IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

GCHQ's mass surveillance regime ruled unlawful

The ECHR has ruled that the UK's bulk collection and ISP data interception programmes breached human rights law

The UK's bulk data collection and surveillance programme partially violated the European Convention on Human Rights, specifically contravening articles on the right to privacy and freedom of expression. 

The surveillance programme, disclosed by Edward Snowden in 2013, did not in itself violate human rights law, according to the grand chamber of the European Court of Human Rights (ECHR), but violations stemmed from a lack of safeguards and protections. 

The challenge, which has gone through various stages through the years, was brought forward by a group of privacy rights organisations, including Big Brother Watch, the Open Rights Group (ORG), Amnesty International, and Liberty. Previous judgements have generally concurred that the UK's surveillance regime was unlawful.

"The Court has recognised that Bulk Interception is an especially intrusive power, and that 'end-to-end safeguards' are needed to ensure abuse does not occur," executive director of the ORG, Jim Killock, said.

"The court has show that the UK government's legal framework was weak and inadequate when we took them to court with Big Brother Watch and Constanze Kurz in 2013. The court has set out clear criteria for assessing future bulk interception regimes, but we believe these will need to be developed into harder red lines in future judgments, if bulk interception is not to be abused."

The grand chamber ruled unanimously that the surveillance regime violated Article 8, the right to respect for private and family life/communications, in respect of the bulk interception regime and obtaining communications data from internet service providers (ISPs). Both these data collection practices also violated Article 10, the right to freedom of expression.

There were no violations under Article 8 or Article 10 in respect of the regime for requesting intercepted material from foreign governments and intelligence agencies.

Operating a bulk interception regime does not itself violate the convention, "owing to the multitude of threats states face in modern society", but such a regime must be subject to "end-to-end safeguards". This means that assessments should be made at every stage of the process of how necessary and proportionate the data collection measures are. 

The UK's regime fell short because bulk interception had been authorised by the secretary of state and not by a body independent of the government. Applications for warrants to conduct searches also didn't state the categories of search terms that would define the kinds of communications data that would be examined. The use of search terms linked to an individual, including specific identifiers such as email address, had also not been subject to prior internal authorisation. 

The judgement will serve as vindication for the applicants who brought the challenge forward, with the UK's surveillance regime deemed not compatible with the law at the time, the Regulation of Investigatory Powers Act (RIPA) 2000. This has since been replaced with the Investigatory Powers Act 2016, also known as the snooper's charter.

The grand chamber's decision to declare bulk surveillance regimes in and of themselves as not incompatible with human rights law, however, may be considered disappointing by privacy rights activists. Groups such as Big Brother Watch and Liberty have sustained longstanding opposition to such regimes out of principle.

"As the court sets out, bulk interception powers are a great power, secretive in nature, and hard to keep in check," Killock continued. 

"We are far from confident that today's bulk interception is sufficiently safeguarded, while the technical capacities continue to deepen. GCHQ continues to share technology platforms and raw data with the USA. This judgment is an important step on a long journey."

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Most Popular

The top 12 password-cracking techniques used by hackers

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022