Secret UK Policy On Surveillance Of All 'External' Communications Revealed By Counter Terrorism Boss

from the not-an-active-intrusion dept

Back in December, we wrote about a case brought before the Investigatory Powers Tribunal (IPT) against the UK government over the spying carried out by GCHQ. We were worried that such a secretive but toothless oversight body would either simply throw out the case on some technicality, or issue a weak and useless judgment. But something remarkable has happened: as part of the official response, Charles Farr, the UK’s Director General of the Office for Security and Counter Terrorism, has made a 50-page statement that reveals a wealth of information about the UK’s surveillance activities for the first time (pdf). Here’s the key fact that has emerged, as described by Privacy International, one of the five rights organizations that has brought the case before the IPT:

Farr’s statement, published today by the rights organisations, is the first time the Government has openly commented on how it thinks it can use the UK’s vague surveillance legal framework to indiscriminately intercept communications through its mass interception programme, TEMPORA.

The secret policy outlined by Farr defines almost all communications via Facebook and other social networking sites, as well as webmail services Hotmail and Yahoo and web searches via Google, to be ‘external communications’ because they use web-based ‘platforms’ based in the US.

That distinction between “external” and “internal” communications is critical because of how the UK law governing surveillance, the Regulation of Investigatory Powers Act (RIPA), is framed:

‘Internal’ communications may only be intercepted under a warrant which relates to a specific individual or address. These warrants should only be granted where there is some suspicion of unlawful activity. However, an individual’s ‘external communications’ may be intercepted indiscriminately, even where there are no grounds to suspect any wrongdoing.

By defining the use of ‘platforms’ such as Facebook, Twitter and Google as ‘external communications’, British residents are being deprived of the essential safeguards that would otherwise be applied to their communications — simply because they are using services that are based outside the UK.

In other words, pretending that even a communication between UK citizens inside the UK is “external” purely because it takes place via a service run by a US company allows GCHQ to dispense with warrants and to ignore privacy safeguards for practically everything that UK citizens engage in online. It underlines why the UK laws governing surveillance need updating to reflect how such services are being used, in order to rein in this unchecked and thus disproportionate level of spying.

The statement from Farr is an important document, and is fascinating not least for the way it tries not to “confirm or deny” many of Snowden’s revelations. In particular, it spends several pages trying to justify the UK government’s continuing refusal to acknowledge the existence of GCHQ’s Tempora program that is under discussion in this IPT case — a pretty absurd position. Privacy International’s summary of what Farr does admit to is as follows:

GCHQ is intercepting all communications — emails, text messages, and communications sent via “platforms” such as Facebook and Google — before determining whether they fall into the “internal” or “external” categories

The Government considers almost all Facebook and other social media communications, and Google searches will always fall within the “external” category, even when such communications are between two people in the UK

Classifying communications as “external” allows the Government to search through, read, listen to and look at each of them. The only restriction on what they do with communications that they classify as “external” is that they cannot search through such communications using keywords or terms that mention a specific British person or residence.

Even though the Government is conducting mass surveillance — intercepting and scanning through all communications in order to work out whether they are internal or external — they consider that such interception “has less importance” than whether a person actually reads the communication, which is where the Government believes “the substantive interference with privacy arises”.

The Government believes that, even when privacy violations happen, it is not an “active intrusion” because the analyst reading or listening to an individual’s communication will inevitably forget about it anyway.

The release of this document shows why it is worth undertaking legal actions against the secret services, even when doing so might appear pointless. That’s because they can still force governments into making statements that reveal both new information about what is going on, as well as the extreme flimsiness of their justifications for massive surveillance of their own populations.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Secret UK Policy On Surveillance Of All 'External' Communications Revealed By Counter Terrorism Boss”

Subscribe: RSS Leave a comment
16 Comments
Rikuo (profile) says:

“British residents are being deprived of the essential safeguards that would otherwise be applied to their communications — simply because they are using services that are based outside the UK.”

So what happens if two British citizens communicate through Gmail, and the emails are being sent and received via servers located in Manchester and London?

