GCHQ's methods for mass snooping on online communications violated the right to privacy and the regime for collection of data was not in accordance with the law, the grand chamber of the European court of human rights has ruled.
It also found the bulk
interception regime contained insufficient protections for confidential journalistic material but said the decision to operate a bulk interception regime did not of itself violate the European convention on human rights.
The chamber also concluded
that GCHQ's regime for sharing sensitive digital intelligence with foreign governments was not illegal.
The judgment is the culmination of a legal challenge to GCHQ's bulk interception of online communications begun in 2013 by Big Brother Watch and
others after Edward Snowden's whistleblowing revelations.
Three judges dissenting from the majority position quoted from Orwell in their statement:
There was of course no way of knowing whether you were being
watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they
wanted to. You have to live -- did live, from habit that became instinct -- in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinised.
Comment: ECHR's
Judgment on UK Govt's Mass Surveillance Program
Responding to the Judgment of the European Court of Human Rights (ECHR) on the UK's RIPA regime for bulk surveillance, Jim Killock, the Executive Director of the Open Rights Group and one of the organisations challenging the UK's activities before the
European Court of Human Rights, said:
The Court has recognised that Bulk Interception is an especially intrusive power, and that 'end-to-end safeguards' are needed to ensure abuse does not occur.
The court has show that the UK Government's legal framework was weak and inadequate when we took them to court with Big Brother Watch and Constanze Kurz in 2013.
The court has set out clear criteria for
assessing future bulk interception regimes, but we believe these will need to be developed into harder red lines in future judgments, if bulk interception is not to be abused.
As the court sets out, bulk interception powers are a
great power, secretive in nature, and hard to keep in check. We are far from confident that today's bulk interception is sufficiently safeguarded, while the technical capacities continue to deepen. GCHQ continues to share technology platforms and raw
data with the USA.
This judgment is an important step on a long journey.
GCHQ discusses the ethics of using AI and mass snooping to analyse people's internet use to detect both serious crime and no doubt political incorrectness
The UK snooping agency GCHQ has published a paper discussing the ethics of using AI for analysing internet posts. GCHQ note that the technology will be put at the heart of its operations.
The paper, Ethics of AI: Pioneering a New National Security
, comments on the technology as used to assist its analysts in spotting patterns hidden inside large - and fast growing - amounts of data. including:
trying to spot fake online messages used by other states spreading disinformation
mapping international networks engaged in human or drug trafficking
finding child sex abusers hiding their identities online
But it says it cannot predict human behaviour such as moving towards executing a terrorist attack.
GCHQ is now detailin how it will ensure it uses AI fairly and transparently, including:
an AI ethical code of practice
recruiting more diverse talent to help develop and govern its use
The BBC comments that this maybe a sign the agency wants to avoid a repeat of criticism people were unaware how it used data, following whistleblower Edward Snowden's revelations.
GCHQ reports that a growing number of states are using AI to
automate the production of false content to affect public debate, including "deepfake" video and audio. The technology can individually target and personalise this content or spread it through chatbots or by interfering with social-media
algorithms. But it could also help GCHQ detect and fact-check it and identify "troll farms" and botnet accounts.
GCHQ speaks of capabilities in terms of detecting child abuse, where functionalities include:
help analyse evidence of grooming in chat rooms
track the disguised identities of offenders across multiple accounts
discover hidden people and illegal services on the dark web
help police officers infiltrate rings of
offenders
filter content to prevent analysts from being unnecessarily exposed to disturbing imagery
and on trafficking:
mapping the international networks that enable trafficking - identifying individuals, accounts and transactions
"following the money" - analysing complex transactions, possibly revealing state sponsors or links to terrorist groups
bringing together different types of data - such as imagery and messaging - to track and predict where illegal cargos are being delivered
Now doubt these functionalities will also be used for more mundane reasons.
In response to today's judgment in the People's vs the Snooper's Charter case Megan Goulding, Liberty lawyer, said:
This disappointing judgment allows the government to continue to spy on every
one of us, violating our rights to privacy and free expression. We will challenge this judgment in the courts, and keep fighting for a targeted surveillance regime that respects our rights.
These bulk surveillance powers allow the
state to hoover up the messages, calls and web history of hordes of ordinary people who are not suspected of any wrong-doing.
The Court recognised the seriousness of MI5's unlawful handling of our data, which only emerged as a
result of this litigation. The security services have shown that they cannot be trusted to keep our data safe and respect our rights.
The UK's intelligence agencies are to significantly increase their use of large-scale data hacking after claiming that more targeted operations are being rendered obsolete by technology.
