The British government broke the law for more than a decade by handing GCHQ powers to snoop on UK citizens’ data, without strict oversight from the Foreign Office, an independent tribunal has ruled.
GCHQ was given substantial new powers to retrieve and analyse citizens’ data after the 9/11 terrorist attacks in New York in 2001 – on the prerequisite the surveillance agency agreed to strict oversight from the foreign secretary of the day.
The UK spy agency was effectively given “carte blanche” by the Foreign Office to request data from communication service providers, such as websites visited, email contacts and location information – according to the Investigatory Powers Tribunal (IPT).
The IPT, an independent court set up by the government to investigate unlawful intrusions by public bodies in Britain, published its judgment on Monday, stating: “there had been an unlawful delegation of the power.”
“In cases in which . . . the foreign secretary made a general direction which applied to all communications through the networks operated by the [communications service provider], there had been an unlawful delegation of the power.
“The lack of legal control on the discretion of [GCHQ] is compounded in those cases where the specific requirement was not communicated in writing.”
Strikingly, the tribunal found that “most of the relevant directions made between 29 November 2001 and 7 November 2012 were not lawfully made,” and that some of these remained in place for a number of years afterwards. The case was brought forward by the campaign group, Privacy International.
It’s not the first time GCHQ has been involved in a furore over UK citizens’ privacy. RT reported in January that GCHQ had sought to open a special communication channel with its own watchdog, the Investigatory Powers Commissioner’s Office (IPCO), sparking claims it was seeking to “bury embarrassing evidence” of its own activities.
Late last year, it was embroiled in a number of legal battles alongside MI5 and MI6, over claims by NGOs and human rights groups, including Liberty, Amnesty International and Privacy International, that the intelligence services were using “bulk surveillance” methods, including accessing private data of citizens, which went outside its legal remit.
The extent of government snooping came to light following the leaked documents of NSA whistleblower Edward Snowden in 2013, who claimed “the largest programme of suspicionless surveillance in human history” was in operation.
“It’s not just a US problem. The UK has a huge dog in this fight,” Snowden told the Guardian. “They [GCHQ] are worse than the US.”
Michael Burton, president of the tribunal, insisted there was no evidence GCHQ had attempted to collect data beyond what was permitted by the foreign secretary, and that since at least 2014 “great care was taken to ensure that the foreign secretary was made aware of and approved the scope of the requirements being imposed on [communication service providers].”
The tribunal did criticize GCHQ for providing “materially inaccurate” information prior to the tribunal’s previous judgment relating to the Privacy International case in October 2017.
On Monday, the tribunal amended its original ruling to say that laws safeguarding UK citizens’ data had not been adhered to in full until October 2016, not November 2015 as it had previously concluded.
The tribunal said that improvements had been made to the ‘oversight system’, meaning “great care” was taken from at least 2014, they say, to ensure a foreign secretary authorized any changes to the information being requested from telecommunications companies.
A government spokesperson, speaking on behalf of the Foreign Office and GCHQ, said the unlawful requests for citizens’ data referred to in the tribunal’s judgment had subsequently been replaced and were no longer in force.
The spokesperson added: “We welcome today’s judgment that the security and intelligence agencies’ powers are proportionate and comply with the European Convention on Human Rights.”
Like this story? Share it with a friend!