In December 2016, just 1 month after the enactment of the Snoopers Charter, the European Court of Justice (ECJ) held that the indiscriminate collection of communications data was actually illegal. The UK Government then tried to argue that the ruling did not apply to areas of national security, and that the bulk collection of communications data provided for by the Snoopers Charter was legal. The question as to whether or not it is legal has just been addressed by the Investigatory Powers Tribunal (IPT), who have ruled that the ECJ will now need to specifically determine the issue.
Snoopers Charter: Background
The Snoopers Charter (otherwise known as the The Investigatory Powers Act 2016) became law on the 29th November 2016. It essentially turned the UK into a mass surveillance police state, which introduced powers which even North Korea would be proud of in terms of the abuses to civil liberties, human rights, invasion of privacy, and gross intrusiveness. Under the Snoopers Charter, the police state that has been created, can now legally monitor your web history, your phone history, your emails, and your texts, with next to no reason required, and with hardly any oversight. Computers and phones can be legally hacked into. Communications data is retained for 12 months, and includes internet browsing history, emails, text messages, phone calls, and IM’s. 48 different agencies have unfettered access to this data, many of which are outside the police and intelligence sector. They include the Food Standards Agency, the NHS, and the Ambulance Service.
In a previous article, we set out what the implications of the Snoopers Charter were in relation to civil liberties and human rights.
The ECJ held in December 2016 that the bulk collection of communications data was illegal, and that only targeted information gathering was justified. The Court stated that, “in today’s judgment, the Court’s answer is that EU law precludes national legislation that prescribes general and indiscriminate retention of data…The interference by national legislation that provides for the retention of traffic data and location data with that right must therefore be considered to be particularly serious. The fact that the data is retained without the users of electronic communications services being informed of the fact is likely to cause the persons concerned to feel that their private lives are the subject of constant surveillance. Consequently, only the objective of fighting serious crime is capable of justifying such interference.“
Liberty launched judicial review legal proceedings on the 28th February 2017, and won permission from the High Court in June 2017 to proceed with its legal challenge.
The Snoopers Charter Does Not Even Work
The irony of it all is that the Snoopers Charter does not even work in terms of its stated intentions. This is borne out by the sheer number of terrorist atrocities that have been committed in the UK over the last year. All the Snoopers Charter does is create unmanageable data overload (known as “analysis paralysis” in the intelligence community). As most reputable experts point out, the only effective method of combating terrorism is via targeted surveillance. By treating literally everybody as a suspect, when in actual fact the overwhelming majority of people are innocent, means that a considerable amount of the limited resources available are completely wasted on pursuing the numerous false leads created. As the saying goes, simply adding unnecessary hay to the haystack, only makes it harder to find the needle…..!
The Ruling Of The Investigatory Powers Tribunal
Following the ruling by the ECJ in December 2016 that the bulk collection of communications data was illegal, the Government tried to argue that restrictions should not apply to national security matters, as they would obstruct investigations. Privacy International challenged this, and referred the matter to the Investigatory Powers Tribunal (IPT). The IPT ruled on the 8th September 2017 that the issue would need to be specifically determined by the ECJ.
The IPT held in its judgment: “In our judgment, it is unclear whether, having regard to Article 4 TEU, and Article 1 (3) EPD, the activities of the intelligence services in relation to the acquisition and use of BCD for the purposes of national security: are to any extent governed by Union law, are subject to the requirements of Article 15(3) EPD in accordance with the decision in Watson, or, in accordance with Article 4 TEU and Article 1(3) EPD, and following the decisions in Parliament v Council and Ireland v Parliament, should be treated as outside the scope of the EPD, or are subject to the requirements stipulated by the decision in Watson at paragraphs 119 – 125 and, if so, to what extent, taking into account the essential necessity of the SIAs to use bulk acquisition and automated processing techniques to protect national security and the extent to which such capabilities, if otherwise compliant with the ECHR, may be critically impeded by the imposition of such requirements.“
Following the ruling, Privacy Internationals legal officer, Millie Graham Wood, stated: “The welter of information from metadata in the age of 24-hour browsing, mailing, messages, instant messaging apps, where our online activities replace conventional social interactions, is huge. It reveals so much about us. One need only think that a visit to an IP address hosting a medical self-diagnosis website, followed by a call to an oncologist, followed by an appointment with your solicitor, then a hospice, may well reveal that the person in question has terminal cancer. We need strict safeguards against the state accessing highly sensitive information about us. The UK government and the investigatory powers tribunal have said that the vital and fundamental safeguards as set out in the Watson judgment, such as requiring a judge to approve access to highly sensitive information, should not apply to the information held by intelligence agencies. Privacy International fundamentally disagree. Even when bulk metadata is used for the purposes of national security, there should be strong safeguards to protect our sensitive personal data. Nevertheless, both Privacy International and the government agree on one thing – the necessity of referring this matter to the European court of justice. We look to the CJEU to reiterate that the very sensible Watson judgment does still apply to our intelligence agencies when they are accessing massive troves of our personal data, whether or not it is in the name of national security.”