SECRET reports leaked by US whistleblower Edward Snowden have revealed how UK mass surveillance of phone and internet activity was accessed by Scottish police forces.

The documents confirm that a little-known policing body called the Scottish Recording Centre (SRC) was given access to information logs that include millions of communications data, including phone activity, internet histories and social media behaviour on Facebook.

The confirmation that UK state spy agency GCHQ ran a specific programme, called “Milkwhite”, to share data with devolved policing and tax authorities is the first Snowden leak to directly implicate Scottish authorities in the controversial policy of bulk data collection.

American news site The Intercept, which has access to the Snowden files, explained Milkwhite gave “an obscure Scotland-based surveillance unit” access to “huge troves of meta-data” from UK state surveillance.

Metadata includes who a surveillance target is calling, emailing, what websites they visit, and, when location data is available, a person’s movements. The scale of secret surveillance caused global outrage over a lack of transparency, invasions of privacy and abuses of power when the first Snowden documents were released in 2013.

In 2007, UK spies drew up secret plans to snoop on the activities of “every visible user on the internet”. UK state lawyers admitted six years later that the number of people targeted was an “infinite list”. New leaked government reports claim that spies are gathering so much information that it risks harming effective security operations.

Now campaigners and politicians have questioned Scottish Police, the Scottish Government and UK authorities over how spying impacts on civil liberties and security activities in Scotland.

Richard Haley, chairman of human rights group Scotland Against Criminalising Communities, has said that the SRC raises “very serious questions”.

Haley asked: “The Scottish Recording Centre might be unknown to most of us, but the Scottish Government must be familiar with it because of its role in legally authorised interception. Did the Scottish Government know of its involvement in Milkwhite? If not, why not?

“And if they did, why didn’t they sound the alarm? And for that matter, what is the Scottish Recording Centre? A real set of offices and computers, or just an organisational concept?”

When asked what the SRC was, where it is based, and what activities it performs, a Scottish Government spokesperson said it was “an operational matter for the Police Service of Scotland”.

When the same questions were put to Police Scotland, a spokesperson replied: “Police Scotland does not discuss intelligence matters.”

However, the police confirmed that the SRC dealt with surveillance data for Scottish police forces. The current title, as of April 2013, for Police Scotland handling of internet and phone records passed from spy agencies is, according to the police, “The Police Service of Scotland”.


POLICE Scotland are one of nine agencies, alongside MI5, MI6, and GCHQ, that are accountable to the Interception of Communications Commissioner’s Office (IOCCO), for the interception of information on security or policing grounds.

The chief constable of Police Scotland has powers under section six of the Regulation of Investigatory Powers Act (RIPA) 2000 to apply for interception warrants. The Cabinet Secretary for Justice, currently Michael Matheson MSP, has the “main burden” of authorising or declining warrant requests.

In one controversy, The Sunday Herald revealed that Police Scotland’s Counter Corruption Unit broke the law while spying on communications between journalists and their sources. Police Scotland has also been linked to controversies for implementing the UK Government’s counter-terrorism Prevent strategy, the deportation of asylum claimants and over the Pitchford inquiry into undercover officers targeting political activists.

Pol Clementsmith, criminal lawyer and a Scottish adviser to the Open Rights Group (ORG), which campaigns on digital rights and civil liberties, said: “ORG Scotland have some concerns about the SRC and Milkwhite projects, and the fact that we are only hearing about it now thanks to Edward Snowden suggests that we are potentially being exposed to intrusive and murky attacks on our personal and private information.

“Clear lines need to be drawn in the digital sand and this is why ORG would like to know exactly who is authorised to collect this private data belonging to Scottish citizens, how this data is being collected and who here in Scotland has access to it.

“ORG would like to see a Scottish Digital Watchdog put in place – which is solely accountable to the people of Scotland – and which operates independently of our overstretched police force.”

SRC-style surveillance represents only a small part of the spy system in Scotland. The Tory foreign, home and defence secretaries can also approve warrants by the intelligence services – which have been criticised for lacking proper judicial oversight.

Civil liberties advocacy group Liberty claims that the Milkwhite programme proves that the UK parliament has been misled over the use of surveillance information.

Last year, the Investigatory Powers Tribunal found that GCHQ carried out illegal surveillance operations.

Other GCHQ operations revealed in the Snowden leaks include “Tempora” (the mass gathering of communications data), “Muscular” (which included tapping the data centres of major IT networks), and “Stateroom” (using UK embassies to spy on nations across the world).

The security service is based at the £330 million Cheltenham base in a building called ‘The Doughnut’.

FRESH concerns over state snooping followed this week’s Westminster vote for the controversial Snoopers’ Charter, that seeks to give security services even more surveillance powers.

SNP MPs criticised the so-called Investigatory Powers Bill in parliament, which the party said was of “dubious legality”.

While there is uncertainty over how the powers are used in Scotland, there are numerous examples where UK security services have abused the powers for political ends.

This includes tracking the political activities of Labour MPs (including current leader Jeremy Corbyn), sweeping up the confidential emails of current MPs, spying on German government buildings and illegal interception of communications between Amnesty International and South African legal advisers.

In 2003, GCHQ whistleblower Katharine Gun leaked details of a UK-US plot to bug United Nations delegates’ discussions to help win crucial votes for the bloody war in Iraq.

Questions have been asked, including by the late Margo MacDonald, over whether UK security services target campaigners for Scottish independence.

Whistleblower Annie Machon said UK security services had active Glasgow and Dundee branches during her time with MI5 in the 1990s, and that they “would see that [the independence movement] as a direct threat to the integrity of the nation”.

Ex-SNP deputy leader Jim Sillars previously said the security services “would not be doing their jobs if they were not” monitoring independence campaigners.

When asked to comment on the Milkwhite programme, a spokesperson for GCHQ said: “It is long-standing policy that we do not comment on intelligence matters. Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures our activities are authorised, necessary and proportionate.”

Inquiries to GCHQ’s hotline are met with the message: “This call may be recorded for lawful purposes.”