UK intelligence agencies admit spying on privacy campaigners

Privacy campaigners are sometimes accused of being overly paranoid about government surveillance. But in the case of Privacy International, it seems any paranoia was with good reason.

Because UK intelligence agencies admitted yesterday that they have been spying on this NGO as well as intercepting and reading their communications.

How UK intelligence agencies collected Privacy International comms data

The bombshell revelations emerged at a hearing of the Investigatory Powers Tribunal, which has often dubbed as Britain’s most secret court.

The Tribunal was conducting a hearing into Privacy International’s ongoing legal challenge against the bulk data collection powers awarded to the British intelligence agencies by the UK Government in their hugely controversial Investigatory Powers Bill, better known as the Snoopers Charter.

During a hearing on 25th September, British intelligence service MI5 made an astonishing admission. They confessed to having captured and read private communications belonging to senior Privacy International officials.

Communications data includes things like the date and times of phone calls, details of who was called, mobile phone location data, websites visited, and the source and destination of emails.

It then subsequently emerged that not only MI5 but also MI6, the Secret Intelligence Service (SIS), and GCHQ had also been spying on Privacy International and illicitly collecting information from them.

Remarkably, MI5 tried to play down the collection of data from Privacy International as an everyday occurrence. They claimed that they only realized they had the data following an audit of its intelligence handling arrangements.

However, when pressed, they admitted that the data from Privacy International had been analysed and read by intelligence agents. Crucially however, they also admitted that the information had not been compiled into an intelligence report.

This raises serious questions about why exactly it was analysed, which MI5 appear unable or unwilling to answer.

Inevitably, some will suggest that the intelligence agencies were seeking to use the information either to build arguments against Privacy International’s policy positions or, even worse, to use against them in legal cases like this one.

Given that one of the core objectives of Privacy International is to achieve greater oversight of intelligence agencies and place stronger controls over their powers to access private information, it is a remarkable, if perhaps unsurprising, admission.

It also illustrates all the clearly the vast scope of the UK’s intrusive new bulk data collection powers which collects information from absolutely everyone, including upstanding NGOs.

Data collection ruled unlawful

The data collection was immediately condemned by the chair of the Investigatory Powers Tribunal Michael Burton. He declared that all four intelligence agencies had acted unlawfully in collecting and accessing the private data of Privacy International and its staff.

However, it seems unlikely that any of the intelligence agencies, or individuals working for them, will face any consequences for this unlawful activity.

Astonishingly, Government lawyer Andrew O’Connor then told the court that all of the Privacy International data held by MI5 had been destroyed the day before the hearing.

Thomas de la Mare QC, for Privacy International seriously underplayed the situation when he noted that this “rather impedes” any potential investigation by the regulator, IPCO.

What MI5 has essentially done is destroy evidence, a crime that would have enormous repercussions for any other individual or organization found guilty of doing.

That revelation also fundamentally undermines the Government’s core argument in this broader case. Privacy International is challenging the lack of policies over the handling of collected data such as this.

De la Mare had previously said that there were no restrictions on how data was held or how long for. O’Connor responded by saying that a technical solution had been implemented but would take time to come into effect.

To then say that they have managed to delete all the Privacy International data they held makes that former claim sound disingenuous at best, and misleading at worst.

Implications for the Snoopers Charter

The revelations are likely to have serious implications for the UK’s Investigatory Powers Bill, according to Privacy International’s senior counsel, Caroline Wilson Palow.

She told Computer Weekly that, “the fact that it happened at all should raise serious questions for all of us”.

They have written a stern letter to UK Home Secretary Sajid Javid highlighting the case as an example of the disarray which intelligence agencies are in over the bulk collection of private data and demanding that he take action.

They have also demanded to know how the Government intends to change the Investigatory Powers Bill following the ECHR ruling earlier this month, which we have reported on previously.

For British internet users, the revelations should reinforce the message that, when going online in the UK, your data will not be private unless you are using a VPN.

By connecting to a VPN such as ExpressVPN or IPVanish, internet users can encrypt their data and obfuscate their online identity to prevent government snoops or anyone from seeing what they are doing online.

With the number of VPN users in the UK on the rise, it is clear that this message is starting to get through.

Leave a Reply

Your email address will not be published. Required fields are marked *