UK tribunal rules GCHQ's NSA data-sharing deal "unlawful"

Civil liberty groups cheer court ruling, but claim there is more work to do

Surveillance

The Investigatory Powers Tribunal (IPT) has declared British intelligence services acted unlawfully by accessing the personal communications data gathered by the US National Security Agency (NSA).

The IPT, set up 15 years ago to oversee the activities of GCHQ, MI5 and MI6, ruling follows a complaint made by several civil liberties organisations, including Amnesty International, Privacy International, Bytes for All and Liberty.

The Tribunal said the way intelligence was shared between GCHQ and the NSA's Prism surveillance programme was unlawful up until December 2014, because the rules governing the practice were kept secret.

Post-December 2014, this was no longer the case, as the details of it were made public through the work of the Tribunal.

The existence of Prism came to light in a series of disclosures by NSA whistleblower Edward Snowden during the summer of 2013.

Through the programme, it's alleged the NSA was able to access data used by the a wide range of tech giants, including Microsoft, Yahoo, Google and Facebook, and share it with GCHQ if needed.

As a result of today's outcome, Privacy International and Bytes for All have asked for further clarification from the court regarding the interception and collection of their communications data.

If it transpires that their data was unlawfully collected before December 2014, the parties are set to demand its immediate deletion.

They also want to challenge the assertion that GCHQ's activities after December 2014 were lawful, and have vowed to lodge an application with the European Court of Human Rights on this point.

Eric King, deputy director of Privacy International, said the ruling should put an end to security agencies acting like they can operate outside of the law.

"We must not allow agencies to continue justifying mass surveillance programs using secret interpretations of secret laws. The world owes Edward Snowden a great debt for blowing the whistle, and today's decision is a vindication of his actions," he said.

"But more work needs to be done. The only reason why the NSA-GCHQ sharing relationship is still legal today is because of a last-minute clean-up effort by Government to release previously secret arrangements'.

"That is plainly not enough to fix what remains a massive loophole in the law, and we hope that the European Court decides to rule in favour of privacy rather than unchecked State power."

James Welch, legal director for Liberty, added: "The Intelligence Services retain a largely unfettered power to rifle through millions of people's private communications and the Tribunal believes the limited safeguards revealed during last year's legal proceedings are an adequate protection of our privacy. We disagree, and will be taking our fight to the European Court of Human Rights."

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

NSA issues guidance on encrypted DNS usage
Domain Name System (DNS)

NSA issues guidance on encrypted DNS usage

15 Jan 2021
How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021

Most Popular

What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021
150,000 arrest records accidentally deleted from police database
data management

150,000 arrest records accidentally deleted from police database

15 Jan 2021
Can Pat Gelsinger get Intel back on track?
chief executive officer (CEO)

Can Pat Gelsinger get Intel back on track?

13 Jan 2021