This presentation from NTAC, part of GCHQ, dated 22 June 2010 provides an introduction to the work of the centre: see the Intercept article Facing Data Deluge, Secret U.K. Spying Report Warned of Intelligence Failure, 7 June 2016.
This presentation from June 2010, presented at the SIGDEV conference of that year, describes an approach to exploiting medical supplies in order to track down Osama bin Laden: see the Intercept article The NSA Plan to Find Bin Laden by Hiding Tracking Devices in Medical Supplies, 21 May 2015.
This GCHQ document from March 2010 presents a checklist of factors analysts should consider before going ahead with an operation to infiltrate a communications network, by physical or other means. Among the concerns raised is the risk that British actions may enable US authorities to conduct operations “which we would not consider permissible”: see the Boing Boing article Doxxing Sherlock, 2 February 2016.
This GCHQ research paper from 6 November 2009 outlines what kinds of data the agency can extract from internet radio stations and their listenership, grouped by country: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
This GCHQ document, last updated on 23 July 2008, provides information about the agency’s systems for detecting network threats and authorisation procedures: see the Intercept article Spies Hacked Computers Thanks to Sweeping Secret Warrants, Aggressively Stretching U.K. Law, 22 June 2015.