Government Communications Headquarters

Government Communications HQ

GCHQ.gov.uk

GCHQ is an executive agency of HM Government, providing signals intelligence (SIGINT) and information assurance to the UK's govt and armed forces.^[1]

GCHQ's priorities are set by the UK’s National Security Strategy and the decisions of the National Security Council, chaired by the Prime Minister, as well as the Joint Intelligence Committee.^[2]

intelligence and security organisation

Coordination and prioritisation of our work is the responsibility of central government. The National Security Council provides strategic management of intelligence policy and the govt's international Security Agenda. The Joint Intelligence Committee assesses raw intelligence gathered by the agencies and presents it to ministers to enable effective policy-making.

GCHQ is the responsibility of the country's Secretary of State for Foreign and Commonwealth Affairs, and its Director ranks as a Permanent Secretary. Based in "The Doughnut" in the suburbs of Cheltenham.

Accountability

GCHQ is a Civil Service Department under the Ministerial responsibility of the Secretary of State for Foreign & Commonwealth Affairs, to whom GCHQ's Director is responsible for all aspects of its work. It is subject to scrutiny from Parliament, two senior judges and the Investigatory Powers Tribunal on the legality, necessity and proportionality of our work.^[1]

GCHQ has two main components, plus a 3rd smaller department:

1. CSO: the Composite Signals Organisation is responsible for gathering information;
2. NCSC: the National Cyber Security Centre is responsible for securing the UK's own communications.
3. JTLS: The Joint Technical Language Service is a small department and cross-govt resource responsible for mainly technical language support and translation and interpreting services across government departments. It is co-located with GCHQ for administrative purposes.

The majority share of the £2.48bn budget for Britain’s intelligence services is taken by GCHQ, which has twice the number of personnel of the other major security services, MI5 and MI6, combined.ref

National Cyber Security Centre

The NCSC provides advice and support for the public and private sectors in how to avoid computer security threats. Based in London, it became operational in Oct.2016.^[3]

Cyber Schools Hub

The Cyber Schools Hub (CSH) programme, also known as CyberFirst. GCHQ runs the CSH programme through one of its arms, the National Cyber Security Centre, which opened in 2016.ref The CSH program is GCHQ's attempt to cultivate the next generation of cyber-competent spies and expand into Britain’s educational system.ref Requests for information on what the program is promoting were refused, citing "a national security ‘exemption’".ref ncsc.gov.uk CSH provides equipment to USA corporation Lockheed Martin, the world’s largest arms company, to incentivise it to enter schools. Other arms companies involved include giant USA corporations Northrop Grumman and Raytheon, which manufactures arms for use in Yemen and Iraq. BAE Systems, meanwhile, with the support of the govt, plays a key role in sustaining the Saudi war in Yemen.^[4]

CISSE UK

A principle activity of CISSE UK, is to advocate a “pipeline” of outreach, communication and collaboration between cyber educators from all education key stages.ref

Articles

• Jan.04.2018: A former hacktivist reveals how a UK spy agency is actively subverting democracy. LulzSec, Mustafa Al-Bassam, Joint Threat Research Intelligence Group (JTRIG) an arm of Government Communications HQ (GCHQ). Tom Coburg, The Canary.

• Oct.17.2017: UK intelligence agencies ‘unlawfully’ sharing sensitive personal data, court hears. A secret court will decide whether Intelligence agencies are “unlawfully” sharing huge datasets containing sensitive information about the population with industry, govt departments and overseas intelligence services. Britain’s intelligence agencies are sharing highly sensitive data about the population with foreign intelligence services, industry and other UK govt agencies, without adequate protections in place, the UK’s most secret court will hear this week. Privacy International will argue in a hearing at the Investigatory Powers Tribunal (IPT) that intelligence services are sharing huge datasets about largely innocent people with third parties without sufficient controls on how the data will be used. UK intelligence agencies hold a bulk database containing the records of potentially millions of people’s social media use. Intelligence watchdog the Investigatory Powers Commissioner’s Office (IPCO), has raised particular concerns about a lack of safeguards in place to prevent the misuse of systems by private contractors, who are given “administrator” access to the information collected by UK intelligence agencies. Linkback: Data privacy. Bill Goodwin, Julia Gregory, Computer Weekly. See also International Business Times, The Guardian.

