LONDON (AP) — The U.K.'s electronic spy agency is legally allowed to track the online activities of millions of Britons who use U.S.-based platforms such as Facebook, Twitter and Google, Britain's top counterterrorism official has said.
In a witness statement made public Tuesday, Office for Security and Counterterrorism chief Charles Farr said data sent on those services is classed as "external" rather than "internal" communications because the companies' servers are based outside Britain.
Amnesty International said that amounted to "industrial-scale intrusion," but Farr said this did not amount to mass surveillance because the vast majority of messages intercepted in this way are not read.
The distinction between external and internal interactions is significant because Britain's electronic intelligence agency, GCHQ, has broad powers to intercept communications outside the country, but needs a warrant and suspicion of wrongdoing to monitor domestic Internet traffic.
A broad definition of what constitutes "external" communications expands the amount of data GCHQ can scoop up to include the daily activities of millions of British Internet users.
In the first public explanation of the rules used by Britain's cyber-spies, Farr said that emails sent between two people in Britain would usually be classed as internal even if they traveled by route outside the country. But Facebook and Twitter posts or searches on Google or YouTube that went to data centers outside the British Isles would fall under the external category.
Farr said data scooped up in this way "cannot be read, looked at or listened to" except in strictly limited circumstances. Rules exist to limit the way harvested data can be searched and how long it can be retained, but the full details of the regulations have never been made public.
"It is important to note the significant distinction between the act of interception itself, and a person actually reading, looking at or listening to intercepted material," Farr wrote.