Liberty News

People's medical records will be combined with social and smartphone surveillance to predict who will pick up bad habits and stop them getting ill, under radical government proposals.

Matt Hancock, the health secretary, is planning a system of predictive prevention, in which algorithms will trawl data on individuals to send targeted health nags to those flagged as having propensities to health problems, such as taking up smoking or becoming obese.

The creepy plans have already attracted privacy concerns among doctors and campaigners, who say that the project risks backfiring by scaring people or being seen to be abusing public trust in NHS handling of sensitive information.

A new policing super-database is in the works -- and it puts our rights at serious risk. But the Home Office has failed to respond sufficiently to Liberty's concerns. We can't be part of a process that gives a free pass to the creeping expansion of digital policing that shows contempt for our privacy rights.

On 28 September, we wrote to the Home Office telling them we can no longer take part in their Open Space civil society consultation on the Law Enforcement Data Service (LEDS) -- the Home Office's planned police super-database.

LEDS will bring together the Police National Computer and Police National Database in one place. This unprecedented development will see the Government amass deeply sensitive data for policing purposes.

It requires rigorous scrutiny and debate to make sure our personal information is protected, with robust safeguards to protect us from threats to our privacy and other fundamental rights.

The Home Office has made clear to us that the Open Space consultation will exclude discussion of our key concerns with the plan.

The information on the database will be vulnerable in many ways -- and the Home Office's plans fail to explain how police will use the system in conjunction with the creeping progression of surveillance and algorithmic policing.

The proposed system doesn't have an agreed retention policy and the police have even admitted that data they no longer have any right to hold will be transferred to the new database.

The plans even allow our data to be shared with non-policing organisations where a business case can be made.

And the Home Office has excluded from its consultation process any consideration of how the database will be linked with lawless facial recognition technology.

LEDS cannot be considered in a vacuum. This derisory consultation continues the pattern of police adding to their powers to use invasive technology without giving any regard to proper scrutiny and accountability -- or the effect on our rights.

Police forces are increasingly looking to big data to assist with law enforcement. Having enormous amounts of our personal information held in one place is a significant violation of our privacy. While the collection of a few pieces of data can seem innocuous, combining it with other sensitive information can let the state build up a detailed and extremely intrusive personal profile on each of us.

Even more sinister are the algorithms the state is increasingly using to make important decisions about us -- leading to conclusions which may be inaccurate or biased and lack proper human oversight.

We must question how super-databases like this will be linked with lawless surveillance technologies or biased algorithmic programs that make predictions about who is likely to commit crime.

In the UK, we have a long-held principle of policing by consent. We must be able to trust the police to protect our privacy and our fundamental rights.

On September 13, after a five-year legal battle, the European Court of Human Rights said that the UK government's surveillance regime--which includes the country's mass surveillance programs, methods, laws, and judges--violated the human rights to privacy and to freedom of expression. The court's opinion is the culmination of lawsuits filed by multiple privacy rights organizations, journalists, and activists who argued that the UK's surveillance programs violated the privacy of millions.

The court's decision is a step in the right direction, but it shouldn't be the last. While the court rejected the UK's spying programs, it left open the risk that a mass surveillance regime could comply with human rights law, and it did not say that mass surveillance itself was unlawful under the European Convention on Human Rights (a treaty that we discuss below).

But the court found that the real-world implementation of the UK's surveillance--with secret hearings, vague legal safeguards, and broadening reach--did not meet international human rights standards. The court described a surveillance regime "incapable" of limiting its "interference" into individuals' private lives when only "necessary in a democratic society."

In particular, the court's decision attempts to rein in the expanding use of mass surveillance. Originally reserved for allegedly protecting national security or preventing serious threats, use of these programs has trickled into routine criminal investigations with no national security element--a lowered threshold that the court zeroed in on to justify its rejection of the UK's surveillance programs. The court also said the UK's mass surveillance pipeline--from the moment data is automatically swept up and filtered to the moment when that data is viewed by government agents--lacked meaningful safeguards.

The UK Surveillance Regime

In the UK, the intelligence agency primarily tasked with online spying is the Government Communications Headquarters (GCHQ). The agency, which is sort of the UK version of the NSA, deploys multiple surveillance programs to sweep up nearly any type of online interaction you can think of, including emails, instant messenger chats, social media connections, online searches, browser history, and IP addresses. The GCHQ also collects communications metadata, capturing, for instance, what time an email was sent, where it was sent from, who it was sent to, and how quickly a reply was made.

