29 October 2013 Last updated at 00:34
By Gordon CoreraSecurity correspondent, BBC Newshttp://www.bbc.co.uk/news/world-europe-24715168
Germany has suggested it may seek a no-spy deal with the US, whose embassy is beside Brandenburg Gate
The 'five eyes' club was born out of Britain and America's tight-knit intelligence partnership in World War II and particularly the work at Bletchley Park, breaking both German and Japanese codes.
Code-breakers realised collaboration helped in overcoming some of the technical challenges and in being able to intercept communications around the world.
Out of this experience came what was first called BRUSA and then rechristened UKUSA - a top secret intelligence-sharing alliance signed in March 1946.
The details of the original agreement were classified for decades but were finally revealed in 2010 when files were released by both countries.
The arrangement is described as "without parallel in the Western intelligence world".
Soon after the beginning of the Cold War, GCHQ and the NSA were born and the alliance formed the basis of their extremely tight co-operation during the Cold War - the real heart of what has been known as "the special relationship".
The club was also expanded to include three other English-speaking countries - Canada, Australia and New Zealand and so became known as the "five eyes".
So how does this club work? It is based on sharing with each other and not spying on each other.
The US and UK human intelligence services (the CIA and MI6) do not run operations inside the other's country without permission, but while the CIA and MI6 do share information they are not nearly as closely intertwined as their counterparts GCHQ and NSA. They deal in what is known as signals intelligence, which deals with communications.
Under UKUSA, they share nearly - but not quite - everything, and do not target each other's nationals without permission.
The White House admits that the recent disclosures about US spying have caused diplomatic tension with America's allies
One document leaked by the fugitive Edward Snowden reveals that the protection extends when intelligence is shared with other countries outside the club (so called "third parties", a "second party" being any other member of the club).
Continue reading the main story
“Start Quote
One general rule about intelligence is that the more a secret is shared, the less secret it becomes”
An agreement between the NSA and Israel published by the Guardian newspaper read that Israel "recognises that the NSA has agreements with Australia, Canada, New Zealand and the United Kingdom that require it to protect information associated with UK persons, Australian persons, Canadian persons and New Zealand persons using procedures and safeguards similar to those applied for US persons".
In a way, Edward Snowden himself shows how close the alliance is.
An American, he had access to thousands of documents belonging to British intelligence. And so GCHQ has, in a strange way, become a victim of the club's intimacy and openness within its wall.
But given America's NSA is the largest partner by some way, it may be careful not to complain too much.
Just because a country is not in the club does not mean there is no co-operation with those inside.
Americans suggest the reason they collect so much data about call-records from countries in Europe is that they are looking for suspected terrorist plots and that they share what they find with national intelligence agencies so they can then follow them up (this is the same justification that the NSA has furthered for collecting some domestic call record data within the US).
"If the French citizens knew exactly what that was about, they would be applauding and popping champagne corks. It's a good thing. It keeps the French safe. It keeps the US safe. It keeps our European allies safe," Congressman Mike Rogers, the chairman of the US House Intelligence Committee, which oversees the NSA, told CNN at the weekend.
GCHQ and NSA share intelligence about communications, using hi-tech versions of Alan Turing's WWII Bombe decryption machine (above)
But of course, while this might explain some of the spying, it does not explain eavesdropping on Angela Merkel's phone or bugging EU offices.
That looks like traditional state-on-state espionage and is what is likely to be most angering European officials (although for public consumption they still need to make angry noises and protests about the collection of their ordinary citizens' call records).
Germany and France have suggested they may seek deals to end this kind of state-on-state espionage activity and one of the interesting questions is the extent to which what they really want is a no-spy deal like the one Britain enjoys, and effective membership of the existing club (or some modified version of it).
However, one general rule about intelligence is that the more a secret is shared, the less secret it becomes.
It is one reason why some are sceptical of sharing too much intelligence with the whole EU - secrets may not stay secret among 28.
Could something be possible with some of the countries though?
Some senior British intelligence officials are understood to be supportive of deepening and broadening the partnership with some European allies, although whether this means going so far as letting then into full membership is another matter.
But with embarrassing revelations likely to continue, the way the club currently operates may well have to change.
17 January 2014 Last updated at 10:01
Documents leaked by whistleblower Edward Snowden suggest the US government has undertaken mass surveillance operations across the globe - including eavesdropping on US allies.
The claims have led US Senate's intelligence committee to pledge to review the way the country's biggest intelligence organisation - the National Security Agency (NSA) - undertakes surveillance.
According to the leaks, what are the key methods the spy agency uses?
1. Accessing internet company data
The files showed the agency had access to the servers of nine internet firms, including Facebook, Google, Microsoft and Yahoo, in order to track online communication under a surveillance programme known as Prism.
They claimed the project gave the NSA - along with the UK's eavesdropping station GCHQ - access to email, chat logs, stored data, voice traffic, file transfers and social networking data.
However, the companies denied they had offered the agency "direct access" to their servers.
Some experts have also questioned Prism's real power.
