Tech

Safeguards permit GCHQ to share huge databases on public, court hears

The intelligence services have robust safeguards and oversight in place to share huge databases containing personal data on the population, the UK’s most secret court heard yesterday.

James Eadie, representing the government and the intelligence services, said European law did not require detailed provisions in law to safeguard privacy.

“It can be softer law,” he said, “based on a range of law and practice.” It is not just about the legal structure, he added. “The tribunal is entitled to have regard whether those safeguards are practically effective.”

Eadie was speaking during the second day of a three-day hearing into intelligence agencies’ sharing of huge databases of sensitive personal information on UK citizens with overseas intelligence agencies, law enforcement, industry partners and other government agencies, such as HM Revenue & Customs (HMRC).

Privacy International, which is bringing the case at the Investigatory Powers Tribunal, argues that there are inadequate safeguards and controls, and a lack of proper oversight, to protect the privacy of individuals’ data – the vast majority of whom are of no intelligence interest.

Ben Jaffey, representing the NGO, told the hearing at Southwark Crown Court that the quality of supervision by the commissioners was deficient, the regime was non-compliant, and the current commissioner did not feel he had technical understanding. “The regime is ineffective,” he said.

The government has refused to confirm or deny whether MI5, MI6 or GCHQ share databases, which can include the population’s phone, internet, records, financial and travel histories, and social media use, with the law enforcement of overseas intelligence agencies.

It presented the court with a 38-page document outlining the statutory safeguards and guidelines for sharing bulk data. They included details of bulk personal data and bulk communications handling arrangements that came into force in November 2015.

Publicly disclosed safeguards

Claims by Privacy International that there are no publicly disclosed safeguards to ensure that data sharing, should it occur, is conducted lawfully were wrong, Eadie told the court. “There are extensive published and written safeguards,” he said.

He went on to attack claims by the NGO that the commissioners responsible for overseeing the work of the intelligence agencies lacked the staff and resources to conduct effective oversight. Eadie said it was up to the commissioners to decide what resources and powers they needed. There was no need for the tribunal to “second-guess” their decisions.

The court was show transcripts of evidence given by Sir Mark Waller, tthen the Intelligence Services Commissioner, in Parliament, in which he said he felt oversight was more effective with just one person. “He says, actually I think it’s better, more efficient and more effective if it’s me,” said Eadie.

GCHQ knew that rather than have a junior legal representative, a very senior retired judge had the right to inspect any warrant he wanted, and would have to justify it, said Eadie.

It was not necessary, he said, for the commissioners responsible for oversight to have a technical understanding of the way intelligence agencies collect and process data. “All the holders of this office have been experienced judges, who are well used to probing matters in some depth,” he said. “They have got themselves into a position where they understand any technical issues that arise.”

IPT member Susan O’Brien questioned whether a former judge could be expected to understand data analytics and complex algorithms. “BCD [bulk communications data] involves highly technical issues,” she said. “It really is stretching the point that a high court judge can understand that.”

She said that a judge would not know what the right questions were to ask.

“The judge is quite capable of saying ‘I am interested in the subject of data mining, and I want to see how that occurs’,” said Eadie.

Sharing bulk data

The court reviewed a letter from Graham Webber, interim chief executive of the Investigatory Powers Commissioner’s Office. It confirmed that there was no corporte record that either the Office [ISCom] nor the Interception of Communications Commissioner’s Office [Iocco] had carried out any reviews of bulk data sharing between the intelligence agencies, and industry partners or law enforcement.

The letter revealed that GCHQ had not informed the commissioners that it shared bulk databases with third parties. “Neither ISCom nor Iocco were previously informed by GCHQ that the sharing of BPD/BCD data sets with industry partners…had occured,” it said.

Eadie told the court that the fact that there was no information on the corporate record did not indicate that oversight was ineffective. “It is part of the regulatory process [for commissioners] to decide what to focus on,” he said.

GCHQ only shares data with industry partners to a minimal extent for systems development, said Eadie. “It is perhaps rather unsurprising that the commissioner is less focused on it than might be the position.”

Failed database searches

The court heard that intelligence analysts are able to carry out searches across multiple databases simultaneously, allowing them to interrogate a “huge dataset”.

Eadie said, however, that the large number of null results obtained by intelligence analysts showed that the intelligence services’ collection of data was disproportionate. “The argument is based on utter nonsense,” he said. “A search properly made has to be judged with the nature of the search…a null return is not valueless in security terms.”