• Jul.24.2015: MPs can no longer remain exempt from surveillance, lawyers concede. The 50-year-old political convention that the UK’s intelligence agencies will not intercept the communications of MPs and members of the Lords cannot survive in an age of bulk interception, govt lawyers have conceded. The so-called Wilson doctrine “simply cannot work sensibly” when bulk interception is taking place. The tribunal has already heard that GCHQ changed its guidelines in March, when it decided not to apply the convention to members of the devolved parliaments in Scotland, Wales and Northern Ireland, and members of the European parliament. That revelation has caused fury among members of those institutions. The complaint at the IPT is being brought by the Green party parliamentarians Caroline Lucas and Lady Jones, and the former Respect MP, George Galloway, who argue that their communications must have been intercepted by the sort of programmes exposed by the CIA whistleblower Edward Snowden. James Eadie QC conceded that this may have happened under bulk interception operations authorised under the Regulation of Investigatory Powers Act (Ripa), but said “there is so much data flowing along the pipe” that it is not examined at the point of interception. the IPT has heard that MI5, MI6 and GCHQ were all operating their own internal policies that did not require them to inform the prime minister when parliamentarians’ communications were captured. Those policies were said to have been rewritten after Lucas and Jones launched their legal challenge last year. At this point, GCHQ – which had interpreted the doctrine as applying to the devolved assemblies and parliaments of Scotland, Northern Ireland and Wales – concluded that it applied only to Westminster. Matthew Rice, advocacy officer at Privacy International, one of a number of campaign groups that challenged the legality of GCHQ’s mass surveillance programme Prism at the IPT, said: “The Wilson doctrine is a vitally important convention that helps to maintain the democratic legitimacy of our govt and protects them from being undermined. Linkback: Data privacy. Ian Cobain, Jamie Grierson, The Guardian. See related articles on this page.

• Mar.20.2015: A simple guide to GCHQ's hacking powers. James Temperton, Wired.

• Aug.02.2011: NHS Pulls the Plug on its £11bn IT System (IT Disasters). The Scope 2 project was designed to allow the secure sharing of sensitive intelligence data between relevant govt departments and officials abroad. It was cancelled after reports of technological problems and escalating costs in Jul.2009. Dept: Cabinet Office. Cost: £24.4m. Oliver Wright, The Independent.

Timelines

• Oct.2016: NCSC: the National Cyber Security Centre: absorbed and replaced CESG, the Centre for Cyber Assessment (CCA), Computer Emergency Response Team UK (CERT UK) and the cyber-related responsibilities of the Centre for the Protection of National Infrastructure (CPNI).^[5]
• Apr.2016: CSOC: Cyber Security Operations Centre: the Ministry of Defence announced the establishment of CSOC "to protect the MOD's cyberspace from malicious actors", with a budget of ~£40m, to contribute to the NCSC's work. It is located at MoD Corsham.^[6][7]
• 2013: Edward Snowden, a former National Security Agency contractor, revealed that GCHQ was in the process of collecting all online and telephone data in the UK via the Tempora programme.^[8]
• 1983: GCHQ's intelligence function was publicly avowed, and GCHQ was put on a statutory basis. '(Intelligence Services Act 1994)
• Oct.1969: CESG: Communications-Electronic Security Group CESD was re-integrated with GCHQ and, moved to Cheltenham during 1977. It became GCHQ's information security arm.
• Apr.1965: CESD: Communications-Electronic Security Department: some units of the Ministry of Defence and the General Post Office transferred to LCSA, which was reorganised and renamed.
• Mar.1954: LCSA: London Communications Security Agency: the security side of GCHQ was established as a separate organisation. The word '-Electronics' was added to its title in 1958.
• 1953: GCHQ moved to two sites on the outskirts of Cheltenham, where it continues to be based.
• Apr.1946: GCHQ: Government Communications Headquarters was formed as the post-War successor of GC&CS, and moved from Bletchley Park to Eastcote, Middlesex.^[9]
• 1938: 'C' purchased the Edwardian mansion at Bletchley Park in Buckinghamshire as a wartime evacuation site for GC&CS, which moved there in Aug.1939.
• 1922: GC&CS's administration was taken over by the Foreign Office, within which it was subordinated to 'C', the head of the War Office (later the Secret Intelligence Service).^[9]
• Oct.1919: GC&CS: Government Code and Cypher School was established after World War I, to jointly carry on the work of the NID25 and MO5b bureaux. its overt task was providing security advice. The Admiralty was responsible for administration, on behalf of the govt.^[9]
• WWI: The Admiralty and the War Office operated interception and cryptanalytic bureaux (respectively NID25, popularly known as 'Room 40' (derived from its location in Room 40 Old Admiralty Building) and MO5b, later MI1b.^[9]

References