The phone, internet and email records of UK citizens not suspected of any wrongdoing have been analysed and stored by America’s National Security Agency under a secret deal that was approved by British intelligence officials, according to documents from the whistleblower Edward Snowden.
In the first explicit confirmation that UK citizens have been caught up in US mass surveillance programs, an NSA memo describes how in 2007 an agreement was reached that allowed the agency to “unmask” and hold on to personal data about Britons that had previously been off limits.
The memo, published in a joint investigation by the Guardian and Britain’s Channel 4 News, says the material is being put in databases where it can be made available to other members of the US intelligence and military community.
Britain and the US are the main two partners in the ‘Five-Eyes’ intelligence-sharing alliance, which also includes Australia, New Zealandand Canada. Until now, it had been generally understood that the citizens of each country were protected from surveillance by any of the others.
But the Snowden material reveals that:
• In 2007, the rules were changed to allow the NSA to analyse and retain any British citizens’ mobile phone and fax numbers, emails and IP addresses swept up by its dragnet. Previously, this data had been stripped out of NSA databases – “minimized”, in intelligence agency parlance – under rules agreed between the two countries.
• These communications were “incidentally collected” by the NSA, meaning the individuals were not the initial targets of surveillance operations and therefore were not suspected of wrongdoing.
• The NSA has been using the UK data to conduct so-called “pattern of life” or “contact-chaining” analyses, under which the agency can look up to three “hops” away from a target of interest – examining the communications of a friend of a friend of a friend. Guardian analysis suggests three hops for a typical Facebook user could pull the data of more than 5 million people into the dragnet.
• A separate draft memo, marked top-secret and dated from 2005, reveals a proposed NSA procedure for spying on the citizens of the UK and other Five-Eyes nations, even where the partner government has explicitly denied the US permission to do so. The memo makes clear that partner countries must not be informed about this surveillance, or even the procedure itself.
The 2007 briefing was sent out to all analysts in the NSA’s Signals Intelligence Directorate (SID), which is responsible for collecting, processing, and sharing information gleaned from US surveillance programs.
Up to this point, the Americans had only been allowed to retain the details of British landline phone numbers that had been collected incidentally in any of their trawls.
But the memo explains there was a fundamental change in policy that allowed the US to look at and store vast amounts of personal data that would previously have been discarded.
It states: “Sigint [signals intelligence] policy … and the UK Liaison Office here at NSAW [NSA Washington] worked together to come up with a new policy that expands the use of incidentally collected unminimized UK data in Sigint analysis.
“The new policy expands the previous memo issued in 2004 that only allowed the unminimizing of incidentally collected UK phone numbers for use in analysis.