What data could Prism possibly access?
|
Company | What kind of data which could be collected? |
|
Some Microsoft sites collect email address, name, home or work address, or telephone numbers. Some services require sign-in with email and password. Microsoft also receives information sent by web-browsers on sites visited, together with IP address, referring site address and time of visit. The company also uses cookies to provide more information about pages views
|
|
Yahoo collects personal information when users sign up for products or services including name, address, birth date, post code and occupation. It also records information from users' computers, including IP addresses.
|
|
Personal details are required for sign-up to Google accounts, including name, email address and phone number. Google email - Gmail - stores email contacts and email threads for each account, which have a 10 GB capacity. Search queries, IP addresses, telephone log information and cookies which uniquely identify each account are also stored. Chat conversations are also collected unless a user selects 'off the record' option.
|
|
Facebook requires personal information on sign-up, such as name, email address, date of birth and gender. It also collects status updates, photos or videos shared, wall posts, comments on others posts, messages and chat conversations. Friends' names, and the email details of those friends who have provided addresses on their profiles, are also recorded. Tagging information about users from friends is recorded, and GPS or other location information is also stored.
|
|
Paltalk is an instant chat, voice and video messaging service. Users must provide contact information including email address. The company employs cookies to track user behaviour, with the aim of delivering targeted advertising.
|
|
YouTube is owned by Google and the company applies the same data collection methods. Users logged in via their Google accounts will have their YouTube searches, playlists and subscriptions to other users' accounts recorded.
|
|
Skype is part of Microsoft, and its instant messaging service replaced Microsoft's Messenger this year. Users submit personal data including name, username, address when signing up. Further profile information such as age, gender and preferred language are also recorded as options. Contacts lists are stored, as is location information from mobile devices. Instant messages, voicemail and video messages are generally stored by Skype for between 30 and 90 days, though users can opt to preserve their instant messaging history for longer.
|
|
AOL collects personal information for users signing up or registering for its products and services, but its privacy policy states that users who do not make themselves known to the company by these methods are "generally anonymous."
|
|
Users signing up for Apple ID's - required for services such as iTunes , or to register products - must submit personal data including name, address, email address and phone number. The company also collects information about the people who Apple users share content with, including their names and and email addresses.
|
Continue reading the main story
2. Tapping fibre optic cables
In June, further
leaked documents from GCHQ published in the Guardian revealed the UK was tapping fibre-optic cables carrying global communications and sharing the data with the NSA, its US counterpart.
The documents claimed GCHQ was able to access 200 fibre-optic cables, giving it the ability to monitor up to 600 million communications every day.
The information on internet and phone use was allegedly stored for up to 30 days in order for it to be sifted and analysed.
GCHQ declined to comment on the claims but said its compliance with the law was "scrupulous".
The three cables in Sicily were named as SeaMeWe3, SeaMeWe4 and Flag Europe-Asia.
According to the leaks, the agency had obtained and sifted through a wide range of material, including "metadata" - which records who sent or received e-mails and when - text, audio and video, in an operation run in conjunction with British counterpart GCHQ.
Google, which has a number of US and overseas data centres - consisting of thousands of miles of cables and computers stored in warehouses - has said it is now working to encrypt its cables.
3. Eavesdropping on phones
In October, German media reported that the US had bugged German Chancellor Angela Merkel's phone for more than a decade - and that the surveillance only ended a few months ago.
The documents quoted by the magazine claimed a US listening unit was based inside its Berlin embassy - and similar operations were replicated in 80 locations around the world.
Investigative journalist Duncan Campbell
explains in his blog how windowless areas on the outside of official buildings could be "radio windows". These external windows - made of a special material that does not conduct electricity - allow radio signals to pass through and reach collection and analysis equipment inside.
The German press has published claims that the US taps communications from a small windowless room at its embassy in Berlin
Der Spiegel said the nature of the monitoring of Mrs Merkel's mobile phone was not clear from the leaked files.
However, later reports claimed that two of the chancellors phones had been targeted - one unencrypted phone she used for party business as well as her encrypted device used for government work.
It is possible for an eavesdropper to position themselves between the message-making software and the encryption system at either end of a conversation and see information before it is scrambled or after it is unscrambled.
End-to-end encryption, now adopted by many, closes this gap by having the message-making software apply the scrambling directly. In addition, many of these systems run a closed network so messages never travel over the public internet and are only decrypted when they reach their intended recipient.
How encryption systems work
As well as the bugging of the chancellor's phone, there are claims the NSA has monitored millions of telephone calls made by German and French citizens along with the emails and phone calls of the presidents of Mexico and Brazil.
4. Targeted spying
The magazine said it had seen documents leaked by Edward Snowden showing that the US had spied on EU internal computer networks in Washington and at the 27-member bloc's UN office in New York.
The files allegedly suggested that the NSA had also conducted an eavesdropping operation in a building in Brussels, where the EU Council of Ministers and the European Council were located.
Countries targeted included France, Italy and Greece, as well as America's non-European allies such as Japan, South Korea and India, the paper said.
EU embassies and missions in New York and Washington were also said to be under surveillance.
The file is said to have detailed "an extraordinary range" of spying methods used to intercept messages. They included bugs, specialised antennae and wire taps.
5. Text message gathering
The NSA is alleged to have used SMS messages to extract data, contacts and location
In January 2014,
the Guardian newspaper and Channel 4 News reported that the NSA collected and stored almost 200 million text messages per day across the globe.
NSA programmes codenamed Dishfire and Prefer extracted location information, contacts and financial data from SMS messages, including automated texts, such as roaming charge alerts, the newspaper said.
According to The Guardian, this was an untargeted collection of people's messages, rather than being aimed at known surveillance targets.
However, the NSA told the BBC the programme stored "lawfully collected SMS data" and any implication that collection was "arbitrary and unconstrained is false".
28 January 2014 Last updated at 19:06
http://www.bbc.co.uk/news/technology-25085592
27 January 2014 Last updated at 13:10
http://www.bbc.co.uk/news/technology-25832341
21 February 2014 Last updated at 12:30
http://www.bbc.co.uk/news/technology-26287517