UK’s Mass-Surveillance Legislation Illegal: UK to Expand Mass-Surveillance Legislation
Maxwell Jenkins (1L)
The UK-based Investigative Power Tribunal has recently ruled that the state run Government Surveillance Headquarters (GCHQ), M15, and M16 has been illegally collecting data via Bulk Communications Data (BCD) and Bulk Personal Data (BPD) programs. Bulk Communications Data refers to the tracking online activity on a national scale: the what, when, and whom of website access, emails, and GPS locations. Bulk Personal Data is BCD applied to what we might call the citizens’ “biographical core”; that is, personal details including common contacts, financial transactions, and travel.
The Tribunal found that the programs were in violation of article 8 of the European Convention on Human Rights, due to the programs lacking sufficient oversight, and that the public was not made aware of their existence.
The investigation was in response to a lawsuit submitted by Privacy International, an international human rights watchdog. Privacy International challenged the legality of the UK’s mass surveillance programs, citing evidence that access to mass surveillance data was routinely abused. Employees were said to have access to information on “staff, neighbours, friends, acquaintances, family members, and public figures… [which] were treated like Facebook to check on birthdays, and very worryingly on family members for ‘personal reason’”.
Yet the Tribunal also ruled that with the early introduction of certain provisions from the Investigatory Power Bill (still in review), and the fact that the programs are now public, they are no longer illegal. With there being no indication of the “Investigatory Power Bill” slowing down in its progression through Parliament, it seems likely that these programs will continue mostly unchanged.
The introduction of the “Investigatory Power Bill” is largely concerned with expanding and defining the state’s powers in relation to information gathering and searching. These provisions do include the establishment of an “Investigatory Powers Commission”, composed of former and serving senior judges, with the mandate to review warrants for accessing communications content and equipment interference that has been authorized by the Secretary of State. Also included are new police and intelligence agency powers, like the power to use “targeted equipment interference” to subvert or access secured computers, or a requirement for all ISPs in the UK to retain “Internet connection records” of which websites their customers accessed for one year.
The passage of mass surveillance from secretive to statutory has mirrored similar processes on this side of the Atlantic. In Canada, the Communications Security (CSE), is not permitted to perform domestic surveillance. That being said, legislation like the Anti-Terrorism Act of 2015, grants similar sweeping powers (under the purview of national security) to investigative agencies directed by the government.
For all the noise and thunder that surrounded the 2013 exposure of the NSA programs, and mass surveillance in general, it seems that the most common public response can be best described as complacency. Perhaps this can explain why the architects and perpetrators of enormous surveillance programs have weathered their exposure seemingly without consequence, even when their actions were found to be unequivocally illegal.