Would anyone be surprised with the news that the U.K.’s spy agencies (GCHQ and MI5) breached the European Convention on Human Rights (ECHR) by covertly collecting bulk data about British citizens’ communications (content excluded)? This is exactly what a U.K. court recently ruled.
The bulk data collection now legal
(Not) surprisingly, the confirmation of the government has automatically made the data collection legal, according to the Investigatory Powers Tribunal. One legal decision has to be made – where the agencies’ actions reasonable, or in accordance with the threat that had to be opposed? (Perhaps not, since the agencies said the affected people were not of likely intelligence interest. More details are available below.)
The Investigatory Powers Tribunal says that the spy agencies had been breaching the ECHR. The privacy issue stems in the way bulk communications data (BCD) and bulk personal data (BPD) was assembled. The bulk communications data gathered was quite detailed: it contained information about the identity of the call participants, the time the call was made, where the call was made and the apparatus it was made with, who paid for the call and how much was paid:
Communications data, therefore, comprises, or includes, the date and time on which a call or electronic communication is made and received, the parties to it, the apparatus by which it is made and received and,in the case of a mobile telephone communication, the location from which it is made and in which it is received.It can include billing records and subscriber information.Just about the only information not included is the content of communications.
Read the full judgement
As stated in the tribunal’s ruling, the only information not included was the content of communications. The lack of this data is explained by the fact that in order for it to be obtained, an interception warrant is needed.
Did you know that the government may allow spy agencies to collect bulk data from network operators under a specific 1984 law? Nonetheless, the question of proportionality is a different story, since there were no mobile phones and no public internet in 1984.
Besides bulk communications data, the agencies also collected bulk personal data, including passport databases, telephone directories, and banking records. Curiously, in a court filing the agencies noted that the majority of the people whose data was collected are unlikely to be of any intelligence interest.
So, why was the data being collected in the first place?!
While in secret, the collection of bulk communication and personal data was in direct breach of the ECHR
Once the government “confessed” and set out oversight rules and a code of practice for these types of data collections, the issue became “foreseeable” and legal. Why? Because the people affected by the data collection could “foresee” the consequences of their actions.
Nonetheless, Millie Graham Wood, Privacy International legal officer, said that:
It is unacceptable that it is only through litigation by a charity that we have learned the extent of these powers and how they are used.
In addition, she insisted on public confirmation that unlawfully obtained personal data will be eradicated.