Another spotlight has been placed on the UK Government’s approach to information surveillance following disclosure this week by Britain’s Chief Counter Terrorism Officer, Charles Farr, that it is legitimate for UK counter terrorist authorities to conduct mass surveillance across social media platforms such as Facebook, YouTube and Twitter.
The revelations arose in the context of a legal challenge by a number of civil liberties organisations (including Amnesty International and Liberty). Farr’s position is that mass surveillance across platforms that have a hosted presence in the US, is entirely consistent with UK law.
Is he right? Well essentially yes. It is a little understood fact that whilst the UK (alongside most other EU member states) has a mature regulatory framework to protect the citizen against unwarranted intrusions by the State in their private life – enshrined in legislation such as the Human Rights Act, Regulation of Investigatory Powers Act 2000 (“RIPA”) and Data Protection Act 1998 (“DPA”) – there are important gaps that support this sort of activity.
- RIPA, which is a key safeguard against mass state surveillance, only regulates the interception of communications within the UK. Monitoring of “external communications” is unregulated.
- The EC Data Protection Directive, which provide a comprehensive framework to protect personal data, specifically excludes processing required for “public security, defence, State security”.
Whilst lawyers can argue whether GCHQ and others have applied a proper interpretation of these provisions, and many will, what is more interesting to see on the back of this and the earlier Snowden revelations is a much more engaging public debate about what privacy rights we want and should be having in the 21st century. A debate that should open up and ultimately reshape the current and rather poorly understood legal framework.