Liberty News

Britain's top counter-terrorism official has been forced to reveal a secret Government policy justifying the mass surveillance of every Facebook, Twitter, Youtube and Google user in the UK.

This disturbing policy was made public due to a legal challenge brought by Privacy International, Liberty, Amnesty International, the American Civil Liberties Union, Pakistani organisation Bytes for All, and five other national civil liberties organisations1

The statement, from Charles Farr, the Director General of the Office for Security and Counter Terrorism, claims that the indiscriminate interception of UK residents' Facebook and Google communications would be permitted under law because they are defined as external communications .

Farr's statement, published today by the rights organisations, is the first time the Government has openly commented on how it thinks it can use the UK's vague surveillance legal framework to indiscriminately intercept communications through its mass interception programme, TEMPORA.

The secret policy outlined by Farr defines almost all communications via Facebook and other social networking sites, as well as webmail services Hotmail and Yahoo and web searches via Google, to be external communications because they use web-based platforms based in the US.

The distinction between internal and external communications is crucial. Under the Regulation of Investigatory Powers Act ('RIPA'), which regulates the surveillance powers of public bodies, internal communications may only be intercepted under a warrant which relates to a specific individual or address. These warrants should only be granted where there is some suspicion of unlawful activity. However, an individual's external communications may be intercepted indiscriminately, even where there are no grounds to suspect any wrongdoing.

By defining the use of platforms such as Facebook, Twitter and Google as external communications , British residents are being deprived of the essential safeguards that would otherwise be applied to their communications - simply because they are using services that are based outside the UK.

Such an approach suggests that GCHQ believes it is entitled to indiscriminately intercept all communications in and out of the UK. The explanations given by Mr Farr suggest that:

GCHQ is intercepting all communications - emails, text messages, and communications sent via platforms such as Facebook and Google -- before determining whether they fall into the internal or external categories The Government considers almost all Facebook and other social media communications, and Google searches will always fall within the external category, even when such communications are between two people in the UK Classifying communications as external allows the Government to search through, read, listen to and look at each of them. The only restriction on what they do with communications that they classify as external is that they cannot search through such communications using keywords or terms that mention a specific British person or residence. Even though the Government is conducting mass surveillance - intercepting and scanning through all communications in order to work out whether they are internal or external - they consider that such interception has less importance than whether a person actually reads the communication, which is where the Government believes the substantive interference with privacy arises . The Government believes that, even when privacy violations happen, it is not an active intrusion because the analyst reading or listening to an individual's communication will inevitably forget about it anyway.

The legal challenge is brought following revelations made by Edward Snowden about the UK's global digital surveillance activities. Farr is the government's star witness in the case, which will be heard by the Investigatory Powers Tribunal between 14 and 18 July 2014. Read our arguments here.

In addition to Farr's statement, we are publishing the witness statements from Dr Gus Hosein, Executive Director of Privacy International, and Eric King, Deputy Director of Privacy International. Additional evidence submitted by Privacy International, from Dr Ian Brown, Oxford Internet Institute, and Cindy Cohn, Legal Director of the Electronic Frontier Foundation, can be found here and here.

Eric King, Deputy Director of Privacy International said:

Intelligence agencies cannot be considered accountable to Parliament and to the public they serve when their actions are obfuscated through secret interpretations of byzantine laws. Moreover, the suggestion that violations of the right to privacy are meaningless if the violator subsequently forgets about it not only offends the fundamental, inalienable nature of human rights, but patronises the British people, who will not accept such a meagre excuse for the loss of their civil liberties.

James Welch, Legal Director of Liberty said:

The security services consider that they're entitled to read, listen and analyse all our communications on Facebook, Google and other US-based platforms. If there was any remaining doubt that our snooping laws need a radical overhaul there can be no longer. The Agencies now operate in a legal and ethical vacuum; why the deafening silence from our elected representatives?

Michael Bochenek, Senior Director of International Law and Policy at Amnesty International said:

British citizens will be alarmed to see their government justifying industrial-scale intrusion into their communications. The public should demand an end to this wholesale violation of their right to privacy.

