Secret UK Policy On Surveillance Of All 'External' Communications Revealed By Counter Terrorism Boss
from the not-an-active-intrusion dept
Back in December, we wrote about a case brought before the Investigatory Powers Tribunal (IPT) against the UK government over the spying carried out by GCHQ. We were worried that such a secretive but toothless oversight body would either simply throw out the case on some technicality, or issue a weak and useless judgment. But something remarkable has happened: as part of the official response, Charles Farr, the UK’s Director General of the Office for Security and Counter Terrorism, has made a 50-page statement that reveals a wealth of information about the UK’s surveillance activities for the first time (pdf). Here’s the key fact that has emerged, as described by Privacy International, one of the five rights organizations that has brought the case before the IPT:
Farr’s statement, published today by the rights organisations, is the first time the Government has openly commented on how it thinks it can use the UK’s vague surveillance legal framework to indiscriminately intercept communications through its mass interception programme, TEMPORA.
The secret policy outlined by Farr defines almost all communications via Facebook and other social networking sites, as well as webmail services Hotmail and Yahoo and web searches via Google, to be ‘external communications’ because they use web-based ‘platforms’ based in the US.
That distinction between “external” and “internal” communications is critical because of how the UK law governing surveillance, the Regulation of Investigatory Powers Act (RIPA), is framed:
‘Internal’ communications may only be intercepted under a warrant which relates to a specific individual or address. These warrants should only be granted where there is some suspicion of unlawful activity. However, an individual’s ‘external communications’ may be intercepted indiscriminately, even where there are no grounds to suspect any wrongdoing.
By defining the use of ‘platforms’ such as Facebook, Twitter and Google as ‘external communications’, British residents are being deprived of the essential safeguards that would otherwise be applied to their communications — simply because they are using services that are based outside the UK.
In other words, pretending that even a communication between UK citizens inside the UK is “external” purely because it takes place via a service run by a US company allows GCHQ to dispense with warrants and to ignore privacy safeguards for practically everything that UK citizens engage in online. It underlines why the UK laws governing surveillance need updating to reflect how such services are being used, in order to rein in this unchecked and thus disproportionate level of spying.
The statement from Farr is an important document, and is fascinating not least for the way it tries not to “confirm or deny” many of Snowden’s revelations. In particular, it spends several pages trying to justify the UK government’s continuing refusal to acknowledge the existence of GCHQ’s Tempora program that is under discussion in this IPT case — a pretty absurd position. Privacy International’s summary of what Farr does admit to is as follows:
GCHQ is intercepting all communications — emails, text messages, and communications sent via “platforms” such as Facebook and Google — before determining whether they fall into the “internal” or “external” categories
The Government considers almost all Facebook and other social media communications, and Google searches will always fall within the “external” category, even when such communications are between two people in the UK
Classifying communications as “external” allows the Government to search through, read, listen to and look at each of them. The only restriction on what they do with communications that they classify as “external” is that they cannot search through such communications using keywords or terms that mention a specific British person or residence.
Even though the Government is conducting mass surveillance — intercepting and scanning through all communications in order to work out whether they are internal or external — they consider that such interception “has less importance” than whether a person actually reads the communication, which is where the Government believes “the substantive interference with privacy arises”.
The Government believes that, even when privacy violations happen, it is not an “active intrusion” because the analyst reading or listening to an individual’s communication will inevitably forget about it anyway.
The release of this document shows why it is worth undertaking legal actions against the secret services, even when doing so might appear pointless. That’s because they can still force governments into making statements that reveal both new information about what is going on, as well as the extreme flimsiness of their justifications for massive surveillance of their own populations.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: charles farr, external, gchq, internal, privacy, surveillance, tempora, terrorism, uk
Comments on “Secret UK Policy On Surveillance Of All 'External' Communications Revealed By Counter Terrorism Boss”
“British residents are being deprived of the essential safeguards that would otherwise be applied to their communications — simply because they are using services that are based outside the UK.”
So what happens if two British citizens communicate through Gmail, and the emails are being sent and received via servers located in Manchester and London?
Re: Re:
Judging by this…
‘The Government considers almost all Facebook and other social media communications, and Google searches will always fall within the “external” category, even when such communications are between two people in the UK ‘
… the emails would still be considered fair game, because the company is US based, even though the communication never left the country.
