GCHQ broke the law for over a decade

A British surveillance oversight authority known as the Investigatory Powers Tribunal has ruled that Government Communications Headquarters (GCHQ), the U.K.’s equivalent of America’s National Security Agency (NSA), has engaged in illegal activity for the past ten years and longer in accessing vast troves of data from telecommunications companies.

The IPT said that “successive foreign secretaries had delegated powers without oversight,” according to the BBC, though it “also somehow came to the conclusion GCHQ had never abused the apparently illegal privilege,” as Tim Cushing of TechDirt put it.

“The Foreign Secretary was supposed to protect access to our data by personally authorising what is necessary and proportionate for telecommunications companies to provide to the agencies. The way that these directions were drafted risked nullifying that safeguard, by delegating that power to GCHQ — a violation that went undetected by the system of Commissioners for years and was seemingly consented to by all of the telecommunications companies affected,” said Millie Graham Wood, a legal officer for the London-based watchdog group Privacy International.

“It is proof positive of the inadequacy of the historic oversight system; the complicity of telecommunications companies who instead of checking if requests were lawful, just handed over customers’ personal data as long as their cooperation was kept secret; and the scale of the task facing the new Investigatory Powers Commissioner, Sir Adrian Fulford,” she added.

Despite the ruling that illegal activity took place, and condemnation of this activity from groups like Privacy International, the IPT’s ruling, qualified as it was with seemingly excessive denials of government wrongdoing, apparently did not bother the UK’s powerful spy agency. The BBC report continues:

“In form, the general direction was a carte blanche. In practice, it was not treated as such and there is no evidence that GCHQ ever sought to obtain communications data which fell outside the scope of data which had been sought in the submission to the foreign secretary,” the IPT ruled.

It added that a series of improvements had been made and were in force “from at least 2014” that ensured “great care” was now taken to ensure the foreign secretary approved any changes to the information being demanded from telecoms companies.

A government spokesman said: “We welcome today’s judgment that the security and intelligence agencies’ powers are proportionate and comply with the European Convention on Human Rights.

“The security and intelligence agencies are subject to a strict legal framework and robust independent oversight.

“We are proud of the work they do to keep the UK safe within these parameters.”

Others seem less sure that the ruling was a win for GCHQ, however.

“The fallout follow[ing] the tribunal’s findings [has] yet to be seen,” writes the Inquirer‘s Roland Moore-Colyer, “but the foreign secretary and other government bigwigs will likely need to readdress how approvals for snooping are carried out and be a lot more selective with what data is collected and what is then done with it.”

Cushing, meanwhile, points out that GCHQ “has lost legal battle after legal battle in recent years, most of those triggered by the Snowden leaks. The UK Appeals Court ruled its bulk collection of internet communications metadata illegal earlier this year. This followed a 2015 loss in lawsuit filed over the interception of privileged communications, resulting in a destruction order targeting everything collected by GCHQ that fell under that heading.”

Notably, given the British government’s claims that it didn’t abuse its surveillance powers, Cushing adds that GCHQ’s lost legal battles of recent years include “a declaration that the agency’s surveillance agreement with the NSA was illegal… at least up to 2014’s codification of illegal spy practices” — but that this 2014 codification, the so-called “snooper’s charter” was itself ruled illegal earlier this year.

Indeed, given the “Five Eyes” agreement, reports of highly questionably psychological warfare tactics being practiced by the GCHQ’s Joint Threat Intelligence Group (JTRIG) not only against foreigners but against U.K nationals, and NSA personnel making up a significant portion of staff at some GCHQ facilities such as RAF Menwith Hill , what long-term impact this latest ruling will have on Britain’s surveillance activities is a question of importance not only in the U.K., but in the U.S. as well as in the rest of the world.

“With sections of the Investigatory Powers Act being deemed illegal in other court battles, it doesn’t look like legal government snooping will have much wind in its sails come the end of 2018,” writes Moore-Colyer. For the sake of what remains of all of our privacy rights we should hope so, or at least that in the limited number of cases where surveillance is justified, proper oversight is put in place, and that those responsible for oversight can themselves be held accountable.