The privacy safeguards for this surveillance are dismal.

For more than a decade, the GCHQ was supposed to comply with the Regulation of Investigatory Powers Act 2000 (RIPA). Though no longer fully in effect, the law required Internet service providers to, upon government request, give access to users' online communications in secret and to install technical equipment to allow surveillance on company infrastructure.

The UK directly collected massive amounts of data from the transatlantic, fiber-optic cables that carry Internet traffic around the world. The UK government targeted "bearers"-- portions of a single cable--to collect the data traveling within, applied filters and search criteria to weed out data it didn't want, and then stored the remaining data for later search, use, and sharing. According to GCHQ, this surveillance was designed to target "external" communications--online activity that is entirely outside the UK or that involves communications that leave or enter the UK--like email correspondence between a Londoner and someone overseas. But the surveillance also collected entirely "internal" communications, like two British neighbors' emails to one another. This surveillance was repeatedly approved under months-long, non-targeted warrants. Parts of this process, the court said, were vulnerable to abuse.

(In 2016, the UK passed another surveillance law--the Investigatory Powers Act, or IPA--but the court's decision applies only to government surveillance under the prior surveillance law, the RIPA.)

A Failure to Comply with Human Rights Laws

The suit's results can be looked at as a disconnect between the domestic laws allowing government surveillance in the UK and the UK's international human rights obligations.

The court took issue with the UK's failure to comply with the European Convention on Human Rights--an international treaty to protect human rights in Europe, specified in the convention's "articles." The European Court of Human Rights (ECtHR), a regional human rights judicial body based in Strasbourg, France, issued the opinion.

Though the lawsuit's plaintiffs asserted violations of Articles 6, 8, 10, and 14, the court only found violations of Article 8 and 10, which guarantee the right to privacy and the right to freedom of expression. The court's reasoning relied on applicable law, government admissions, and recent court judgments.

The court found two glaring problems in the UK's surveillance regime--the entire selection process for what data the government collects, keeps, and sees, and the government's unrestricted access to metadata.

How the government chooses "bearers" for data collection should "be subject to greater oversight," the court said. By itself, this was not enough to violate Article 8's right to privacy, the court said, but it necessitated better safeguards in the next steps--how data is filtered after initial collection and how data is later accessed.

Both those steps lacked sufficient oversight, too, the court said. It said the UK government received no independent oversight and needed "more rigorous safeguards" when choosing search criteria and selectors (things like email addresses and telephone numbers) to look through already-collected data. And because analysts can only look at collected and filtered data, "the only independent oversight of the process of filtering and selecting intercept data for examination" can happen afterwards through an external audit, the court said.

"The Court is not persuaded that the safeguards governing the selection of bearers for interception and the selection of intercepted material for examination are sufficiently robust to provide adequate guarantees against abuse," the court said. "Of greatest concern, however, is the absence of robust independent oversight of the selectors and search criteria used to filter intercepted communications."

Along with related problems, including the association of related metadata to collected communications, the court concluded the surveillance program violated Article 8.

The court also looked at how the UK government accesses metadata in so-called targeted requests to communications providers. It focused on one section of RIPA and one particularly important legal phrase: "Serious crime."

The UK's domestic law, the court said, "requires that any regime permitting the authorities to access data retained by [communications services providers] limits access to the purpose of combating 'serious crime,' and that access be subject to prior review by a court or independent administrative body."

This means that whenever government agents want to access data held by communications services providers, those government agents must be investigating a "serious crime," and government agents must also get court or administrative approval prior to accessing that data.

Here's the problem: that language is absent in UK's prior surveillance law for metadata requests. Instead, RIPA allowed government agencies to obtain metadata for investigations into non -serious crimes. Relatedly, metadata access for non-serious crimes did not require prior court or independent administrative approval, compounding the invasion of privacy.

Due to this discrepancy, the court found a violation of Articles 8 and 10.

For years, intelligence agencies convinced lawmakers that their mass surveillance programs were necessary to protect national security and to prevent terrorist threats--to, in other words, fight "serious crime." But recently, that's changed. These programs are increasingly being used for investigating seemingly every-day crimes.

