With European governments seeking to expand their surveillance powers in the wake of the Paris terrorist attacks, it’s as good a time as any for another look at the spying documents leaked by Edward Snowden a year and a half ago. (They truly are the gift that keeps on giving.) On Monday, The Guardian used the Snowden materials to report that the GCHQ (the United Kingdom’s NSA counterpart) mass-gathered emails to and from journalists working at the BBC, Reuters, The Guardian, the New York Times, Le Monde, The Sun, NBC, and the Washington Post.
From The Guardian:
The journalists’ communications were among 70,000 emails harvested in the space of less than 10 minutes on one day in November 2008 by one of GCHQ’s numerous taps on the fibre-optic cables that make up the backbone of the internet.
The communications, which were sometimes simple mass-PR emails sent to dozens of journalists but also included correspondence between reporters and editors discussing stories, were retained by GCHQ and were available to all cleared staff on the agency intranet. There is nothing to indicate whether or not the journalists were intentionally targeted.
Regardless of whether the GCHQ specifically intended to grab those emails, the agency warned that “journalists and reporters representing all types of news media represent a potential threat to security.” “Of specific concern are ‘investigative journalists’ who specialise in defence-related exposés either for profit or what they deem to be of the public interest,” explained one document.
The GCHQ also assessed the threat posed by reporters alongside those of terrorists and hackers:
GCHQ information security assessments, meanwhile, routinely list journalists between “terrorism” and “hackers” as “influencing threat sources”, with one matrix scoring journalists as having a “capability” score of two out of five, and a “priority” of three out of five, scoring an overall “low” information security risk.
Terrorists, listed immediately above investigative journalists on the document, were given a much higher “capability” score of four out of five, but a lower “priority” of two. The matrix concluded terrorists were therefore a “moderate” information security risk.
At least someone still takes the press seriously.