British intelligence services acted unlawfully in accessing millions of people’s personal communications collected by the NSA, the Investigatory Powers Tribunal ruled today. The decision marks the first time that the Tribunal, the only UK court empowered to oversee GHCQ, MI5 and MI6, has ever ruled against the intelligence and security services in its 15 year history.
The Tribunal declared that intelligence sharing between the United States and the United Kingdom was unlawful prior to December 2014, because the rules governing the UK’s access to the NSA’s PRISM and UPSTREAM programs were secret.
It was only due to revelations made during the course of this case, which relied almost entirely on documents disclosed by NSA whistleblower Edward Snowden, that the intelligence sharing relationship became subject to public scrutiny.
In a previous December 2014 ruling, the IPT held that GCHQ’s access to NSA data was lawful from that time onward because certain parts of the secret policies governing the US-UK intelligence relationship were made public during Privacy International’s case against the security services. Yet that belated disclosure could not remedy the lack of transparency regarding the UK-US sharing prior to December 2014, meaning that all UK access to NSA intelligence material was unlawful before the Court’s judgement.
In light of today’s ruling, Privacy International and Bytes for All will now ask the court to confirm whether their communications were unlawfully collected prior to December 2014 and, if so, demand their immediate deletion.
While we welcome today’s decision, Privacy International and Bytes for All disagree with the tribunal’s earlier conclusion that the forced disclosure of a limited subset of rules governing intelligence-sharing and mass surveillance is sufficient to make GCHQ’s activities lawful as of December 2014. Both organizations will shortly lodge an application with the European Court of Human Rights challenging the tribunal’s December 2014 decision.
While that appeal is pending, GCHQ will retain unfettered access to this material intercepted by the NSA. The two agencies by default share intelligence gleaned from PRISM and UPSTREAM, sometimes with few or no safeguards.
Secret policies divulged during Privacy International’s case revealed that British intelligence services can request or receive access to bulk data from foreign agencies like the NSA without a warrant whenever it would “not be technically feasible” for the government to obtain it themselves.
PRISM and UPSTREAM, which have been in existence for nearly a decade, were made public in June 2013 by NSA whistleblower Edward Snowden. Through PRISM, the NSA has gained access to the data and content handled by some of the world’s largest Internet companies, including Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple. With UPSTREAM, the NSA intercepts bulk data via fibre optic cables that carry the world’s communications. The scope of this surveillance is unprecedented. For instance, the top five programs within UPSTREAM created 160 billion interception records in one month. In one day, the NSA was able to collect 444,743 e-mail address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers. Other programs part of UPSTREAM to which GCHQ has had access include CO-TRAVELER, which collects five billion locational records a day, and DISHFIRE which harvests 194 million text messages daily.
Now that the some of the secrecy surrounding the spying program has finally been declared illegal, this should have huge implications for both the British government and many members of the British media, who purposefully ignored the clearly illegal GCHQ mass surveillance program for so long (though the chances of either admitting they were wrong even in the face of this ruling is slim).
The complicit British media (with only a few exceptions) refused to cover the GCHQ story at all unless they were called in to act as public relations agencies for the government by printing fear-mongering stories claiming that anyone reporting on the issue of privacy was just helping terrorists and pedophiles.
Snowden once rightly called the UK media’s coverage of the GCHQ story “a disservice to the public.” Those papers that failed to cover their own government’s illegal surveillance program should be particularly embarrassed today, given that they were not only complicit in keeping much of GCHQ’s activities secret, but also assisted GCHQ in maintaining its illegality.
The UK government’s own staggering chutzpah was on full display in Downing Street’s bizarrely positive reaction to the ruling: in one breath, they claimed GCHQ doesn’t engage in “mass surveillance”; in another, they bragged about how their “bulk interception” program is perfectly lawful now that their previously secret rules are public. (Good luck sorting out the difference.)
But Carly Nyst of Privacy International explained why this is a landmark ruling:
“Not once have the spooks been taken to task for overstepping the lawful boundaries of their conduct. Not a single British spy has been held accountable for mass surveillance, unlawful spying or snooping on private emails and phone calls. Until now.”
While much of the outcry over the Snowden stories around the world has focused on the NSA, GCHQ has often been much more flagrant in its violations of privacy rights of the world’s citizens. Indeed, Snowden has repeatedly mentioned – including the first time he met with journalists in Hong Kong – that GCHQ’s activities are much worse than the NSA. Reporting since that meeting has revealed GCHQ’s “full intake” tapping of Internet cables, its mass interception of journalists’ emails, its aggressive hacking of non-terrorist groups that are not a threat to the government, and many other disturbing revelations.
Say what you want about the NSA’s misleading statements and obfuscation with the American press (and there’s a lot to say), but the American spy agency has been forced to repeatedly and publicly respond to allegations about its conduct both in Congress and to the press.
GCHQ, in contrast, has arrogantly refused to even address the most outrageous allegations, sticking to the exact same script every single story: “All of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate …”
Well, turns out their framework wasn’t legal – or, at least, it wasn’t until the Snowden documents forced GCHQ to release more information after being dragged into court, thereby creating one. The decision Friday was just the first of potentially dozens of cases that will come before the court, all of which were brought by privacy interest groups, and many of which will hopefully force the court to address the illegality of the actual mass spying conducted by GCHQ on a regular basis.
This case also calls for a re-examination of the British government’s deplorable actions against those who have merely reported on the Snowden stories. They’ve forced the Guardian to destroy a hard drive full of Snowden documents, outrageously detained Glenn Greenwald’s partner David Miranda under the Terrorism Act and threatened Guardian reporters with prosecution for doing their jobs. Until now, the UK government has used vague excuses related to “terrorism” for their authoritarian actions – but now their motives should now be clear to all: they were trying to cover up an illegal program.
It remains to be seen how the court will react, if at all, to future cases. But this should be a warning for both the UK government and the media: the law and even the most obsequious of courts are not on your side. Your citizens aren’t either.