Report Says UK Citizens Must Give Up Right To Privacy Because 'Terrorism', Reveals Huge Secret Government Databases

from the may-include-significant-quantities-of-personal-information dept

As Techdirt has noted previously, the UK body nominally responsible for overseeing the intelligence services, the Intelligence and Security Committee of Parliament (ISC), does little more than rubber-stamp what has taken place. The new ISC report "Privacy and Security: A modern and transparent legal framework" (pdf) is more of the same. Here is its own summary of the findings:

The UK's intelligence and security Agencies do not seek to circumvent the law.

However, the legal framework is unnecessarily complicated and -- crucially -- lacks transparency.

Our key recommendation therefore is that all the current legislation governing the intrusive capabilities of the security and intelligence Agencies be replaced by a new, single Act of Parliament.
And that's it: basically, the ISC is saying that all that is needed is a bit of a legal tidying-up. In terms of more detailed recommendations, the report suggests that the abuse of interception powers should be made a criminal offense -- currently it isn't -- and that a new category of metadata called "Communications Data Plus", which includes things like Web addresses, needs slightly greater protection than "traditional" telephone metadata.

The heart of the report's failure can be found in its discussion of bulk surveillance:

Our Inquiry has shown that the Agencies do not have the legal authority, the resources, the technical capability, or the desire to intercept every communication of British citizens, or of the internet as a whole: GCHQ are not reading the emails of everyone in the UK.
But of course, nobody said GCHQ was doing that. The problem is that it is ingesting disproportionate quantities of the Internet's traffic passing into and out of the UK, and then analyzing it -- in other words, engaging in indiscriminate mass surveillance. The report pretends to address that issue, writing:
GCHQ's bulk interception systems operate on a very small percentage of the bearers that make up the internet.
A "bearer" refers to one of the main connections to the Internet -- typically fiber-optic cables capable of carrying many gigabits of information per second. The issue is not how many such bearers GCHQ taps, but which ones. One of Snowden's earliest and most important leaked documents suggests that spying on even a "very small percentage" of the bearers gives GCHQ almost total oversight of everyone's Internet activities. Moreover, the following does not help:
We are satisfied that they apply levels of filtering and selection such that only a certain amount of the material on those bearers is collected. Further targeted searches ensure that only those items believed to be of the highest intelligence value are ever presented for analysts to examine: therefore only a tiny fraction of those collected are ever seen by human eyes.
Targeted searches can be re-directed at any moment, giving GCHQ's "human eyes" access to anything they want. It is that potential for anything that is done online in the UK to be snooped upon that is problematic.

To see why, consider a parallel universe where CCTV cameras were installed in every room in every building in the country, but all on the understanding that only a "tiny fraction" of the videos collected would ever be seen by human eyes. Since there is no way of knowing whether the footage from the CCTVs currently recording you will be looked at, you may well constrain your activities in case they are. That same logic applies to gathering most UK Internet activity -- the only reason we don't see the chilling effects yet is that most people are unaware of what is happening.

Perhaps the UK public takes at face value assurances that only "external communications" are collected and analyzed. But the ISC report confirms for the first time that UK citizens using leading Internet services like Gmail or Facebook do indeed count as "external", and are therefore fair game:

