Categories
Regs surveillance & privacy

Privacy International versus GCHQ on PRISM

Since I last commented on the Edward Snowden affair, the inevitable has happened: the issues exposed have been raised in a judicial body in the United Kingdom.

Privacy International, a charity that campaigns to protect citizens’ privacy, has filed a case against the Foreign Secretary and GCHQ for the snooping alleged in the Snowden files (for those interested, the full case has been made public.

The Investigatory Powers Tribunal is the first and last judicial body in which such cases can be heard — there is no right of appeal to the Court of Appeal or the Supreme Court or any other such body, only to the European Court of Human Rights — which means we are in this one for the long haul as such cases are rarely expeditiously dealt with.

Prima facie, there’s nothing new in the case that we haven’t heard about from the Guardian newspaper or various media outlets, and therein lies the crux of the whole thing. Where’s the smoking gun? (An idiom invented by Sir Arthur Conan Doyle for the etymologists among you). The case appears to rely in great measure on revelations from Snowden in the press and doesn’t seem to provide, for example, a laptop with the alleged malware on it. The accusations are second hand — powerpoint presentations referring to capabilities, not a Flickr stream of unwitting selfies from usurped webcams. Essentially, in fact, the entire case is hearsay. In America, depending on the exact implementation in the specific State, it is generally inadmissible in its entirety, but following reforms of the UK judicial system in 2003 with regard to both civil and criminal cases, hearsay is admissible under certain criteria (which are not strenuous — the focus on what weight the court should give the evidence and not the admissibility). And, no doubt, that is a substantial factor as to why Privacy International chose to file a claim in the UK as opposed to the USofA.

Without writing an essay on the subject, and noting that I am not a lawyer but a regulation guru that spends a lot of time surrounded by them, it appears to me that the Edward Snowden revelations have a good chance of meeting the admissibility of hearsay criteria — good news for Privacy International, and bad news for GCHQ in terms of the first hurdle at least, with one notable exception. In order for it all to be admissible, the inability for the Defendants or the Claimant to call the Claimant’s key witness (Snowden) would have to meet certain thresholds.

Edward Snowden, to our knowledge, is not yet dead nor is he unfit to testify as a result of mental illness of physical disability. Whilst he is outside the UK, you can argue, it is not unreasonably practicable to secure his attendance because there is an extradition treaty with the Russian Federation where he is alleged to be currently residing (which takes care of the “cannot be found” argument too). Also, on the face of it, Snowden could be alleged to have been complicit or guilty of carrying out criminal acts under UK jurisdiction covered by the treaty. Thus, only “afraid to testify” remains, which is a valid concern, given how extradition might work with the USofA should Ed step foot on these shores to be cross examined or prosecuted.

I can’t help but wonder if this action by Privacy International is a double edged sword. Clearly it’s a strong attack on the UK government for their alleged involvement in Prism et al and it is good such actions and potential criminality is heard fairly in court, however its weight is somewhat compromised by the lack of a smoking gun and star witness. Regardless of your leanings on the subject, it is certainly something to watch.
Google+

Categories
End User Regs surveillance & privacy

PRISM and the currently shelved Draft Communications Data Bill

PortcullisThere’s been a lot of noise about the PRISM surveillance program (American spelling because it’s American). There’s a ton of stuff about it on Wikipedia.

A few people asked whether I was going to write a blog post about it. I wasn’t. Lots of people earn their living just looking at this kind of stuff.

There is one thing worth considering though that particularly springs to the forefront of my mind and that relates to the Draft Communications Data Bill that was recently dropped by the Government from the Queen’s Speech.

Without understanding fully what PRISM actually does and what data it accesses I imagine that the capability is pretty similar to what might have been demanded of the ISP industry by the Comms Data Bill.

My biggest objection to that Bill was that it was a serious threat to the personal privacy of every individual in the country because of all the data that would have been gathered. Availability of the data = inevitability that the data would have been leaked. The only way to not have that data leaked would be by not gathering it in the first place.

History shows that the most likely source of such a leak is internal to an organisation, be that within the ISP storing the data or from the negligence (laptop left in taxi etc) of the civil servant or member of the security forces looking after said data.

Well the fuss about PRISM has demonstrated that this is exactly so. Important information was leaked from within the US security establishment by an insider, Edward Snowden. The same can be said of Bradley Manning and Wikileaks.

The only way of not having the data in the public domain is not to keep it in the first place.  I’m not going into a lengthy debate re the rights or wrongs of what the USA is actually doing with PRISM. Just that we should bear that in mind whenever the next attempt to introduce the Draft Communications Data Bill comes along, as it inevitably will.