Shahzad Ahmad, Country Director, Bytes for All

We've always believed that Tempora enables unlawful profiling of people living outside UK. Now we've come to learn that GCHQ are also subjecting UK residents to this intrusive spying. Such an action by UK intelligence agencies is sheer violation of people's privacy, security, freedom of expression, and assembly. Such attempts by established democracies are setting extremely worrisome precedents for repressive regimes all over the world.

Vodafone , one of the world's largest mobile phone groups, has revealed the existence of secret facilities that allow government agencies to listen to all conversations on its networks, saying they are widely used in 29 countries in which it operates in Europe and beyond.

The company has broken its silence on government surveillance in order to push back against the increasingly widespread use of phone and broadband networks to spy on citizens.

The company said lines had been connected directly to its network and those of other telecoms groups, allowing agencies to listen to or record live conversations and, in certain cases, track the whereabouts of a customer.

Privacy campaigners said the revelations were a nightmare scenario that confirmed their worst fears on the extent of snooping. Liberty director, Shami Chakrabarti said:

For governments to access phone calls at the flick of a switch is unprecedented and terrifying. [Edward] Snowden revealed the internet was already treated as fair game. Bluster that all is well is wearing pretty thin -- our analogue laws need a digital overhaul.

Offsite Article: No transparency for the UK in Vodafone's transparency report

7th June 2014. See  article from  openrightsgroup.org

Yesterday's transparency report from Vodafone raised a very intriguing question: why did Vodafone feel obliged to redact aggregate surveillance statistics from their UK report?

...Read the full article

Don't Spy On Us: Day of Action
7th June 2014. From 13:15.
Shoreditch Town Hall, London

The performer Stephen Fry condemned the government's failure to act over the Snowden revelations at the start of the Don't Spy on Us Day of Action in London today. In a pre-reco rded video, Fry said that using the fear of terrorism, is a duplicitous and deeply wrong means of excusing something as base as spying on the citizens of your own country.

Marking the anniversary of the start of the Snowden revelations, the Day of Action is the biggest privacy event of 2014, with over 500 people attending the conference at Shoreditch Town Hall.  Speaking at the event are high profile experts in technology, security and human rights, from all over the world. They include Wikipedia founder Jimmy Wales who said: The tide is beginning to turn as the public comes to understand just how broken the surveillance state is.

Author and co-founder of the Open Rights Group, Cory Doctorow said:

Freedom from surveillance is essential to freedom itself. The freedom to think, to speak and to have discourse without fear of reprisal or judgement is at the core of democracy itself.

Security technologist and author, Bruce Schneier said:

We have to choose between surveillance or security: an internet that is vulnerable to all attackers or an internet that is secure for all users. In our interconnected world, security is more important.

The day of action was organised by the Don't Spy on Us Campaign, a coalition of privacy, free expression and digital rights organisations, that is calling for the government to put an end to mass surveillance by GCHQ.

Don't Spy on Us is calling for:

• an inquiry to report before the next general election to investigate the extent to which the law has failed

• new legislation that will make the security agencies accountable to our elected representatives.

• judges not the Home Secretary to decide when spying is justified

• an end to mass surveillance in line with our 6 principles (No surveillance without suspicion, Transparent laws not secret laws, Judicial not political authorisation, Effective democratic oversight, The right to redress, A secure web for all).

Thomas Hughes, Executive Director, ARTICLE 19:

"All of us have a right to free expression and a right to privacy, but these are violated by arbitrary mass surveillance programmes that assume guilt over innocence. If the UK, which prides itself on being an open and democratic nation, continues to carry out mass surveillance on this scale, it gives carte blanche to oppressive regimes to keep spying on their citizens, restricting the space for free expression."

Emma Carr, acting director of Big Brother Watch:

"On the first anniversary of the spying revelations, we call on the Government to publicly recognise that the UK's surveillance law urgently needs reviewing and that the oversight mechanisms need strengthening. Without affirmative action the Government will certainly find that the general public's faith in politicians to properly monitor how the security agencies are using surveillance powers will diminish. The law is out of date, the oversight is weak and the reporting of what happens is patchy at best. The public is right to expect better and it is high time that the Government stops burying its head in the sand and accept that the current status quo must change."

Jo Glanville, Director, English PEN:

"The protection of the right to a private life is crucial for freedom of expression.  None of us can freely exchange or record information and ideas without the expectation of privacy.  Its been a year since we found out that GCHQ has been engaging in blanket, unwarranted surveillance and our politicians have conspicuously failed to address our concerns or to protect our rights.  They need to act now."

