The Snowden Reader
Page 25
• Further, in each case where GCHQ sought information from the US, a warrant for interception, signed by a Minister, was already in place, in accordance with the legal safeguards contained in the Regulation of Investigatory Powers Act 2000.
Next Steps
6. Although we have concluded that GCHQ has not circumvented or attempted to circumvent UK law, it is proper to consider further whether the current statutory framework2 governing access to private communications remains adequate.
7. In some areas the legislation is expressed in general terms and more detailed policies and procedures have, rightly, been put in place around this work by GCHQ in order to ensure compliance with their statutory obligations under the Human Rights Act 1998. We are therefore examining the complex interaction between the Intelligence Services Act, the Human Rights Act and the Regulation of Investigatory Powers Act, and the policies and procedures that underpin them, further. We note that the Interception of Communications Commissioner is also considering this issue.
Page 2 of 3
NOTES TO EDITORS
1. The Intelligence and Security Committee of Parliament (ISC) is a statutory committee of Parliament that has responsibility for oversight of the UK intelligence community. The Committee was originally established by the Intelligence Services Act 1994, and has recently been reformed by the Justice and Security Act 2013.
2. The Committee oversees the intelligence and security activities of the UK, including the policies, expenditure, administration and operations of the Security Service (MI5), the Secret Intelligence Service (MI6) and the Government Communications Headquarters (GCHQ). The Committee also scrutinises the work of other parts of the UK intelligence community, including the Joint Intelligence Organisation and the National Security Secretariat in the Cabinet Office; Defence Intelligence in the Ministry of Defence; and the Office for Security and Counter-Terrorism in the Home Office.
3. The Committee consists of nine Members drawn from both Houses of Parliament. The Chair is elected by its Members. The Members of the Committee are subject to Section 1(1)(b) of the Official Secrets Act 1989 and are routinely given access to highly classified material in carrying out their duties. The current membership is:
The Rt. Hon. Sir Malcolm Rifkind, MP (Chairman)
The Rt. Hon. Hazel Blears, MP
The Rt. Hon. Lord Butler KG GCB CVO
The Rt. Hon. Sir Menzies Campbell CH CBE QC, MP
Mr Mark Field, MP
The Rt. Hon. Paul Goggins, MP
The Rt. Hon. George Howarth, MP
Dr. Julian Lewis, MP
The Most Hon. The Marquis of Lothian PC QC DL
4. The Committee sets its own agenda and work programme. It takes evidence from Government Ministers, the Heads of the intelligence Agencies, officials from the intelligence community, and other witnesses as required. The Committee is supported in its work by an independent Secretariat and an Investigator. It also has access to legal and financial expertise where necessary.
5. The Committee produces an Annual Report on the discharge of its functions. The Committee may also produce Reports on specific investigations.
Page 3 of 3
Intelligence and Security Committee of Parliament, Statement on GCHQ’s Alleged Interception of Communications under the US PRISM Programme, July 17, 2013.
Source: Intelligence and Security Committee of Parliament, https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/225459/ISC-Statement-on-GCHQ.pdf.
1 There are other matters arising from the leaks that we are considering, although we note that none alleges – as the PRISM story did – any illegality on the part of GCHQ.
2 The Intelligence Services Act 1994, the Human Rights Act 1998 and the Regulation of Investigatory Powers Act 2000.
26
European Court of Human Rights, Big Brother
Watch and Others v. United Kingdom
Snowden’s disclosures triggered resort to judicial tribunals by persons and organizations in the UK who argued that GCHQ violated British law. British law empowers an Investigatory Powers Tribunal (IPT) to investigate complaints that intelligence or law enforcement agencies breached human rights, including the right to privacy, in engaging in covert operations, such as secretly monitoring or intercepting communications. After Snowden’s disclosures about GCHQ, the IPT received complaints from UK nongovernmental organizations alleging GCHQ’s TEMPORA program and access to PRISM information violated the UK’s obligations concerning the rights to privacy and freedom of expression under the European Convention on Human Rights (ECHR). The IPT began hearings in mid-July 2014, and, in December 2014, it ruled that GCHQ was not violating the ECHR. The nongovernmental organizations vowed to take their complaints to the European Court of Human Rights (ECtHR). The next document provides excerpts of the official summary of an earlier challenge by nongovernmental organizations to GCHQ’s activities filed with the ECtHR in September 2013 alleging violations of the ECHR’s right to privacy. The ECtHR has not issued a ruling in this case as of this writing.