Re: Re:
Farr simply says that they can’t distinguish between external and external comms at the point of interception, so they intercept the lot and worry about it later.
*boggle* It takes a lot these days for a statement by a spying agency to surprise me. But this argument…. this is new, right?
By the same logic, nothing is an “active intrusion”, because even an analyst with perfect memory will eventually die, right? And the earth is likely going to be absorbed by the sun in 7.5 billion years, so none of it matters anyway. Right?
Re: The Peeping Tom Excuse v. 2
… wait, this could work. If they’re going to use that as a defense, turn around and use the same argument against them.
All those leaked classified documents, exposing government misconduct/illegal actions are now not violations of the law, because at some point in the future people will forget about them.
After all, if they’re going to claim that violations of the public’s privacy/rights doesn’t count because at some point the ones violating them will forget what they saw/read/listened to, then it follows that ‘violations’ of the government’s ‘privacy’ and ‘rights’ also doesn’t count, as eventually people will forget the details.
The risk with this is a change of people running the system can use previously collected data to invade someone privacy, years after any communications had taken place. What a gift to an extremist party if they can get into power.
The problem...
Sorrykb makes insightful and thoughtful points, and in another world, they would serve as fuel for legislation, and we would be making progress… But the problem is that the NSA and CIA and other agencies are just not listening. There proceeding ahead with their terrorism (that’s not too strong a word, if only the agencies understood) without paying attention in the slightest to what commentators are dreaming up. And that’s what ids wrong with this picture — is there ANYTHING that we can do?
Re: The problem... It's too late to be paranoid
There really is nothing anyone can really do
except to point out to everyone that still has
half of a functioning frontal cerebral cortex that
the leaders have no clothes.
We are dealing with a very large collective of
insane life forms, that somehow have convinced
themselves thru their collective groupthink,
that they are doing the right thing.
They have either forgotten or never knew the wisdom of Pogo.
The best one can do is always vote against incumbents,
because in the groupthink arena, it is just a matter
of time before they become insane and start doing
exactly the opposite of what sane homo sapiens would do.
So, where is the news?
The supposed dichotomy between “foreign” and “domestic” targets is nothing but a cheap excuse, since the ones who define those categories are the same ones supposedly bound by these rules — that’s not news, it has always been that way.
And remember, NSA and GCHQ are best buddies. So even if somebody happens to fit into the insanely restricted definition of “domestic” for one of the two services, that just means he’s firmly in the “foreign” camp for the other one.
Same story different intelligence service
The same trick is used by the NSA: AT&T routes all our calls through Canada…so, “External.”
History repeating.
We are gonna end up with separate internet for all countries or one that is crippled or destroyed completely. People like us are going to watch with horror how people once again managed to burn the great Library of Alexandria, while the ignorant and old greedy bastards are gonna bask in the glow and heat from the flames.
Nothing like having all your Google searches logged, used to profile you, and what you’re interests are. Then used against you in a court of law.
Everything is external, therefore everything is subject to collection.
Re: Re:
Not everything is external. Not everything is internal.
You can spy on some of the people all of the time.
All of the people, some of the time.
But you can’t intercept the communications of all of the people, all of the time.
But wait! What is internal communication in my country is external communication in your country and therefore fair game for you. What is internal communication in your country is external communication in my country. Everything else is external communication to both of us.
So, our two countries can conspire, err, um… collaborate together and share intelligence to effectively spy on everyone, all of the time.
You just tell Parliament that you didn’t intercept internal communication, and I will tell Congress that I didn’t intercept internal communication, and therefore it’s all good and above board (but still hidden in darkness and concealed like a shameful secret).
‘external communications’ as publicly viewable comments i can understand , but If a password is used shouldn’t that itself be considered “Internal communications” by their logic as soon as you leave your home you are naked and it’s with-in the law that the GCHQ, can at anytime stop and strip search fondle your bits and then detain you .
Re: Re:
If I’m reading things correctly, the distinction is “external to the country” vs. “internal to the country”, where “the country” is the UK. Internal vs. external to an organization or a site or a person has nothing to do with it.