Certificated & Overlapping Warrants, S.15.3 "safeguards" and domestic mass-surveillance

 IOCA 1985 (S.3.2) introduced the notion of a certificated warrant, which does not specify the target of interception (in terms of names, premises or addresses), but instead there is an accompanying certficate containing the "description" of material that the SoS considers it is necessary to examine for the allowable purposes of national security, serious crime and safeguarding economic well-being. This procedure can only be used in respect of “external” communications, namely those sent or received outside the UK, and “such other communications (if any) as it is necessary to intercept in order to intercept such external communications as are so described” (IOCA 1985 3.2.a.ii)

 It is commonly understood that this is the legal basis under which GCHQ collects very large volumes of indiscriminately acquired communications (of all types), with the object of searching for material with powerful computers that are programmed with various algorithms capable of matching against the description on the certificate.

Clearly there is no difficulty defining what is an external communication when considering a telephone call carried outside the UK by an undersea cable or a microwave satellite beam.

However, a packet-switched network such as the Internet breaks up a communication into small “datagrams” which are autonomously routed to their destination through an unpredictable sequence of switches.

A basic question to consider therefore is whether in the context of Internet communications, the meaning of “external” should be determined by the path actually travelled (by any particular datagram), or whether if a communication (such as an e-mail) is sent inside the UK to a recipient who is also inside the UK, it should be considered internal, irrespective of the path taken by its constituent datagrams in transit. This is an important issue since it is extremely common for many domestic Internet communications to in fact be relayed via the United States, because the connectivity of the Internet is a function of commercial alliances as well as technical infrastructure.

It is not obvious what is the “correct” answer, because not only must one consider the original purpose of the legislation in treating external communications differently, one should also consider the practical alternative means whereby communications are intercepted, and the extent to which each result in the capture of different degrees of extraneous material.

The purpose of the different treatment of external communications – essentially intelligence gathering for national security - has its roots in the Official Secrets Act 1920, and those powers were said by the Radcliffe report in 1967 to have been "regularly exercised" since that time. In light of ex-CIA Director James Woolsey's recent confirmation of the existence of the ECHELON global eavesdropping network operated primarily by the US National Security Agency with GCHQ, this perhaps understated the true position[1].

Under RIP things are less clear. The certificated warrant mechanism is carried over under 8.3 and is also ostensibly limited to external communications. However there is a "get-out" clause in S.5.6 that allows collection of internal material provided that it is unavoidable. The coupling that limits S.8.3 warrants to external communications subject to exclusions of S.5.6 is looser and broader than the corresponding IOCA S.3.2.a.ii.

It is very important to appreciate that using ANY of the collection mechanisms envisaged by the Smith Report[2] for obtaining intercepts directly from the Internet Service Provider, it will be very difficult (and we would think in practice infeasible) to pre-filter or differentiate external from internal communications. This concern is compounded by the fact that RIP interception warrants are addressed to the Agency (not the telco as in IOCA 1985), and furthermore it does not appear to be legally necessary to serve a warrant on the ISP if interception can be achieved entirely covertly (e.g. by a black-box under remote control).

In the case of e-mails, an e-mail address is not necessarily tied to a geographic location – it may sit in a "mailbox" waiting for collection, but when it is collected may travel half way around the world. Similarly the datagrams that comprise all Internet communications may take varied routes that stray outside the geographic borders of the UK, even if their endpoints are actually internal. There is even a philosophical problem – if a packet is intercepted by being copied by a "black-box" at an ISP, who is to say or know whether its real world twin in fact leaves the UK during its journey?

More RIP euphemisms: additional "Safeguards" ?

The safeguards of S.15 are intended to ensure that this extraordinarily powerful technique of super-computer "trawling" through communications is not used to circumvent the necessity of an ordinary targeted warrant for persons who are in the British Isles. Journalistic accounts refer to this as "keyword trawling" but in fact far more sophisticated techniques have been developed since rumours about the "ECHELON" system first appeared in the 1980s. It is possible even to check the sense or meaning of a passage against an exemplar text, which obviates many of the drawbacks of simple keyword search.

The idea of the safeguard is that the material cannot be "touched by human hands" unless it has first been identified by a computer match as falling within the matters described in the certificate.

