Extraordinary Popular Delusions

"Men… think in herds … they only recover their senses slowly, and one by one."

Tag: prism

Liberty and Others v GCHQ

The legal challenges made by Liberty, Privacy International, Amnesty International, the ACLU and others in the wake of Edward Snowden’s revelations had their first hearing in the Investigatory Powers Tribunal today. The IPT is the tribunal set up under the Regulation of Investigatory Powers Act (RIPA).  It does not usually meet in public, so the announcement below is a bit of a souvenir.

20140214-133046.jpg

This is the first of two groups of challenges against GCHQ’s interception and information sharing practices. The other is an appeal direct to the ECtHR (Big Brother Watch v United Kingdom), which the Strasbourg court has decided to fast track.

Today’s hearing was a directions hearing, which means that none of the substantive claims were argued, but questions as to approach were tackled and dates were set. The full hearing has been scheduled for 14-18 July this year – which is rather earlier than the ECtHR will hear their case, even though they’ve decided to fast track. The July hearing will be open to the public, although it sounds like there may also be sections of argument that are closed (more on that below).

dramatis personae

There are three separate groups of claimants: Amnesty International (represented by Kirsty Brimelow of Doughty Street Chambers), Privacy International and Bytes For All (Ben Jaffey of Blackstone Chambers) and Liberty and the ACLU (Matthew Ryder of Matrix Chambers). As far as I am aware, the only groups to have made their initial documentation public are Privacy International and Bytes for All. Privacy International’s claim deals with two main issues: the extent to which information sharing is regulated under RIPA (lets’s broadly call that issue PRISM) and the legality of mass surveillance (that’s Tempora).

The first issue dealt with was Amnesty joining the proceedings. Today’s hearing isn’t quite the first time Snowden’s revelations have been brought before the IPT (even in public). On 30 January, Abdel Hakim Belhaj and Fatima Boudchar were granted a limited injunction against the use of any legally privileged information that may have been acquired by surveillance (the court did not rule on whether any surveillance had in fact happened). The violation of legal privilege in breach of article 6 of the ECHR appears to be part of Amnesty’s argument in this case too, so there was some discussion as to what should be discussed purely in relation to the Belhaj case and what should be included in July’s hearing.

“This tribunal is unique in being able to proceed on assumed facts”

The bulk of the morning hearing saw attempts to reach agreement on the hypothetical premises on which the argument could proceed. Part of the difficulty here is that the UK government is still adopting a strict ‘neither confirm nor deny’ policy when it comes to Tempora – to the extent of not even being willing to confirm or deny how the word is pronounced.  It became evident over the course of the morning that the government would have preferred to restrict the court to an assessment of whether the RIPA framework itself was in accordance with ECHR rather than adjudicating whether particular alleged actions would be legal under RIPA itself or the Human Rights Act.

That approach was decisively rejected (“surely if you’re not allowed to do it at all, we can say so?”) so we will be hearing arguments about whether Tempora activity would be lawful – although the points at issue will be presented as “claimants allegations” rather than “agreed premises”.

In the absence of authoritative advice to the contrary, by the way, Mr Justice Burton decided that the IPT would go with the ‘Latin’ rather than ‘Japanese’ pronunciation of tempora. That means an emphasis on the first, rather than the second syllable.

Metadata and communications data

An interesting question that came up was whether communications data and metadata is synonymous – as it transpired, this was brought up by Matthew Ryder as a result of David Omand asserting that there was a difference (listen back to the LSE debate to hear for yourself). It seems that the government has responded to the effect that there is no meaningful difference between the two terms.

Afternoon

The afternoon session confirmed dates for the main hearing in July and then returned to the main theme of the morning, this time in detailed discussion about how the main issues of the case should be framed. Should the government be able to limit discussion to an assessment of the compatibility of its legal framework with the ECHR or should the question be whether the alleged practices themselves are compatible with the law? Is it possible the alleged practices might not be wholly authorised by RIPA, making the first option too narrow?

The argument on these issues was quite dense: at one point, it appeared as though the government was saying that, if the alleged activities took place, they could only have been authorised by RIPA, but that was not conceded formally. The final formulation is still to be confirmed, but it looks like it will represent a bit of a compromise for both sides.

Neither confirm nor deny

As mentioned earlier, the UK government will still neither confirm nor deny that the Tempora programme exists, despite the amount of information now in the public domain. (PRISM is a bit of a different matter, because its existence has already been acknowledged on the other side of the Atlantic). On the basis of some of Ben Jaffey’s submissions today, it looks like this stance will be challenged in July, particularly if – as seems likely – the government moves to hold a closed session after the open one.

Through a PRISM, darkly

I’m currently working my way through the many excellent presentations given at the 2013 CCC Congress (you can look through the videos yourself here). This talk, given by Kurt Opsahl, Senior Staff Attorney at the Electronic Frontier Foundation is a really good introduction to the US legal framework around the NSA’s activities. Once you’ve watched this, the next thing on your list should be Jacob Appelbaum’s To Protect and Infect, Part 2, which explains some of the most recent stories to emerge from the Snowden document cache.