This appeared to indicate that all internet communications would be treated as 'external' communications under RIPA -- apart from an increasingly tiny proportion that are between people in the UK, using devices or services based only in the UK, and which only travel across network infrastructure in the UK.
The ISC report tries to justify this bulk collection of everyone's data on the grounds that targeted surveillance is not enough:
It is essential that the Agencies can 'discover' unknown threats. This is not just about identifying individuals who are responsible for threats, it is about finding those threats in the first place. Targeted techniques only work on 'known' threats: bulk techniques (which themselves involve a degree of filtering and targeting) are essential if the Agencies are to discover those threats.
Leaving aside the point that it is quite possible to discover unknown threats by working from existing intelligence -- in other words, using tried-and-tested techniques that have been successfully applied countless times in the past -- this ignores a key issue: that bulk collection is disproportionate given the threat it is supposed to address. This was a view expressed by one of the report's expert witnesses, Isabella Sankey, from the UK civil rights organization, Liberty. As she put it:
Some things might happen that could have been prevented if you took all of the most oppressive, restrictive and privacy-infringing measures. That is the price you pay to live in a free society.
The ISC did not agree:
While we recognise privacy concerns about bulk interception, we do not subscribe to the point of view that it is acceptable to let some terrorist attacks happen in order to uphold the individual right to privacy -- nor do we believe that the vast majority of the British public would.
But once you take that position, you justify all kinds of intrusive surveillance -- including installing CCTV cameras in every room in every building. After all, it is quite possible that doing so would stop a terrorist attack at some point, and so by the ISC's logic it is quite acceptable to require this massive intrusion into people's private lives. As for its claim that "the vast majority of the British public" would not view it as acceptable to allow some attacks to happen as the price of living in a free society, the ISC offers no proof of this, but evidently assumes that people in the UK have been reduced to such a quivering, fearful mass by the UK government's constant warnings about "terror" that they will happily hand over their freedom in the vain hope this will buy them safety.

Although depressing, it's hardly news that the UK government now considers pervasive surveillance to be justified and palatable, even. But the ISC report does contain one big surprise:

The Agencies use Bulk Personal Datasets -- large databases containing personal information about a wide range of people -- to identify individuals in the course of investigations, to establish links, and as a means of verifying information obtained through other sources. These datasets are an increasingly important investigative tool for the Agencies.
The report says that some of these databases contain "millions of records", and that they may be linked together. Even the generally accommodating ISC is worried:
Until the publication of this Report, the capability was not publicly acknowledged, and there had been no public or Parliamentary consideration of the related privacy considerations and safeguards.

The legislation does not set out any restrictions on the acquisition, storage, retention, sharing and destruction of Bulk Personal Datasets, and no legal penalties exist for misuse of this information.

Access to the datasets -- which may include significant quantities of personal information about British citizens -- is authorised internally within the Agencies without Ministerial approval.
Huge, secret databases, with access authorized internally, that can be used without restrictions, and for which there are no legal penalties if misused: this is clearly a recipe for disaster. Had it not been for Snowden's leaks, we would never have heard about this, since the ISC would not have been under any pressure to produce the current report. Even though it amounts to little more than a whitewash for the UK's intelligence agencies, it does reveal shocking new information that was not just unknown, but unsuspected.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: gchq, isc, privacy, terrorism, uk


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Zakida Paul (profile), 13 Mar 2015 @ 1:50am

    "If you want total security, go to prison. There you're fed, clothed, given medical care and so on. The only thing lacking... is freedom." - Dwight D. Eisenhower

    Freedom and privacy have a price, and it is a price that is well worth paying.

    reply to this | link to this | view in chronology ]

  • identicon
    Shadow Firebird, 13 Mar 2015 @ 1:51am

    The most depressing thing about this -- the top of a long list of depressing things -- is the unoriginality.

    "We don't look at everything."
    "We need this data but we can't show you why"
    Etc.

    These were exactly the same arguments made in the US, when the Snowdon docs first appeared.

    reply to this | link to this | view in chronology ]

  • icon
    Richard (profile), 13 Mar 2015 @ 3:35am

    Why?

    I am at a loss to understand why we need this level of surveillance to meet current threats when we did not need it to meet the threats from the Soviet Union, China under Mao and the IRA. The first two of these were far more powerful entities than any current group that threatens us and the third was a homegrown "under the radar" entity that was well hidden within its community and able to operate with impunity within its "territory".

    What is is about the current sources of terrorism that is so special as to require this?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Mar 2015 @ 3:55am

    I find it amazing that they are still trying to justify this level of invasion into privacy. No where do they acknowledge the cat is out of the bag and everyone knows about this rampant spying. Any potential terrorist now knows, since it is common knowledge.

