Government snooping ruled illegal by European Court of Human Rights

In a landmark case brought to the court by a group of charity activists, surveillance activities by the UK Government have been classified as a breach of human rights

The European Court of Human Rights has ruled that the UK’s intelligence agency, GCHQ, broke human rights law through its mass surveillance programme

The UK Government’s intelligence agency, GCHQ, has broken human rights law through its mass surveillance programme, the European Court of Human Rights (ECHR) ruled on September 13.

Judges declared that the bulk interception regime, which allowed agencies to harvest data and intercept private communications, was in violation of Article Eight of the European Convention on Human Rights.

Article Eight guarantees the right to one’s “private and family life, his home and his correspondence”, provided this does not undermine “national security, public safety or the economic well-being of the country”.

In April this year, the UK’s high court ruled that the IPA is incompatible with EU law. Ministers have until November 1 to amend the act

The case was brought before the ECHR by a collective made up of 14 journalists, privacy campaigners and human rights groups, including Amnesty International, Privacy International, Liberty and Big Brother Watch. The decision can still be appealed by GCHQ.

Raising the alarm
GCHQ espionage practices were first exposed in 2013 by whistleblower Edward Snowden. The ex-CIA employee released hundreds of thousands of confidential files, including an estimated 58,000 British intelligence files, which proved GCHQ had intercepted millions of communications, many of which were of no interest to the intelligence agency.

The UK Government responded by changing the law to be more tolerant of mass surveillance, a move designed to prevent any further penalties from the ECHR. Despite this, in 2014, Ben Emmerson, the UN’s special rapporteur on counter-terrorism and human rights, released a report to the UN General Assembly that set out the distinction between targeted surveillance and mass surveillance.

The report defined targeted surveillance as dependent on “the existence of prior suspicion of the targeted individual organisation”, while mass surveillance was defined as states “gain[ing] access to the telephone and e-mail content of an effectively unlimited number of users and maintain[ing] an overview of internet activity associated with particular websites”.

In 2016, the European Court of Justice ruled that only targeted surveillance is justified. The latest judgement by the ECHR upholds this ruling.

Missing safeguards
Crucially, in September 2013, the ECHR ruled that while bulk interception was not illegal, the mass surveillance undertaken by GCHQ was a violation of human rights due to the lack of proper safeguards.

The judgement stated that the greatest concern was the “absence of robust independent oversight of the selectors and search criteria used to filter intercepted communications”.

The lack of comprehensive safeguarding procedures allowed the agency to collect indiscriminate information, including personal information, which had no relation to national security. The collection and retention of this information, therefore, violated the right to privacy.

The case was a challenge to the interception regime created and permitted under the Regulation of Investigatory Powers Act 2000 (RIPA). The controversial act was ostensibly introduced to maintain the stringency of surveillance activities in the face of rapid technological change. Once passed, however, it was widely criticised for permitting government bodies to carry out unnecessary surveillance that constituted an invasion of citizens’ privacy.

Under a freedom of information request submitted in 2016, it was revealed that local councils had carried out 55,000 days of covert surveillance over five years on dog walkers, fly-tippers and those claiming benefits. This intrusive surveillance was permitted under RIPA.

In 2016, RIPA was succeeded by the Investigatory Powers Act (IPA), which encompassed existing surveillance legislation and introduced new measures. Nicknamed the Snooper’s Charter, the act required mobile phone companies and internet providers to keep a record of their customers’ activity. It also created a new role, Investigatory Powers Commissioner, which would oversee the use of investigatory powers.

Moving forward
The ECHR has outlawed RIPA legislation but not the IPA. However, the RIPA ruling will surely have a significant impact on the latter bill, which has already seen extensive criticism and legal challenges.

In April this year, the UK’s high court ruled that the IPA is incompatible with EU law. Ministers have until November 1 to amend the act.

In response to the latest ECHR ruling, Silkie Carlo, Director of Big Brother Watch, said: “Under the guise of counter-terrorism, the UK has adopted the most authoritarian surveillance regime of any Western state, corroding democracy itself and the rights of the British public.

“This judgment is a vital step towards protecting millions of law-abiding citizens from unjustified intrusion. However, since the new Investigatory Powers Act arguably poses an ever greater threat to civil liberties, our work is far from over.”

The case is a significant victory for purveyors of the right to privacy and legitimises Snowden’s whistleblowing. However, the judgement highlights a more sinister reality too.

Article Eight of the European Convention of Human Rights permits “interference by a public authority” in cases of necessity for a “democratic society”, which is broadly taken to mean situations in which the country’s national security is at risk.

The UK Government has been found to be in violation of this right and has used surveillance powers in situations deemed unnecessary in a democratic society.

Data privacy is a contentious issue globally at present; a number of scandals have come to light recently, including Facebook’s harvesting of user data that was used for illegitimate purposes.

At a time when the UK Government is attempting to crack down on private companies’ unlawful collection of data, the revelation that it has been engaging in equally intrusive practices undermines its case.