UK Tribunal Says GCHQ Engaged In Illegal Telco Collection Program For More Than A Decade
from the eleven-years,-zero-accountability dept
UK’s NSA — GCHQ — has lost legal battle after legal battle in recent years, most of those triggered by the Snowden leaks. The UK Appeals Court ruled its bulk collection of internet communications metadata illegal earlier this year. This followed a 2015 loss in lawsuit filed over the interception of privileged communications, resulting in a destruction order targeting everything collected by GCHQ that fell under that heading.
Some battles are still ongoing, with several of them spearheaded by Privacy International. PI’s work — and multiple lawsuits — have led to the exposure of GCHQ’s oversight as completely toothless and a declaration that the agency’s surveillance agreement with the NSA was illegal… at least up to 2014’s codification of illegal spy practices. (This codification was ultimately ruled illegal earlier this year.)
Thanks to another PI legal challenge, the Investigatory Powers Tribunal has found GCHQ engaged in even more illegal spying… for more than a decade. The expansion of surveillance powers following the September 11, 2001 terrorist attacks gave GCHQ more ways to collect data from telcos. This was supposed to be directed and overseen by the UK Foreign Secretary, but the lawsuit showed the oversight did nearly nothing and there were virtually no limits to what could be collected from phone companies.
The Investigatory Powers Tribunal (IPT) – set up to investigate complaints about how personal data is handled by public bodies – ruled that most of the directions given between 2001 and 2012 had been unlawful.
The tribunal was critical of the way the government handed on requests to GCHQ, partly because phone and internet providers “would not be in any position to question the scope of the requirement” because they “would have no knowledge of the limited basis upon which the direction had been made”.
That being said, the IPT also somehow came to the conclusion GCHQ had never abused the apparently illegal privilege. It had “carte blanche” power to demand data, but the IPT saw “no evidence” it had collected more than the Foreign Secretary had approved. But that’s not all that heartening (or convincing) considering the Foreign Secretary had delegated that responsibility to GCHQ, allowing the agency to determine what it needed without input or oversight.
Supposedly everything is all better now with the rules put in place in 2014. The Data Retention and Investigatory Powers Act of 2014 was a weak attempt at surveillance reforms following the steady stream of leaked documents triggered by Snowden in the summer of 2013. So weak were the reforms, the EU Court declared the act incompatible with international law, making GCHQ’s collection efforts targeting other Europeans illegal everywhere else but in the UK.
The collection power was illegal, at least under previous versions of the UK’s Snoopers’ Charter. Whether or not GCHQ wrote itself blank collection checks with the signed checkbook handed to it by the Foreign Secretary is still an open question, despite the court’s determination. It’s not like surveillance agencies have ever hidden questionable collections from their oversight or found a way to avoid delivering incriminating evidence against themselves until years after issues were first contested.