What A Spy Agency Actually Does

What A Spy Agency Actually Does


You’ve heard of MI5 and MI6. Now, after a century in the shadows, the ultra-secretive Government Communications Headquarters (GCHQ) is emerging into the light. To mark its centenary, John Ferris has just written the first official history of the spy agency, spanning its beginnings in the aftermath of WW1, through the WW2 triumphs of Bletchley Park and into the modern era of cyberintelligence. SLMan tapped him on the shoulder to ask him why GCHQ is the best in the world at what it does and why, behind the scenes, Britain really does have a ‘special relationship’ with the US…

Given the government didn’t even officially acknowledge the existence of GCHQ until fairly recently, we better start with the basics, John… What exactly is GCHQ?
It’s Britain’s cyberintelligence agency, which means it collects foreign communications. These days those communications are primarily but not exclusively via the internet. It does two main things with those communications: a majority of what it does is traffic analysis, which looks at the exterior features of the communications to see who is communicating with who; and it also does code-breaking cryptanalysis to try and get to the content of a message.

And it’s been around for a century or so?
Yes. Signals intelligence (sigint) emerged in the first month of World War 1. Countries had the ability to intercept and code-break radio communications before then and do the traffic analysis, but they didn’t have the need. When war breaks out, almost immediately everybody starts doing it. It makes the Blockade of Germany possible for the Royal Navy and it helps the Army too. Other powers were doing it too, but in some ways the British were better.

What happened after that?
The British realised how valuable the intelligence was and dedicated a permanent organisation to it. I’d say they’ve been at the top table of sigint pretty much ever since. Perhaps they slipped a bit compared to the Americans in the 80s, but today the British are one of the very top-drawer cyberintelligence powers.

GCHQ made the front page of the Times on Monday for its work countering the threat of Russian disinformation about vaccines. Why is the agency starting to open up about what it does?
Five years ago, you wouldn’t have seen that. In fact, GCHQ would have been embarrassed to be in the news. The British government has always regarded keeping the existence of code-breaking capabilities a secret as much more important than keeping its spies or security forces a secret. The idea was the less people know about you, or the less good they think you are, the less likely they are to build strong defences against you. There was also just an institutionalised cult of secrecy: people came to believe you should be secret and anyone talking about you was a bad thing.

In the 80s the government admitted the existence of a sigint agency, but still tried to keep as much quiet as it could. Things have changed in the last eight years or so. Edward Snowden’s leaks from America’s National Security Agency revealed a lot about what Britain was doing. They also frightened GCHQ insofar as they showed how bad what they did could look inadvertently. GCHQ wasn’t doing anything illegal, but nevertheless it was worried it would look very bad, so it opened up a bit.

At the same time, modern cyberintelligence has changed. In the Cold War, it was state versus state – Britain would go after the Soviet Union and vice versa. For the last 20 years, it’s been British society and state going after Russian society and state. There are a lot of non-governmental actors with sigint capabilities, like cybercriminals. Suddenly a state agency couldn’t protect its people unless they knew what it was doing. There’s now a branch of GCHQ, the National Cyber Security Centre (NCSC), dedicated to protecting Britain’s cyber-borders and it’s partly open, partly secret. The heads of GCHQ and the NCSC are actually talking in public more often than the heads of many other civil and military organisations. That’s still very disconcerting for lots of people in GCHQ.


"GCHQ can hold billions of email or Skype communications ... working from IP addresses, it can conduct traffic analysis and check them against the IP addresses of, say, a list of 2,000 terrorism suspects."

Who are the people in GCHQ and what do they do?
They are civil servants and military personnel, as they have been from the very beginning. GCHQ started with officers, enlisted men and civil servants. Unlike at MI5 or MI6, those personnel show up in normal government listings. At GCHQ, none of them do exactly the same thing, but what they all have in common is analysis. In the early days, the evidence they’d collect would come from high-frequency radio transmissions, so you’d have lots of guys with headphones hunched forward and listening in. Nowadays that’s all done automatically by computers – as well as the internet, they monitor satellite communications and fibre optics.

GCHQ can hold billions of email or Skype communications, but only for a few days. GCHQ doesn’t know who sent the messages but, working from IP addresses, it can conduct traffic analysis and check them against the IP addresses of, say, a list of 2,000 terrorism suspects. What they’re also trying to do is look for something they don’t know is there. Searching for the unknown unknown, or even the known unknown, is a very difficult thing to do and it’s something GCHQ is good on.

