The UK’s General Communications Headquarters (GCHQ) has a system called TEMPORA. TEMPORA is the signals intelligence community’s first “full-take” Internet buffer that doesn’t care about content type and pays only marginal attention to the Human Rights Act. It snarfs everything, in a rolling buffer to allow retroactive investigation without missing a single bit. Right now the buffer can hold three days of traffic, but that’s being improved. Three days may not sound like much, but remember that that’s not metadata. “Full-take” means it doesn’t miss anything, and ingests the entirety of each circuit’s capacity. If you send a single ICMP packet 5 and it routes through the UK, we get it. If you download something and the CDN (Content Delivery Network) happens to serve from the UK, we get it. If your sick daughter’s medical records get processed at a London call center … well, you get the idea. … As a general rule, so long as you have any choice at all, you should never route through or peer with the UK under any circumstances. Their fibers are radioactive, and even the Queen’s selfies to the pool boy get logged.
Blimey.
> If you send a single ICMP packet 5 and it routes through the UK, we get it.
How is this possible at a technical level? You can only log a packet if it passes through your hardware. Therefore to implement such a logging system you’d need government hardware all over the place – in every single UK ISP. Would privacy conscious ISP like Andrews & Arnold* have installed such hardware without kicking up a fuss? It would have leaked out already if they had.
Now maybe there is such hardware installed at the major ISPs, but if so he should have qualified his statement.
*See http://www.aa.net.uk/kb-other-data-retention.html
The original source of this quote seems to be http://www.spiegel.de/international/world/interview-with-whistleblower-edward-snowden-on-global-spying-a-910006.html
I believe the assertion is that they’ve tapped all the fibers leading in and out of the UK (of which I believe there are only a relatively small number). No equipment at ISPs required.
Ironically, this may mean that UK -> UK data is safer than UK -> International or International -> UK data.
I promise, nobody in the UK government has time to look through all that mountain of data in order to “find something suspicious” that you, an ordinary citizen, may have said or implied or whatever.
Ergo, this is only really a significant worry for people who are already on your government’s radar, people who are about to get onto your government’s radar within the next three days, and people who are communicating with someone in one of those two categories. (Granted, that implies that it makes getting onto the government’s investigatory radar more dangerous than it previously was. If your nose hasn’t been squeaky clean for three days running, they’ll have something to use against you that they otherwise wouldn’t have had.)
Incidentally, the US government is widely believed to be doing something similar.
If it were a human doing the looking, applying common sense, it would be somewhat less worrying (although still an intrusion of privacy). But it’s the fact that it’s a computer, which _can_ look through all that mountain of data, that is particularly scary.