GCHQ Dinged For Illegally Holding Onto Human Rights Groups Emails Too Long, Not For Collecting Them In The First Place

from the that's-not-right dept

Following on a ruling nearly two months ago, where the UK's Investigatory Powers Tribunal -- for the very first time -- found that GCHQ had broken the law with its surveillance of client/attorney communications, now the IPT has ruled against GCHQ again. The IPT says that GCHQ held emails of human rights activists for too long -- but found that the initial collection of those emails was no problem at all.
In respect of the Third Claimant (The Egyptian Initiative for Personal Rights), the Tribunal has found that email communications of the Third Claimant were lawfully and proportionately intercepted and accessed, pursuant to s.8(4) of RIPA. However, the time limit for retention permitted under the internal policies of GCHQ, the intercepting agency, was overlooked in regard to the product of that interception, such that it was retained for materially longer than permitted under those policies.
So, no problem spying on human rights organizations -- just make sure you delete the emails within the allotted timeframe. And, of course, the court concludes that this is a pretty minor violation, given that there's no evidence anyone actually looked at the data after they should have destroyed it:
We are satisfied however that the product was not accessed after the expiry of the relevant retention time limit, and the breach can thus be characterised as technical...
Still, it notes, even a technical breach is a breach and thus slaps GCHQ on the wrist. This seems like pretty weak sauce all around, but at the very least, the IPT is finally recognizing that GCHQ isn't following the law at times. It's not nearly enough, and the level of oversight is laughable. And, of course, none of these breaches, technical or otherwise, likely would have come to light at all without Ed Snowden.

Filed Under: emails, gchq, human rights, investigatory powers tribunal, ipt, privacy


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 22 Jun 2015 @ 2:59pm

    any evidence that the emails weren't copied? that could easily have been why they weren't looked at, supposedly, during the extended time they were illegally held, it was known they could be looked at at leisure!

    reply to this | link to this | view in chronology ]

    • icon
      Coyne Tibbets (profile), 22 Jun 2015 @ 4:08pm

      Re:

      "Looking at 'data' at leisure" is the whole aim of the security agencies here and abroad. They don't want something they can dig through now; they want all the data so they can dig through it forever.

      This has to do with a fundamentally broken mindset: Where you or I might temporarily suspect someone of something, for them suspicion is a permanent condition. Where you or I might try to investigate and, finding nothing supportive, shrug our shoulders and move on; for them, an inability to prove their suspicions means they do not possess enough information.

      So they're horribly concerned that, if they don't possess all information forever, someday they might not be able to prove Abu Uba is a money-laundering drug lord terrorist, by digging through and discovering something Abu's great grandfather's cousin's best friend might have said.

      reply to this | link to this | view in chronology ]

  • icon
    JoeCool (profile), 22 Jun 2015 @ 8:37pm

    Double standards....

    The government makes a tiny "technical" breach of law and it's a slap on the wrist. A citizen makes a tiny "technical" breach of law and the government pushes for decades of prison time.

    reply to this | link to this | view in chronology ]

  • identicon
    drsally, 22 Jun 2015 @ 10:28pm

    well...

    There's an assumption here that just because a group calls itself a "human rights group," that's actually the case. The article clearly sneers at the idea looking into a "human rights organization" might be legitimate, but such groups often are used as cover for more nefarious goals. Oversight of government surveillance is clearly necessary, but privacy people often fall into this mindset that no surveillance is ever useful or proper. That's just false.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 22 Jun 2015 @ 11:03pm

      Re: well...

      And various government agencies like to claim that they are under strict oversight, that they follow the laws and rules set forth, and that they absolutely are focused on respecting the privacy and rights of the public, and we can all see how well they managed that...

      As for the backlash against spying, that's both a strawman, and a natural response to what has been done. Most people would probably agree that targeted surveillance is useful, it's the 'grab everything just in case' actions that people object to.

      For those that do object to any surveillance, that's most likely due to the spy agencies poisoning the well of public opinion by spying on everyone, undermining safety, violating rights, and all that simply because they can. If you show that you can't responsibly handle something, don't be surprised that people might want to take it away from you, even if it can be useful if properly used.

      reply to this | link to this | view in chronology ]

    • identicon
      Klaus, 23 Jun 2015 @ 4:38am

      Re: well...

      "...such groups often are used as cover for more nefarious goals"

      Can you cite a source?

      Looking at the organisations that brought these complaints forward, I doubt anyone could legitimately label them or their goals nefarious...

      reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 23 Jun 2015 @ 8:10am

      Re: well...

      "privacy people often fall into this mindset that no surveillance is ever useful or proper."

      They do? I haven't seen that. What I have seen is that privacy advocates often fall into the mindset that surveillance is frequently misused and that ubiquitous surveillance isn't proper. Which is true.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.