Shami Chakrabarti, Director of Liberty:

"The game is up and the authorities busted on blanket surveillance pursued without democratic debate let alone legal authority. Now those in power need to know that we care. Events like 'Don't Spy On Us' are an important part of demonstrating that fundamental breaches of trust have consequences."

Jim Killock, Open Rights Group:

"We've had a year of inaction, delay and obfuscation from the  government. They can't avoid answering these questions forever. They're undermining everyone's confidence in the security services, parliament and the technologies we use everyday."

Gus Hosein, Executive Director of Privacy International:

Secret surveillance is an anathema to a democratic society, as no real debate can take place without an informed public. The Snowden documents have been critical in sparking this debate, and we must now advocate for laws that make the State's actions transparent, subject to independent authorisation and effective oversight, and outline clear legal frameworks in accordance with democratic principles.

Edward Snowden started this, now it's our turn to be heroes. Proudly display these badges on your sites or social media. You'll be helping protect everyone who sees your part of the web.

Edward Snowden explains

One year ago, we learned that the internet is under surveillance, and our activities are being monitored to create permanent records of our private lives -- no matter how innocent or ordinary those lives might be.

Today, we can begin the work of effectively shutting down the collection of our online communications, even if the US Congress fails to do the same. That's why I'm asking you to join me on June 5th for Reset the Net, when people and companies all over the world will come together to implement the technological solutions that can put an end to the mass surveillance programs of any government. This is the beginning of a moment where we the people begin to protect our universal human rights with the laws of nature rather than the laws of nations.

We have the technology, and adopting encryption is the first effective step that everyone can take to end mass surveillance. That's why I am excited for Reset the Net -- it will mark the moment when we turn political expression into practical action, and protect ourselves on a large scale.

Join us on June 5th, and don't ask for your privacy. Take it back.

Drivers will within 10 years face inflated insurance premiums  or be forced off the road unless they allow their driving to be monitored at all times by spying technology.

A number of major insurers are launching hi-tech products this year that will monitor driving data such as the number of journeys, time of day the car is used and behaviour such as speed and braking.

Despite concerns about privacy and data protection, speakers at an insurance industry conference last week said such technology, known as telematics , would become opt-out, rather than opt-in for motorists.

Tom Ellis of Gocompare, the insurance comparison website, told The Telegraph:

In 10 years' time there will still be customers who prefer not to have a telematics device installed, [but] it will be an opt-out situation, rather than an opt-in.

There will be reasons for people opting out -- perhaps because they are bad drivers, or unhappy with the privacy element, or have an old car. But they will have to accept a higher premium to insure their car.

The technology will soon be fitted in new cars as standard. Under EU regulations, all new cars will need black box-style technology, known as eCall, from October 2015, supposedly to help emergency services find crashed vehicles.

The prospect has prompted serious concerns about drivers' rights to privacy. Emma Carr of Big Brother Watch said:

Forcing drivers to have a telematics device installed in their car, which is capable of recording and transmitting exactly where and when they are driving, is totally unacceptable.

There is a clear risk that once the telematics device is installed drivers will lose total control over who has access to their data and how they will use it.

A highly critical report by the Commons home affairs select committee published on Friday calls for a radical reform of the current system of oversight of MI5 , MI6 and GCHQ , arguing that the current system is so ineffective it is undermining the credibility of the intelligence agencies and parliament itself.

The MPs say the current system was designed in a pre-internet age when a person's word was accepted without question. Committee chairman, Keith Vaz said:

It is designed to scrutinise the work of George Smiley, not the 21st-century reality of the security and intelligence services. The agencies are at the cutting edge of sophistication and are owed an equally refined system of democratic scrutiny. It is an embarrassing indictment of our system that some in the media felt compelled to publish leaked information to ensure that matters were heard in parliament.

The cross-party report is the first British parliamentary acknowledgement that Snowden's disclosures of the mass harvesting of personal phone and internet data need to lead to serious improvements in the oversight and accountability of the security services.

Malcolm Rifkind the Tory chairman of parliament's intelligence and security committee that is supposed to be monitoring the security services attacked Snowden and his supporters for their insidious use of language such as mass surveillance and Orwellian.

