This GCHQ document from March 2010 presents a checklist of factors analysts should consider before going ahead with an operation to infiltrate a communications network, by physical or other means. Among the concerns raised is the risk that British actions may enable US authorities to conduct operations “which we would not consider permissible”: see the Boing Boing article Doxxing Sherlock, 2 February 2016.
This undated page from GCHQ’s internal GCWiki describes the agency’s audit procedure to document compliance with the UK Human Rights Act: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
This undated GCHQ presentation includes, in its speakers notes, the statements that “We have a light oversight regime compared to [the] US” and “judicial oversight… [is] the main issue for us”: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
This GCHQ document from November 2008 provides a guide to the legal authorisations required for different forms of agency activity: see the Intercept article Spies Hacked Computers Thanks to Sweeping Secret Warrants, Aggressively Stretching U.K. Law, 22 June 2015.
This page from GCHQ’s internal GCWIki, last modified on 25 June 2012, enumerates open-source data sets that are available in various agency databases: see the Intercept article Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise, 4 February 2015.
This page from GCHQ’s internal GCWiki, last edited in May 2012, provides background information on the agency’s “internet buffer business capability”: see the Der Spiegel article The NSA in Germany: Snowden’s Documents Available for Download, 18 June 2014.