Mass surveillance of the internet by GCHQ prior to December was unlawful, according to the Investigatory Powers Tribunal.
It said that the “intelligence sharing” process did not comply with human rights law, and there was a lack of transparency.
Following the decisions in December 2014 that determined that the collection tool Tempora and intelligence sharing between NSA and GCHQ was in principle lawful, the complaint brought by civil rights groups Privacy International, Amnesty International and Liberty has deemed that UK intelligence services acted unlawfully in accessing millions of people’s personal communications collected by the NSA.
The ruling by the Investigatory Powers Tribunal was that intelligence sharing between the United States and the United Kingdom was unlawful prior to December 2014, primarily because the rules governing the UK’s access to the NSA’s PRISM and UPSTREAM programmes were secret.
In light of today’s ruling, Privacy International and Bytes for All said that they will ask the court to confirm whether their communications were unlawfully collected prior to December 2014 and, if so, demand their immediate deletion.
Eric King, deputy director of Privacy International, said: “For far too long, intelligence agencies like GCHQ and NSA have acted like they are above the law. Today’s decision confirms to the public what many have said all along — over the past decade, GCHQ and the NSA have been engaged in an illegal mass surveillance sharing program that has affected millions of people around the world.
“We must not allow agencies to continue justifying mass surveillance programs using secret interpretations of secret laws. The world owes Edward Snowden a great debt for blowing the whistle, and today’s decision is a vindication of his actions.”
James Welch, legal director for Liberty, said: “The Intelligence Services retain a largely unfettered power to rifle through millions of people’s private communications – and the Tribunal believes the limited safeguards revealed during last year’s legal proceedings are an adequate protection of our privacy. We disagree, and will be taking our fight to the European Court of Human Rights.”
However Privacy International and Bytes for All said that they disagreed with the tribunal’s earlier conclusion that the forced disclosure of a limited subset of rules governing intelligence-sharing and mass surveillance is sufficient to make GCHQ’s activities lawful as of December 2014. Both organisations will shortly lodge an application with the European Court of Human Rights challenging the tribunal’s December 2014 decision.
Elizabeth Knight, legal director at Open Rights Group, called the ruling “a very welcome first step”.
She said: “It shows that secret polices are not an acceptable basis for highly intrusive intelligence sharing practices. However, the IPT has not gone far enough. These flimsy policies are not enough to comply with the requirements of human rights law, even now they are public.
“GCHQ’s own TEMPORA programme of mass interception is clearly both unlawful and disproportionate. We hope the European Court of Human Rights will go further than the IPT and find that mass surveillance breaches our human right to privacy.”
A GCHQ spokesperson said in a statement sent to IT Security Guru that the tribunal was only finding against the
Government in “one small respect” in relation to the historic intelligence-sharing legal regime.
It said that the tribunal’s determination is based on two paragraphs which were not previously in the public domain, the intelligence-sharing regime prior to that point was in contravention of human rights law.
“But the judgment does not in any way suggest that important safeguards protecting privacy were not in place at all relevant times, it does not require GCHQ to change what it does to protect national security in any way,” it said.
“Today’s IPT ruling re-affirms that the processes and safeguards within the intelligence-sharing regime were fully adequate at all times – it is simply about the amount of detail about those processes and safeguards that needed to be in the public domain. We welcome the important role the IPT has played in ensuring that the public regime is sufficiently detailed.
“By its nature, much of GCHQ’s work must remain secret. But we are working with the rest of Government to improve public understanding about what we do and the strong legal and policy framework that underpins all our work. We continue to do what we can to place information safely into the public domain that can help to achieve this”.