    Any terrorist will now return to the one way they know to be absolutely secure. The military practices this and it's called messenger. An old idea that one person shows up with a message. You are not going to break that with spying on communications because they won't be using that. It's the one method that is secure for communications.

    So we are down to why. So far absolutely no evidence has surfaced showing where these methods are effective in reducing the claimed terrorism threat. No captured terrorists have been shown to the public saying this is what we get for the invasion of privacy. No incident has show up where an actual bombing has been prevented solely from this spying. There appears to be no justification for it other than these government agencies believe the populace are a threat. The only reason they would believe that is because they are doing things they know to be illegal and would not stand up in court. Hence the fear.

    reply to this | link to this | view in chronology ]

    • icon
      Richard (profile), 13 Mar 2015 @ 4:11am

      Re:

      The reason they are doing these things is very simple, it is because they can....

      reply to this | link to this | view in chronology ]

    • identicon
      Pragmatic, 16 Mar 2015 @ 7:07am

      Re:

      I understand the Brits' medical data is being sold to third parties. It's not that much of a stretch to imagine the commercial applications of their search and browsing habits, now, is it? Assuming this data is being stored and parsed by third party contractors.

      Assume it is. How in the world could GCHQ call them to account for abusing the data without bringing it to the attention of the British people at some point?

      /tinfoil

      reply to this | link to this | view in chronology ]

  • identicon
    AJ, 13 Mar 2015 @ 3:57am

    We can pass all the laws and demand all we want, at the end of the day, they will do what they want anyway. They have shown time and again that they do not believe the law applies to them. I'm sure they would "like" the law behind them, but to them it's not really necessary. If we make it illegal, they will move the operation somewhere else or have some secret judge on a secret panel in a secret court issue a sealed rubber stamp ruling for them.

    The ONLY way we can put a stop too it, is to render it useless, or so expensive it's near useless. Strong encryption, educated users, and secured hardware.

    reply to this | link to this | view in chronology ]

    • icon
      art guerrilla (profile), 13 Mar 2015 @ 4:08am

      Re:

      damn, aj, stop making good sense, it's confusing me ! ! !

      reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 13 Mar 2015 @ 9:08am

      Wisdom from protest signs

      "If what they're doing now becomes 'okay', the things they do secretly are going to get a lot worse."

      The point of the laws is less to stop them, because as you said, they'll just ignore any laws that they find inconvenient anyway, it's to make it harder for them to get away with breaking the laws.

      If they don't have to worry about hiding what they're doing, then it's pretty much a given that they will get much worse, as giving the okay to current efforts, will lead them to believe that just that little bit more is acceptable too. And then a little bit more past that, and so on, as always happens.

      Now, I do agree that the best way to combat mass spying isn't through laws, which will be ignored, but increased security and informed people, which are a little harder to just bypass, but those limits, few as they are, do serve some purpose.

      reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 13 Mar 2015 @ 4:50am

    Dissent is treated as terrorism, so under that logic if you are not blindly supportive of your corrupt government your a terrorist threat in todays world to the great and worthy

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 13 Mar 2015 @ 8:02am

      Re:

      In other words, corrupt governments create "terrorists" out of their own citizens. This has always been true. It's too bad that the current crop seems to have forgotten it.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Mar 2015 @ 4:52am

    One of the biggest problems is while it doesn't name it, the report pretty much screams "BRING BACK THE SNOOPER'S CHARTER!"

    But yeah, this entire report is the equivalent of doing a legal tap-dance around the subject while trying to justify it's continued mass spying.

    Still one point I can give to the UK is they at least pretend they care.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Mar 2015 @ 5:20am

    Well governments, actually do something about the terrorists (as in the REAL terrorists, not that pet word for people you don't like, or would that mean turning in your own kind?) instead of punishing your citizens because of your own incompetence, or are you afraid of derailing your gravy train and losing grip of your powers?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Mar 2015 @ 5:35am

    Wikipedia claims 'intelligence has been defined in many different ways such as in terms of one's capacity for logic, abstract thought, understanding, self-awareness, communication, learning, emotional knowledge, memory, planning, creativity and problem solving.'

