Privacy International Files Complaint Against GCHQ's Use Of 'Bulk Personal Datasets'

from the chipping-away dept

Last month, we noted that the UK rights group Privacy International has been at the forefront of the fight against the UK's disproportionate surveillance activities, to such an extent that the UK government has changed the law just to avoid one of its legal challenges. Those have covered many different aspects of GCHQ's activities. In July 2014, Privacy International filed a complaint with the UK's spy watchdog, the Investigatory Powers Tribunal (IPT), over GCHQ's surveillance tools. In September 2014, it tackled GCHQ's involvement in the "Five Eyes" system. And now it has come at things from yet another angle:

Privacy International today filed a legal complaint demanding an end to the bulk collection of phone records and harvesting of other databases, from millions of people who have no ties to terrorism, nor are suspected of any crime.

The complaint, filed in the UK's Investigatory Powers Tribunal, is the first UK legal challenge to attack the UK Government Communications Headquarters' (GCHQ) use of "bulk personal datasets" equivalent of the US s.215 bulk phone records metadata program. The s.215 program run by the NSA, which has dominated the US surveillance reform debate since Edward Snowden revealed it, was curtailed just days ago with the passing of the USA Freedom Act.
The latest challenge flows from the publication in March of the IPT report, "Privacy and Security: A modern and transparent legal framework." Even with its frequent redactions, the report provided important new information on which Privacy International is basing its complaint:
The ISC does not reveal which datasets have been collected by GCHQ, but they are described as being "highly intrusive", containing "millions" of records, which are then "linked together." In a startling admission, the datasets were separately described as pertaining "to a wide range of individuals, the majority of whom are unlikely to be of intelligence interest."

There is no proper legal regime in place, with no restrictions on which datasets can be collected, how long they can be stored, or accessed. The acquisition and subsequent use of datasets is not authorised by a judge, or even a Minister.
It gets even worse:
There are no legal penalties for misuse of this information, and abuse of the data has already happened with the ISC finding that agencies “had disciplined – or in some cases dismissed – staff for inappropriately accessing personal information held in these datasets.” It is not sufficient that misuse is dealt with by individual disciplinary measures. We need much stronger safeguards to prevent misuse occurring in the first place.
Bringing multiple cases before tribunals and courts is one way to achieve that. At the very least, it makes people more aware of what is going on, and increasingly it is leading to small but symbolically important victories too.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bulk collection, gchq, nsa, surveillance, usa freedom act
Companies: privacy international


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 10 Jun 2015 @ 1:42am

    It is not sufficient that misuse is dealt with by individual disciplinary measures. We need much stronger safeguards to prevent misuse occurring in the first place.

    So long as an organization has the datasets, misuse is possible. The only way to mitigate misuse is to limit the data collected to that required to solve crimes and monitor terrorists.

    link to this | view in chronology ]

    • identicon
      DogBreath, 10 Jun 2015 @ 9:22am

      Re:

      The only way to mitigate misuse is to limit the data collected to that required to solve crimes and monitor terrorists.

      To paraphrase the saying: "if all you have is a hammer, everything looks like a nail", it should be now said: "When all you have is absolute power in collecting bulk personal datasets, you can prove everyone is a criminal and/or terrorist" (or at least you can make them appear to look that way, thusly justifying collecting all the data in the first place on those nasty criminals/terrorists).

      link to this | view in chronology ]

    • icon
      John Fenderson (profile), 10 Jun 2015 @ 10:25am

      Re:

      "The only way to mitigate misuse is to limit the data collected to that required to solve crimes and monitor terrorists."

      Your use of the word "required" is highly questionable here. I think "desired" is better. With that correction, then I agree. That's why restraining the massive data collection is an excellent thing: to reduce the potential for misuse.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 10 Jun 2015 @ 1:05pm

        Re: Re:

        Perhaps I should have said collect data only on people where a judge agrees that there is reasonable suspicion that they are involved in criminal or terrorist activity.

        link to this | view in chronology ]

  • identicon
    spod, 10 Jun 2015 @ 3:52am

    Good luck with that.

    At least you in the US have a written constitution to fall back on, even if the last few administrations have treated it more as a bunch of nice to haves rather than the basis of your laws.

    In the UK, we have an "Unwritten constitution" which means whatever the current lot infesting Westminster say it means.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Jun 2015 @ 6:10am

    False pride comes before the fall, they will regret their arrogance.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Jun 2015 @ 11:33am

    the problem here is that the UK government will ignore any ruling it doesn't like, just as it has done with the data retention even after being ruled unlawful by the EUCJ. Cameron and especially Theresa May, think they are laws unto themselves and can do what they want, with what they want, when they want, regardless of the 'official law'!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Jun 2015 @ 12:20pm

    This is pretty funny: "...IPT report, "Privacy and Security: A modern and TRANSPARENT legal framework." Even with its frequent REDACTIONS..."

    link to this | view in chronology ]

  • identicon
    Simon Bunce, 10 Jun 2015 @ 10:51pm

    GCHQ

    My role at MOD took me to GCHQ.

    I was sacked for reporting fraud within the MOD.

    Please contact me if you require any assistance regarding the illegal collection of data by the Government Listening Station based near Cheltenham.

    Thank you.

    Kindest Regards
    Squadron Leader SC Bunce RAF (Retired)

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.