How UK security agencies use telecoms firms to spy on us

Recent news that the Home Office has ordered Apple to enable access to iCloud encrypted data has stirred public debate about the scope and secrecy of UK surveillance laws.

Successive governments have argued that such powers are needed to combat novel and sophisticated threats posed by criminals.

However, recently released documents from the National Archives confirm that there is nothing new about this.

They show that for decades Conservative and Labour governments have used Cold War-era statutes to order telecoms companies to give them access to the UK and global public’s communications – while keeping the public and parliament in the dark about these orders.

Cold War legacy

Among Edward Snowden’s revelations in 2013 were documents that claimed Britain’s GCHQ spy agency had a vast cable-tapping programme heavily relying on UK telecom giants BT and Vodafone.

Both companies were accused of quietly giving GCHQ “secret unlimited access” to their networks of undersea cables that carry most of the world’s internet and phone traffic.

These undersea cables are fiber-optic lines laid on the ocean, stretching thousands of miles and connecting different countries and continents. They are the backbone of global communications as they transmit more than 95% of international data, including emails, phone calls, and internet traffic.

BT refused to comment, while Vodafone defended itself by pointing to obligations “set out in every telecommunications operator’s licence.” Vodafone seemed to be alluding to a practice dating back to the late 1960s.

Back then, Cable and Wireless (a publicly owned company that was privatised in the 1980s before being bought by Vodafone), ran all of the UK’s international phone calls and telegrams together with the Post Office, which was a government department responsible for domestic telecommunications.

This made it easy for the British state to treat public telecoms infrastructure as part of its secret eavesdropping network.

Such an example was the infamous ‘D-Notice Affair’ which in 1967 revealed that thousands of private cables and telegrams sent from Britain were systematically scrutinised by the Ministry of Defence.

However, the government’s decision in the late 1960s to turn the Post Office into a public corporation raised fears among certain government departments that it might be less willing to cooperate.

The solution seized upon became Section 11 of the Post Office Act 1969. This was a provision allowing the Minister for Posts and Telecommunications to issue secret “directions” to the corporation in the interests of national security or foreign relations – effectively ordering it to do or not do “a particular thing.”

Crucially, the law barred any public disclosure of such directions issued for national security purposes without the minister’s approval.

Declassified documents show that the Foreign Office, which oversees GCHQ, lobbied intensely to extend that secrecy even to directions given for aspects of UK “foreign relations”, in addition to national security.

This proposal was eventually abandoned, however, after other departments became “very sceptical of the Foreign Office case” and started asking questions.

A privatised surveillance monopoly

Margaret Thatcher’s privatisation drive triggered a crisis in the telecoms–spooks alliance.

As then home secretary Willie Whitelaw warned in a secret minute to Thatcher in 1980, the privatisation of previously state-owned telecommunications infrastructure meant “accepting a limitation on intelligence-gathering and an increased risk.”

Nonetheless, the 1981 British Telecommunications Act and the 1984 Telecommunications Act each included provisions nearly identical to Section 11 of the 1969 legislation, enabling the government to issue secret orders to telecoms companies.

Conceivably, this could involve anything from requiring them to hand over communications data to compromising security of systems or tapping cables.

Previously unseen Home Office files show the Thatcher government planned to use these powers to facilitate the surveillance of public telecommunications.

Around the same time it introduced another, shadow decoy instrument, namely the Interception of Communications Act 1985, so that any debate around surveillance powers could focus on the latter while leaving the former unchecked.

Within a year of the 1984 Act taking effect, the government had BT create a special National Security Committee on its board – the only body authorised to receive secret state orders. It survives today under a different name.

Declassified records reveal that by 1985 the Home Office was already issuing directions in the name of “home defence”, ordering BT to prepare to provide access to international communications cables.

Specifically, BT was asked to “formulate and maintain” special plans and to provide facilities and services, including the provision of interception equipment at “cable landing stations”.

At the same time, new telecoms companies were granted licences containing similar secret order clauses, cementing the surveillance regime across the newly privatised industry.

Encryption under siege

It would take more than 25 years for the world to learn, thanks to Snowden, that those same 1984 Act provisions were being used by intelligence agencies to amass communications metadata on everyone. This concerned the who, when and where of messages – although not content.

Out of the Snowden revelations sprang lawsuits and, in one case brought by Privacy International, a new question emerged: Was GCHQ serving companies with secret orders to also ‘break’ their security protocols so that it could hack into them?

By the 1990s, commercial encryption had become the spooks’ new obsession. Companies had to offer it to gain their users’ trust, and this meant no access for either cyber criminals or intelligence agencies.

GCHQ didn’t like that, so the then Labour government rushed to the rescue. First it proposed ‘key-escrow’ – a third party holding everyone’s encryption keys – but dropped it upon realising the damage this meant to the industry (but not necessarily to the privacy and security of people).

Instead, the 2000 Regulation of Investigatory Powers Act (RIPA) introduced decryption orders, allowing agencies to demand companies (or even individuals) surrender encryption keys or face criminal penalties.

After RIPA 2000 came the Investigatory Powers Act 2016 which repackaged the decades-old powers to force telecommunications companies to do “a particular thing”.

Its ‘national security’ and ‘technical capability’ notices let the government secretly compel telecommunications operators to weaken the security of their systems, insert vulnerabilities – namely flaws into the software that allow for unlawful access – or remove encryption.

Companies are still forbidden from disclosing the existence of such orders and any challenges can only be brought behind the closed doors of the Investigatory Powers Tribunal, the body tasked with hearing surveillance claims.

Extreme powers

Sixty years of secret history show a common theme: under cover of “national security” and with little oversight, the UK has treated global communications – from undersea cables to end-to-end encryption – as if they were state property.

Britain’s most powerful spying tools (mostly inherited from the Cold War era) still remain largely invisible to the public and parliament even as they spy on targets worldwide.

No other democracy has so boldly tried to create a permanent secret way to break into encrypted systems, and none of this was open to public debate until leaks forced the issue.

And even then, obsessed with an unparalleled secrecy fetish, the government will neither confirm nor deny that it’s killing encryption.

At the same time, the Intelligence and Security Committee, the only parliamentary body that can scrutinise the intelligence services, has repeatedly warned that its role is being undermined in what it has referred to as an “oversight crisis”.

Britons have just begun to wake up to this reality that secret spy powers are used beyond their country’s borders, hidden from view, with wide-ranging implications for millions of peoples’ security and privacy.

Unless this empire of secrecy is openly examined and questioned, it will quietly continue to run on.

In the meantime, we are left wondering whether such extreme powers can ever live up to the expectations of modern, human-rights respecting societies or whether they should be left in the dark past where they belong.

BT was asked to comment.