Update: Privacy International file complaint against GCHQ

14th May 2014. See  article from  bbc.co.uk

Privacy campaigners are seeking to stop GCHQ using unlawful hacking to help its surveillance efforts. Privacy International said the UK intelligence service has infected millions of devices to spy on citizens and scoop up personal data.

A 30-page legal complaint has been filed with the Investigatory Powers Tribunal which monitors whether the UK's spying laws are being observed.

In a statement , the Privacy International pressure group said the documents released by Edward Snowden had detailed the many ways that GCHQ was spying on people, many of which violated the European Convention on Human Rights which guarantees a right to privacy and to freedom of expression.

New technology is now allowing law enforcement agencies to search through collections of images to help track down the identity of photo-taking criminals.

Investigations in the past have shown that a digital photo can be paired with the exact same camera that took it, due to the patterns of Sensor Pattern Noise (SPN) imprinted on the photos by the camera's sensor. Since each pattern is idiosyncratic, this allows law enforcement to fingerprint any photos taken. And once the signature has been identified, the police can track the criminal across the Internet, through social media and anywhere else they've kept photos.

In a research paper entitled On the usage of Sensor Pattern Noise for Picture-to-Identity linking through social network accounts , the team argues that:

Digital imaging devices have gained an important role in everyone's life, due to a continuously decreasing price, and of the growing interest on photo sharing through social networks. Today, everyone continuously leaves visual 'traces' of his/her presence and life on the Internet, that can constitute precious data for forensic investigators.

While the certainty of the technique is currently only just better than chance, but surely this will improve.

Google has clarified its email scanning practices in a terms of service update, informing users that incoming and outgoing emails are analysed by automated software. The revisions explicitly state:

Our automated systems analyse your content (including emails) to provide you personally relevant product features, such as customised search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.

Google's ads use information gleaned from a user's email combined with data from their Google profile as a whole, including search results, map requests and YouTube views, to display what it considers are relevant ads in the hope that the user is more likely to click on them and generate more advertising revenue for Google.

For a distinguished example of meritorious public service by a newspaper or news site through the use of its journalistic resources, including the use of stories, editorials, cartoons, photographs, graphics, videos, databases, multimedia or interactive presentations or other visual material, a gold medal.

Awarded to The Washington Post for its revelation of widespread secret surveillance by the National Security Agency, marked by authoritative and insightful reports that helped the public understand how the disclosures fit into the larger framework of national security.

and

Awarded to The Guardian US for its revelation of widespread secret surveillance by the National Security Agency, helping through aggressive reporting to spark a debate about the relationship between the government and the public over issues of security and privacy.

Sir Anthony May, the Interception of Communications Commissioner, has launched a review to see if there is excessive monitoring of people's phone calls and emails as figures show more than 1,400 requests are made every day.

He fears police may automatically resort to checking an individual's communications at the outset of an investigation when it is not justified.

Last year, a total of 514,608 requests were made for such data, the majority of which came from police forces. In his first report since taking up the post, Sir Anthony said a review would now:

Take a critical look at the constituents of this bulk to see if there might be a significant institutional overuse.

Since a very large proportion of these communications data applications come from police and law enforcement investigations, it may be that criminal investigations generally are now conducted with such automatic resort to communications data that applications are made and justified as necessary and proportionate, when more emphasis is placed on advancing the investigations with the requirements of privacy unduly subordinated.

In a landmark ruling, the European Court of Justice has declared the EU's Data Retention directive to be a violation of Internet users' privacy.

Under the Directive Internet providers and other telecom companies were required to log and store vast amounts of information, including who their subscribers communicate with, and what IP-addresses they use.

The local authorities could then use this information to fight serious crimes, but it was also been frequently used by third parties, in online piracy cases for example.

The Court ruled that the data collection requirements are disproportionate:

The Court is of the opinion that, by adopting the Data Retention Directive, the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality.

By requiring the retention of those data and by allowing the competent national authorities to access those data, the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data.

It's now up to the individual member states to change local laws accordingly.  Meanwhile the Swedish provider Bahnhof immediately announced that it would wipe all subscriber data it stored. Bahnhof CEO Jon Karlung said:

Bahnhof stops all data storage with immediate effect. In addition, we will delete the information that was already saved.