GCHQ Data Collection Violated Rights To Privacy

A mass surveillance programme by the UK government violated human rights, the European Court has ruled. It comes some-time after US whistleblower Edward Snowden disclosed British surveillance and intelligence-sharing practices. 

GCHQ’s methods in carrying out bulk interception of online communications violated privacy and failed to provide sufficient surveillance safeguards, the European court of human rights (ECHR) has ruled in a test case judgment.

But the Strasbourg court found that GCHQ’s regime for sharing sensitive digital intelligence with foreign governments was not illegal.

The judges considered three aspects of digital surveillance: bulk interception of communications, intelligence sharing and obtaining of communications data from communications service providers.

By a majority of five to two votes, the Strasbourg judges found that GCHQ’s bulk interception regime violated article 8 of the European convention on human rights, which guarantees privacy, because there were said to be insufficient safeguards, and rules governing the selection of “related communications data” were deemed to be inadequate.

The regime for sharing intelligence with foreign governments operated by the UK government did not, however, violate either article 8 or article 10.

It is the first major challenge to the legality of UK intelligence agencies intercepting private communications in bulk, following Edward Snowden’s whistleblowing revelations.

The long-awaited ruling is one of the most comprehensive assessments by the ECHR of the legality of the interception operations operated by UK intelligence agencies.

In a landmark case brought by charities including Amnesty and human rights group Big Brother Watch, the top court ruled that the "bulk interception regime" breached rights to privacy (Article 8).

The legal challenge was triggered by revelations made by Snowden in 2013, which showed GCHQ, the UK’s Government Communications Headquarters, was secretly intercepting, processing and storing data about millions of people’s private communications, even when those people were of no intelligence interest. In one of the operations, called Tempora, GCHQ was tapping into cables and communication networks to obtain huge volumes of internet data.
Snowden praised the judgment saying that governments had been pursued through the courts for five years. “Today, we won,” he said.

The former CIA employee had revealed that security services had been collecting bulk data, including telephone calls, messages and internet communication, whether or not people were suspected of a crime.
The case centred on powers given to security services under the Regulation of Investigatory Powers Act 2000 (Ripa), which has since been replaced.

In their ruling, judges declared there was insufficient monitoring of what information was being collected and that some safeguards were "inadequate".

They also found the programme breached rights to freedom of expression (Article 10) "as there were insufficient safeguards in respect of confidential journalistic material".

They wrote: "In view of the potential chilling effect that any perceived interference with the confidentiality of journalists' communications and, in particular, their sources might have on the freedom of the press, the Court found that the bulk interception regime was also in violation of article 10."

There was also not enough protection to ensure the safety of confidential journalistic sources, the judges ruled.
Three applications were joined together, from Big Brother Watch, the Bureau of Investigative Journalism, and 10 human rights charities, and were lodged after Mr Snowden's revelations.

All applicants felt their line of work meant they were more subject to having their communications intercepted by intelligence services.

The complaints centred on articles 8 and 10 of the convention of human rights, which protect a right to a private family life, and freedom of expression, with applicants saying bulk interception breached both.
The court did rule that a bulk operation on its own does not break the convention, but said that such a regime "had to respect criteria set down in its case law".

Because there was not enough independent oversight of the search and selection processes, there was a violation of the code. Judges on the case did not agree with the applicants over issues of sharing the information with foreign governments, ruling there was no evidence of abuse or significant shortcomings.

Sky:

You Might Also Read:

Cyberspies: The Secret History of Surveillance, Hacking And Digital Espionage:

Snowden Says Social Media Is Surveillance 'Rebranded':

 

« Enterprise Blockchain Struggles To Carve Out A Niche
How Hackers Skipped Through BA’s Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: How to build and implement an effective endpoint detection and response strategy

ON-DEMAND WEBINAR: How to build and implement an effective endpoint detection and response strategy

Discover how you can implement endpoint detection and response (EDR) tools into your security strategy.

Libraesva

Libraesva

Libraesva specialize in Email Security. From Email Security, Phishing Awareness and Email Archiver. We can assist you with any email issues you may have.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

Fox-IT

Fox-IT

Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises.

Sage Designs

Sage Designs

Sage Designs is a provider of SCADA, Security & Industrial Automation products and training programs.

Meiya Pico Information Co

Meiya Pico Information Co

Meiya Pico is the leading digital forensics and information security products and service provider in China.

Bangladesh Association of Software & Information Services (BASIS)

Bangladesh Association of Software & Information Services (BASIS)

BASIS is the national trade body for Software & IT Enabled Service industry of Bangladesh.

Miradore

Miradore

Miradore is a software company specializing in effective, cloud-based device management. Our goal is to help IT Service Providers and IT departments secure and control devices.

OCM Business Systems

OCM Business Systems

OCM are experts in the safe, secure and responsible disposal of IT & EPoS assets.

Enterprise Ethereum Alliance (EEA)

Enterprise Ethereum Alliance (EEA)

EEA is a member-led industry organization whose objective is to drive the use of Ethereum blockchain technology as an open-standard to empower ALL enterprises.

Keyavi Data

Keyavi Data

With Keyavi’s evolutionary data protection technology, your data stays within the bounds of your control in perpetuity.

Canonic Security

Canonic Security

Canonic streamlines app review, continuously monitors apps, and reduces the risks involved in third-party access to your data.

Resilience

Resilience

Resilience helps to improve cyber resilience by connecting cyber insurance coverage with advanced cybersecurity visibility and a shared plan to reinforce great cyber hygiene.

TAFEcyber

TAFEcyber

TAFEcyber is an Australian based consortium focusing on the skilling of the fast-growing cyber security workforce through education and training.

Aquia

Aquia

Aquia are on a mission to enable innovation and drive transformative change to solve the world’s most pressing and complex cybersecurity challenges.

Apollo Secure

Apollo Secure

Apollo is an automated cybersecurity platform for startups and small businesses to achieve and maintain security compliance.

Falconfeeds

Falconfeeds

Falconfeeds empowers businesses and security professionals with immediate access to the latest and historical threat intelligence data.