Revealed: British government's legal loophole to read your Facebook
By Jane McCallion
Posted on 17 Jun 2014 at 11:22
The government has revealed that it uses a legal loophole to justify the mass surveillance of British activity on services such as Twitter, Google, Facebook and YouTube.
The policy was made public in a witness statement from Charles Farr, the director general of the Office for Security and Counter Terrorism at the Home Office, delivered in response to a legal challenge brought by a group of civil liberties organisations.
According to the document, almost all internet activities carried out by British citizens can be monitored without a warrant, as they are classified as "external communications" as defined by the Regulation of Investigatory Powers Act (RIPA).
British citizens will be alarmed to see their government justifying industrial-scale intrusion into their communications
This covers "common factual scenarios involving the use of the internet, such as a Google search, a search of YouTube for a video, a 'tweet' on Twitter, or the posting of a message on Facebook," according to Farr.
This is because the intended recipient of the "message" is a server based outside the UK. However, it does not cover email messages sent between two or more British citizens, even if they use webmail services such as Gmail or Outlook.com, as the intended recipient is the other British citizen, making it an "internal" communication under RIPA.
Privacy International, one of the joint claimants in the case, said Farr's evidence "suggests that GCHQ believes it is entitled to indiscriminately intercept all communications in and out of the British Isles".
Privacy International said the government's statement suggests it not only thinks it is entitled to scan our messages, but in fact does intercept them. The evidence from Farr suggests that "GCHQ is intercepting all communications - emails, text messages, as well as communications sent via 'platforms' such as Facebook and Google – before determining whether they fall into the 'internal' or 'external' categories."
Eric King, the organisation's deputy director, said: "Intelligence agencies cannot be considered accountable to Parliament and to the public they serve when their actions are obfuscated through secret interpretations of Byzantine laws."
Michael Boschenek, senior director of international law and policy at Amnesty International, another of the co-claimants, added: "British citizens will be alarmed to see their government justifying industrial-scale intrusion into their communications. The public should demand an end to this wholesale violation of their right to privacy."
The revelations come as Microsoft, supported by other tech firms, is battling to stop the US government from extracting emails from its Dublin data centre, claiming "the US government ... [shouldn't] have the power to search the content of email stored overseas" if it does not have the power to search properties overseas.
Is your business a social business? For helpful info and tips visit our hub.
Massive lack of consistency there.
'[Social Network messages can be read] because the intended recipient of the "message" is a server based outside the UK. However, it does not cover email messages sent between two or more British citizens, even if they use webmail services such as Gmail or Outlook.com, as the intended recipient is the other British citizen, making it an "internal" communication under RIPA.'
Yes, when I post on Facebook and Twitter, the 'intended recipient' is that server outside the UK. Not all my British friends, on Facebook.
Since Snowden has there been much progress with the government re-evaluating GCHQ's data snooping?
By AntAntAnt on 17 Jun 2014
I think maybe it's an oversimplification of the issue on their part, tbh. A search query is definitely between an individual and the search engine's servers.
A tweet, meanwhile, is basically a public broadcast. FB is somewhere in the middle, depending on your privacy settings.
So in the second scenario, I'm not really sure how much internal/external comes into it.
By Jane_McCallion on 17 Jun 2014
The real story...
...is that Dublin, which is the European headquarters many of these US tech corporations (Apple, Google, Facebook, Microsoft, Adobe), is being used to bypass the data protection and privacy laws of both Ireland and EU for ALL EU citizens. This is being done with the knowledge and complicity of the Irish Data Commissioner, Bill Hawkes, who has consistently failed to do his job since taking office in 2007.
By twatkiller on 19 Jun 2014
and.... it's your cloud data too.
Where does NSA/GCHQ accessing all your cloud transactions (and cloud backups of course) leave your security eh??
By geomath on 20 Jun 2014
- 20 years of PC Pro: our greatest review mistakes
- 20 years of PC Pro: our first A-List
- Wikipedia's "right to be forgotten" protest hits the wrong note
- 3D printing hits the high street for plastic selfies
- 20 years of PC Pro: What amazed us in our first issue
- How Google Glass ruined my lunch hour
- Smartphone battery packs: can a USB power pack beat the festival battery blues?
- Windows Easy Transfer – not so "easy" in Windows 8.1
- Formula 1: what a difference virtualisation makes
- Office of the future: comfy chairs and tablets everywhere
- 10 ways to make your business more secure
- Top five VoIP mistakes
- How to add in-app purchasing to an iPhone, Android or Windows app
- Remote-control ransomware: TeamViewer and software hardball
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office
- How to write your company's IT security policy