The UK government brought in emergency legislation, a Data Retention and Investigatory Powers Bill (DRIP), to not only declare data retention to be still lawful but also expand the scope of both retention and lawful intercept in a number of ways.
For example, the UK government has awarded itself the extra-territorial power to demand assistance with surveillance of UK persons from foreign companies that provide communications services to people in Britain. This means that the UK security and intelligence services can demand that Google UK wiretap someone associated with Britain, rather than filing an application via the relevant mutual legal assistance treaty.
The House of Lords adopted a report on the Google/Spain case. EDRi says the report made it very clear that the nonsense around the term “the right to be forgotten” is indeed simply that… nonsense. However, EDRi observed that sadly, none of the facts of the case mattered in the way of a good story.
More than half a million authorisations for police and intelligence officers to see communications data were issued last year, according to the commissioner who oversees interceptions by the security forces and local authorities.
The 517,236 authorisations and notices to look at communications data – but not the content – is not the highest figure ever recorded. The commissioner, Sir Anthony May, found that there was no “significant institutional overuse of communications data powers”.
The vast majority of the authorisiations, 88.9%, were granted by police forces and law enforcement agencies, 9.8% by the intelligence agencies and the remaining 1.3% by local authorities and other public authorities.
Spies have been dismissed and disciplined for inappropriately accessing private information on citizens in recent years, the intelligence and security committee (ISC) report on privacy has found.
The report reveals a small number of staff at the intelligence agencies misused their surveillance powers, but it is not specific about how the information was wrongly accessed.
“Deliberate abuse of access to GCHQ’s systems would constitute gross misconduct (depending on the circumstances) – to date there has only been one case where GCHQ have dismissed a member of staff for misusing access to GCHQ’s systems,”the report states.
The legal framework surrounding surveillance is "unnecessarily complicated" and "lacks transparency", a Parliamentary committee says.
The Intelligence and Security Committee (ISC) report also says there should be a single law to govern access to private communications by UK agencies.
Its inquiry has considered the impact of such activities on people's privacy.
With the Databox concept, scientists at British universities have begun an attempt to win back control of information about us. In a paper by computer scientists from Queen Mary University of London and Cambridge University, the Databox concept is described as a piece of software that collects personal data and then manages how that information is made available to third parties. In essence, it’s “a networked service that collates personal information from all of your devices and can also make that data available to organisations that the owner allows”.