As published in The Guardian:
Revealed: how UK exploits snooping laws: Monitoring of Facebook searches and emails condemned by privacy experts: How UK exploits snooping law to monitor communications
The true extent of the government’s interception of Google, Facebook and Twitter – including private messages between British citizens – was officially confirmed for the first time yesterday.
The government’s most senior security official, Charles Farr, detailed how searches on Google, Facebook, Twitter and YouTube, as well as emails to or from non-British citizens abroad, can be monitored by the security services because they are deemed to be “external communications”.
It is the first time that the government has admitted that UK citizens, talking via supposedly private channels in social media such as Twitter direct messages, are deemed by the British government to be legitimate legal targets that do not require a warrant before intercepting.
The 48-page detailed defence of mass monitoring by Farr, who is director general of the Office for Security and Counter-Terrorism, develops a legal interpretation that critics say sidesteps the need for traditional intercept safeguards.
The document, released yesterday, provoked calls for the Regulation of Investigatory Powers Act (Ripa) to be overhauled urgently, as well as allegations that the government was exploiting loopholes in the legislation of which parliament was unaware.
The government defence was published in response to a case brought by Privacy International, Liberty, Amnesty International and other civil rights groups before the Investigatory Powers Tribunal (IPT), which deals with complaints against the intelligence services. A full hearing will take place next month.
The accusation that mass online surveillance is illegal emerged in the wake of revelations from the US whistleblower Edward Snowden about the impact of the monitoring programme codenamed Tempora operated by the UK monitoring agency GCHQ and the US National Security Agency (NSA).
Tempora taps into the network of fibre-optic cables which carry the world’s phone calls and online traffic. Its designer described it as “Mastering the Internet”, enabling GCHQ and the NSA to process vast quantities of communications between entirely innocent people, as well as targeted suspects. As many as 600m “telephone events” a day can be recorded.
Under Ripa, traditional interception of “internal” communications within the UK requires an individual warrant. Farr argues that in a technologically-fast moving world, where the greatest threat to national security is from “militant Islamist terrorists” operating both abroad and in the UK, identifying individual targets before monitoring starts is too difficult. Those deemed to be “external” can be monitored without an individual warrant.
Farr says: “Any regime that . . . only permitted interception in relation to specific persons or premises, would not have allowed adequate levels of intelligence information to be obtained and would not have met the undoubted requirements of intelligence for the protection of national security.”
His submission explains that searches on Google, Twitter, Facebook and YouTube are likely to involve communicating with a “web-based platform” abroad and are therefore “external communications” which do not “require a person or a set of premises to be named in the interception warrant”. Emails sent or received from abroad could be intercepted in a similar way.
Farr’s statement notes that the issue was raised during Ripa’s passage through the Lords in 2000, implying that parliament was aware of the difficulty of distinguishing between domestic and foreign messages when it passed the legislation.
In one section, Farr says he can “neither confirm or deny” the existence of the much publicised Tempora interception programme, although he does accept the existence of Prism – another interception programme – “because it has been expressly avowed by the executive branch of the US government”.
His statement, published by Privacy International and other human rights organisations, is the first time the government has commented on how it operates its mass intercept programmes within a legal framework. Under section 8(1) of Ripa, internal communications between British residents within the UK may only be monitored pursuant to a specific warrant.
These specific warrants should only be granted where there is some reason to suspect the person in question of unlawful activity. “External communications”, however, may be monitored indiscriminately under a general warrant, according to section 8(4) of the act.
The Conservative MP David Davis, a former shadow home secretary, told the Guardian: “This is extraordinary. It calls into question the entire evidence that the agencies and Home Office gave to the committee that was looking into the communications data bill.
“If they are trying to claim parliamentary approval for this, they should have said it in terms in the Commons (when Ripa was passed in 2000). Every time they bring legislation to the House they tell us a very partial story. It appears this was very deliberately byzantine and intended to confuse.”
Lord Macdonald, the former director of public prosecutions, who has previously called for greater scrutiny of the intelligence agencies, said: “Mr Farr’s statement is the best argument I have seen for a thorough overhaul of surveillance law to bring it into the modern age. When Ripa was enacted, social media didn’t exist.
“It is fatuous to pretend that elderly laws can cope with modern communications, as Mr Farr convincingly demonstrates. No doubt our intelligence agencies take their legal duties seriously, but the problem is that those legal duties fail to address the 21st century. We need new laws to counter new threats, carrying public confidence with them.”
Eric King, deputy director of Privacy International, said: “Intelligence agencies cannot be considered accountable to parliament and to the public they serve when their actions are obfuscated through secret interpretations of byzantine laws.
“The distinction drawn by the government between ‘internal’ and ‘external’ communications no longer has any practical meaning.”
James Welch, legal director of Liberty, said: “The security services consider that they’re entitled to read, listen to and analyse all our communications on Facebook, Google and other US-based platforms. If there was any remaining doubt that our snooping laws need a radical overhaul, there can be no longer. The agencies now operate in a legal and ethical vacuum; why the deafening silence from our elected representatives?”
Michael Bochenek, senior director of international law and policy at Amnesty International, said: “British citizens will be alarmed to see their government justifying industrial-scale intrusion into their communications. The public should demand an end to this wholesale violation of their right to privacy.”
A spokesperson for Google said: “We disclose user data to governments in accordance with the law, and we review all such requests carefully. Google has not joined any program that would create a ‘back door’ for government to access private user data.”