UK Home Sec's defence of bulk spying: We 'found' a paedo (we already knew about)

Terrible Theresa's evidence is 'full of holes'

IPB The Home Secretary has given a written statement to a Parliamentary committee explaining why she believes GCHQ's bulk surveillance activities are needed.

Earlier this month Theresa May stumbled when asked to deliver an "operational case" for bulk interception by the joint committee providing pre-legislative scrutiny of the draft Investigatory Powers Bill.

At the time the Home Secretary, who is spearheading the new Snooper's Charter, declared that she wished "to give a greater degree of transparency" to the intelligence agency's legal capabilities. However, instead of providing such transparency in person, she promised to "write in" with some more information at a later date.

Today the committee published the written evidence (PDF) the Home Secretary submitted, which was intended to answer several questions directed at her during her oral evidence session.

May was asked to provide operational cases showing why GCHQ's bulk interception activities were necessary. The cases provided are intended to express why alternative means of investigating suspected terrorists and paedophiles would have been ineffective.

May argued that access to large volumes of data actually made the amount of data the spooks investigate much smaller: "Carefully directed searches of large volumes of data also allow the security and intelligence agencies to identify patterns of activity that significantly narrows down the areas for investigation and allows them to prioritise intelligence leads."

The Home Secretary also said:

Bulk acquisition warrants must be served on a communications service provider. The power cannot be used by an intelligence agency to acquire communications data from a telecommunication system themselves.

This refers to acquisition – the agencies demanding that those compelled to retain data under the current retention directive simply hand it all over – and not interception, as in GCHQ's tapping of the undersea cables around Britain through its TEMPORA programme. TEMPORA is authorised under a small number of warrants issued through section 8(4) of RIPA.

Acquisition is currently provided for under section 94 of the Telecommunications Act 1984. This, long suggested by critics, including ex-MP Julian Huppert, was only admitted on the same morning that the draft Investigatory Powers Bill was published.

Huppert previously told The Register he believed it was an "incredibly broad and unscrutinised power that allows almost anything to be done in secret on a Secretary of State's discretion."

Bulk interception is provided for under section 8(4) of the Regulation of Investigatory Powers Act 2000 (RIPA). Under the current regime, a warrant issued by the Secretary of State must consider the necessity and proportionality of the proposed interception and whether the information collected through interception could reasonably be obtained by other means.

A defence of the necessity and proportionality of such interception, additionally intending to explain how the informaiton collected could not have been acquired through other means, was detailed in two operational cases which were published in a section titled "The Value of Bulk Interception".

Attack planning in Europe

In 2014, GCHQ analysis of bulk data uncovered a previously unknown individual in contact with a Daesh-affiliated extremist in Syria who was suspected of being involved in planning an attack against the West. Despite attempts by the individual to hide his activity, GCHQ was able to use bulk data to identify that he had travelled to a European country. Separate intelligence suggested he was making progress on planning his attack. The information was passed to authorities in that country, enabling his premises to be raided. During the raid, several home-made IEDs were found.

The first of these examples was a counter-terror case. It may be noted that despite being titled "Attack planning in Europe" the case admits that "separate intelligence suggested" the suspect was "progressing with attack planning."

GCHQ's bulk data initially identified the individual. It may be inferred, however, that the "Daesh-affiliated extremist in Syria" with whom the individual was in contact was already known. Bulk data was additionally cited as providing evidence of travel "to a European country" presumably in lieu of any other border security procedures being in place in Europe.

Access to extremely indecent images

Using bulk data to spot patterns of behaviour demonstrated by paedophiles, in 2013 GCHQ identified a UK national using sites containing images of child sexual exploitation that required a payment to access the most extreme indecent images. This individual had previously held a position that provided him with access to children (and was on the Violent and Sexual Offenders register). He was sentenced to three years' imprisonment and made subject to a Sexual Offenders Harm Order for life.

The operational case offered in the case of access to child abuse images involved an individual who was already on the Violent and Sexual Offenders Register, and their accessing a known site containing "extreme indecent images." That a payment was required to access these images also suggested there was an alternative route of investigation if the site was known to authorities already.

Here the bulk data was merely used "to spot patterns of behaviour demonstrated by paedophiles" – though whether tracking known paedophiles' internet usage and analysing the sites they visit counts as “behavioural pattern analysis” is not clear.

Speaking to The Register, Eric King, director of pressure group Don't Spy on Us, said these cases were very weak: "GCHQ had an opportunity here to provide concrete, solid examples of how bulk data interception prevented a terrorist attack."

"The agencies will have wanted to have provided a cast-iron case for these powers," added King, who said the cases the agency presented were "riddled with areas to poke holes in."

Right of appeal

Legal complaints in the UK about GCHQ's mass surveillance activities can only be heard by the Investigatory Powers Tribunal (IPT). May noted that the bill would create another route for complaints, but stated that it was important that the right of appeal was limited as "a significant number of claims submitted to the IPT each year are entirely without merit."

Defending this assertion, the Home Secretary offered figures from 2013, noting that "of the 205 cases that were considered by the IPT in 2013:

  • 53 per cent were deemed to be frivolous or vexatious
  • 31 per cent were given a “no determination”
  • 10 per cent were out of the jurisdiction of the IPT; and the remaining
  • Six per cent were out of time

Notably, no new figures have been provided since 2013, with the annual report promised last year being cancelled – seemingly because the IPT had heard successful cases in that period.

King told The Register: "The Home Secretary can’t boast of the world class redress mechanism the IPT provides, while at the same time disparaging the claims before it as 'without merit'."

He added:

Highlighting the fact that there wasn’t a single successful claim in the IPT throughout 2013 underlines just how important Edward Snowden's action was in blowing the whistle. Since those revelations, there have been successful claims before the IPT, finding the actions of the security and intelligence agencies unlawful. Would those successful claims have been possible without Snowden’s documents [providing] a compass? Not a hope in hell.

"Perhaps the Home Secretary should stop trying to limit the already challenging routes for redress,” continued King, “and instead recognise that even greater overhaul is needed if she wants Britain to achieve the world class oversight system she claims it has."

The MPs and peers who make up the joint committee providing pre-legislative scrutiny of the draft Investigatory Powers Bill were given only weeks to file their report based on this evidence. Their report is due in mid-February. ®


Biting the hand that feeds IT © 1998–2017