Bulk data collection by NSA and GCHQ violated human rights charter, European court rules
GCHQ surveillance revealed by Snowden breached privacy rights, according to Strasbourg judges.
GCHQ’s methods for bulk interception of various online communications violated privacy rights and failed to provide sufficient surveillance safeguards, the European court of human rights ruled in a 5-2 ruling
The court found that GCHQ’s “bulk interception” violated article 8 of the European convention on human rights, which guarantees privacy due to “insufficient safeguards” relating to the “communications data.”
However, in a contradictory stance, the ECHR further ruled that GCHQ sharing sensitive digital intelligence with foreign governments and other members of the “Five Eyes” intelligence coalition and Nine Eyes, was not illegal. They also emphasized that bulk interception with tighter oversight from the Foreign Office on what data is collected was permissible and not against the law.
The court ruling follows Edward Snowden’s 2013 whistleblowing revelations about Five Eyes and others sharing bulk surveillance information. In one of the programs Snowden exposed, Tempora, the eavesdropping agency tapped into cables and communication networks to siphon data en masse.
The ECHR judgment noted: “The United Kingdom authorities have neither confirmed nor denied the existence of … Tempora.”
As a reminder, Snowden exposed that the Five Eyes countries had hacked into and planted spyware on at least 50,000 networks worldwide. This was done through the NSA team called Tailored Access Operations (TAO) the malware was designed to compromise routers, switches, and firewalls to monitor entire networks.
Snowden praised the legal decision stating “today we won.”
“For five long years, governments have denied that global mass surveillance violates of your rights. And for five long years, we have chased them through the doors of every court. Today, we won. Don’t thank me: thank all of those who never stopped fighting,” Edward Snowden tweeted.
The legal case was brought about by a coalition of 14 human rights groups and privacy organizations including – Amnesty International, Liberty, Privacy International and Big Brother Watch, as well as individual journalists.
“The decision sends a clear message that similar surveillance programs, such as those conducted by the NSA, are also incompatible with human rights,” claimed ACLU attorney Patrick Toomey in a statement. “Governments in Europe and the United States alike must take steps to rein in mass spying and adopt long-overdue reforms that truly safeguard our privacy.”
The judges also found that the method of bulk interception of communications and the process for obtaining communications metadata from service providers violated Article 10 (freedom of expression) because of “insufficient safeguards in respect of confidential journalistic material,” Ars Technica reported.
The safeguards include that the law must indicate “the nature of offenses which may give rise to an interception order; a definition of the categories of people liable to have their communications intercepted; a limit on the duration of interception; the procedure to be followed for examining, using and storing the data obtained; the precautions to be taken when communicating the data to other parties; and the circumstances in which intercepted data may or must be erased or destroyed.”
This comes after a 113 page July ruling earlier this year by the Investigatory Powers Tribunal that exposed the “error-ridden and inconsistent evidence provided by GCHQ throughout the case”, “the willingness of telecoms companies to secretly hand over customer data on the basis of mere verbal requests from GCHQ”, and “the inadequacies of the intelligence oversight regime in failing to identify this delegation of power,” according to Privacy International who also brought that case to court.
Just last week, the governments of Australia, United States, United Kingdom which includes the GCHQ agency, Canada and New Zealand announced they intend to force encryption technology providers to provide lawful access to users’ encrypted communications.
This will apply to all products and services operated in the Five Eyes countries, which could see legislation to push implementation of a backdoor in technologies.
“Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions,” the Five-Eyes joint statement on encryption said.
If the legislation passes, this will allow the ability to create backdoors in applications and services that will enable communications interception capabilities for law enforcement officials.
One has to wonder how these plans will be affected by the recent ruling that states the method they use is “violating both article 8 and article 10 of the EU Human Rights Charter?” This fight is far from over, but this is no doubt a significant victory.