STATEMENT OF FACTS
A. The circumstances of the case
The facts of the case, as submitted by the applicants, may be summarised as follows.
1. The applicants
Big Brother Watch (the first applicant) . . . operates as a campaign group to conduct research into, and challenge policies which threaten privacy, freedoms and civil liberties, and to expose the scale of surveillance by the State. Its staff members regularly liaise and work in partnership with similar organisations in other countries, communicating by email and Skype. As a vocal critic of excessive surveillance, and a commentator on sensitive topics relating to national security, the first applicant believes that its staff and directors may have been the subject of surveillance by or on behalf of the United Kingdom Government. Moreover, it has contact with internet freedom campaigners and those who wish to complain to regulators around the world, so it is conscious that some of those with whom it is in contact may also fall under surveillance.
English PEN (the second applicant) . . . promotes freedom to write and read, and campaigns around the world on freedom of expression, and equal access to the media and works closely with individual writers at risk and in prison. Most of its internal and external communications are by email and by Skype. Since many of those for and with whom English PEN campaigns express views on governments which may be controversial, English PEN believes that it, and those with whom it communicates, may be the subject of United Kingdom Government surveillance, or may be the subject of surveillance by other countries’ security services which may pass such information to the United Kingdom security services (and vice-versa).
Open Rights Group (the third applicant) . . . operates as a campaign organisation, defending freedom of expression, innovation, creativity and consumer rights on the internet. It regularly liaises and works in partnership with other organisations in other countries. . . . Most of its internal and external communications are by email and Skype. For similar reasons to those expressed by the first and second applicants, it believes that its electronic communications and activities may be subject to foreign intercept conveyed to United Kingdom authorities, or intercept activity by United Kingdom authorities.
Dr Constanze Kurz (the fourth applicant) is an expert on surveillance techniques, based in Berlin, where she works at the University of Applied Sciences. . . . Dr Kurz has been outspoken in relation to the recent disclosures regarding United Kingdom internet surveillance activities, which continue to be a subject of significant concern in the German media. She fears that she may well have been the subject of surveillance either directly by the United Kingdom or by foreign security services who may have passed that data to the United Kingdom security services, not only because of her activities as a freedom of expression campaigner and hacking activist, but also because these security services may wish to learn from her and persons with whom she communicates, habitually in encrypted communications.
&
nbsp; 2. The surveillance programmes complained about
The applicants’ concern was triggered by media coverage following the leak of information by Edward Snowden. . . . According to media reports, the NSA has in place a programme, known as PRISM, which allows it to access a wide range of internet communication content (such as emails, chat, video, images, documents, links and other files) and metadata (information permitting the identification and location of internet users), from United States corporations, . . . such as Microsoft, Google, Yahoo, Apple, Facebook, YouTube and Skype. Since global internet data takes the cheapest, rather than the most direct route, a substantial amount of global data passes through the servers of these American companies, including possibly emails sent by the applicants in London and Berlin to their international contacts. The applicants submit that the NSA also operates a second interception programme known as UPSTREAM, which provides access to nearly all the traffic passing through fibre optic cables owned by United States communication service providers such as AT&T and Verizon. Together, these programmes provide very broad access to the communications content and metadata of non-United States persons, to whom the provisions of the Fourth Amendment . . . [do not apply], and allow for this material to be collected, stored and searched using keywords. According to the documents leaked by Edward Snowden, the United Kingdom Government Communications Head Quarters (GCHQ) has had access to PRISM material since at least June 2010 and has used it to generate intelligence reports (197 reports in 2012).
