Senior police officers are to lose the power to self-authorise access to personal phone and web browsing records under a series of late changes to the snooper's charter law proposed by ministers in an attempt to comply with a European court
ruling on Britain's mass surveillance powers.
A Home Office consultation paper published on Thursday also makes clear that the 250,000 requests each year for access to personal communications data by the police and other public bodies will in future excluded for investigations into minor
crimes that carry a prison sentence of less than six months.
But the government says the 2016 European court of justice (ECJ) ruling in a case brought by Labour's deputy leader, Tom Watson , initially with David Davis, now the Brexit secretary, does not apply to the retention or acquisition of personal
phone, email, web history or other communications data by national security organisations such as GCHQ, MI6 or MI5, claiming that national security is outside the scope of EU law.
The Open Rights Group has been campaigning hard on issues of liberty and privacy and writes:
This is major victory for ORG, although one with dangers. The government has conceded that independent authorisation is necessary for communications data requests, but refused to budge on retained data and is pushing ahead with the Request
Filter, to enable rapid interrogation and analysis of the stored communications data.
Adding independent authorisation for communications data requests will make the police more effective, as corruption and abuse will be harder. It will improve operational effectiveness, even if less data is used during investigations and trust in
the police should improve.
Nevertheless the government has disregarded many key elements of the judgment
It isn't going to reduce the amount of data retained
It won't notify people whose data is used during investigations
It won't keep data within the EU, instead it will continue to transfer it, presumably specifically to the USA
The Home Office has opted for a six month sentence definition of serious crime rather than the Lords' definition of crimes capable of sentences of at least one year.
These are clear evasions and abrogations of the judgment. The mission of the Home Office is to uphold the rule of law. By failing to do what the courts tell them, the Home Office is undermining the very essence of the rule of law.
If the Home Office won't do what the highest courts tell it to do, why should anybody else? By picking and choosing the laws they are willing to care about, they are playing with fire.
There was one final surprise. The Code of Practice covers the operation of the Request Filter . Yet again we are told that this police search engine is a privacy safeguard. We will now run through the code in fine detail to see if any such
safeguards are there. On a first glance, there are not.
If the Home Office genuinely believe the Request Filter is a benign tool, they must rewrite this section to make abundantly clear that it is not a mini version of X-Keyscore (the NSA / GCHQ'S tool to trawl their databases of people linked to
their email and web visits) and does not operate as a facility to link and search the vast quantities of retained and collected communications data.
A study by Princeton researchers came to light earlier this month, revealing that over 400 of the world's most popular websites use the equivalent of hacking tools to spy on you without your knowledge or consent.
Using session replay scripts from third-party companies, websites are recording your every act, from mouse moves to clicks, to keylogging what you type, and extracting your personal info off the page. If you accidentally paste something into a
text field from your clipboard, like an address or password you didn't want to type out, the scripts can record, transmit, and store that, too.
What these sites are doing with this information, and how much they anonymize or secure it, is a crapshoot.
Among top retail offenders recording your every move and mistake are Costco, Gap.com, Crate and Barrel, Old Navy, Toys R Us, Fandango, Adidas, Boots, Neiman Marcus, Nintendo, Nest, the Disney Store, and Petco.
Tech and security websites spying on users include HP.com, Norton, Lenovo, Intel Autodesk, Windows, Kaspersky, Redhat.com, ESET.com, WP Engine, Logitech, Crunchbase, HPE.com (Hewlett Packard Enterprise), Akamai, Symantec, Comodo.com, and MongoDB.
Other sites you might recognize that are also using active session recording are RT.com, Xfinity, T-Mobile, Comcast, Sputnik News, iStockphoto, IHG (InterContinental Hotels), British Airways, NatWest, Western Union, FlyFrontier.com, Spreadshirt,
Deseret News, Bose, and Chevrolet.com
On Tuesday 7 November, three joined cases brought by civil liberties and human rights organisations challenging UK Government surveillance will be heard in the Grand Chamber of the European Court of Human Rights (ECtHR).
