IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

UK oversight bodies 'were not aware' of spies' data-sharing

Privacy International finds documents alleging widespread GCHQ data-sharing occurred without safeguards

Privacy International has raised concerns that oversight bodies were not aware that GCHQ or MI5 were allegedly sharing people's social media data with foreign intelligence and law enforcement agencies.

The charity claims that GCHQ accessed this information by gaining access to private companies' databases. IT Pro understands that Facebook and Twitter do not provide governments with direct access to user data.

The Investigatory Powers Commissioner's Office (IPCO) now oversees the intelligence agencies' activities, after subsuming both the the Intelligence Services Commissioner's Office, and the Interception of Communications Commissioner. Both these latter bodies, the charity said, were unaware that UK intelligence agencies were sharing massive databases of people's information with foreign governments, law enforcement and industry - potentially for decades.

Inappropriate and uncontrollable sharing with industry third parties may still be ongoing without proper oversight, the privacy campaign group added, saying that there are contractors who have system access rights that could allow them to enter the intelligence agencies' systems, access and extract data and then cover their tracks.

The charity said it has since seen letters from the IPCO raising concerns about the role of private contractors who are given administrator access to the data. The body was worried that there were no systems in place to prevent the misuse of this data by the contractors.

A GCHQ spokesperson said to IT Pro: "We have always operated within the law, co-operated fully with oversight regimes, and all our activities are authorised, necessary and proportionate."

The information the agencies hold is stored in large databases but it remains unclear what data they have, with Privacy International's documents only revealing broad categories like "biographical details", "financial activities", "travel data" and "legally privileged communications".

The group revealed a tranche of documents detailing the data-sharing activities yesterday, and is in Southwark Crown Court until Thursday to uphold its challenge of the UK government's access to private company and/or organisation databases.

The case is a continuation of the charity's challenge to spy agencies' access to data, being heard by the Investigatory Powers Tribunal (IBT). The IBT previously made a landmark ruling that spy agencies had unlawfully collected communications data between 1998 and 2015 after Privacy International's challenge.

The UK government claims that there are effective safeguards in place around data sharing, which Privacy International disputes. Furthermore, the charity will question the government's evidence after the IPCO flagged that part of the government's evidence includes a misleading GCHQ witness statement. The statement details that the former commissioners were briefed about the agencies' use of information on private company and/or organisation databases. The IPCO stated the commissioners were never made aware of this.

Millie Graham Wood, solicitor at Privacy International, said: "The intelligence agencies' practices in relation to bulk data were previously found to be unlawful. After three years of litigation, just before the court hearing, we learn not only are safeguards for sharing our sensitive data non-existent, but the government has databases with our social media information and is potentially sharing access to this information with foreign governments.

"The risks associated with these activities are painfully obvious. We are pleased the IPCO is keen to look at these activities as a matter of urgency and the report is publicly available in the near future."

The IBT ruled last month that a case brought against the UK's spy agencies last month over the legality of mass surveillance should be taken to the European Court of Justice (ECJ). This means the ECJ will have the final say on whether the UK's collection of bulk communications data, granted under the Investigatory Powers Act, is legal.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Making the most of surveillance video storage
Sponsored

Making the most of surveillance video storage

26 May 2022
Why video surveillance is about more than just security
Sponsored

Why video surveillance is about more than just security

14 Mar 2022
US to ban surveillance software exports to authoritarian governments
cyber security

US to ban surveillance software exports to authoritarian governments

21 Oct 2021
AWS makes its Panorama Appliance generally available
Amazon Web Services (AWS)

AWS makes its Panorama Appliance generally available

21 Oct 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022