In addition, the disclosures based on Edward Snowden’s leaked documentation have included details about a United Kingdom surveillance programme called TEMPORA . . . by which GCHQ can access electronic traffic passing along fibre-optic cables running between the United Kingdom and North America. The data collected include both internet and telephone communications. GCHQ is able to access not only metadata but also the content of emails, Facebook entries and website histories. The TEMPORA programme is authorised by certificates issued under section 8(4) of the Regulation of Investigatory Powers Act 2000 (RIPA: see below). The applicants allege that United States agencies have been given extensive access to TEMPORA information.
B. Relevant domestic law
Section 1 of the Intelligence Services Act 1994 (“ISA”) . . . provides a statutory basis for the operation of the United Kingdom’s Secret Intelligence Service[.] . . . Section 2 of ISA provides for the control of the operations of the Intelligence Service by a Chief of Service, to be appointed by the Secretary of State. . . . Section 3 of ISA sets out the authority for the operation of GCHQ[.] . . .
The Regulation of Investigatory Powers Act 2000 (RIPA) came into force on 15 December 2000 . . . to ensure that the relevant investigatory powers were used in accordance with human rights.
Section 1(1) of RIPA makes it an offence for a person intentionally and without lawful authority to intercept, at any place in the United Kingdom, any communication in the course of its transmission by means of a public postal service or a public telecommunication system.
Section 8(4) and (5) allows the Secretary of State to issue a warrant for “the interception of external communications in the course of their transmission by means of a telecommunication system.” At the time of issuing such a warrant, she must also issue a certificate setting out a description of the intercepted material which she considers it necessary to be examined, and stating that the warrant is necessary, inter alia, in the interests of national security, for the purpose of preventing or detecting serious crime or for the purpose of safeguarding the economic well-being of the United Kingdom and that the conduct authorised by the warrant is proportionate to what is sought to be achieved by that conduct.
RIPA sets out a number of general safeguards in section 15. . . . Section 16 sets out additional safeguards in relation to interception of “external” communications under certificated warrants[.] . . .
Part IV of RIPA provides for the appointment of an Interception of Communications Commissioner and an Intelligence Services Commissioner, charged with supervising the activities of the intelligence services.
Section 65 of RIPA provides for a Tribunal, the Investigatory Powers Tribunal, which has jurisdiction to determine claims related to the conduct of the intelligence services, including proceedings under the Human Rights Act 1998. . . .
COMPLAINTS
The applicants allege that they are likely to have been the subject of generic surveillance by GCHQ and/or that the United Kingdom security services may have been in receipt of foreign intercept material relating to their electronic communications, such as to give rise to interferences with their rights under Article 8 of the [European] Convention [on Human Rights]. They contend that these interferences are not “in accordance with the law,” for the following reasons.
In the applicants’ submission, there is no basis in domestic law for the receipt of information from foreign intelligence agencies. In addition, there is an absence of legislative control and safeguards in relation to the circumstances in which the United Kingdom intelligence services can request foreign intelligence agencies to intercept communications and/or to give the United Kingdom access to stored data that has been obtained by interception, and the extent to which the United Kingdom intelligence services can use, analyse, disseminate and store data solicited and/or received from foreign intelligence agencies and the process by which such data must be destroyed.
In relation to the interception of communications directly by GCHQ, the applicants submit that the statutory regime applying to external communications warrants does not comply with the minimum standards outlined by the Court in its [Article 8] case-law. . . . They contend that section 8(4) of RIPA permits the blanket strategic monitoring of communications where at least one party is outside the British Isles, under broadly defined warrants, which are continuously renewed so as to form a “rolling programme.” Although the Secretary of State is required to issue a certificate limiting the extent to which the intercepted material can be examined, the legislation also permits such certificates to be framed in very broad terms, for example, “in the interests of national security.” The applicants claim, in particular, that the concept of “national security” in this context is vague and unforeseeable in scope. They consider that the safeguards set out in sections 15 and 16 of RIPA are of limited scope, particularly in the light of the broad definition of national security employed. They further contend that domestic law does not provide for effective independent authorisation and oversight.