In the UK, this process began with RIPA. The 2000 law was introduced in part to bring Britain's intelligence operations into better compliance with human rights law because the country's government realized that the scope of GCHQ's powers--and any limits to it--were insufficiently defined in law.

But as soon as lawmakers began cataloguing the intelligence services' extraordinary powers to peer into everybody's lives, other parts of the government took interest: If these powers are so useful for capturing terrorists and subverting foreign governments, why not use them for other pressing needs? With RIPA, the end result was an infamous explosion in the number of agencies able to conduct surveillance under the law. Under its terms, the government set out to grant surveillance powers to everyone from food standards officers to local authorities investigating the illicit movement of pigs, to a degree that upset even the then-head of MI5 .

The court's decision supports the idea that this surveillance expansion, if left unchecked, could be incompatible with human rights.

Good Findings

At more than 200 pages, the court's opinion includes a lot more than just findings of human rights violations.

Metadata collection, the court said, is just as intrusive as content collection.

EFF has championed this point for years. When collected in mass, metadata can reveal information so intimate that even the content of a conversation becomes predictable .

Take phone call metadata, for example. Metadata reveals a person's seven-days-a-week, middle-of-the-night, 10-minute phone calls to a local suicide prevention hotline. Metadata reveals a person's phone call to an HIV testing center, followed up with a call to their doctor, followed up with a call to their health insurance company. Metadata reveals a person's half-hour call to a gynecologist, followed by another call to a local Planned Parenthood.

The court made a similar conclusion. It said:

"For example, the content of an electronic communication might be encrypted and, even if it were decrypted, might not reveal anything of note about the sender or recipient. The related communications data, on the other hand, could reveal the identities and geographic location of the sender and recipient and the equipment through which the communication was transmitted. In bulk, the degree of intrusion is magnified, since the patterns that will emerge could be capable of painting an intimate picture of a person through the mapping of social networks, location tracking, Internet browsing tracking, mapping of communication patterns, and insight into who a person interacted with."

The court also said that an individuals' right to privacy is applied at the initial moment their communications are collected, not , as the government said, when their communications are accessed by a human analyst. That government assertion betrays our very understanding of privacy and relates to a similar, disingenuous claim that our messages aren't really "collected" until processed for government use .

Turning Towards Privacy

Modern telecommunications surveillance touches on so many parts of human rights that it will take many more international cases, or protective action by lawmakers and judges, before we can truly establish its limits, and there is plenty more that's wrong with how we deal with modern surveillance than is covered by this decision.

This is partly why EFF and hundreds of other technical and human rights experts helped create the Necessary and Proportionate Principles , a framework for assessing whether a state's communication surveillance practices comply with a country's human rights obligations. And it's why EFF has brought its own lawsuits to challenge mass surveillance conducted by the NSA in the United States. (The European Court of Human Rights' opinion has no direct effect on this litigation.)

This type of works takes years, if not decades. When it comes to any court remedy, it is often said that the wheels of justice turn slowly. We can at least breathe a little easier knowing that, last week, thanks to the hard work of privacy groups around the world, the wheels made one more turn in the right direction, towards privacy.

The Canadian government is seeking a company that will scour social media and the dark web for data on Canadians' use of cannabis. The request comes a few weeks before recreational pot use becomes legalized on October 17.

According to a tender posted by Public Safety Canada this week, the government wants a company to algorithmically scan Twitter, Tumblr, Facebook, Instagram, and other relevant microblogging platforms for information on Canadians' attitudes towards legal pot and their behaviours.

The initiative will look for self-reported usage patterns (how much, what kind, and where) and activities such as buying and selling weed. The government will also be scanning social media for criminal activities associated with cannabis use--driving under the influence, for example. The initiative will also capture metadata, such as self-reported location and demographics, but according to the tender the data must exclude individual unique identifiers.

Motherboard asked Public Safety Canada spokesperson Karine Martel about the project but she did not comment on whether information on cannabis-related crimes collected from social media will be shared with law enforcement, but noted that the work will be conducted in compliance with the Tri-Council Policy Statement which notes that: research focusing on topics that include illegal activities depends on promises of strong confidentiality to participants.

According to a second tender the feds are also looking to keep track of Canadians buying and selling weed on so-called dark web markets. Both projects are slated to conclude on April 30, 2019.