The question is whether the use of these databases is proportional, but national security is at the heart of the question. “We respectfully submit that it is not an equal balance,” said Eadie.

The government has refused to confirm or deny whether GCHQ, MI5 or MI6 shares data with foreign intelligence agencies. The court heard that intelligence agencies would only share data with overseas organisations if there was an equivalence in the way they safeguard data.

IPT president Michael Burton raised the prospect that once sensitive data had passed to another country, the UK may not have control over how it is used. “You can give it to a country, and they can do something that you view as unlawful,” he said. “We have that with immigration and asylum seekers.”

In practice, said Eadie, the intelligence agencies would want an undertaking that data was not passed to a rogue state. There are provisions in place to stop sharing data with countries that do not comply, he said.

Burton questioned whey GCHQ requires overseas organisations to have equivalent safeguards and protection, but MI5 and MI6 only require equivalent safeguards “in appropriate circumstances”.

“The differences are more theoretical than real,” said Eadie. An overseas partner could not be expected to have identical safeguards in place, he said.

GCHQ sets off amber alert

Iocco carried out the first inspection by a regulator of GCHQ’s handling of BCD in April this year, the court heard.

The report disclosed in court uses a system of “traffic light colours” and found that GCHQ had “emerged very well” from the inspection, but gave it two ambers for non-compliance. Iocco recommended that it works with GCHQ to modify the signals intelligence agencies’ audit systems to allow the regulator to make more thorough inspections in future.

“In particular to assess what BCD was accessed and the justification as to why it was necessary and proportionate,” it said.

Eadie told the court that the amber rating did not mean Iocca was dealing with a “systemic failure”.

“There is a contrast between red – which indicates non-compliance – and amber, which means remedial action should be taken as it could lead to a breach, if unaddressed,” he said.

Security data repurposed

The government defended GCHQ’s use of Section 94 of the Telecommunications Act to obtain telephone and internet data, which allows it, in effect, to circumvent the safeguards in the Regulation of Investigatory Powers Act 2000 (RIPA).

The practice remained secret until November 2015, when the government “avowed” its existence with the introduction of the Investigatory Powers Bill.

The Counter Terrorism Act 2008 made it possible for GCHQ to repurpose information gathered for national security reasons, for “the prevention and detection of crime”, the court heard.

“That undermines any suggestion that the natural and proper inference from the existence of RIPA [Regulation of Investigatory Powers Act] is that Parliament was designing RIPA as an exclusive regime that would preclude any sharing by the agencies,” said Eadie.

Thomas De La Mare, representing Privacy International, said that if this was true, it followed that a body that is not entitled to obtain communications data under RIPA can still be provided with the data by the intelligence agencies.

Although there cases where it would be lawful to disclose communications data to third parties, the safeguards in the handling guidelines were inadequate, he said. “What Mr Eadie asks for is a complete unvarnished circumvention of the RIPA safeguards.”

That would not be accepted by the European Court of Justice, he added.

Questions over warrants

GCHQ can order mobile phone companies and internet service providers to disclose vast swathes of communications data under a warrant signed by the secretary of state under Section 94 of the Telecommunications Act 1984.

Evidence disclosed in earlier hearings showed GCHQ’s “Section 94 directions” requiring internet and phone companies to hand over their data are worded in such a way that they allow the secretary of state to delegate the power to request communications data to the director of GCHQ, or any person authorised by him.

Eadie argued that the wording of the directions reflected “mechanics of compliance” used by GCHQ, and did not imply that GCHQ had the ability to act on its own discretion without approval from the secretary of state. It was not relevant, he said, that the directions might give the impression to a communications service provider ordered to disclose its customers’ data that the order came from GCHQ rather than the secretary of state.

“There is nothing inherently wrong if the secretary of state says ‘I order your house to be pulled down, and that will happen when the foreman arrives with the bulldozers’,” he said.

Burton said a more worrying point was that GCHQ could ring up a communications company and ask it to disclose a lessor amount of data than the secretary of state had authorised. This would imply that GCHQ, rather than a government minister, had discretion over the matter.

Eadie said, that in practice, this did not matter. “You are then in the position of the secretary of state authorising a lot of major things, which includes a lesser number of things [within it].’”If the matter was referred to Europe, Eadie argued, the courts would not have an issue with this approach.

He said that a failure in one part of the intelligence oversight did not mean the whole system was at fault. “Any system is capable of generating a case of failure, but that is not enough to strike down the whole system”.

Show More

Related Articles