Written as editor of the New Statesman’s NS Tech and first published here.
Campaign group Privacy International is now halfway through a four-day trial for a case it filed in June last year that seeks to shine a light on the pervasive nature of government spying.
The case refers specifically to the “acquisition, use, retention, disclosure, storage and deletion of Bulk Personal Datasets”, and whether this is legal and proportionate.
Opening for Privacy International in front of the the Investigatory Powers Tribunal yesterday, Thomas de la Mare QC said that this “de facto constant surveillance” could become “the most potent instrument of repression”.
The case has evolved over the course of the last year as new admissions were made by security services, and formerly secret documents were released by GCHQ and MI5.
The bodies’ initial policy to “neither confirm nor deny” the practice was blasted out of the water when it was first acknowledged by parliament’s Intelligence and Security Committee. This was confirmed by the now prime minister Theresa May last November.
Privacy International’s case was then amended when it was found that spies were operating under section 94 of the Telecommunications Act 1984, rather than the Regulation of Investigatory Powers Act 2000, as had first been indicated.
The latest document disclosure came yesterday, including a report from the Cabinet Office that reveals concerns were raised as early as 2010 about the public defensibility of such activity.
Privacy International has, of course, added all of this to the full set of correspondence it’s collected online since the case was first filed, offering huge transparency on government secrecy.
It’s also created an infographic to help people understand exactly what ‘communications data’ is.
Although the government has suggested that collecting only ‘communications data’ and not ‘content data’ ensures anonymity of individuals, Privacy International has collected vast amounts of evidencethat calls this into question.
From the documents released, Privacy International has concluded that security services were using section 94 between 1998 and 2015 to collect traffic and service data via “regular feeds” from Internet Service Providers. On top of this, GCHQ was also “obtaining subscriber information until 2015 using section 94”.
In its witness statement, GCHQ’s Deputy Director of Mission Policy, explained that advancements in technology have now made it easier than ever before to “extract value” from large datasets. The body essentially has a “dedicated corporate tool”, or a spy search engine, to “quickly run searches”.
It was revealed earlier this year that spies were actually using this tool for “looking up addresses in order to send birthday cards, checking passport details to organise personal travel, checking details of family members for personal reasons”.
Essentially, as Google, for people.
Millie Graham Wood, Legal Officer at Privacy International, said yesterday: “Today’s disclosures provide a far more detailed and worrying picture on the vast collection of bulk personal data-sets and bulk communications data by the intelligence agencies than previously known.
“We are at last getting closer to piecing together the genesis of a regime which operated in secret for 18 years without adequate safeguards and oversight.”
Any powers being used today or in the past will be replaced by the Investigatory Powers Bill, which is still being considered by the House of Lords, but is expected to be enacted in the Autumn.
Tech industry body techUK has criticised the bill as a threat to the UK’s digital economy.