UK spies sued over phone data collection scheme already banned in US

UK intelligence agencies still collect phone data in bulk, while that practice was banned in the US, Privacy International said

The foyer of the UK's GCHQ intelligence agency in Cheltenham, UK

The foyer of the UK's GCHQ intelligence agency in Cheltenham, UK

In an effort to put an end to the bulk data collection of phone records and other large datasets from millions of people, campaign group Privacy International has filed a complaint with a U.K. court.

The complaint was filed with the U.K. Investigatory Powers Tribunal, which deals with claims against U.K. intelligence agencies, including the country's Government Communications Headquarters (GCHQ). It is meant to put an end to bulk data collection that was already banned in the U.S.

Last Tuesday, the U.S. Senate passed the USA Freedom Actwhich put a stop to the old U.S. National Security Agency's (NSA) bulk collection of domestic telephone records, restoring a limited telephone records program.

The U.S. is so much further ahead on the issue than the U.K., the campaign group said, adding that the bulk collection of data of millions of people who have no ties to terrorism and are not suspected of any crime is plainly wrong.

In the U.K., intelligence agencies also collect bulk personal datasets, a report by the U.K. Parliament's Intelligence and Security Committee showed in March. The Committee considered the bulk collection of data to be relevant to national security investigations.

According to GCHQ, bulk data collection is an increasingly important tool to identify people they have an interest in, the partly redacted report said. The datasets vary in size "from hundreds to millions of records", and where possible, they may be linked together so that analysts can quickly find all the information linked to a "selector" such as a phone number, it said.

While this kind of investigation is described as "highly intrusive", the report does not reveal which datasets have been collected, Privacy International noted, adding that there is no proper legal regime in place to restrict the bulk collection of data. Moreover, the collection of bulk data is not authorized by a judge or minister, the group said, and called for strong safeguards to prevent misuse of the collected data.

Telecommunications companies are required to store records detailing the who, where and when of every phone call made under the country's Data Retention and Investigatory Powers Act (DRIPA). Privacy International believes GCHQ then collects those phone records in bulk. Similar powers could be used to collect data from other databases such as medical records, financial records and travel records in bulk, the group said.

The legality of DRIPA is also being challenged by two members of the British Parliament and U.K. human rights organization Liberty. Their case was heard by the London High Court last week.

Privacy International's complaint comes on top of earlier complaints filed together with other groups against GCHQ mass surveillance practices in the U.K. The groups are waiting for a final judgement in those cases.

Two complaints were also filed against GCHQ over hacking powers, while there is also a legal challenge against mass surveillance pending at the European Court of Human Rights.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Join the CSO newsletter!

Error: Please check your email address.

Tags Privacy InternationalsecurityU.S. National Security AgencyCivil lawsuitslegalU.K. Government Communications Headquarters (GCHQ)data protectionprivacy

More about EUFreedomGCHQIDGNational Security AgencyNewsNSAPrivacy InternationalTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place