U.K. Cops Can Read Your Metadata
Edward Snowden reveals another surveillance program
by JOSEPH COX
For years, and in secret, U.K. law enforcement agencies have had access to metadata collected by the country’s powerful signals intelligence agency GCHQ.
The fact this power has only been revealed now raises serious questions about government transparency, especially while Home Secretary Theresa May and others are pushing a controversial surveillance law on the premise that law enforcement need greater visibility into criminals using the internet.
Through a program called MILKWHITE — revealed on June 7, 2016 in documents leaked by U.S. National Security Agency whistleblower Edward Snowden and published by The Intercept — the Metropolitan Police, Her Majesty’s Revenue and Customs and other agencies have been able to dig through GCHQ’s intercepts for things such as I.P. addresses.
According to The Intercept, MILKWHITE stretches all the way back to September 2009, and may include information on British calls, emails and browsing data. It’s not totally clear what amount or exact type of data has been provided to law enforcement — The Intercept suggests it was collected by GCHQ’s tapping of undersea cables.
A series of internal updates dating from 2009 to 2011 indicate that information on apps such as WhatsApp, protocols such as XMPP and social media sites were part of the program.
MI5, the United Kingdom’s domestic security service, is involved with MILKWHITE, but five law enforcement agencies also have access according to a 2011 document — the Serious Organized Crime Agency, now the National Crime Agency; HMRC; the Metropolitan Police Service; the Police Service of Northern Ireland; and the Scottish Recording Center.
That access was facilitated by the SOCA-hosted “Internet Data Unit.” According to the document, SOCA and HMRC also received information through “business as usual” channels.
These revelations come at time when the U.K. government is trying to pass the Investigatory Powers Bill, a piece of legislation that would force internet service providers to store browsing data for all customers, and would include information on when they use things such as WhatsApp.
Richard Tynan, technologist at Privacy International, described the powers as “mission creep.”
“While cooperation between different law enforcement agencies on a case-by-case basis is certainly not new and can be beneficial, systemic and wholesale access to these mass surveillance systems is not something any politician has ever disclosed to the public,” Tynan said in a statement. “It is vital that truly independent authorization and oversight is put in place.”
“That vast amounts of metadata were shared by MI5 with a wide number of agencies, such as the Met and HMRC, highlights the lack of transparency, safeguards and accountability,” commented Jim Killock, executive director of Open Rights Group.
Neither the Metropolitan Police or the National Crime Agency would say whether the agencies still had access to the MILKWHITE program.
This story originally appeared at Vice Motherboard.