The applicants further contend that the generic interception of external communications by GCHQ, merely on the basis that such communications have been transmitted by transatlantic fibre-optic cables, is an inherently disproportionate interference with the private lives of thousands, perhaps millions, of people.
QUESTIONS TO THE PARTIES
1. Can the applicants claim to be victims of violations of their rights under Article 8 [of the European Convention on Human Rights]?
2. Have the applicants done all that is required of them to exhaust domestic remedies? In particular, . . . had the applicants raised their Convention complaints before the Investigatory Powers Tribunal, could the Tribunal have made a declaration of incompatibility under . . . the Human Rights Act 1998 . . . [which] should be regarded by the Court as an effective remedy which should be exhausted before bringing a complaint of this type before the Court . . . ?
3. In the event that the application is not inadmissible on grounds of non-exhaustion of domestic remedies, are the acts of the United Kingdom intelligence services in relation to:
(a) the soliciting, receipt, search, analysis, dissemination, storage and destruction of interception data obtained by the intelligence services of other States; and/or
(b) their own interception, search, analysis, dissemination, storage and destruction of data relating to “external” communications (where at least one party is outside the British Isles);
“in accordance with the law” and “necessary in a dem
ocratic society” within the meaning of Article 8 of the Convention . . . ?
European Court of Human Rights, Big Brother Watch and Others v. United Kingdom, Application No. 58170/13 (lodged September 4, 2013), Statement of Facts, Complaints, and Questions Presented, January 9, 2014.
Source: European Court of Human Rights, http://hudoc.echr.coe.int/sites/eng/pages/search.aspx?i=001-140713#{“itemid”:[“001-140713”]}
B. Reviews and Recommendations
As awareness of the substance of Snowden’s disclosures spread and debates over their implications grew, various governmental and international institutions undertook assessments of the issues raised by the revelations and reactions to them, and they developed recommendations to implement changes. This section provides documents containing analyses of legal and policy questions and/or recommendations for reform associated with engaging in foreign intelligence activities while respecting individual rights. These documents include U.S. federal court decisions on the telephone metadata program and Section 702 of FISA, reports from U.S. advisory and oversight bodies and the European Parliament, and a resolution from the United Nations General Assembly. These documents further illustrate the comprehensive and global impact Snowden’s disclosures have had.
U.S. Federal Court Decisions on NSA Programs
27
Klayman v. Obama:
Issuing a Preliminary Injunction against the
Telephone Metadata Program
Snowden’s public disclosure of information about the NSA’s telephone metadata program prompted litigation in U.S. federal courts about the program’s legality under Section 215 of the USA PATRIOT Act and the Fourth Amendment. In Klayman v. Obama, subscribers of U.S. telecommunications and Internet companies brought suit, and Judge Richard J. Leon ruled on the plaintiffs’ request for a preliminary injunction to stop the U.S. government from collecting their telephone metadata. His decision attracted significant attention. In asking for an injunction, the plaintiffs argued that Section 215 did not support the telephone metadata program and that the program violated the Fourth Amendment. Judge Leon held that the plaintiffs could not challenge the U.S. government’s compliance with Section 215 under federal law. He ruled for the plaintiffs, however, on the constitutional issue. He determined that the plaintiffs met their burden of showing they would likely prevail at the merits stage of the case on their claim that the telephone metadata program violated the Fourth Amendment. Snowden, his supporters, and NSA critics celebrated the decision and Judge Leon’s reasoning. The U.S. government appealed the decision. The appellate court heard oral arguments in Klayman in early November 2014, but, as of this writing, it has not issued a ruling. Whether the appellate court overrules Judge Leon’s decision, it will remain a memorable opinion in the judiciary’s handling of litigation prompted by Snowden’s disclosures.