In America, lawsuits have been filed for years over the collection by government entities of information about consumers. There’s the cellphone metadata spying, in which the feds collect information about calls as a matter of routine.
But now a similar program in the United Kingdom has been slapped down – hard – by the European Court of Human Rights.
The program’s “secret hearings, vague legal safeguards, and broadening reach” violate human rights standards, the court’s verdict said.
The case was brought by several privacy organizations after Edward Snowden revealed a complicated web of surveillance of residents of both the United States and the United Kingdom.
One of the projects in the U.K. that Snowden identified, Tempora, allowed the government to “tap into and store huge volumes of data drawn” from internet users.
In the United States, the National Security Administration has confirmed the existence of similar programs, called PRISM and Upstream.
The European court said: “According to the leaked documents, the Upstream program allows the collection of content and communications data from fiber-optic cables and infrastructure owned by United States’ CSPs. This program has broad access to global data, in particular that of non-U.S. citizens, which can then be collected, stored and searched using keywords.”
The Electronic Frontier Foundation, which has fought on behalf of privacy interests in such cases, said the court’s decision “is a step in the right direction, but it shouldn’t be the last.”
“While the court rejected the U.K.’s spying programs, it left open the risk that a mass surveillance regime could comply with human rights law, and it did not say that mass surveillance itself was unlawful under the European Convention on Human Rights,” EFF said.
“The court described a surveillance regime ‘incapable’ of limiting its ‘interference’ into individuals’ private lives when only ‘necessary in a democratic society,'” the report said.
The court is trying “to rein in the expanding use of mass surveillance,” said EFF.
“Originally reserved for allegedly protecting national security or preventing serious threats, use of these programs has trickled into routine criminal investigations with no national security element – a lowered threshold that the court zeroed in on to justify its rejection of the U.K.’s surveillance programs. The court also said the U.K.’s mass surveillance pipeline – from the moment data is automatically swept up and filtered to the moment when that data is viewed by government agents – lacked meaningful safeguards,” the report said.
In the U.K., it’s the Government Communications Headquarters that does the spying, and it sweeps up “emails, instant messenger chats, social media connections, online searches, browser history, and IP addresses.”
“The GCHQ also collects communications metadata, capturing, for instance, what time an email was sent, where it was sent from, who it was sent to, and how quickly a reply was made.”
But EFF said privacy safeguards are “dismal.”
The group noted: “The U.K. directly collected massive amounts of data from the transatlantic, fiber-optic cables that carry Internet traffic around the world. The U.K. government targeted ‘bearers’ – portions of a single cable – to collect the data traveling within, applied filters and search criteria to weed out data it didn’t want, and then stored the remaining data for later search, use, and sharing. According to GCHQ, this surveillance was designed to target ‘external’ communications – online activity that is entirely outside the U.K. or that involves communications that leave or enter the U.K. – like email correspondence between a Londoner and someone overseas. But the surveillance also collected entirely ‘internal’ communications, like two British neighbors’ emails to one another. This surveillance was repeatedly approved under months-long, non-targeted warrants.”
The court said the system was vulnerable to abuse.
EFF said: “The court took issue with the U.K.’s failure to comply with the European Convention on Human Rights – an international treaty to protect human rights in Europe, specified in the convention’s ‘articles.’ The European Court of Human Rights, a regional human rights judicial body based in Strasbourg, France, issued the opinion.”
“The court’s decision supports the idea that this surveillance expansion, if left unchecked, could be incompatible with human rights,” EFF said.
The European court’s decision has no direct impact on court cases involving U.S. spy programs.