The move will see an expansion in what is known as the bulk
equipment interference (EI) regime -- the process by which GCHQ can target entire communication networks overseas in a bid to identify individuals who pose a threat to national security. [Note that the idea this is somehow only targeted at foreigners is
misleading. Five countries cooperate so that they can mutually target each others users to work round limits on snooping on one's own country].
A letter from the security minister, Ben Wallace, to the head of the intelligence and security
committee, Dominic Grieve, quietly filed in the House of Commons library last week, states:
Following a review of current operational and technical realities, GCHQ have ... determined that it will be necessary to
conduct a higher proportion of ongoing overseas focused operational activity using the bulk EI regime than was originally envisaged.
High Court judges have given the UK government six months to revise parts of its Investigatory Powers Act. The government has been given a deadline of 1 November this year to make the changes to its Snooper's Charter.
Rules governing the British
surveillance system must be changed quickly because they are incompatible with European laws, said the judges.
The court decision came out of legal action by human rights group Liberty. It started its legal challenge to the Act saying clauses that
allow personal data to be gathered and scrutinised violated citizens' basic rights to privacy.
The court did not agree that the Investigatory Powers Act called for a general and indiscriminate retention of data on individuals, as Liberty claimed.
However in late 2017, government ministers accepted that its Act did not align with European law which only allows data to be gathered and accessed for the purposes of tackling serious crime. By contrast, the UK law would see the data gathered and held
for more mundane purposes and without significant oversight.
One proposed change to tackle the problems was to create an Office for Communications Data Authorisations that would oversee requests to data from police and other organisations.
The government said it planned to revise the law by April 2019 but Friday's ruling means it now has only six months to complete the task.
Martha Spurrier, director of Liberty, said the powers to grab data in the Act put sensitive information at huge risk.
Javier Ruiz, policy director at the Open Rights Group which campaigns on digital issues, said:
We are disappointed the court decided to narrowly focus on access to records but did not challenge the general and indiscriminate retention of communications data.
The UK's mass digital surveillance regime preceding the snoopers charter has been found to be illegal by an appeals court.
The case was brought by the Labour deputy leader, Tom Watson in conjunction with Liberty, the human rights campaign group.
The three judges said Data Retention and Investigatory Powers Act 2014 (Dripa), which paved the way for the snooper's charter legislation, did not restrict the accessing of confidential personal phone and web browsing records to investigations of
serious crime, and allowed police and other public bodies to authorise their own access without adequate oversight. The judges said Dripa was inconsistent with EU law because of this lack of safeguards, including the absence of prior review by a court or
independent administrative authority.
Responding to the ruling, Watson said:
This legislation was flawed from the start. It was rushed through parliament just before recess without proper parliamentary scrutiny.
The government must now bring forward changes to the Investigatory Powers Act to ensure that hundreds of thousands of people, many of whom are innocent victims or witnesses to crime, are protected by a system of independent approval for access to
communications data. I'm proud to have played my part in safeguarding citizens' fundamental rights.
Martha Spurrier, the director of Liberty, said:
Yet again a UK court has ruled the government's
extreme mass surveillance regime unlawful. This judgement tells ministers in crystal clear terms that they are breaching the public's human rights. She said no politician was above the law. When will the government stop bartering with judges and start
drawing up a surveillance law that upholds our democratic freedoms?
Matthew Rice of the Open Rights Group responded:
Once again, another UK court has found another piece of Government surveillance
legislation to be unlawful. The Government needs to admit their legislation is flawed and make the necessary changes to the Investigatory Powers Act to protect the public's fundamental rights.
The Investigatory Powers Act carves a
gaping hole in the public's rights. Public bodies able to access data without proper oversight, and access to that data for reasons other than fighting serious crime. These practices must stop, the courts have now confirmed it. The ball is firmly in the
Government's court to set it right.
Open Rights Group has responded to Theresa May's post-election hints that she will continue with Conservative plans for Internet clampdowns.
Executive Director Jim Killock said:
To push on with these extreme
proposals for Internet clampdowns would appear to be a distraction from the current political situation and from effective measures against terror.
The Government already has extensive surveillance powers. Conservative proposals
for automated censorship of the Internet would see decisions about what British citizens can see online being placed in the hands of computer algorithms, with judgments ultimately made by private companies rather than courts. Home Office plans to force
companies to weaken the security of their communications products could put all of us at a greater risk of crime.
Both of these proposals could result in terrorists and extremists switching to platforms and services that are more
difficult for our law enforcement and intelligence agencies to monitor.
