Home
 » ISP News » 
Sponsored

ECtHR Rules UK Mass Internet Surveillance of Citizens Unlawful

Thursday, September 13th, 2018 (11:56 am) - Score 520
spying on uk ISP internet traffic

The European Court of Human Rights has today ruled that the United Kingdom’s mass surveillance programmes, which came to light in 2013 after ex-NSA employee Edward Snowden leaked significant details to the press, were unlawful and “incapable of keeping the ‘interference’ to what is ‘necessary in a democratic society’“.

The Snowden documents revealed that the United Kingdom’s intelligence agency – GCHQ – were conducting “population-scale” interception, capturing the communications of millions of innocent people and even tapping into at least some of the world’s 10Gbps transatlantic fibre optic cable links (allegedly with the help of Vodafone, BT and others).

The mass spying programmes included TEMPORA, a bulk data store of all internet traffic; KARMA POLICE, a catalogue including “a web browsing profile for every visible user on the internet“; and BLACK HOLE, a repository of over 1 trillion events including internet histories, email and instant messenger records, search engine queries and social media activity.

Naturally it didn’t take long for a coalition of privacy and civil rights organisations – including Big Brother Watch, English PEN, the Open Rights Group (ORG) and computer science expert Dr Constanze Kurz – to take the Government to task over their snooping arrangements with the USA. Fast forward several years and the ECtHR has found in favour of their concerns, at least some of them.

The ECtHR Ruling

The court appears to have agreed that “bulk interception is by definition untargeted,” that there was a “lack of oversight of the entire selection process” and the safeguards were not “sufficiently robust to provide adequate guarantees against abuse“.

ECTHR Ruling Extract (See Full Summary)

It is a matter of some concern that the intelligence services can search and examine “related communications data” apparently without restriction. While such data is not to be confused with the much broader category of “communications data”, it still represents a significant quantity of data. The Government confirmed at the hearing that “related communications data” obtained under the section 8(4) regime will only ever be traffic data.

However, according to paragraphs 2.24-2.27 of the ACD Code, traffic data includes information identifying the location of equipment when a communication is, has been or may be made or received (such as the location of a mobile phone); information identifying the sender or recipient (including copy recipients) of a communication from data comprised in or attached to the communication; routing information identifying equipment through which a communication is or has been transmitted (for example, dynamic IP address allocation, file transfer logs and e-mail headers (other than the subject line of an e-mail, which is classified as content)); web browsing information to the extent that only a host machine, server, domain name or IP address is disclosed (in other words, website addresses and Uniform Resource Locators (“URLs”) up to the first slash are communications data, but after the first slash content); records of correspondence checks comprising details of traffic data from postal items in transmission to a specific address, and online tracking of communications (including postal items and parcels).

In addition, the Court is not persuaded that the acquisition of related communications data is necessarily less intrusive than the acquisition of content. For example, the content of an electronic communication might be encrypted and, even if it were decrypted, might not reveal anything of note about the sender or recipient. The related communications data, on the other hand, could reveal the identities and geographic location of the sender and recipient and the equipment through which the communication was transmitted. In bulk, the degree of intrusion is magnified, since the patterns that will emerge could be capable of painting an intimate picture of a person through the mapping of social networks, location tracking, Internet browsing tracking, mapping of communication patterns, and insight into who a person interacted with.

Consequently, while the Court does not doubt that related communications data is an essential tool for the intelligence services in the fight against terrorism and serious crime, it does not consider that the authorities have struck a fair balance between the competing public and private interests by exempting it in its entirety from the safeguards applicable to the searching and examining of content.

The court similarly highlighted “the risk that a system of secret surveillance set up to protect national security may undermine or even destroy democracy under the cloak of defending it,” before noting that it had to be “satisfied that there are adequate and effective guarantees against abuse.”

The case began in 2013, although the Government has since replaced the old rules with the new Investigatory Powers Act (IPA), which passed into law during November 2016. Today’s judgement that indiscriminate spying breaches rights protected by the ECHR (i.e. the right to respect for private and family life/communications) is thus likely to provoke further questions as to the lawfulness of bulk powers in the IPA.

Jim Killock, Executive Director of Open Rights Group, said:

“Viewers of the BBC drama, the Bodyguard, may be shocked to know that the UK actually has the most extreme surveillance powers in a democracy. Since we brought this case in 2013, the UK has actually increased its powers to indiscriminately surveil our communications whether or not we are suspected of any criminal activity.

In light of today’s judgment, it is even clearer that these powers do not meet the criteria for proportionate surveillance and that the UK Government is continuing to breach our right to privacy.”

