The NSA's closest ties are with GCHQ. In a random selection of NSA documents monitoring weekly reports, the British agency is frequently listed alongside the US agency's biggest regional bases such as Texas and Georgia. GCHQ operates a vast internet tapping operation based on partnerships between the UK Government and telecoms companies based in Britain and overseas. This allows the NSA to "touch" about 90 per cent of the traffic crossing the UK. Given the UK's location, this is a huge proportion of the internet.
Britain hosts one of the major transatlantic internet cables, as well as numerous cables connecting Europe and the Middle East. Each day, a quarter of all internet traffic traverses the UK. The data collected and stored by the programme, codenamed Tempora, is held by GCHQ for up to a month, with the NSA granted direct access.
The NSA - in theory at least - operates inside a legal framework that requires warrants to target Americans. But the Fisa (Foreign Intelligence Surveillance Act) court turns down few such requests.
The GCHQ operates in an even looser environment. One GCHQ document, referring to UK oversight, says: "So far they have always found in our favour."
A GCHQ legal briefing suggests some of the distinctions stressed in policy documents and public statements by staff of both agencies may not be so rigorously enforced in practice. A legal training slideshow includes slides explaining the often-complex differences between content and metadata, which requires substantially different handling, especially under US law. However, the notes for the presentation say: "GCHQ policy is to treat it pretty much all the same, whether it's content or metadata."
The blurred boundaries are acknowledged, too, in NSA documents, one of which states: "It is often unclear whether individual communication elements, particularly content-related metadata (CRI) - information derived from the message body - is content or metadata. For example, are email subject lines metadata or content? What about an email's signature block or telephone numbers within a message? Questions like these are not necessarily clear-cut."
Gaining access to the huge classified data banks appears to be relatively easy. Legal training sessions - which may also be required for access to information from Australian, Canadian, or New Zealand agencies - suggest that gaining credentials for data is relatively easy. The sessions are often done as self-learning and self-assessment, with "multiple choice, open-book" tests done at the agent's own desk on its "iLearn" system. Agents then copy and paste their passing result in order to gain access to the huge databases of communications.
The NSA, now embarrassingly penetrated as a result of Edward Snowden, is facing more scrutiny than at any time since its founding. It is being challenged in Congress. It is being challenged in the courts by an unholy alliance of the liberal American Civil Liberties Union and the right-leaning National Rifle Association. It is coming under pressure from the internet companies to be more transparent. And there is a review panel announced by President Barack Obama in August. There is also pressure from Germany and France, Mexico and Brazil.
Yet reforms may prove modest. The agency is hardly likely to easily relinquish its newfound capability of snooping almost everywhere.
In one of the leaked State of the Enterprise documents from 2007, an NSA staff member says: "The constant change in the world provides fertile ground for discovering new targets, technologies and networks that enable production of Sigint [signals intelligence]."
The official happily embraces this: "It's becoming a cliche that a permanent state of change is the new standard. It is the world we live in - navigating through continuous whitewater." It's an environment in which the NSA thrives, the official says. And adds: "Lucky for us."
- Observer