Is that all a bit intrusive?
GCHQ gets only an infinitesimal proportion of all the communications that are out there. I quote a senior official in the book: if all the world’s communications are the size of a billiards table, GCHQ can intercept a beer mat’s worth of them, and it can actually touch a full stop’s worth. But, if you are collecting foreign communications, it’s unavoidable that – without intending to – you’ll get some Brit-to-Brit communications. In almost all cases, GCHQ doesn’t want those communications and will walk away from them. It tries to minimise the intrusiveness of its actions, and this is one of the reasons why it is trying to be more open, but if you don’t do what GCHQ does, you lose a lot of intelligence – and I guarantee if you stop doing it, the Russians and the Chinese are not going reciprocate. In Britain and the US though, there are effective oversight procedures in place and we should be glad they are there.

So who’s winning at the moment – the codemakers or the codebreakers
Very good question. It’s fluctuated over time. I’d say the codemakers were leading during the Cold War – unless they were foolish enough to buy crappy systems – because we had very little success solving high-grade communications and there’s no reason to think the other side had success against us, unless there was a specific flaw like the Walker Whitworth spy ring, which was selling US cryptosystems to the Soviets, so American naval communications were hopelessly compromised for about 15 years. Since the late 90s, though, I’d say the codebreakers are in the lead. I’ve not seen any classified material on this, but just from what’s been leaked into the public domain, I’ve been astonished by the level of success we have had against the high-grade communications of middle-degree powers including the Russians.

"Britain’s got a worldwide intelligence-gathering capability and that’s something only the US and China shares."

Tell us about the Five Eyes…
Since the 40s and the UKUSA Agreement, Britain has been joined with America, Canada, Australia and New Zealand in an intelligence alliance known as the Five Eyes, whose main concerns are now the Russians and the Chinese. Without any classified knowledge here, I’d say the British seem to specialise more on the Russians while the Americans are focused on China. We’ve done fairly well against both of them, though they’ve picked up a lot of mid-range stuff against us too – it’s almost impossible to judge who’s winning until you have access to documents from both sides.

The Five Eyes also does things against neutrals, which can prompt a lot of people to raise their hands in horror and ask why you would read the communications of your friends. I would say, you read those communications because you negotiate with your friends more often than you do with your enemies. It’s clear from open sources that Britain has gone after western European communications quite successfully for a very long time and vice versa (but perhaps with less success for the Europeans). The Five Eyes is the only organisation in the world that does not attack each other’s communications. It also shares as much as it can with each other.

So Britain really does have a special relationship with America?
In sigint, they work very closely together. In fact, you often can’t easily tell where GCHQ stops and the Americans begin. There are areas where one is better than the other, so they will say you take care of this for all of us, and we’ll look after something else. It’s a very unusual setup. Essentially, the Americans trust British sigint to know things the Americans won’t even tell anybody else in their own government – and vice versa. Each side is assuming they can trust the other more than they can trust their fellow nationals. It’s been that way ever since 1945 and this is the core of the special relationship.

And that will continue to be the case?
Well, throughout the Cold War, Britain was the United States’ number one ally. At the end of the Cold War, Britain really was at the very upper edge of second-class powers, but it’s not there right now. Today, the only world-leading component of British state security and defence is GCHQ. If UKUSA ended tomorrow, the Americans would suffer. They’d have to massivelly increase their spending to make up for what they’d lose from Britain. Britain itself would probably simply abandon a lot of things it currently gets material on because it doesn’t have the resource. That’s why, in sigint, the special relationship remains very powerful. But that’s not to say the Five Eyes will go on forever. If Donald Trump stayed in the presidency and continued to be a bull in a china shop, who knows what would happen?

Why is GCHQ so good?
First, because it has always been one of the government’s highest strategic priorities. Even since the end of the Cold War, spending on GCHQ has risen dramatically compared to defence spending. Second, British codebreakers – which today means crypto mathematicians – are extremely good and have a long tradition of being top rank. Lastly, Britain’s got a worldwide intelligence-gathering capability and that’s something only the US and China shares.

Finally, John, one of the reasons many people will know GCHQ is because of the codebreaking work at Bletchley Park during World War 2. Does The Imitation Game accurately reflect what actually went on?
Let me say first that Benedict Cumberbatch is a brilliant Alan Turing. However, the movie itself has many flaws. Instead, the best book I’ve read on Bletchley is Alan Hodges’s biography of Turing, which is astounding given it came out in 1980. Michael Smith has written some great popular histories, and Bletchley Park itself is an amazing place to visit. It’s very rare to see an organisation confronting difficult problems and making high-grade choices every time. The mere fact the operation succeeded is astonishing, but its legacy is very important too. Turing conceptualises the idea of the computer in 1935; by 1944 the British are building one to attack the Germans. This is the place where computers emerge in the world.


Behind the Enigma: The Authorised History of GCHQ by John Ferris is available to buy here.

DISCLAIMER: We endeavour to always credit the correct original source of every image we use. If you think a credit may be incorrect, please contact us at [email protected].