in-the-middle you. In that case
there is a mechanism call certificate pinning. To put it simply certificates
of Google, Facebook, Twitter etc. are hard coded into Firefox and Google
Chrome. (Microsoft provides this ability in IE using latest EMET 4.0). So if
someone tries to send you cert for google, which doesn’t match the one
hardcoded your browser would get crazy and issue a big red warning :) 2) NSA
records your encrypted communication with Google and later obtains Google
private key (either by factoring Google public key or using some secret court
order or whatever). In this case they CAN’T decrypt your communication with
Google because Google uses version of Diffi- Hellman protocol with so called
ephemeral keys. More here
[http://googleonlinesecurity.blogspot.com/2011/11/protecting-...](http://googleonlinesecurity.blogspot.com/2011/11/protecting-
data-for-long-term-with.html). Ephermal DH is not implement by many sites
(hackernews does it, facebook doesn’t)

SSL can be broken in myriad of different ways but at least in these two
scenarios you are to certain degree safe

------
o0-0o
From the article, "(Metadata describes basic information on who has been
contacting whom, without detailing the content.)".

Could someone let the journalists know what metadata really is? I mean, come
on. Metadata is a concise, highly valued description of the data, also
including identifying information. In other words, keywords!

For this comment, the keywords (metadata) might be:

Journalists Metadata Meta Data Article

~~~
inthewind
I think your definition of meta-data is too narrow. It's not just keywords.

Excuse me if I state the obvious, but with something like a web page access,
the meta data will be in part: your internet address, what time you accessed
it, the referring url etc. A phone call's meta data could include the length
of the call, which phone the call was made on, which mast was used etc.

Meta data is additional data about the data isn't it?

One assumes that you could then make telling deductions from that meta data.
Like a persons movements (acquired from phone, financial and internet
records). You can also draw a lot about their character: their interests,
their political views, their cicles etc.

The meta data is very revealing in itself.

------
teawithcarl
This is what I thought all along.

A) Access is MUCH broader than just tapping Google, FB, MSFT, etc. Access is
at the far broader level of telecommunication cables. Encryption can be broken
later, with specialty FPGA chips.

B) More importantly, with the US taking "everything foreign" and with GCHQ
(also) taking "everything foreign" ... the Venn set of these two closely
associated govt spying operations means they get "everything, period",
including US domestic communications.

If true, the original Snowden revelations are (small) child's play to what may
actually be being surveilled, which may indeed be everything.

~~~
o0-0o
Important to extend your Venn diagram to the "Five Eyes". Canada, US, UK,
Australia, and New Zealand. A much wider intersection is possible in that
context.

------
johansch
[http://www.submarinecablemap.com/](http://www.submarinecablemap.com/)

------
UVB-76
This is disgraceful.

------
sshagent
21 pb a day - someone has an expensive storage bill

~~~
inthewind
Better store it all on site or they'll end up with a feedback loop; if they
pump it back down the commoner's pipes. ;)

------
embolism
No big deal. It's Silicon Valley who's to blame.

