In a rare piece of publicity, GCHQ yesterday released a “how to” guide for spies hunting terror suspects.
The six-step course on spycraft appeared to be an attempt by the agency to demonstrate the importance of intercepting private communications ahead of what is expected to be a heated debate after the election on new legislation to enable MI5, MI6 and GCHQ to access and interrogate bulk data.
Under the heading “initial lead”, GCHQ set out a case study whereby an MI6 source sees a facilitator who is a member of Islamic State pass a package of handwritten information to a stranger along with the message that it contains “information for the brothers in the United Kingdom that will cause carnage across London”.
The stranger had a mobile phone and a tablet.
Such a tip-off would be enough to trigger the next step: “early detective work”, GCHQ says.
Advertisement
Permission would be given to probe all data associated with the facilitator to try to identify the stranger.
Next comes the analysis – using fragments of extracted information to find a lead.
If that draws a blank, GCHQ staff could target the tablet, using data-mining techniques to identify activity on the internet that might relate to the stranger’s device.
Step five is entitled “digging deeper”, when analysts have narrowed down the leads to justify a request to search actual content within the data held.
“Looking at the user of the tablet we have identified, we see indications of online extremist behaviours,” the guide, posted on GCHQ’s website, says.
Advertisement
“Running the details of the internet service account against GCHQ’s database of known targets we find it has come up in connection with a previous investigation and the user has been identified. We now have a name that could belong to our stranger.”
The final step is called “results”, which explains how signals intelligence can be a “powerful tool to answer seemingly impossible questions”.
The GCHQ guide says: “We can hone in on the most likely targets and only when we have sufficient justification that a lead is suspicious do we have the ability and resource to dig deeper and look at content to progress our investigations.”