"The Americans will not use Canadians to collect data on U.S. persons, nor will any of the other Five Eyes countries," Skillicorn says.
"In fact, in practice, it’s as if the five countries’ citizens were one large, collective group, and their mutual communications are not intercepted by any in the Five Eyes community."
Britain and the US are the main two partners in the 'Five-Eyes' intelligence-sharing alliance, which also includes Australia, New Zealand and Canada. Until now, it had been generally understood that the citizens of each country were protected from surveillance by any of the others.
But the Snowden material reveals that:
• In 2007, the rules were changed to allow the NSA to analyse and retain any British citizens' mobile phone and fax numbers, emails and IP addresses swept up by its dragnet. Previously, this data had been stripped out of NSA databases – "minimized", in intelligence agency parlance – under rules agreed between the two countries.
• These communications were "incidentally collected" by the NSA, meaning the individuals were not the initial targets of surveillance operations and therefore were not suspected of wrongdoing.
• The NSA has been using the UK data to conduct so-called "pattern of life" or "contact-chaining" analyses, under which the agency can look up to three "hops" away from a target of interest – examining the communications of a friend of a friend of a friend. Guardian analysis suggests three hops for a typical Facebook user could pull the data of more than 5 million people into the dragnet.
• A separate draft memo, marked top-secret and dated from 2005, reveals a proposed NSA procedure for spying on the citizens of the UK and other Five-Eyes nations, even where the partner government has explicitly denied the US permission to do so. The memo makes clear that partner countries must not be informed about this surveillance, or even the procedure itself.