The government has already been forced to amend its new IPA a few times and further legal challenges are being prepared by Liberty, not least in order tackle the rules that allow the state to hack our computers, hoover up information about who we speak to, where we go, and what we look at online, and collect profiles of individual people even without any suspicion of criminality (here).

However, it’s important to note that today’s judgement appeared to reject some of the concerns around the issue of sharing such information with foreign governments. Furthermore the ruling doesn’t completely say that such surveillance systems shouldn’t be allowed, but more that the UK’s approach or practice was unlawful.

Delicious
Add to Diigo
Mark Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he is also the founder of ISPreview since 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
9 Responses
  1. Chris

    it’s a bit embarrassing that we require oversight from ECHR in order to run a free, democratic country.
    It’s a shame they’re going to remove that and we’ll be left at the mercy of an overreaching and invasive Tory government after Brexit.

    • CarlT

      The ECtHR is nothing to do with the EU, however membership of it is required to be a member of the EU.

      So we can be assured that as soon as we have removed that requirement the government, regardless of political persuasion, will be getting us out of it and many people will love it as they’re too thick to consider the connotations and likely outcomes and don’t care either way as long as it gets us away from the awful ‘forriners’ threatening our ‘sovrinty’

  2. Paul

    Sooner we leave the eu the better

    • Doctor Colossus

      And here’s the first one to prove CarlT’s point made above. How wonderful.

    • CarlT

      This is why referendums on complex issues are a bad idea.

      Leaving the EU won’t take us out of the ECHR by default and if you’re really so keen on living in a surveillance state China is a few thousand miles to the east.

      I personally am a fan of the state not snooping at everything I do online as it is none of their business. If they have reasonable suspicion they can seek a warrant through the courts to snoop on me, thus ensuring checks and balances. Your mileage evidently varies which is strange given I thought a lack of ‘democracy’ was a rallying cry against the EU.

    • Peter

      I hate the EU
      I’ve spent part of my life having to deal with it in my employment.
      So bad was it that we preferred to deal and trade with any country that was NOT in the EU.
      We even made formal representation though HMG of the way other EU countries went out of their way to obstruct our business – open market – yeah right – NOT.

      The conclusion I came to was simply that the EU was a scam to extract a much money from us as possible, give us the odd tit bit back to make it seem like we are getting “value”.

      The EU is even trying to screw over my hobby though in this case opposed by many others in other countries – everything the EU touches it just seems to want to destroy.

      Frankly I’d ago broad and do business there – so long as its not in the EU

  3. Jane

    Im a journalist and hacked and tracked from 2000. It has been and remains full on life hacking and is destroying my life. Fighting with police to resolve it – the Met found who hacked the celebs – third parties keep interfering and blocking investigation. I keep pushing. The hacking is via ID so hackers are blocking my emails and work, job applications and work, tampering with my blood tests and blocking all of my friends whilst operating a smear campaign I am ‘delusional’ so the floodgates don’t open for all the other hacking-victims. This is how wrong it has gone.

    • CarlT

      That would be an unprecedented level of intrusion into a private citizen’s life and would point to serious deficiencies with a wide variety of private companies and government agencies. Blood test results as they stand on medical files being modified are, especially, alarming.

      I would be very interested in hearing more, and if you would be agreeable would be happy for the site admin here to provide you my academic (.ac.uk) email address – my identity from there can be cryptographically verified and via public key cryptographically we can communicate securely end to end.

      Information would be anonymously attributed and be used in a thesis.

      Thanks.

    • eM

      With two of my family members suffering from schizophrenia, I find the comment above very much indicative of similar symptoms.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Promotion
Cheapest Superfast ISPs
  • Hyperoptic £17.00 (*22.00)
    Avg. Speed 30Mbps, Unlimited
    Gift: Code: ONLINEDEAL
  • Vodafone £20.00 (*22.00)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • TalkTalk £22.50
    Avg. Speed 36Mbps, Unlimited
    Gift: None
  • Plusnet £23.99 (*34.98)
    Avg. Speed 36Mbps, Unlimited
    Gift: None
  • First Utility £24.99 (*31.99)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
Poll
*Javascript must be ON to vote*
The Top 20 Category Tags
  1. BT (2229)
  2. FTTP (1640)
  3. FTTC (1463)
  4. Broadband Delivery UK (1458)
  5. Openreach (1179)
  6. Politics (1177)
  7. Business (1052)
  8. Statistics (931)
  9. Fibre Optic (856)
  10. Mobile Broadband (841)
  11. Ofcom Regulation (777)
  12. Wireless Internet (775)
  13. FTTH (752)
  14. 4G (731)
  15. Virgin Media (719)
  16. Sky Broadband (532)
  17. TalkTalk (511)
  18. EE (481)
  19. Vodafone (374)
  20. Security (361)
New Forum Topics
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules