The British government can tap into the cables carrying the world’s web traffic at will and spy on what people are doing on some of the world’s most popular social media sites, including YouTube, all without the knowledge or consent of the companies.
Documents taken from the National Security Agency by Edward Snowden and obtained by NBC News detail how British cyber spies demonstrated a pilot program to their U.S. partners in 2012 in which they were able to monitor YouTube in real time and collect addresses from the billions of videos watched daily, as well as some user information, for analysis. At the time the documents were printed, they were also able to spy on Facebook and Twitter.
Called “Psychology A New Kind of SIGDEV” (PDF/17.3MB) (Signals Development), the presentation includes a section that spells out “Broad real-time monitoring of online activity” of YouTube videos, URLs “liked” on Facebook, and Blogspot/Blogger visits. The monitoring program is called “Squeaky Dolphin.”
One of the people who helped prepare the demonstration was an official from the British signals intelligence agency General Communications Headquarters (GCHQ) who worked for a division of the agency called GTE, or Global Telecoms Exploitation. GTE has already been shown in other documents released by Snowden to be tapping fiber optic cables around the world.
According to the documents obtained by NBC News, intelligence officers from GCHQ gave a demonstration in August 2012 that spelled out to their U.S. colleagues how the agency’s “Squeaky Dolphin” program could collect, analyze and utilize YouTube, Facebook and Blogger data in specific situations in real time.
The demonstration showed that by using tools including a version of commercially available analytic software called Splunk, GCHQ could extract information from the torrent of electronic data that moves across fiber optic cable and display it graphically on a computer dashboard. The presentation showed that analysts could determine which videos were popular among residents of specific cities, but did not provide information on individual social media users.
Cyber-security experts told NBC News that once the information has been collected, intelligence agencies have the ability to extract some user information as well. In 2010, according to other Snowden documents obtained by NBC News, GCHQ exploited unencrypted data from Twitter to identify specific users around the world and target them with propaganda.
The experts also said that the only way that GCHQ would be able to do real-time analysis of trends would be to tap the cables directly and store the data or use a third party, like a private company, to extract and collect the raw data. As much as 11 percent of global internet bandwidth travels through U.K. internet exchanges, according to Bill Woodcock, president of PCH, a non-profit internet organization that tracks and measures and documents fiber infrastructure around the world.
According to a source knowledgeable about the agency’s operations, the NSA does analysis of social media similar to that in the GCHQ demonstration.
In the case of the YouTube video information, the surveillance of the unencrypted material was done not only without the knowledge of the public but without the knowledge or permission of Google, the U.S. company that owns the video sharing service.
“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links,” said a Google spokesperson. “We do not provide any government, including the UK government, with access to our systems. These allegations underscore the urgent need for reform of government surveillance practices.”
A source close to Google added that Google was “shocked” because the company had pushed back against British legislation that would have required Google to store its metadata and other information for U.K. government use. The legislation, introduced by Home Secretary Theresa May in 2012, was publicly repudiated by Deputy Prime Minister Nick Clegg in 2013 and has never become law. May hopes to reintroduce a modified version this spring.
“It’s extremely surprising,” said the source, “that while they were pushing for the data via the law, they might have simultaneously been using their capability to grab it anyway.”
Facebook confirmed to NBC News that while its “like” data was unencrypted, the company never gave it to the U.K. government and was unaware that GCHQ might have been siphoning the data. The company assumes the data was taken somewhere outside its networks and data centers.
“Network security is an important part of the way we protect user information,” said Facebook spokesman Jay Nancarrow, “which is why we finished moving our site traffic to HTTPS by default last year, implemented Perfect Forward Secrecy, and continue to strengthen all aspects of our network.”
Encryption would prevent simple collection of the data by an outside entity like the government. Google has not yet encrypted YouTube or Blogger. Facebook and Twitter have now fully encrypted all their data.