Keep proper journalism alive. It's time to Back the Cable
The Bristol Cable

Bristol University working with the surveillance state

City

From maths to computer science, GCHQ has its tentacles in Bristol University.

A GCHQ document leaked last year by Edward Snowden did the rounds in a few publications and niche blogs before dropping off the radar – castigated to the annals of Google – or so some at the University of Bristol had hoped.

The document, authored in 2011, shed light on the top secret work conducted at the Heilbronn Institute for Mathematical Research (HIMR), a national mathematics centre based at the University of Bristol, in collaboration with the Government Communications Headquarters (GCHQ).

As the centre’s online description makes clear, it’s no state secret that HIMR is funded by and works closely with GCHQ. “Each member of the Institute spends half their time pursuing research directed by the Government Communications Headquarters, and the other half doing personal academic research.”

But as one might expect, the nitty gritty of HIMR’s collaboration with GCHQ is somewhat more difficult to decipher, making this leak all the more interesting. While the institute holds public speaker events, staff and researchers are gagged by the Official Secrets Act from disclosing the classified matters they work on.

The HIMR penned document, titled “Data Mining Research Problem Book”, and marked “top secret strap 1”, detailed key techniques used by GCHQ to sift through the gigantic volumes of data it hoovers up from the Internet and telephone networks. The guide was designed to assist the Five Eyes (FVEY) network- the surveillance agencies of Australia, New Zealand, UK, Canada and the US.

It was never intended for public eyes and for good reason, because it shines a revealing light on the extent of GCHQ’s blanket surveillance and HIMR’s complicity in advising them how to analyse it. The book candidly states, “we pull everything we see” – when it comes to metadata, data that describes and gives information about other data, i.e the senders and recipients of text messages/ emails and phone calls, rather than the contents.

By displaying patterns, metadata can actually be more revealing than the content itself. As presented in the document, analysis of such networks can provide a comprehensive picture of a target, revealing who is communicating with who and when, of power structures and relationships. It is this emphasis on network analysis, as Cory Doctorow for BoingBoing magazine highlights, that is particularly interesting.

There’s one specific section that should give researchers pause for thought when considering the ethical implications of university collaboration with the surveillance agency. The book clearly states that the right to privacy can also be violated for the “economic well-being (emphasis added) of the country…” GCHQ typically defends its surveillance on grounds of national security, a wide criterion in itself. But with the addition of ‘economic well-being’, many more people, groups, institutions and nation-states, could – and have – become potential surveillance targets. Think trade unionists, consumer boycotts, environmental activists and many more. This undoubtedly raises a whole raft of concerning legal and ethical questions.

Photo: mattwi1s0n (Flickr/CC BY 2.0)

An ongoing partnership

Judging by the contents of the document, it appears that HIMR’s contribution to meta-data analysis wasn’t intended to be a one off; whether further research in this area was actually conducted isn’t clear. But as spelt out in the introduction, “the idea to more permanently expand HIMR research beyond pure maths and into data mining was born.” Data mining, the process of identifying patterns and information in these large data sets, is vital for being able to make sense of the mass communications and online data being swept up by GCHQ and its international counterparts. As far as back as 2011, HIMR was clearly not just engaged in theoretical mathematical research, but in active computer science collaboration with GCHQ on controversial programs.

The Cable asked the HIMR what measures it had in place, if any, to ensure that research and work conducted by its staff and researchers in partnership with GCHQ and industry partners, was not used in a manner that may undermine or breach human rights. HIMR refused the Cable’s request for comment, referring us to the university press office, which subsequently directed us to GCHQ. We didn’t bother contacting them.

Beyond the Heilbronn Institute, the Department of Computer Science, in particular the Cryptography Research Group, has links to GCHQ, or more specifically the National Cyber Security Centre.

Back in 2012, Bristol University was awarded the status of Academic Centre of Excellence in Cyber Security Research by GCHQ. There are now 13 Universities in the UK that have been recognised as ACEs-CSR. The National Cyber Security Centre, a new arm of GCHQ dedicated to defensive cyber security has now taken responsibility for the ACE-CSR program.

A 2012 Bristol university press release which announced the status explained, “the University will work more closely with the Government Communications Headquarters (GCHQ), the UK cyber community and industry. A Bristol University ACE-CSR PowerPoint presentation from the same year, also refers to a “roughly £5 million research portfolio” from various funding streams, including DARPA, an agency of the U.S. Department of Defense responsible for developing technologies for military use.

The Cryptography Group works on defensive cyber security research, and is a key part of the ACE-CSR. However, Nigel Smart, professor of Cryptology at Bristol University, told the Cable “we do not work on projects for GCHQ” adding, “there are no academics who do active research with GCHQ. We have some students who are sponsored by GCHQ.”

