Reports indicate the British intelligence agency GCHQ has monitored internet users much more heavily than its counterparts in the US. Constanze Kurz of the Chaos Computer Club explains why that should alarm us.
DW: Following the revelation of the US surveillance program Prism, there are now reports that British intelligence agencies have gone even further than the American National Security Agency (NSA) in intercepting data from the internet. Does that surprise you?
Constanze Kurz: There have been reports for years that the British have been helping themselves to the communication cables that cross their islands. As such, it was only surprising to see the extent to which these agencies were able to operate without legal intervention.
Is the British surveillance program Tempora in fact more ominous than its US counterpart Prism?
It's when taken together that both programs seem especially ominous. The British as well as the Americans have rules for this groundless monitoring - namely that part of the communication has to take place outside of the US or Great Britain. By cooperating, the American and British agencies can now exchange the data mutually. And that amounts to a large percentage of global communication. With the British, we're talking about over 20 petabytes (Ed. Note: 20 million gigabytes) that - according to the "Guardian" publications - have been combed through and saved for a certain amount of time. The number of people who are involved there is enormous and actually no longer in acceptable relationship to a democracy.
Do British authorities have better access to the data cables than the Americans?
Great Britain has the advantage of being an island crossed by many cables. There are also historical reasons. The first underwater cables, which were put in place many decades ago, ran in part from the island to America. But it's not just about those cables - it's also a question of satellite connections.
What could British intelligence do with this immense mass of data?
First of all, it will be analyzed - just as the American or German intelligence authorities do - by using certain keywords in emails or social media data, but also by searching for email addresses or the IMEI cell phone identification numbers, et cetera. And we are also talking about several hundreds of thousands of people employed at private mercenary firms that also have access to the data. That is such an immense space outside of legal jurisdiction that a person can hardly imagine it.
What goals are the intelligence agencies pursuing?
The goal of fighting terrorism that always gets mentioned is, in my view, outrageous nonsense. It has more to do with exercising control - just as people always complain of with dictatorships. If one were to go through these huge mountains of data for the sake of fighting terror, that would be an inconceivably inefficient method. Traditional intelligence methods would be much more effective there. In the end, there's only the very big and increasing need for control among the governments. I find that very unsettling, and we should definitely not resign ourselves to it.
Do you assume that the German Intelligence Services (BND) are undertaking surveillance programs to a similar extent?
A few things are known about the surveillance programs. In part, the BND is doing that within a legal framework. With the so-called G10 law (Ed. note: a reference to article 10 of the German constitution), the strategic monitoring of telecommunications and scouring of telephone calls and emails is, fundamentally speaking, allowed. But in terms of the amount, it's not comparable because there are limitations and we - with the G10 Commission that has a kind of overview of this surveillance - still have some kind of legal control, even if that control is also not adequate. We receive just once a year a statistical overview, but it is not at all known, for example, which companies are cooperating with the BND to evaluate data. And precisely these private companies are a very big problem in the US and Great Britain.
Can internet users protect themselves from such surveillance in any way?
By encrypting your emails, you can protect yourself somewhat. Today, that's relatively easy. The programs are easy to use. But when it comes to the meta-data - who is calling whom and from where - that gets more difficult. I also don't think that that's the way to go about it. Soon we are going to be using the encryption technologies developed in the West that were intended to help the opposition in dictatorships. But we also have to do something politically and legally. These large-scale spaces that are not subject to legal control and in which no one can check up on what's going on have to be ended.
Constanze Kurz serves as the volunteer spokesperson for the Chaos Computer Club and works as project head at the Research Center for Culture and Computer Science within the HTW University of Applied Sciences in Berlin. She has served as an advisor to the German parliamentary commission on "Internet and digital society."