    Google defines stupidity as 'behaviour that shows a lack of good sense or judgement. The quality of being stupid or unintelligent.'

    UK Stupidity Agencies does have a nice ring to it.

    reply to this | link to this | view in chronology ]

  • icon
    Tweak (profile), 13 Mar 2015 @ 6:48am

    I still find it interesting that, in spite of the evidence, these agencies and reports still insist that these programs are about terrorism. Without arguing about what the word "terrorism" is used for, it could not possibly be more obvious that these systems are about overt control of the citizenry.

    Journalists making noise and attempting to expose misdeeds?
    - Find out what they have. Find the skeletons in their closets, blackmail them.
    Citizens organizing a protest, thinking about more?
    - Infiltrate their organizations, frame them for crimes, throw them in jail to rot.
    Public upset about news that has slipped out?
    - Entrap some dissident youth and slap it all over TV.
    People starting to think about voting for an unapproved candidate?
    - Invent evidence of sexual deviance, racism, sexism or some other social taboo.

    These systems are to keep us all in line or remove us from the equation. No discussion, public pressure, revelation of misdeed or even change of law will stop these activities because they are driven by our basest nature - that of the pursuit of power. There are no means to unseat these vultures without revolt.

    reply to this | link to this | view in chronology ]

  • icon
    art guerrilla (profile), 13 Mar 2015 @ 7:07am

    their word means nothing...

    1. have ZERO doubt, were UK to 'streamline', 'improve' their snooping laws, nearly all the protections would be jettisoned, and nearly all the immoral ("illegal" means NOTHING when rights and laws are broken ALL THE TIME by gummint actors, with NO consequences) bits that give them unlimited surveillance with NO repercussions for abuse, would get in...

    2. DO.
    NOT.
    BELIEVE.
    THEM.

    *just like* i have ZERO faith in any bullshit oversight of various gummint institutions by various gummint institutions to uncover anything of consequence...

    nine one one is the new godwin, but here it goes: do ANY kampers realize that nearly ALL the PRE-APPROVED members on the original nine one one (purposefully limited) commission have called for re-opening that investigation (which wasn't an investigation) ? ? ?
    no ?
    huh, funny that: THE most important terrorist attack which was the crowning impetus for implementing this police state, and nearly all the commish's are saying they were lied to and handcuffed and absolutely believe there should be a thorough investigation re-opened...
    funny, you'd think that would be headline news...

    3. of course, this doesn't even begin to address the end run ALL these spooks have done in getting you guys to spy on our guys we can't 'legally' (whatever, means nothing) do; and our guys will spy on your guys you can't 'legally' do...
    wtf ? ? ?
    WHO lets their KIDS get away with sophistry like this: oh, noes, mommy, *I* didn't get the cookies out of the cookie jar, li'l timmy did, i just put him up to it, gave him the stepstool to get the cookie jar, and ate all the cookies, but *I* didn't do it...
    AND, they get away with horseshit like that ? ? ?
    not in my moral universe they don't...

    reply to this | link to this | view in chronology ]

  • icon
    MarcAnthony (profile), 13 Mar 2015 @ 7:59am

    Right vs. privilege

    "While we recognise privacy concerns about bulk interception, we do not subscribe to the point of view that it is acceptable to let some terrorist attacks happen in order to uphold the individual right to privacy"

    The problem with both the UK and US government's position is that these agencies actually believe that citizen rights are transitory and modifiable; we need to start asserting our right to privacy or this will become a de facto truth. All of these spying and government secrecy revelations should be sparking worldwide protests and ousters of the officials that hold to their surveillance state tenets.

    reply to this | link to this | view in chronology ]

  • icon
    John Fenderson (profile), 13 Mar 2015 @ 8:00am

    Human eyes

    therefore only a tiny fraction of those collected are ever seen by human eyes.


