You are here

Documents obtained by Privacy International show that UK intelligence agencies may analyse our Facebook and Twitter accounts

17 October 2017

Key points

  • Privacy International has obtained previously unseen government documents that reveal British spy agency GCHQ collects social media information on potentially millions of people.
  • GCHQ collected and accesses this information by gaining access to private companies’ databases.
  • Letters obtained by Privacy International reveal that the body tasked with overseeing intelligence agencies’ activities (the Investigatory Powers Commissioner) was kept in the dark as UK intelligence agencies shared massive databases with foreign governments, law enforcement and industry, potentially for decades. 
  • Because of Privacy International’s litigation, the Investigatory Powers Commissioner sought immediate inspection when secret practices came to light.
  • Inappropriate and uncontrolled/uncontrollable sharing with industry third parties currently remains without any proper oversight. Yet some contractors have system access rights which could allow them to enter the Agencies’ system, extract data and cover their tracks.
  • Privacy International will be back in court Tuesday 17 October to continue its challenge of the UK government's access to private company and/or organisation databases

 

 

Social Media collection

New disclosure reveals that the UK intelligence agencies hold databases of our social media data. This is the first confirmed concrete example of the type of information collected by the UK intelligence agencies and held in large databases. The social media database potentially includes information about millions of people. It remains unclear exactly what aspects of our communications they hold and what other types of information the government agencies are collecting, beyond the broad unspecific categories previously identified such as “biographical details”, “commercial and financial activities”, “communications”, “travel data”, and “legally privileged communications”.

 

Lack of Oversight

Privacy International has seen letters from the body that is tasked with overseeing this large-scale surveillance regime, the Investigatory Powers Commissioner’s Office (“IPCO”). The IPCO specifically raised concerns about the role of private contractors, who are given 'administrator' access to the information UK intelligence agencies' collect. The Commissioner raised concerns that there are currently no safeguards in place to prevent misuse of the systems by third party contractors.

This week, Privacy International will be back in court to continue its challenge of the UK government's collection of data from private company and/or organisation databases. The government is arguing that there are effective safeguards in place, and Privacy International is arguing that this position is untenable in light of the disclosers detailed above. Questions will also be raised as to the reliability of government's evidence. The IPCO has noted part of the government evidence includes a misleading GCHQ witness statement which refers to briefing the former Commissioner on the agencies' use of information from private company and/or organisation databases. However, the IPCO state the Commissioner was never made aware of any practice of GCHQ sharing bulk data with industry. 

 

Millie Graham Wood, Solicitor at Privacy International said:

“The intelligence agencies’ practices in relation to bulk data were previously found to be unlawful. After three years of litigation, just before the court hearing we learn not only are safeguards for sharing our sensitive data non-existent, but the government has databases with our social media information and is potentially sharing access to this information with foreign governments.  The risks associated with these activities are painfully obvious. We are pleased the IPCO is keen to look at these activities as a matter of urgency and the report is publicly available in the near future.”

 

END

Notes to Editors

 

Case: Bulk Personal Datasets (“BPD”) and Bulk Communications Data (“BCD”)

Date: 17 – 19 October 2017

Location: Court 2, Southwark Crown Court

Claimant Legal team: Tom De La Mare QC, Ben Jaffey QC, Daniel Cashman – Blackstone Chambers; Mark Scott, Bhatt Murphy solicitors; Camilla Graham Wood, Privacy International

 

Disclosed documents

On 13 October 2017 six additional documents were disclosed to the Claimant in OPEN, namely:

  • A 13-page IOCCO inspection report under s.94 TA 1984 issued on 14 September 2017;
  • Investigatory Powers Commissioner's Office summary of the 2017 BPD audit dated 15.09.2017;
  • IPCO letter to the Tribunal dated 20.09.2017;
  • IPCO response to questions prepared by Counsel to the Tribunal dated 28.09.2017;
  • Letter from Sir Michael Burton dated 2.10.2017;
  • IPCO response email to Sir Michael Burton dated 10.10.2017

These documents and the trial bundle with skeleton arguments are available via email camilla@privacyinternational.org or at: https://privacyinternational.org/node/1531