 S.15.3 creates a mechanism whereby the Secretary of State can issue an additional certificate that, for a 3-month period, can override the S.15.2.a safeguard that prohibits a S.8.3.b certificated warrant being used to intercept a person in the United Kingdom.  

Overlapping Warrants

 This situation is complicated by the practice of overlapping warrants referred to by Lord Justice Lloyd in the first Interception Commissioner's report published in 1987: 

"Section 3(3) which provides that the material specified shall not include an address in the British Islands for the purpose of including communications sent to or from that address, except in the case of counter-terrorism. So if, for example in a case of subversion, the Security Service wishes to intercept external communications to or from a resident of the British Islands, they could not do so under a Section 3(2) warrant by asking for communications sent to or from his address to be included in the certified material."

To clarify, the wording of the act does not permit "keyword" trawling through communications with a certificated warrant (that is supposed to be limited to external communications with some leeway) except for anti-terrorist purposes. 

"But it would be possible for the Security Service to get indirectly, through a legitimate examination of certified material, what it may not get directly. In such cases it has become the practice to apply for a separate warrant under Section 3 ( 1) known as an overlapping warrant, in addition to the warrant under Section 3(2). " 

It is questionable whether Lord Lloyd is correct. Here the term "certified material" actually means the "raw" material (collected say by GCHQ) that most certainly cannot be examined unless it has already been computer-matched against the certificate – but it is illegal to match against an address (which includes a telephone number) in the UK. In other words you cannot search for pearls if you aren't allowed to look inside the oyster. This can be partially worked around by searching for overseas addresses with which the target is likely to correspond – but much may be missed – and would those addresses have to be explicitly included in the certificate? 

" There is nothing in the Act which requires this to be done. But it is obviously a sound practice, and wholly consistent with the legislative intention underlying Section 3(3). Accordingly I would recommend that where it is desired to intercept communications to or from an individual residing in the British Islands, as a separate target, then in all cases other than counter-terrorism there should be a separate warrant under Section 3(1), even though the communications may already be covered by a warrant under Section 3(2). " 

It is not by any means clear that the issue of an overlapping warrant in fact makes searching through the "raw" material for references to an address in the UK lawful (other than for counter-terrorism). A normal warrant allows the interception of all material pertaining to an address – it does not make lawful trawling through indiscriminately collected material in ways that are prohibited.

It is not clear whether the intention of S.15(3) is to replace overlapping warrants with a new kind of certificate, or if the practice will continue, because ostensibly the additional certificate should only grant access to external material – however an overlapping warrant grants access to the full range of both external and internal material.

So in practice we have to wonder whether, given the likely collection mechanism of black-boxes stationed at ISPs, given the difficulties of distinguishing external communications from internal, and given that the scope of overlapping warrants evidently has been taken in the past to allow access both to internal and external communications – whether the intention here is that the new "override certificate" will in fact be able to authorize trawling through a mixed pool of raw internal and external communications derived from packet-stream capture at ISPs.

What for example would happen if the matching mechanism incorrectly identified a communication as external when in fact it was internal (as could easily happen with Internet protocols). The leeway provided by 5.6 and 15.4 and 15.5 provides little reassurance. The danger is that this procedure could in practice become a routine way of performing mass-surveillance (i.e trawling of content) on the full spectrum of domestic Internet communications.

Q1. What is the purpose? Administrative efficiency? Extension of scope? Legitimising questionable existing practice?

Q2. Are overlapping warrant to continue?

Q3. Are the safeguards for the individual exactly equivalent?

Q4. Will it be lawful to trawl through a mixed pool of internal and external communications collected indiscriminately?

Q5. Would the existence of an overlapping warrant allow the lawful examination of internal communications thrown up by such a trawl?

Caspar Bowden, FIPR 12th June 2000

[1] The Wall Street Journal, March 17, 2000 "Why We Spy on Our Allies", by James Woolsey, a Washington lawyer and a former Director of Central Intelligence.

[2] Technical and cost issues associated with interception of communications at certain Communication Service Providers – The Smith Group, April 2000 http://www.homeoffice.gov.uk/oicd/techcost.pdf