    US spies make similar comments to this as well. I think it's a disingenuous thing to say, as it implies that unless a human being sees it, then it's not actually spying and is harmless.

    That's simply an unsupportable position.

    While we recognise privacy concerns about bulk interception, we do not subscribe to the point of view that it is acceptable to let some terrorist attacks happen in order to uphold the individual right to privacy -- nor do we believe that the vast majority of the British public would.


    Which is an excellent reason to avoid setting foot in Britain. My problem is that the US government apparently thinks the same way.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 13 Mar 2015 @ 9:19am

      Re: Human eyes

      US spies make similar comments to this as well. I think it's a disingenuous thing to say, as it implies that unless a human being sees it, then it's not actually spying and is harmless.

      That's simply an unsupportable position.


      Thankfully it's easy enough to point out the massive hole in the argument for those that get tripped up by it and believe it's a valid one.

      Simply ask anyone who supports that argument if they would accept a camera to be installed in their bedroom and/or bathroom.

      If they say they would not, assure them that the footage from it would only be viewed with a 'very good reason', with 'good reason' to be determined at a later date. Explain that while they may not be any technical limitations on access to the video feed, and there would be nothing stopping someone who felt like watching from doing so, you promise that such a thing would of course never happen.

      After the additional explanations, ask them if their answer has changed. If they still say no, hopefully the point will have been made by then.

      reply to this | link to this | view in chronology ]

  • identicon
    Chris Brand, 13 Mar 2015 @ 9:36am

    Unknown threats

    "bulk techniques [...] are essential if the Agencies are to discover those threats".

    So without bulk techniques, there's allegedly no way to discover any threat that you don't already know about. That begs the question - how did we discover any new threats before we had the ability to do bulk surveillance ?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Mar 2015 @ 10:48am

    ANYWHERE "terrorists" can "plot" will be a place "needing" surveilance, there are no bugs in your toilets, but once "terrorists" realise they can "plot" in toilets unobserved, well then, these "terrorists" will find THESE places, and imperial governments will be calling for bugs in our toilets, unless ofcourse the surveillance has FUCK all to do with "terrorism" and more to do with extra power, extra "authority" or extra fucking control

    reply to this | link to this | view in chronology ]

  • identicon
    Just Another Anonymous Troll, 13 Mar 2015 @ 10:53am

    1984, anyone?

    To see why, consider a parallel universe where CCTV cameras were installed in every room in every building in the country, but all on the understanding that only a "tiny fraction" of the videos collected would ever be seen by human eyes. Since there is no way of knowing whether the footage from the CCTVs currently recording you will be looked at, you may well constrain your activities in case they are. That same logic applies to gathering most UK Internet activity -- the only reason we don't see the chilling effects yet is that most people are unaware of what is happening.
    Congratulations. You just invented the telescreen. And that scares the pants off me.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Mar 2015 @ 11:32am

    While we recognise privacy concerns about bulk interception, we do not subscribe to the point of view that it is acceptable to let some terrorist attacks happen in order to uphold the individual right to privacy -- nor do we believe that the vast majority of the British public would.
    Run it through the honesty filter:
    While we recognise privacy concerns about bulk interception, we subscribe to the point of view that it is acceptable to let some terrorist attacks happen in order to erode the individual right to privacy -- and we believe that the vast majority of the British public can fuck right off.

    reply to this | link to this | view in chronology ]

  • identicon
    Rekrul, 13 Mar 2015 @ 11:43am

    I don't see why people should have to submit freedom of information requests to these agencies to get any info out of them. Why aren't the people who want information just given full access to their databases with the instruction that they can only search for things that pertain to their area of interest.

    After all, that's the way the intelligence agencies do it...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Mar 2015 @ 5:04pm

    US MUST have the SAME Secret Databases

    You know that the GCHQs HOOVERING system is built EXACTLY like the US'... So.... the US MUST have the same "secret databases".

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Mar 2015 @ 8:20am

    UK's prison is worse than USA's.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.