The official tourism website for the small seaside village of Bude in Cornwall lists a number of things to do, ranging from excessively sporting (surfing, rock climbing, and coasteering) to positively genteel (garden visits, geological walks and bird watching). One thing it doesn’t mention, however, is arguably Bude’s most notable feature: the Government Communications Headquarters (GCHQ) listening post that sits some four miles north of town, perched atop the cliffs at Sharpnose Point.
GCHQ Bude was once an RAF base and, before that, a site for shipwrecks and smugglers. Now it is the site of the largest invasion of privacy in British history. For Bude is also the landing site for a large number of submarine fibre optic cables that carry the bulk of internet traffic between the UK and the United States. In June 2013, documents leaked by Edward Snowden revealed the existence of a secret GCHQ programme, codenamed TEMPORA, in which it has been secretly intercepting the submarine cables and collecting their contents. Every time you type a query into Google, every time you post on Facebook or Twitter, or indeed use any service with servers in the US, your data most likely travels via the cables in Cornwall and is scooped up by GCHQ, potentially to be read, looked at or listened to at its pleasure.
Within weeks of TEMPORA’s existence being revealed, the NGOs Liberty, Privacy International and Amnesty International launched claims with the Investigatory Powers Tribunal, the secretive body that hears complaints against the intelligence services. The question was whether GCHQ’s power under section 8(4) of the Regulation of Investigatory Powers Act 2000 – or RIPA for short – to intercept so-called ‘external communications’ was compatible with the right to privacy under Article 8 of the European Convention on Human Rights.
We kill people based on metadata
Of course, GCHQ doesn’t admit or deny the existence of TEMPORA so instead the Tribunal held a hearing on the basis of ‘assumed hypothetical facts’ – a kind of Alice-in-Wonderland approach in which the Tribunal had to decide whether something like TEMPORA might be lawful, even if it couldn’t be openly admitted. GCHQ’s main line of defence was not that it didn’t have the legal power to scoop up millions upon millions of emails and internet sessions, but that – even if it did – it only had the capacity to actually read a tiny fraction of them. In other words, it had collected so many private communications, it simply didn’t have the time to read those belonging to people who weren’t suspects.
However, the government’s argument that it is simply too busy catching terrorists and criminals to read your emails is flawed in at least two ways. The first is that, while it might be true that GCHQ doesn’t have time to read your emails, the reality is that it no longer needs to. From analysing metadata such as the names of the websites you visit, the geolocation data from your phone, or the email addresses in your address book, it is notoriously easy to learn highly sensitive personal data about you without listening to a single phonecall or reading a single email.
As the NSA’s former General Counsel Stewart Baker once said, metadata ‘absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.’ Or as his former boss, General Michael Hayden, once admitted: ‘We kill people based on metadata.’
The second reason why the government’s argument is flawed is that it ignores the deeper principle that even the collection of your private emails, posts, phone calls and text messages is a grave interference with your privacy, even if nobody ever actually reads them or listens to them. It is the equivalent of the government putting a CCTV camera in your home, with the promise never to turn it on unless you are suspected of a crime.
The Tribunal has now issued two rulings and the outcome has been a rather mixed verdict. In December last year, it found that GCHQ’s use of section 8(4) warrants allowing for bulk interception of private communications did not breach the right to privacy. However, a second ruling in February the Tribunal held that the legal framework governing GCHQ’s receipt of private communications intercepted by the NSA did violate Article 8 (although the Tribunal also said that that violation had since been mended by the publication of GCHQ’s internal guidance as a result of the NGOs’ complaints).
It is clear, however, that the flaws in the UK legal framework governing surveillance go much further than the Tribunal’s rulings have been able to penetrate. For this reason, an alliance of 10 human rights organisations, including Liberty, Privacy International, Amnesty International and the American Civil Liberties Union are now pursuing a joint complaint to the European Court of Human Rights. It is not possible to say how long it will be before the complaint is heard but previous rulings of the Court have led to major changes in the UK law on surveillance. In the meantime, David Anderson QC, the Independent Reviewer of Terrorism Legislation is due to deliver a report on potential reform of UK surveillance laws to the Prime Minister sometime in the next few weeks. And the Data Retention and Investigatory Powers Act 2014 will be up for renewal before the end of next year. Whoever wins the next election, one thing is certain: the next Parliament will not be able to duck the issue of mass surveillance.
Eric Metcalfe is a barrister at Monckton Chambers specialising in human rights and public law. From 2003 until 2011, he was the director of human rights policy at the NGO Justice. He is currently instructed by Liberty, the American Civil Liberties Union and 4 other international human rights organisations in their complaint to the European Court of Human Rights concerning mass surveillance