UK MPs debate oversight of the security services

Earlier today, MPs took part in a three hour debate on oversight of the security services. Video of today’s three hour debate is now available here, and it’s well worth viewing:

31.10.13 Westminster Hall debate on oversight of the security services

Of particular note are the exchanges between members of the Intellifenge and Security Committee (ISC) and Parliamentary colleagues, which reveal that no scrutiny of Prism or Tempora took place in that committee before Edward Snowden’s disclosures put the existence of those programmes into the public domain. It is not at all clear that members of the committee knew what GCHQ was up to until the Guardian drew their attention to it.

A full transcript of the debate should be available soon (here) and I’ll highlight some of the key passages when it is.

Update (4/11)

I promised to identify the sections of the debate which tackled the degree of information open to the ISC, particularly about the PRISM and Tempora programmes. The first came about in a question from Tom Watson to George Howarth, a member of the ISC:

Mr George Howarth (Knowsley) (Lab):

Let me demonstrate that by reference to the issue that the hon. Gentleman has talked about at some length, and legitimately so. I am talking about the Prism programme—what the UK’s involvement in it was and so on. Not once during his speech, unless I missed it, did he refer to the fact that the Intelligence and Security Committee, which he considers to be inadequate, has already looked at the Prism programme and what our own agencies’, and particularly GCHQ’s, involvement in and knowledge of that was. We issued a statement—an interim statement, I might add—in July. In the course of that statement, which has not been referred to so far, we arrived at some important conclusions. The first one was:

“It has been alleged that GCHQ circumvented UK law by using the NSA’s PRISM programme to access the content of private communications. From the evidence we have seen, we have concluded that this is unfounded.”

For obvious reasons, it is impossible for me to go into detail about all the evidence that we were able to look at, but we did look in detail at very important pieces of information and we were able also to look at what authorisations were involved in the process of accessing the information, particularly the communications within it. The law has not been broken.

Mr Watson: I am reassured by my right hon. Friend’s thoroughness in the investigation. Was July the first time that the Committee had examined Prism, and was that after the Guardian revelations? [Laughter.]

Mr Howarth: It was after the Guardian revelations. The hon. Member for Cambridge seems to think that that is funny. Actually, he would still be sitting here today if we had not gone and looked at this matter after the allegations emerged. He would be accusing us of being inadequate in our responsibilities.

So, the ISC did not examine GCHQ’s involvement in PRISM before information about the programme’s existence reached the public domain. That could mean that the committee didn’t know about it, or knew about it and chose not to concern itself with it. George Howarth was pressed on the issue of whether the ISC knew about the programme by Rory Stewart – and his answer is incredibly evasive.

Rory Stewart: Will the right hon. Gentleman clarify why the Committee did not look into Prism before The Guardian published its allegations?

Mr Howarth: Let me answer the hon. Gentleman very carefully; I hope that he will forgive me for being none too specific in my answer. Part of our responsibility, which did not just emerge after the revelations about Prism, is to look at what the agencies do, what their capacities are and how they use those capacities. It is a continuous process. We have in the head of GCHQ. We take evidence. We probe what it is doing and what it is capable of doing. Therefore, it is not that we did not have any concerns or any interest in what GCHQ was capable of. That is an ongoing process, but inevitably, when something new emerges, it is appropriate that, as a Committee, we look into it.

I have answered the hon. Gentleman’s question perhaps not as accurately as he would have liked, but—I am not being evasive when I say this—if I went any further, I would be going into detail that at this stage I do not think is relevant.

The issue was later put to the chair of the committee, Sir Michael Rifkind, who refused to answer the question:

Mr Meacher: Will the right hon. and learned Gentleman explain why the Committee did not find out about the Tempora programme when it began to operate?

Sir Malcolm Rifkind: The right hon. Gentleman does not have the faintest idea whether the Committee was aware of programmes of any kind. We are given classified information, and the whole point of an independent Committee having access to top secret information, whatever that is, is that we do not announce what such information is. If he can devise a system whereby secret information can be made available to all law-abiding British citizens, without its being simultaneously made available to the rest of the world, I am interested in hearing about it, but I do not think that he is likely to meet that requirement.

Also of note was the question put by Julian Huppert to the Under-Secretary of State James Brokenshire – but answered by Michael Rifkind:

Dr Huppert: The Minister makes the extremely good point that it is “past operations” that can be looked at, and there are constraints on what the ISC can look at; it does not have a completely free rein on operational matters. What happens if an operation lasts for many, many years? At what stage is there any sort of scrutiny of that?