Given that the priority for all MPs is how the UK will negotiate Brexit, it will be especially hard to give the time and thought necessary to scrutinise these
proposals.
It could be tempting to push ahead in order to restore some of Theresa May's image as a tough leader. This should be resisted. With such a fragile majority, greater consensus will be needed to pass new laws.
We hope that this will mean our parliamentarians will reject reactionary policy-making and look for long-term, effective solutions that directly address the complex causes of terrorism.
The police, NHS and the tax man will now be able to hack into your phones and check your browsing history after the Snoopers' Charter was passed by Parliament last week.
The bill, officially called the Investigatory Powers Bill, forces
electronic data to be stored by internet providers for 12 months, which can be subsequently collected by law enforcement.
Now a blogger has created a list of all the people who will be able to request to view your internet history. And the
snoopers are...
Metropolitan police force
City of London police force
Police forces maintained under section 2 of the Police Act 1996
Police Service of Scotland
Police Service of Northern Ireland
British Transport Police
Ministry of Defence Police
Royal Navy Police
Royal Military Police
Royal Air Force Police
Security Service
Secret Intelligence Service
GCHQ
Ministry of Defence
Department of
Health
Home Office
Ministry of Justice
National Crime Agency
HM Revenue & Customs
Department for Transport
Department for Work and Pensions
NHS trusts and foundation trusts in England that
provide ambulance services
Common Services Agency for the Scottish Health Service
Competition and Markets Authority
Criminal Cases Review Commission
Department for Communities in Northern Ireland
Department
for the Economy in Northern Ireland
Department of Justice in Northern Ireland
Financial Conduct Authority
Fire and rescue authorities under the Fire and Rescue Services Act 2004
Food Standards Agency
Food
Standards Scotland
Gambling Commission
Gangmasters and Labour Abuse Authority
Health and Safety Executive
Independent Police Complaints Commissioner
Information Commissioner
NHS Business Services
Authority
Northern Ireland Ambulance Service Health and Social Care Trust
Northern Ireland Fire and Rescue Service Board
Northern Ireland Health and Social Care Regional Business Services Organisation
Office of
Communications
Office of the Police Ombudsman for Northern Ireland
Police Investigations and Review Commissioner
Scottish Ambulance Service Board
Scottish Criminal Cases Review Commission
Serious Fraud Office
Welsh Ambulance Services National Health Service Trust
The Investigatory Powers Bill is one step closer to becoming law after it was passed by the House of Lords yesterday.
Open Rights Group's Executive Director, Jim Killock, responded:
The UK is
one step closer to having one of the most extreme surveillance laws ever passed in a democracy.
Despite attempts by the Lib Dems and Greens to restrain these draconian powers, the Bill is still a threat to the British public's
right to privacy.
The IP Bill is a comprehensive surveillance law that was drafted after three inquiries highlighted flaws in existing legislation. However, the new Bill fails to restrain mass surveillance by the
police and security services and even extends their powers. Once passed, Internet Service Providers could be obliged to store their customers' web browsing history for a year. The police and government departments will have unprecedented powers to access
this data through a search engine that could be used for profiling. The Bill will also allow the security services to continue to collect communications data in bulk and could see Internet security weakened by allowing mass hacking.
The UK government has introduced an amendment to the Investigatory Powers Bill currently going through Parliament, to make ensure that data retention orders cannot require ISPs to collect and retain third party data. The Home Office had previously said
that they didn't need powers to force ISPs to collect third party data, but until now refused to provide guarantees in law.
Third party data is defined as communications data (sender, receiver, date, time etc) for messages sent within a website as
opposed to messages sent by more direct methods such as email. It is obviously a bit tricky for ISPs to try and decode what is going on within websites as messaging data formats are generally proprietary, and in the general case, simply not de-cypherable
by ISPs.
The Government will therefore snoop on messages sent, for example via Facebook, by demanding the communication details from Facebook themselves.
The Government is trying to pass a surveillance law that will give the Government, intelligence agencies and police the kind of powers you would expect in an authoritarian regime. The Investigatory Powers Bill will let the security services, police
and government departments snoop on our private communications and Internet use.
Data about your emails, phone calls, texts and Internet use will be hoovered up. Everything you do on the Internet and on your phone will be recorded
and stored for a year. This can be trawled through by Government supercomputers. The police and security services can hack your computer or phone.
You don't have to be suspected of a crime for any of these things to happen.
If the #IPBill is passed, the UK will have one of the most extreme surveillance laws in the world. We can't let this happen. Help us to fight the #IPBill.
