UK forced to reveal online snooping policy

A top UK counter-terrorism official has been forced to reveal a secret government policy justifying the mass surveillance of UK citizens

A top UK counter-terrorism official has been forced to reveal a secret government policy justifying the mass surveillance of Facebook, Twitter, YouTube and Google users in the UK.

The policy was revealed after a legal challenge brought by Privacy International, Liberty, Amnesty International, the American Civil Liberties Union and six national civil liberties organisations.

Charles Farr, the director general of the Office for Security and Counter Terrorism said in a statement that the surveillance is permitted under the law because communications via US-based online services are defined as “external communications”.

Farr’s statement, published by the rights organisations, is the first time the UK government has explained why it considers it legal to intercept communications through its Tempora programme.

The existence of the Tempora programme and the US Prism programme was first revealed by US National Security Agency whistleblower Edward Snowden in June 2013.

By defining communications via US-based platforms as “external”, UK spy agencies effectively freed themselves of the restrictions imposed by the Regulation of Investigatory Powers Act (RIPA).

Under the legislation, which regulates the surveillance powers of public bodies, “internal” communications may be intercepted only under a warrant that relates to a specific individual or address.

These warrants can be granted only where there is some suspicion of unlawful activity. In contrast, “external communications” may be intercepted, even where there are no grounds to suspect wrongdoing.

According to Privacy International, the newly revealed policy deprives UK residents of the essential safeguards that would otherwise be applied to their communications.

Classifying communications as “external” allows the UK government to search through, read, listen to and look at each of them, the group said.

“The only restriction on what they do with communications that they classify as 'external' is that they cannot search through such communications using keywords or terms that mention a specific UK person or residence,” the organisation said.

According to Privacy International, Farr’s statement suggests that UK intelligence agency GCHQ is intercepting all communications sent through US platforms before determining whether they fall into the “internal” or “external” categories.

“The government considers almost all Facebook and other social media communications, and Google searches will always fall within the ‘external’ category, even when such communications are between two people in the UK,” the group said.

Privacy International argues that, even though the government is conducting mass surveillance to work out whether they are internal or external, it considers that such interception “has less importance” than whether a person actually reads the communication, which is where the government believes “the substantive interference with privacy arises”.

Farr’s statement also indicates that government believes that, even when privacy violations happen, it is not an “active intrusion” because the analyst reading or listening to an individual’s communication will inevitably forget about it anyway, the group said.

“Intelligence agencies cannot be considered accountable to parliament and to the public they serve when their actions are obfuscated through secret interpretations of byzantine laws,” said Eric King, deputy director of Privacy International.

“The suggestion that violations of the right to privacy are meaningless if the violator subsequently forgets about it, not only offends the fundamental, inalienable nature of human rights, but patronises the British people, who will not accept such a meagre excuse for the loss of their civil liberties,” he said.

Farr is the UK government’s first witness in the case, which is to be heard by the Investigatory Powers Tribunal between 14 and 18 July 2014.

Privacy International has also published witness statements by Gus Hosein, executive director of Privacy International, and Eric King, deputy director of Privacy International.

Additional evidence submitted by Privacy International is from Ian Brown of the Oxford Internet Institute, and Cindy Cohn, legal director of the Electronic Frontier Foundation.

Read more on Privacy and data protection