Big Brother Watch and Others v UK will be heard alongside 10 Human Rights Organisations and Others v UK and the Bureau of Investigative Journalism and Alice Ross v UK, four years after the initial application to the ECtHR.
Big Brother Watch, English PEN, Open Rights Group and Dr Constanze Kurz made their application to the Court in 2013 following Edward Snowden's revelations that UK intelligence agencies were running a mass surveillance and bulk communications
interception programme, TEMPORA, as well as receiving data from similar US programmes, PRISM and UPSTREAM, interfering with UK citizens' right to privacy.
The case questions the legality of the indiscriminate surveillance of UK citizens and the bulk collection of their personal information and communications by UK intelligence agencies under the Regulation of Investigatory Powers Act (RIPA). The UK
surveillance regime under RIPA was untargeted, meaning that UK citizens' personal communications and information was collected at random without any element of suspicion or evidence of wrongdoing, and this regime was effective indefinitely.
The surveillance regime is being challenged on the grounds that there was no sufficient legal basis, no accountability, and no adequate oversight of these programmes, and as a result infringed UK citizens' Article 8 right to a private life.
In 2014, the Bureau of Investigative Journalism made an application to the ECtHR, followed by 10 Human Rights Organisations and others in 2015 after they received a judgment from the UK Investigatory Powers Tribunal. All three cases were joined
together, and the Court exceptionally decided that there would be a hearing.
The result of these three cases has the potential to impact the current UK surveillance regime under the Investigatory Powers Act. This legal framework has already been strongly criticized by the Court of Justice of the European Union in Watson .
A favourable judgment in this case will finally push the UK Government to constrain these wide-ranging surveillance powers, implement greater judicial control and introduce greater protection such as notifying citizens that they have been put
Daniel Carey of Deighton Pierce Glynn, solicitor for Big Brother Watch, Open Rights Group, English PEN and Constanze Kurz, said:
Historically, it has required a ruling from this Court before improvements in domestic law in this area are made. Edward Snowden broke that cycle by setting in motion last year's Investigatory Power Act, but my clients are asking the Court to
limit bulk interception powers in a much more meaningful way and to require significant improvements in how such intrusive powers are controlled and reported.
Griff Ferris, Researcher at Big Brother Watch, said:
This case raises long-standing issues relating to the UK Government's unwarranted intrusion into people's private lives, giving the intelligence agencies free reign to indiscriminately intercept and monitor people's private communications
without evidence or suspicion.
UK citizens who are not suspected of any wrongdoing should be able to live their lives in both the physical and the digital world safely and securely without such Government intrusion.
If the Court finds that the UK Government infringed UK citizens' right to privacy, this should put further pressure on the Government to implement measures to ensure that its current surveillance regime doesn't make the same mistakes.
Antonia Byatt, Interim Director of English PEN, said:
More than four years since Edward Snowden's revelations and nearly one year since the Investigatory Powers Act was passed, this is a landmark hearing that seeks to safeguard our privacy and our right to freedom of expression.
The UK now has the most repressive surveillance legislation of any western democracy, this is a vital opportunity to challenge the unprecedented erosion of our private lives and liberty to communicate.
Jim Killock, Executive Director of Open Rights Group, said:
Mass surveillance must end. Our democratic values are threatened by the fact of pervasive, constant state surveillance. This case gives the court the opportunity to rein it back, and to show the British Government that there are clear limits.
Hoovering everything up and failing to explain what you are doing is not acceptable.
A challenge to GCHQ's use of non-specific warrants to authorise the bulk hacking of smartphones, computers and networks in the UK is starting at the court of appeal.
The case, brought by the campaign group Privacy International (PI), is the latest twist in a protracted battle about both the legality of mass snooping and the primacy of civil courts over an intelligence tribunal that operates partly in secret.
The original claim dates back to 2014 and was brought at the investigatory powers tribunal (IPT) following revelations by the American whistleblower Edward Snowden. The IPT hears complaints about government surveillance and the intelligence
services. Some of its hearings are held behind closed doors.
PI, along with seven internet service providers, argued that computer network exploitation (CNE) carried out by GCHQ , the government monitoring station in Cheltenham, breaches human rights.