GCHQ Dinged For Illegally Holding Onto Human Rights Groups Emails Too Long, Not For Collecting Them In The First Place

from the that's-not-right dept

Mon, Jun 22nd 2015 2:42pm — Mike Masnick

Following on a ruling nearly two months ago, where the UK's Investigatory Powers Tribunal -- for the very first time -- found that GCHQ had broken the law with its surveillance of client/attorney communications, now the IPT has ruled against GCHQ again. The IPT says that GCHQ held emails of human rights activists for too long -- but found that the initial collection of those emails was no problem at all.

In respect of the Third Claimant (The Egyptian Initiative for Personal Rights), the Tribunal has found that email communications of the Third Claimant were lawfully and proportionately intercepted and accessed, pursuant to s.8(4) of RIPA. However, the time limit for retention permitted under the internal policies of GCHQ, the intercepting agency, was overlooked in regard to the product of that interception, such that it was retained for materially longer than permitted under those policies.

So, no problem spying on human rights organizations -- just make sure you delete the emails within the allotted timeframe. And, of course, the court concludes that this is a pretty minor violation, given that there's no evidence anyone actually looked at the data after they should have destroyed it:

We are satisfied however that the product was not accessed after the expiry of the relevant retention time limit, and the breach can thus be characterised as technical...

Still, it notes, even a technical breach is a breach and thus slaps GCHQ on the wrist. This seems like pretty weak sauce all around, but at the very least, the IPT is finally recognizing that GCHQ isn't following the law at times. It's not nearly enough, and the level of oversight is laughable. And, of course, none of these breaches, technical or otherwise, likely would have come to light at all without Ed Snowden.

Final Liberty Ors Open Determination (PDF)Final Liberty Ors Open Determination (Text)

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: emails, gchq, human rights, investigatory powers tribunal, ipt, privacy

7 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 22 Jun 2015 @ 2:59pm

any evidence that the emails weren't copied? that could easily have been why they weren't looked at, supposedly, during the extended time they were illegally held, it was known they could be looked at at leisure!
[ link to this | view in chronology ]
- Coyne Tibbets (profile), 22 Jun 2015 @ 4:08pm
  
  Re:
  "Looking at 'data' at leisure" is the whole aim of the security agencies here and abroad. They don't want something they can dig through now; they want all the data so they can dig through it forever.
  
  This has to do with a fundamentally broken mindset: Where you or I might temporarily suspect someone of something, for them suspicion is a permanent condition. Where you or I might try to investigate and, finding nothing supportive, shrug our shoulders and move on; for them, an inability to prove their suspicions means they do not possess enough information.
  
  So they're horribly concerned that, if they don't possess all information forever, someday they might not be able to prove Abu Uba is a money-laundering drug lord terrorist, by digging through and discovering something Abu's great grandfather's cousin's best friend might have said.
  [ link to this | view in chronology ]
JoeCool (profile), 22 Jun 2015 @ 8:37pm

Double standards....
The government makes a tiny "technical" breach of law and it's a slap on the wrist. A citizen makes a tiny "technical" breach of law and the government pushes for decades of prison time.
[ link to this | view in chronology ]
drsally, 22 Jun 2015 @ 10:28pm

well...
There's an assumption here that just because a group calls itself a "human rights group," that's actually the case. The article clearly sneers at the idea looking into a "human rights organization" might be legitimate, but such groups often are used as cover for more nefarious goals. Oversight of government surveillance is clearly necessary, but privacy people often fall into this mindset that no surveillance is ever useful or proper. That's just false.
[ link to this | view in chronology ]
- That One Guy (profile), 22 Jun 2015 @ 11:03pm
  
  Re: well...
  And various government agencies like to claim that they are under strict oversight, that they follow the laws and rules set forth, and that they absolutely are focused on respecting the privacy and rights of the public, and we can all see how well they managed that...
  
  As for the backlash against spying, that's both a strawman, and a natural response to what has been done. Most people would probably agree that targeted surveillance is useful, it's the 'grab everything just in case' actions that people object to.
  
  For those that do object to any surveillance, that's most likely due to the spy agencies poisoning the well of public opinion by spying on everyone, undermining safety, violating rights, and all that simply because they can. If you show that you can't responsibly handle something, don't be surprised that people might want to take it away from you, even if it can be useful if properly used.
  [ link to this | view in chronology ]
- Klaus, 23 Jun 2015 @ 4:38am
  
  Re: well...
  "...such groups often are used as cover for more nefarious goals"
  
  Can you cite a source?
  
  Looking at the organisations that brought these complaints forward, I doubt anyone could legitimately label them or their goals nefarious...
  [ link to this | view in chronology ]
- John Fenderson (profile), 23 Jun 2015 @ 8:10am
  
  Re: well...
  "privacy people often fall into this mindset that no surveillance is ever useful or proper."
  
  They do? I haven't seen that. What I have seen is that privacy advocates often fall into the mindset that surveillance is frequently misused and that ubiquitous surveillance isn't proper. Which is true.
  [ link to this | view in chronology ]