Wednesday, June 18, 2014

GCHQ thinks mass-spying within the UK is legal

From reading it, UK law on spying seems crystal clear: intercepting "internal" communications requires a warrant. Intercepting external ones doesn't. So what's an "external" communication? Apparently anything GCHQ wants it to be - including all social media and search engine traffic from within the UK:

The government's most senior security official, Charles Farr, detailed how searches on Google, Facebook, Twitter and YouTube, as well as emails to or from non-British citizens abroad, can be monitored by the security services because they are deemed to be "external communications".

It is the first time that the government has admitted that UK citizens, talking via supposedly private channels in social media such as Twitter direct messages, are deemed by the British government to be legitimate legal targets that do not require a warrant before intercepting.


[Director general of the Office for Security and Counter-Terrorism, Charles Farr's] submission explains that searches on Google, Twitter, Facebook and YouTube are likely to involve communicating with a "web-based platform" abroad and are therefore "external communications" which do not "require a person or a set of premises to be named in the interception warrant". Emails sent or received from abroad could be intercepted in a similar way.

And the reason for this interpretation? Basically because getting complying with the law woudl be too hard:
Farr says: "Any regime that … only permitted interception in relation to specific persons or premises, would not have allowed adequate levels of intelligence information to be obtained and would not have met the undoubted requirements of intelligence for the protection of national security.
But this seems to pretty blatantly violate section 2 of the Regulation of Investigatory Powers Act, which makes it clear that an "internal" communication is one which happens in the UK.

The question now is whether the courts will let them get away with it. For an ordinary citizen, compliance being "too hard" (meaning: inconvenient) is not an excuse. Now we get to see if the establishment applies the same standard it expects from the peasants to itself.

As for New Zealand, we use a different formulation, prohibiting GCSB interceptions of "private communications" between New Zealand citizens or permanent residents. While there's an intentional loophole there allowing warrantless mass-surveillance of our metadata, it doesn't appear to give the GCSB the same scope to play definition games that GCHQ has. But they may very well be pretending not to know if a communication is from a New Zealander, or (like the NSA) pretending its not intercepted if a computer rather than a person looks at it. Unfortunately, we just don't know. Which is why they should be required to publish all their legal interpretations of their Act, so we can see exactly what they think they're empowered to do - and nip any illegal spying in the bud.

Update: It gets worse. According to Privacy International, GCHQ does subscribe to the NSA "spying doesn't count if its a computer" meme, and when an actual person is involved, it doesn't matter "because the analyst reading or listening to an individual’s communication will inevitably forget about it anyway." Except of course if they discover anything juicy, in which case its no doubt a triumph of British intelligence.

This is simply panopticon thinking. And the organisations promoting it must be defunded and destroyed.