ISPs from around the world take action against "illegal," "destructive" GCHQ
Internet service providers from the Netherlands, the United Kingdom, the United States, and South Korea have brought a case against the GCHQ intelligence agency in response to reports of its attempts to break into their networks and compromise their customers' personal data.
The group filed its claim with the help of Privacy International, a non-profit group that claims to be the first organization to "campaign at an international level on privacy issues." It will be handled by the Investigatory Powers Tribunal, the British court that handles complaints about the country's intelligence agencies, and will probably be considered at least partially in secret. Privacy International explained the group's reasoning in a blog post published this morning:
The seven providers assert that GCHQ attacks on internet service and network providers are not only illegal, they are destructive, undermining the goodwill the companies and groups rely on, and the trust in security and privacy that makes the internet such a crucial tool of communication and empowerment. Each of these organisations are committed to the privacy, freedom of expression and security of their users, and a free and open internet. Together, they are demanding an end to GCHQ exploitation of internet services, the targeting of their systems administrators and protections for their customers and users whose rights may have been infringed.British officials have previously defended their attempts to gather information from foreign services by facetiously arguing that it doesn't matter what it does to those companies so long as they aren't based in the country. Privacy International previously attacked this claim when the Office of Counter Terrorism's director released a 48-page defense of the practice:
The distinction between ‘internal’ and ‘external’ communications is crucial. Under the Regulation of Investigatory Powers Act (‘RIPA’), which regulates the surveillance powers of public bodies, ‘internal’ communications may only be intercepted under a warrant which relates to a specific individual or address. These warrants should only be granted where there is some suspicion of unlawful activity. However, an individual’s ‘external communications’ may be intercepted indiscriminately, even where there are no grounds to suspect any wrongdoing.
By defining the use of ‘platforms’ such as Facebook, Twitter and Google as ‘external communications’, British residents are being deprived of the essential safeguards that would otherwise be applied to their communications – simply because they are using services that are based outside the UK. That argument highlights the real problem with mass surveillance, whether it's conducted by GCHQ or the National Security Agency: These agencies don't think they are breaking any laws. GCHQ in particular is afforded certain rights that the NSA is not, including the right to intercept these communications based on the location of the company ferrying them around the world. Fighting these activities would require changing the law, and that's highly unlikely.
This new complaint differs from the overall backlash to GCHQ's activities in that it accuses the agency of illegal -- instead of merely immoral -- activities. As the Guardian notes in its report on the complaint, which also describes other complaints against GCHQ's actions,
The complaint alleges that the attacks were a breach of the Computer Misuse Act 1990 and an interference with the privacy rights of the employees under the European convention of human rights.
The action has been supported by Privacy International, which points out that "while the claimants were not directly named in the Snowden documents, the type of surveillance being carried out allows them to challenge the practices in the IPT because they and their users are at threat of being targeted". Now we'll see how GCHQ defends its actions when it's directly accused of violating specific laws, instead of merely being criticized for rights afforded to it by British law. Then perhaps ISPs in the United States might stop trying to ruin the Internet long enough to use their vast legal budgets to make similar complaints against the NSA. (I'm not holding my breath.)
[image via Smart Bitches, Trashy Books]