That One Guy (profile) says:

Re: Re:

Judging by this…

‘The Government considers almost all Facebook and other social media communications, and Google searches will always fall within the “external” category, even when such communications are between two people in the UK

… the emails would still be considered fair game, because the company is US based, even though the communication never left the country.

sorrykb (profile) says:

The Government believes that, even when privacy violations happen, it is not an “active intrusion” because the analyst reading or listening to an individual’s communication will inevitably forget about it anyway.

*boggle* It takes a lot these days for a statement by a spying agency to surprise me. But this argument…. this is new, right?

By the same logic, nothing is an “active intrusion”, because even an analyst with perfect memory will eventually die, right? And the earth is likely going to be absorbed by the sun in 7.5 billion years, so none of it matters anyway. Right?

That One Guy (profile) says:

Re: The Peeping Tom Excuse v. 2

… wait, this could work. If they’re going to use that as a defense, turn around and use the same argument against them.

All those leaked classified documents, exposing government misconduct/illegal actions are now not violations of the law, because at some point in the future people will forget about them.

After all, if they’re going to claim that violations of the public’s privacy/rights doesn’t count because at some point the ones violating them will forget what they saw/read/listened to, then it follows that ‘violations’ of the government’s ‘privacy’ and ‘rights’ also doesn’t count, as eventually people will forget the details.

Anonymous Coward says:

they consider that such interception “has less importance” than whether a person actually reads the communication, which is where the Government believes “the substantive interference with privacy arises”.

The risk with this is a change of people running the system can use previously collected data to invade someone privacy, years after any communications had taken place. What a gift to an extremist party if they can get into power.

Peter (profile) says:

The problem...

Sorrykb makes insightful and thoughtful points, and in another world, they would serve as fuel for legislation, and we would be making progress… But the problem is that the NSA and CIA and other agencies are just not listening. There proceeding ahead with their terrorism (that’s not too strong a word, if only the agencies understood) without paying attention in the slightest to what commentators are dreaming up. And that’s what ids wrong with this picture — is there ANYTHING that we can do?

SpaceLifeForm says:

Re: The problem... It's too late to be paranoid

There really is nothing anyone can really do
except to point out to everyone that still has
half of a functioning frontal cerebral cortex that
the leaders have no clothes.

We are dealing with a very large collective of
insane life forms, that somehow have convinced
themselves thru their collective groupthink,
that they are doing the right thing.

They have either forgotten or never knew the wisdom of Pogo.

The best one can do is always vote against incumbents,
because in the groupthink arena, it is just a matter
of time before they become insane and start doing
exactly the opposite of what sane homo sapiens would do.

Case says:

So, where is the news?

The supposed dichotomy between “foreign” and “domestic” targets is nothing but a cheap excuse, since the ones who define those categories are the same ones supposedly bound by these rules — that’s not news, it has always been that way.

And remember, NSA and GCHQ are best buddies. So even if somebody happens to fit into the insanely restricted definition of “domestic” for one of the two services, that just means he’s firmly in the “foreign” camp for the other one.

Anonymous Coward says:

History repeating.

We are gonna end up with separate internet for all countries or one that is crippled or destroyed completely. People like us are going to watch with horror how people once again managed to burn the great Library of Alexandria, while the ignorant and old greedy bastards are gonna bask in the glow and heat from the flames.

DannyB (profile) says:

Re: Re:

Not everything is external. Not everything is internal.

You can spy on some of the people all of the time.
All of the people, some of the time.
But you can’t intercept the communications of all of the people, all of the time.

But wait! What is internal communication in my country is external communication in your country and therefore fair game for you. What is internal communication in your country is external communication in my country. Everything else is external communication to both of us.

So, our two countries can conspire, err, um… collaborate together and share intelligence to effectively spy on everyone, all of the time.

You just tell Parliament that you didn’t intercept internal communication, and I will tell Congress that I didn’t intercept internal communication, and therefore it’s all good and above board (but still hidden in darkness and concealed like a shameful secret).

Anonymous Coward says:

‘external communications’ as publicly viewable comments i can understand , but If a password is used shouldn’t that itself be considered “Internal communications” by their logic as soon as you leave your home you are naked and it’s with-in the law that the GCHQ, can at anytime stop and strip search fondle your bits and then detain you .

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...