20 Nov 2014

Spy cable revealed: how telecoms firm worked with GCHQ

One of the UK’s largest communications firms had a leading role in creating the surveillance system exposed by Edward Snowden, it can be revealed.

Cable and Wireless even went as far as providing traffic from a rival foreign communications company, handing information sent by millions of internet users worldwide over to spies.

The firm, which was bought by Vodafone in July 2012, was part of a programme called Mastering the Internet, under which British spies used private companies to help them gather and store swathes of internet traffic; a quarter of which passes through the UK. Top secret documents leaked by the whistleblower Edward Snowden and seen by Channel 4 News show that GCHQ developed what it called “partnerships” with private companies under codenames. Cable and Wireless was called Gerontic.

A company such as Vodafone, which has responsibility for so many customers, has to take a clear stand against these data grabs German Green Party MP

Under the moniker, the company carried out tests on equipment used to carry out the surveillance, it came up with suggestions on how the spies could go about tapping its network, and even had a GCHQ employee working full-time within the company.

And a 2011 document reveals that Cable and Wireless went further. The company rented space on a cable owned by Indian telecoms company Reliance Communications that stretched from Asia across the Middle East and landed in Porthcurno in Cornwall. Reliance’s transatlantic cable lands in Sennen Cove six miles to the north. And the two cables come together at nearby Skewjack Farm. Documents show that in 2011, this allowed Britain’s spies to access all traffic from Reliance’s main cable and send it to the GCHQ base up the coast in Bude.

The Channel 4 News report was a joint investigation with the German broadcaster WDR and the Suddeutsche Zeitung newspaper 

Surveillance

Top secret documents from GCHQ show it was this access point, codenamed Nigella and run by Cable and Wireless, that allowed Britain’s spies to gather the private communications of millions of internet users worldwide.

Channel 4 News has been unable to establish whether Reliance Communications was served with a warrant to authorise this and the company has not responded to our calls. Either way, from having no access to the cable at all, GCHQ planned to take in a trillion gigabytes of data per second.

The documents show an increasingly close relationship between the spy agency and Cable and Wireless, which has been operating submarine cables from the UK for more than a century. From 2008 until at least 2010, Cable and Wireless held regular meetings with GCHQ and was paid tens of millions of pounds to establish surveillance on web traffic as it flowed through its networks. At one point, the Mastering the Internet programme was costing £1m per month.

Cable and Wireless was bought by Vodafone in a billion-pound takeover. Documents seen by this programme appear to show that the Nigella access point was still feeding GCHQ’s interception programmes as late as April 2013 – long after Vodafone’s takeover had been completed. And GCHQ’s partner company was still codenamed Gerontic.

‘Consequences’

Vodafone insists GCHQ was never given direct access to its network and that any interception could only take place with a warrant. It also said GCHQ can only access the customer data of other telecoms companies if it serves them with a warrant too.

The damage has not only affected private citizens. In Germany, a key market where Vodafone has 30 million customers, has already been rocked after the Snowden documents showed that Chancellor Angela Merkel’s phone was intercepted. And now, leaked documents from government cyber security experts have singled out Vodafone uniquely for criticism, questioning its ability to protect officials’ data. Some politicians are now calling for Vodafone’s contract with the German government to be pulled.

German Green Party MP Florian Konstantin von Notz said: “the consequences would be to immediately suspend the contract, or cancel it. I believe cancellation is possible and legal. A company such as Vodafone, which has responsibility for so many customers, has to take a clear stand against these data grabs.”

A Vodafone spokesman said: “the law in Germany governing all these areas of privacy and data protection are essentially the same as the laws in the UK. What we have in the UK is a system based on warrants, where we receive a lawful instruction from an agency or authority to allow them to have access to communications data on our network. We have to comply with that warrant and we do and there are processes for us to do that which we’re not allowed to talk about because the law constrains us from revealing these things. We don’t go beyond what the law requires.

A GCHQ spokesman said: “it is longstanding policy that we do not comment on intelligence matters; Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight.”

In 2010 Cable & Wireless split to become Cable & Wireless Worldwide (CWW) and Cable & Wireless Communications (CWC). CWW was the part of the company later bought by Vodafone.

Henrik Moltke and Laura Poitras contributed to this story