GCHQ internet spying was illegal, rules secret court

The UK's Investigatory Powers Tribunal (IPT) has ruled that the information sharing between the NSA and GCHQ was unlawful up until December 2014.

GCHQ internet spying was illegal, rules secret court
GCHQ internet spying was illegal, rules secret court

The case was brought forward by civil liberties groups Amnesty International, Liberty, Privacy international and Bytes for All in light of Edward Snowden's first leaks in summer of 2013, which revealed the bulk collection of data on millions of people by using the NSA's 'Prism' and 'Upstream' programmes.

Through Prism, the NSA gained access to the data and content handled by some of the world's largest internet companies, including Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple, while Upstream saw NSA intercept internet communications being transmitted over fibre optic cables.

Now, the secret UK court has concluded that GCHQ breached the European Convention of Human Rights (ECHR) under sections 8, the respect for a privacy and family life, and 10, the right to freedom of expression, by failing to declare what information was shared between the two agencies. The one-page document concludes that the agency “now complies with the said articles.”

This is the first time IPT has ruled against the UK secret services (GCHQ, MI5 and MI6) in its 15-year history.

“It is declared that prior to the disclosures made and referred to in the First Judgment and the Second Judgment, the regime governing the soliciting, receiving, storing and transmitting by UK authorities of private communications of individuals located in the UK, which have been obtained by US authorities pursuant to Prism and/or (on the Claimants' case) Upstream, contravened Articles 8 or 10 ECHR," reads the document.

This news comes just two months after the same court had ruled that GCHQ's access to NSA data was legal because certain secret details of the UK-US relationship were made public during Privacy International's case against the security services.

Eric King, deputy director of Privacy International, said in a statement that the US and UK secret agencies had acted like they were above the law, and praised Snowden for his contribution.

"For far too long, intelligence agencies like GCHQ and NSA have acted like they are above the law. Today's decision confirms to the public what many have said all along — over the past decade, GCHQ and the NSA have been engaged in an illegal mass surveillance sharing programme that has affected millions of people around the world. 

“We must not allow agencies to continue justifying mass surveillance programmes using secret interpretations of secret laws. The world owes Edward Snowden a great debt for blowing the whistle, and today's decision is a vindication of his actions.

“But more work needs to be done. The only reason why the NSA-GCHQ sharing relationship is still legal today is because of a last-minute clean-up effort by government to release previously secret “arrangements”. That is plainly not enough to fix what remains a massive loophole in the law, and we hope that the European Court decides to rule in favour of privacy rather than unchecked state power."

James Welch, legal director for Liberty, added: “We now know that, by keeping the public in the dark about their secret dealings with the National Security Agency, GCHQ acted unlawfully and violated our rights. That their activities are now deemed lawful is thanks only to the degree of disclosure Liberty and the other claimants were able to force from our secrecy-obsessed government.

“But the intelligence services retain a largely unfettered power to rifle through millions of people's private communications – and the Tribunal believes the limited safeguards revealed during last year's legal proceedings are an adequate protection of our privacy. We disagree, and will be taking our fight to the European Court of Human Rights.”

A spokesperson for Prime Minister David Cameron told Reuters: "The judgment will not require GCHQ to change what it does."

Alan Calder, founder and executive chairman at IT Governance, said in an email to SCMagazineUK.com that it is difficult to get the balance right between national security and privacy.

“I think that balancing human rights with the need to defend UK citizens against people who are committed to our destruction is an incredibly difficult thing to do," he said.

“I'm not sure that the general public properly understands the extent to which their personal security depends on our intelligence services identifying and undermining cyber-savvy criminals and terrorists…….in the same way that we expect security services to infiltrate and disrupt more traditional gangs, we ought to expect them to do everything within their legal power to reduce the likelihood of terrorist atrocities in the UK.”

Meanwhile, on the same day, the UK government quietly rolled out a new code of conduct on how agencies can hack and intercept telecommunications.