Secret UK Policy On Surveillance Of All 'External' Communications Revealed By Counter Terrorism Boss

from the not-an-active-intrusion dept

Back in December, we wrote about a case brought before the Investigatory Powers Tribunal (IPT) against the UK government over the spying carried out by GCHQ. We were worried that such a secretive but toothless oversight body would either simply throw out the case on some technicality, or issue a weak and useless judgment. But something remarkable has happened: as part of the official response, Charles Farr, the UK's Director General of the Office for Security and Counter Terrorism, has made a 50-page statement that reveals a wealth of information about the UK's surveillance activities for the first time (pdf). Here's the key fact that has emerged, as described by Privacy International, one of the five rights organizations that has brought the case before the IPT:
Farr's statement, published today by the rights organisations, is the first time the Government has openly commented on how it thinks it can use the UK's vague surveillance legal framework to indiscriminately intercept communications through its mass interception programme, TEMPORA.

The secret policy outlined by Farr defines almost all communications via Facebook and other social networking sites, as well as webmail services Hotmail and Yahoo and web searches via Google, to be 'external communications' because they use web-based 'platforms' based in the US.
That distinction between "external" and "internal" communications is critical because of how the UK law governing surveillance, the Regulation of Investigatory Powers Act (RIPA), is framed:
'Internal' communications may only be intercepted under a warrant which relates to a specific individual or address. These warrants should only be granted where there is some suspicion of unlawful activity. However, an individual's 'external communications' may be intercepted indiscriminately, even where there are no grounds to suspect any wrongdoing.

By defining the use of 'platforms' such as Facebook, Twitter and Google as 'external communications', British residents are being deprived of the essential safeguards that would otherwise be applied to their communications -- simply because they are using services that are based outside the UK.
In other words, pretending that even a communication between UK citizens inside the UK is "external" purely because it takes place via a service run by a US company allows GCHQ to dispense with warrants and to ignore privacy safeguards for practically everything that UK citizens engage in online. It underlines why the UK laws governing surveillance need updating to reflect how such services are being used, in order to rein in this unchecked and thus disproportionate level of spying.

The statement from Farr is an important document, and is fascinating not least for the way it tries not to "confirm or deny" many of Snowden's revelations. In particular, it spends several pages trying to justify the UK government's continuing refusal to acknowledge the existence of GCHQ's Tempora program that is under discussion in this IPT case -- a pretty absurd position. Privacy International's summary of what Farr does admit to is as follows:
GCHQ is intercepting all communications -- emails, text messages, and communications sent via "platforms" such as Facebook and Google -- before determining whether they fall into the "internal" or "external" categories

The Government considers almost all Facebook and other social media communications, and Google searches will always fall within the "external" category, even when such communications are between two people in the UK

Classifying communications as "external" allows the Government to search through, read, listen to and look at each of them. The only restriction on what they do with communications that they classify as "external" is that they cannot search through such communications using keywords or terms that mention a specific British person or residence.

Even though the Government is conducting mass surveillance -- intercepting and scanning through all communications in order to work out whether they are internal or external -- they consider that such interception "has less importance" than whether a person actually reads the communication, which is where the Government believes "the substantive interference with privacy arises".

The Government believes that, even when privacy violations happen, it is not an "active intrusion" because the analyst reading or listening to an individual's communication will inevitably forget about it anyway.
The release of this document shows why it is worth undertaking legal actions against the secret services, even when doing so might appear pointless. That's because they can still force governments into making statements that reveal both new information about what is going on, as well as the extreme flimsiness of their justifications for massive surveillance of their own populations.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Filed Under: charles farr, external, gchq, internal, privacy, surveillance, tempora, terrorism, uk

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 18 Jun 2014 @ 5:13am

    Everything is external, therefore everything is subject to collection.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.