The Cryptography Group’s Industrial Advisory Board, which according to its website discusses the research portfolio and directions of the group, also includes an anonymous GCHQ representative. Speaking on the condition of anonymity, one person told the Cable that “some researchers from the Cryptography Group visit GCHQ on away days from time to time.”

“Personally I wouldn’t touch this sort of deal with the proverbial barge-pole” says Ross Anderson, Professor of Security Engineering at the Computer Laboratory, University of Cambridge. The university was recognised as an ACE-CSR in 2013, but its application was initially rejected on the grounds of Anderson’s refusal to participate says the professor. “The spooks’ selection committee complained that this showed Cambridge wasn’t a coherent group. Someone then took them aside and explained that a university isn’t like a regiment; you don’t have a chain of command.”

“My counterpart at Bristol, Nigel Smart did sign up for an ACE/CSR” says Anderson, “but to his credit protested strongly when the Snowden revelations showed that GCHQ had been messing around for years with security standards, helping the NSA to make them weaker.” Smart co-signed an open letter in 2013 calling on all “relevant parties to reveal what systems have been weakened so that they can be repaired.” The fact that GCHQ had been weakening cryptographic standards and installing back doors – a defect or hidden feature which enables unauthorised access – was obvious says Anderson, even before the NSA leaks.

That GCHQ is a major employer of mathematicians in the UK and has its tentacles in academia, similarly to other controversial industries, is old news to those in the world of mathematics. Indeed, the National Security Agency (NSA) – GCHQ’s US counterpart – is reported to be the largest employer of mathematicians in the world.

Tom Leinster, a mathematician based at the University of Edinburgh, told the Cable that many in the field are “highly uncomfortable with some of GCHQ’s activities.” Adding that “Heads of department should understand that cooperation with Heilbronn/GCHQ is a controversial choice, and encourage open discussion.”

There are undoubtedly those within the academic community who don’t find surveillance problematic, or have chosen to engage with GCHQ (or the NCSC) in specific areas, such as cyber-defence, on the basis that they are contributing to greater security. But can the definition between offensive and defensive security research be so simply drawn? Clearly in order to attack or intercept, weaknesses must be identified.

“GCHQ’s attempts to capture and control university research on security are annoying, but largely ineffective”. Anderson instead refers to a much wider problem, whereby ministers try to control the research budget for short-term political benefit, with research money ending up being used as an industrial subsidy and/ or wasted on ineffective projects.

Regardless of the effectiveness of these initiatives, there are serious ethical and legal questions, which should inform academic partnerships. “In fields such as medicine and psychology, ethical approval is a routine part of any project” says Leinster. While the HIMR in 2011 stated that GCHQ complies with UK law, a recent ruling by the European Court of Human Rights concluded that GCHQ’s indiscriminate retention of everyone’s metadata is unlawful.

Statements like ‘we pull everything we see” – as stated in the HIMR document, should not only concern those interested in the protection of civil liberties, but also our universities which are adverse to public relations damage. Ethical considerations, says Leinster, should be applied by mathematics and computer science departments “before they approve collaborations with a powerful and secretive organization such as GCHQ.”


For insightful analyses into the specifics of the HIMR “Data Mining Research Problem Book”, read these articles by BoingBoing, Arts Technia and George Danezis.



Join 2,500 Cable members redefining local media

Your support will help the Cable grow, deepening our connections in the city and investigating the issues that matter most in our communities.

Join now

What makes us different?

Comments

Post a comment

Mark if this comment is from the author of the article

By posting a comment you agree to our Comment Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related content

‘Academic and support staff are suffering – it’s time for universities to dip into their rainy day funds’

University of Bristol staff deserve a pay rise after years of real-terms cuts, so why won’t it lift salaries? Recent growth is unsustainable, and investing in pay could help not just workers but local businesses and the city.

Bristol student who took her own life had mental health disorder ignored, judge rules

Natasha Abrahart’s parents argued that her university failed to make allowances for her social anxiety disorder.

‘Simply inconceivable’ university didn’t owe duty of care to student with severe social anxiety, court told

Natasha Abrahart, a physics undergraduate at the University of Bristol, took her own life the day before she was due to give a presentation.

The clinical psychologist specialising in sexual assault: ‘I’ve not had any clients with positive experiences of reporting’

With sexual violence under the spotlight again at Bristol University, a psychologist with clients who are survivors of assault speaks out.

Bristol Uni staff strike again to protect their pensions, pay and conditions

Despite the disruption to their degrees over the last 18 months, some students are backing their lecturers’ action even if it means more missed learning.

Research by University of Bristol Students’ Union reveals half of respondents have experienced sexual harassment

Survey findings released today put the thorny issue of consent back under the spotlight at the University of Bristol.

Join our newsletter

Get the essential stories you won’t find anywhere else

Subscribe to the Cable newsletter to get our weekly round-up direct to your inbox every Saturday

Join our newsletter

Subscribe to the Cable newsletter

Get our latest stories & essential Bristol news
sent to your inbox every Saturday morning