GCHQ Dinged For Illegally Holding Onto Human Rights Groups Emails Too Long, Not For Collecting Them In The First Place
from the that's-not-right dept
Following on a ruling nearly two months ago, where the UK’s Investigatory Powers Tribunal — for the very first time — found that GCHQ had broken the law with its surveillance of client/attorney communications, now the IPT has ruled against GCHQ again. The IPT says that GCHQ held emails of human rights activists for too long — but found that the initial collection of those emails was no problem at all.
In respect of the Third Claimant (The Egyptian Initiative for Personal Rights), the Tribunal has found that email communications of the Third Claimant were lawfully and proportionately intercepted and accessed, pursuant to s.8(4) of RIPA. However, the time limit for retention permitted under the internal policies of GCHQ, the intercepting agency, was overlooked in regard to the product of that interception, such that it was retained for materially longer than permitted under those policies.
So, no problem spying on human rights organizations — just make sure you delete the emails within the allotted timeframe. And, of course, the court concludes that this is a pretty minor violation, given that there’s no evidence anyone actually looked at the data after they should have destroyed it:
We are satisfied however that the product was not accessed after the expiry of the relevant retention time limit, and the breach can thus be characterised as technical…
Still, it notes, even a technical breach is a breach and thus slaps GCHQ on the wrist. This seems like pretty weak sauce all around, but at the very least, the IPT is finally recognizing that GCHQ isn’t following the law at times. It’s not nearly enough, and the level of oversight is laughable. And, of course, none of these breaches, technical or otherwise, likely would have come to light at all without Ed Snowden.
Filed Under: emails, gchq, human rights, investigatory powers tribunal, ipt, privacy
Comments on “GCHQ Dinged For Illegally Holding Onto Human Rights Groups Emails Too Long, Not For Collecting Them In The First Place”
any evidence that the emails weren’t copied? that could easily have been why they weren’t looked at, supposedly, during the extended time they were illegally held, it was known they could be looked at at leisure!
Re: Re:
“Looking at ‘data’ at leisure” is the whole aim of the security agencies here and abroad. They don’t want something they can dig through now; they want all the data so they can dig through it forever.
This has to do with a fundamentally broken mindset: Where you or I might temporarily suspect someone of something, for them suspicion is a permanent condition. Where you or I might try to investigate and, finding nothing supportive, shrug our shoulders and move on; for them, an inability to prove their suspicions means they do not possess enough information.
So they’re horribly concerned that, if they don’t possess all information forever, someday they might not be able to prove Abu Uba is a money-laundering drug lord terrorist, by digging through and discovering something Abu’s great grandfather’s cousin’s best friend might have said.
Double standards....
The government makes a tiny “technical” breach of law and it’s a slap on the wrist. A citizen makes a tiny “technical” breach of law and the government pushes for decades of prison time.
well...
There’s an assumption here that just because a group calls itself a “human rights group,” that’s actually the case. The article clearly sneers at the idea looking into a “human rights organization” might be legitimate, but such groups often are used as cover for more nefarious goals. Oversight of government surveillance is clearly necessary, but privacy people often fall into this mindset that no surveillance is ever useful or proper. That’s just false.
Re: well...
And various government agencies like to claim that they are under strict oversight, that they follow the laws and rules set forth, and that they absolutely are focused on respecting the privacy and rights of the public, and we can all see how well they managed that…
As for the backlash against spying, that’s both a strawman, and a natural response to what has been done. Most people would probably agree that targeted surveillance is useful, it’s the ‘grab everything just in case’ actions that people object to.
For those that do object to any surveillance, that’s most likely due to the spy agencies poisoning the well of public opinion by spying on everyone, undermining safety, violating rights, and all that simply because they can. If you show that you can’t responsibly handle something, don’t be surprised that people might want to take it away from you, even if it can be useful if properly used.
Re: well...
“…such groups often are used as cover for more nefarious goals”
Can you cite a source?
Looking at the organisations that brought these complaints forward, I doubt anyone could legitimately label them or their goals nefarious…
Re: well...
“privacy people often fall into this mindset that no surveillance is ever useful or proper.”
They do? I haven’t seen that. What I have seen is that privacy advocates often fall into the mindset that surveillance is frequently misused and that ubiquitous surveillance isn’t proper. Which is true.