James Brokenshire: To be fair to the hon. Gentleman, he took part in the consideration of the Justice and Security Act 2013, although he did not make then a number of the points that he has made this afternoon. However, we need to be very careful to ensure that scrutiny does not seek to cut across into direct, ongoing operational activity. I am quite sure that, given the robustness of the new powers that the ISC itself will hold, that consideration is very much in the forefront of the minds of the Committee members.

Sir Malcolm Rifkind: In response to the perfectly reasonable issue raised by the hon. Member for Cambridge (Dr Huppert), I must say that this point was seized on by the ISC itself. We have completed discussions with the Government, the results of which will appear in a memorandum of understanding that will be published and include details of how these matters will be dealt with. That will ensure that that consideration cannot be used as an improper way of preventing the ISC from obtaining access to operations that—by any normal, common-sense approach—could be considered as completed.

Finally, as a reminder of the quality of rhetoric that tends to prevail when issues are not subjected to proper scrutiny:

Mr Adam Holloway (Gravesham) (Con): If in the last few weeks, we had lost a city to nuclear terrorism or there had been a gigantic mass casualty, I wonder whether the hon. Gentleman’s constituents would see Edward Snowden as a trendy, cool whistleblower or as a traitor.

Fourth European Parliament hearing on surveillance: special whistleblower edition

Monday’s fourth #EPInquiry hearing was relatively well-reported, largely because Edward Snowden supplied a statement, delivered to the inquiry by the Government Accountability Project’s Jesselyn Radack.

Audio of the full hearing is available here, thanks to Henrik Alexandersson, who has also posted the audio of the previous three hearings.

The speakers were Marc Rotenberg (EPIC), Catherine Crump (ACLU), Thomas Drake (NSA whistleblower), J. Kirk Wiebe (NSA whistleblower), Annie Machon (MI5 whistleblower), Jesselyn Radack (Government Accountability Project) and John Devitt (Transparency International). Video of the following presentations has been made available by the Government Accountability Project:

Jesselyn Radack

Thomas Drake

J. Kirk Wiebe

The next hearing is tomorrow, Thursday 3rd October and one of the subjects up for discussion will be GCHQ’s aggressive actions against the Belgian national telecoms company, Belgacom – whose clients include the European Parliament. Unfortunately, GCHQ’s director has declined the opportunity to justify himself in front of the Committee.

Missed my posts on the first three #EPInquiry hearings? Find them here (one, two, three).

Update (3/9)

Full video of the hearing is now available:

European Parliament holds second surveillance inquiry hearing

Following on from my last post, I’m just catching up with the second hearing of the European Parliament’s Civil Liberties Committee into surveillance in and by EU countries. This was held on Thursday 12th September and, like the first hearing, was divided into two sessions.

The first, private, session saw MEPs briefed on the results of a meeting between EU and US data protection experts back in July. There were two strands to the EU’s response to PRISM in mid-June; one was the public inquiry arranged by the European Parliament and the other was the ad hoc working group formed by the Council Presidency and Commission doing the reporting in this closed session.

The second session included a briefing from the Chair of the Article 29 Working Party, Jacob Kohnstamm, on the impact of surveillance on privacy and US-EU Data Protection Agreements. Audio of this second session has been released on the EU website  – although it’s not the most user friendly interface I’ve ever encountered.

Documents from the meeting are also available here.  Of these, Kohnstamm’s letter to EU Commissioner Viviane Reding forms the basis of his presentation to the Inquiry and is certainly worth looking at.

It also needs to be clarified if these American intelligence programs are in line with European and international law. This includes the International Covenant on Civil and Political Rights, which lays down the right to privacy in a general way. More importantly, the necessity and proportionality of these programs according to the Council of Europe Convention 108 needs to be further assessed. WP29 therefore considers it is likely that the current practice of apparent large-scale collection and accessing of personal data of non-US persons is not covered by the Council of Europe Cybercrime Convention. This is particularly relevant in light of the on-going discussion within the Council of Europe Cybercrime Convention Committee (T-CY) on the preparations for an additional protocol meant to facilitate trans-border data flows in this field.

Documents relating to the first #EPInquiry hearing have also been released.

The next #EPInquiry hearing is scheduled for 24th September:

There are five sessions foreseen in the programme focusing on “Allegations of NSA tapping into the SWIFT data used in the TFTP programme”, “Exchange of views with US Administration”, “Feedback of the meeting of the EU-US Transatlantic group of experts on data protection of 19/20 September 2013”, “Exchange of views with US Civil Society (part I)” and “Presentation of the study on the US surveillance programmes and their impact on EU citizens’ privacy”.

Update (19/9)

Kohnstamm does not understate the importance of the Snowden revelations (this from the audio clip):

Based on the reports… it is highly likely that the fundamental rights of human beings have indeed been infringed on… The fundamental trust between government and citizens is at stake.

He also makes clear that the surveillance activities of EU member states will also need to be assessed for their compliance with international law and EU standards, which may themselves need to change to offer better protection for individuals’ privacy.