GCHQ uses Cyber Techniques Outlawed in US

dink_cartoon_gchq_snoop_big.jpg?x=648&y=429&crop=1

In a fresh legal claim filed at the Investigatory Powers Tribunal (IPT), the campaign group calls for an end to the harvesting of information about those who have no ties to terrorism and are not suspected of any crime.
The IPT is the judicial body that hears complaints about the intelligence services and surveillance by public organisations. The tribunal has received dozens of submissions in the wake of Edward Snowden’s revelations about interception of Internet traffic by the US National Security Agency (NSA) and Britain’s GCHQ.

The latest claim is partially aimed at highlighting a disparity between US and UK surveillance practices that has emerged, Privacy International (PI) points out, following divergent responses by legislators in Washington and Westminster.

The passing of the USA Freedom Act last week curtailed so-called “section 215” bulk collection of phone record metadata – information about who called whom, and timings, but not the content of conversations. It was a victory for the libertarian cause and a restriction of state surveillance powers.

By contrast, UK privacy campaigners say, parliament’s Intelligence and Security Committee (ISC) has confirmed that GCHQ is still collecting datasets relating to “a wide range of individuals, the majority of whom are unlikely to be of intelligence interest.”

The coalition government also passed the emergency Data Retention and Investigatory Powers Act (DRIPA) last summer to preserve powers that would otherwise have been undermined by a European Court of Justice judgment. Two prominent MPs, Labour’s Tom Watson and the Conservative David Davis, were in the London high court recently challenging the legislation’s legitimacy.

Commenting on PI’s new claim, its deputy director Eric King said: “Secretly ordering companies to hand over their records in bulk, to be data-mined at will, without independent sign-off or oversight, is a loophole in the law the size of a double-decker bus.
“That the practice started, and continues, without a legal framework in place, smacks of an agency who sees itself as above the law. How can it be that the US is so much further ahead on this issue? With the USA Freedom Act now passed, the equivalent NSA power has now been curtailed before the debate this side of the pond has even begun.
“Bulk collection of data about millions of people who have no ties to terrorism, nor are suspected of any crime, is plainly wrong. That our government admits most of those in the databases are unlikely to be of intelligence value… shows just how off-course we really are.”

PI says bulk data sets retained by intelligence agencies may include a great variety of information, including telephone and Internet records, credit reference reports, medical records, travel records, biometric details and even loyalty card schemes. Their claim also calls for the destruction of “any unlawfully obtained material”.

A YouGov poll commissioned by Amnesty International released last week showed 56% of UK adults believed that Snowden, who worked for the US National Security Agency up until 2013, should have revealed classified information exposing US and UK government monitoring activities.

GCHQ always makes a clear distinction between intrusive “mass surveillance”, which it insists it does not undertake, and “bulk interception” of electronic communications, which says is necessary in order to carry out targeted searches of data in pursuit of terrorist or criminal activity.

In response to an earlier IPT ruling earlier this year, GCHQ said: “By its nature, much of [our] work must remain secret. But we are working with the rest of government to improve public understanding about what we do and the strong legal and policy framework that underpins all our work.”
Guardian:  http://bit.ly/1G7Lvf8

« ‘Don’t Risk IT – Cyber Secure IT’
Russia Hacked The German Parliament »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Caliber Security Partners

Caliber Security Partners

Caliber Security Partners is a full-service information security company, with a wide range of security services for clients with varying levels of security maturity.

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

Rockwell Automation

Rockwell Automation

Rockwell Automation offer industrial security solutions to protect the integrity and availability of your complex automation solutions.

Cloudbric

Cloudbric

Cloudbric is a cloud-based web security service, offering award-winning WAF, DDoS protection, and SSL, all in a full-service package.

Anomali

Anomali

Anomali delivers intelligence-driven cybersecurity solutions to enhance threat visibility, automate threat processing and detection, and accelerate threat investigation, response, and remediation.

PrimaTech

PrimaTech

PrimaTech provide process safety, cyber and process security, and risk management consulting, training and software for the process industries.

IDnext

IDnext

IDnext is the open and independent platform to support innovative approaches in the world of the Digital identity.

PECB

PECB

PECB is a certification body for persons, management systems, and products on a wide range of international standards in a range of areas including Information Security and Risk Management.

Kippeo Technologies

Kippeo Technologies

Kippeo is a security systems integrator providing innovative solutions that look at all the parameters and connect all the dots.

Simply Hired

Simply Hired

Simply Hired is a job search engine that collects job listings from all over the web, including company career pages, job boards and niche job websites.

ITsMine

ITsMine

ITsMine’s Beyond DLP™? solution is a leading Data Loss Prevention (DLP) solution used by organizations to protect against internal and external threats automatically.

Securolytics

Securolytics

Securolytics offers the simplest, most complete and affordable IoT security for all organizations. Securolytics quickly identifies unmanaged devices to reduce security and compliance risks.

Stronghold Cyber Security

Stronghold Cyber Security

Stronghold Cyber Security is a consulting company that specializes in NIST 800, the Cybersecurity Framework and the Cybersecurity Maturity Model Certification.

Morpheus Enterprises

Morpheus Enterprises

Morpheus Enterprises offer managed security solutions designed to keep your web applications secure and your business running smoothly.

Evolver

Evolver

Evolver delivers technology services and solutions that improve security, promote innovation, and maximize operational efficiency in support of government and commercial customers.

Barclay Simpson

Barclay Simpson

Barclay Simpson is proud to have a long history of delivering cyber security, technology and governance recruitment services.