GCHQ Data Collection Violated Rights To Privacy

Uploaded on 2018-09-14 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, FREE TO VIEW

A mass surveillance programme by the UK government violated human rights, the European Court has ruled. It comes some-time after US whistleblower Edward Snowden disclosed British surveillance and intelligence-sharing practices. 

GCHQ’s methods in carrying out bulk interception of online communications violated privacy and failed to provide sufficient surveillance safeguards, the European court of human rights (ECHR) has ruled in a test case judgment.

But the Strasbourg court found that GCHQ’s regime for sharing sensitive digital intelligence with foreign governments was not illegal.

The judges considered three aspects of digital surveillance: bulk interception of communications, intelligence sharing and obtaining of communications data from communications service providers.

By a majority of five to two votes, the Strasbourg judges found that GCHQ’s bulk interception regime violated article 8 of the European convention on human rights, which guarantees privacy, because there were said to be insufficient safeguards, and rules governing the selection of “related communications data” were deemed to be inadequate.

The regime for sharing intelligence with foreign governments operated by the UK government did not, however, violate either article 8 or article 10.

It is the first major challenge to the legality of UK intelligence agencies intercepting private communications in bulk, following Edward Snowden’s whistleblowing revelations.

The long-awaited ruling is one of the most comprehensive assessments by the ECHR of the legality of the interception operations operated by UK intelligence agencies.

In a landmark case brought by charities including Amnesty and human rights group Big Brother Watch, the top court ruled that the "bulk interception regime" breached rights to privacy (Article 8).

The legal challenge was triggered by revelations made by Snowden in 2013, which showed GCHQ, the UK’s Government Communications Headquarters, was secretly intercepting, processing and storing data about millions of people’s private communications, even when those people were of no intelligence interest. In one of the operations, called Tempora, GCHQ was tapping into cables and communication networks to obtain huge volumes of internet data.
Snowden praised the judgment saying that governments had been pursued through the courts for five years. “Today, we won,” he said.

The former CIA employee had revealed that security services had been collecting bulk data, including telephone calls, messages and internet communication, whether or not people were suspected of a crime.
The case centred on powers given to security services under the Regulation of Investigatory Powers Act 2000 (Ripa), which has since been replaced.

In their ruling, judges declared there was insufficient monitoring of what information was being collected and that some safeguards were "inadequate".

They also found the programme breached rights to freedom of expression (Article 10) "as there were insufficient safeguards in respect of confidential journalistic material".

They wrote: "In view of the potential chilling effect that any perceived interference with the confidentiality of journalists' communications and, in particular, their sources might have on the freedom of the press, the Court found that the bulk interception regime was also in violation of article 10."

There was also not enough protection to ensure the safety of confidential journalistic sources, the judges ruled.
Three applications were joined together, from Big Brother Watch, the Bureau of Investigative Journalism, and 10 human rights charities, and were lodged after Mr Snowden's revelations.

All applicants felt their line of work meant they were more subject to having their communications intercepted by intelligence services.

The complaints centred on articles 8 and 10 of the convention of human rights, which protect a right to a private family life, and freedom of expression, with applicants saying bulk interception breached both.
The court did rule that a bulk operation on its own does not break the convention, but said that such a regime "had to respect criteria set down in its case law".

Because there was not enough independent oversight of the search and selection processes, there was a violation of the code. Judges on the case did not agree with the applicants over issues of sharing the information with foreign governments, ruling there was no evidence of abuse or significant shortcomings.

Sky:

You Might Also Read:

Cyberspies: The Secret History of Surveillance, Hacking And Digital Espionage:

Snowden Says Social Media Is Surveillance 'Rebranded':

 

« Enterprise Blockchain Struggles To Carve Out A Niche
How Hackers Skipped Through BA’s Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

SecDev

SecDev

SecDev is a consulting firm working at the intersection of geopolitical, digital, urban, energy and cyber risk.

CS Group

CS Group

CS Group offers a complete range of security solutions from consultancy to security maintenance and from secure infrastructure design to security governance.

Shift Technology

Shift Technology

Shift Technology provides insurance companies with an innovative SaaS solution to improve and scale fraud detection.

Infortec

Infortec

Infortec provide consultancy and solutions for the protection of digital information and the management of computer resources.

Safe Security

Safe Security

Safe Security (formerly Lucideus) provides Cyber risk assessment services and platforms to multiple Fortune 500 companies and governments across the globe.

Ascend Technologies

Ascend Technologies

Ascend Technologies offers a full suite of managed IT services including: Cloud & Infrastructure Management, Cybersecurity Management, Service Desk Management, Application Management , Data Management

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

Appsec Phoenix

Appsec Phoenix

Appsec Phoenix is an end to end vulnerability management platform that focuses on workflows, threat feed, and real time data.

Purple Knight

Purple Knight

Purple Knight is a free Active Directory security assessment tool built and managed by an elite group of Microsoft identity experts.

GuardYoo

GuardYoo

GuardYoo's SaaS platform allows cybersecurity professionals to perform Compromise Assessment remotely from anywhere in the world.

CryptoNext Security

CryptoNext Security

CryptoNext provides optimal end-to-end post-quantum cybersecurity remediation tools and solutions for IT/OT infrastructures & applications.

Cyviation

Cyviation

Cyviation's mission is to mitigate ever-growing and menacing Cyber Security threats, focusing on aircraft, airlines and airports.

Insurica

Insurica

INSURICA is a full-service insurance agency built upon a tradition of integrity, industry leadership, and excellence.

Intracis

Intracis

Intracis is a 'Made in India' cyber incident management solution aimed at ‘Making Security Simple’ by simplifying cyber incident management for CERTS and CSIRTS.

Start-Up Chile (SUP)

Start-Up Chile (SUP)

Start-Up Chile is a business accelerator program created by the Chilean Government for high-potential tech entrepreneurs.

RedArx Cyber Group

RedArx Cyber Group

At RedArx Cyber Group, our vision is to empower businesses with cutting-edge, proactive security solutions that safeguard their digital landscapes.