back to article UK spy agencies sharing bulk personal data with foreign allies was legal, says court

A privacy rights org this week lost an appeal [PDF] in a case about the sharing of Bulk Personal Datasets (BPDs) of UK residents by MI5, MI6, and GCHQ with foreign intelligence agencies. The British agencies have never stated, in public, whether any of them have shared BPDs with foreign intelligence agencies – they have a so- …

  1. Pete 2 Silver badge

    Lesser of two evils?

    I suppose it is preferable for GCHQ to give selected personal data to "allies" rather than have them make uncritical trawls of anything and everything for themselves.

    Though you do have to wonder why British "allies" would need or want such information in the first place?

    1. Captain Hogwash
      Black Helicopters

      Re: Lesser of two evils?

      Maybe our favourite ally's prison-industrial complex is running out of fodder.

    2. Anonymous Coward
      Anonymous Coward

      Re: Lesser of two evils?

      >"I suppose it is preferable for GCHQ to give selected personal data to "allies" rather than have them make uncritical trawls of anything and everything for themselves."

      Based on the saying that Five Eyes® is better than one?

      >"Though you do have to wonder why British "allies" would need or want such information in the first place?"

      "Because you never know" seems to be a valid enough legal basis for intelligence services.

    3. heyrick Silver badge

      Re: Lesser of two evils?

      "would need or want such information in the first place?"

      Pretty much everybody has secrets and thus leverage. Some more than others, but in the right context that semi drunken fling with the office intern a decade ago could end a person's career (and possibly marriage) if presented in the right light. Unless.... they do this little favour and it'll all go away and be forgotten.

      Remember - knowledge is power, and if one gathers enough information and gives it a shake, some useful things will fall out.

    4. Anonymous Coward
      Anonymous Coward

      Re: Lesser of two evils?

      It may come as a surprise that not everyone resident Britain, has Britain's or it's allies best interests at heart.

  2. Anonymous Coward
    Anonymous Coward

    Richatom, thanks.

    If we are now able to bring the security agencies to court at all, it is in large part thanks to one stubborn individual who paid with his freedom.

    My appreciation goes out to him.

  3. Anonymous Coward
    Anonymous Coward

    Maybe I lost it, but it should be mentioned that, contrary to the IPT position, the European Court of Human Rights then found that

    "GCHQ’s “bulk interception” violated article 8 of the European convention on human rights, which guarantees privacy due to “insufficient safeguards” relating to the “communications data.”"

    "The judges also found that the method of bulk interception of communications and the process for obtaining communications metadata from service providers violated Article 10 (freedom of expression) because of “insufficient safeguards in respect of confidential journalistic material,”

    Of course the ECHR was not of the same opinion, despite the proven fact that GCHQ was, through the Five Eyes partnership, involved in bulk collection with the NSA & Co., which by definition involves sharing. Moreover, also given programs such as PRISM, it is not clear whether talking about "sharing" makes any sense at all anymore.

    Still, for completeness of information, also take a look at Tempora:

    1. Dev_Fit

      The article does refer to the bulk data illegality judgements - which occurred i the UK as well as in the EU - this is about the UK sharing that data with five eyes/foreign allies. It should stick in UK taxpayers' craw not just to get snooped on for supposed domestic security, but also having their data shared with other countries. And all of this being overseen by a secret court!

  4. scrubber

    Only humans can breach privacy?

    " BPDs are searched electronically there was inevitably significantly less intrusion into individuals' privacy, as any data which has not produced a 'hit' will not be viewed by the human operator..."

    That's not how it works. Spying on people is still spying on people. Either LEOs can go through what is stored later, or repeatedly, or knowledge of it inevitably changes the spied upon's actions.

    1. phuzz Silver badge

      Re: Only humans can breach privacy?

      I know it's common usage in the US, but GCHQ isn't a Law Enforcement Organisation (LEO). They have practically no interaction with the police.

  5. Anonymous Coward
    Anonymous Coward

    We really do need to do better

    We really do need to do better if our security services are to maintain any vestigial illusion of retaining the public's trust. This untargeted bulk surveillance in the vain hope that it might turn up something isn't really working and our targeted intelligence gathering doesn't seem to be doing much better. (How often have we heard that "we had him under surveillance but decided he wasn't a risk so we dropped it" in recent years.)

    The NHS is proposing to offer a DNA test to the masses in the hope of better clinical and diagnostic outcomes. In effect we'll have a national DNA database which will no doubt have the current Home Secretary salivating uncontrollably. Now, how long will it be before police and the security services make an undisclosed request for access to that information? What safeguards and assurances will government give that the data will not be misused and how much value should the public place on any such assurances given (probably less than the paper they are written on)? Of course "if you've done nothing wrong then you've nothing to fear" will get trotted out again but the bulk collection of data and its' potential for misuse by the state should disquiet us all.

    If you asked us all to give a DNA sample for a national DNA database I suspect government would be told where to get off but, since it will be presented as helping ourselves and the NHS and no mention will be made of access to that data by other bodies, I suspect the public will trustingly comply.

    Now if you'll excuse me I need another layer for my tin foil hat.

    1. Eclectic Man Silver badge

      Re: We really do need to do better

      DNA testing is already in use in the UK to check for the usefulness or danger of medicines.


      The issue, as you rightly identified, is what else might be done with the information.

      1. Yet Another Anonymous coward Silver badge

        Re: We really do need to do better

        >DNA testing is already in use in the UK to check for the usefulness or danger of medicines.

        Yes and if that info is passed into the security services for whatever reason (perhaps a gene for un-Britishness) - how long until people are refusing the tests?

        It's like using needles from vaccination programs to identity suspects, a good way of creating an unvaccinated population

    2. Alex Stuart

      Re: We really do need to do better

      > (How often have we heard that "we had him under surveillance but decided he wasn't a risk so we dropped it" in recent years.)

      Quite, but reading between the lines, that would seem a failure of the legal system, not intelligence. They know these people need locking up or deporting, but can't act on it because short of planning or executing an actual attack, the courts won't let them do anything.

      1. batfink

        Re: We really do need to do better

        Or in other words, they haven't been locked up because they haven't committed any crime.

        Unless you're suggesting pre-crime should now be an offence serious enough to be locked up for?

  6. Eclectic Man Silver badge
    Big Brother

    ROTM - IT Surveillance Threshold

    Don't know whether this has been described before, but it seems to me that with the advances in computing power, storage capabilities and the abilities to search that storage, we (i.e., humanity) are approaching a point when it will be technically possible to record everything everyone ever does on a computer system and search that information quickly enough to find whatever someone has decided is worth looking for. Based on the horror stories about how 'AI' systems make or affect decisions about policing, sentencing etc. I feel I cannot welcome our new silicon overlords.

    But see for a positive story.

    1. Danny 2

      Re: ROTM - IT Surveillance Threshold

      Hiya EM,

      I posted far and wide at the start of the millennia that democratic resistance to a state would soon be impossible due to the technological imbalance between states and corporations versus citizens. I cite China and the US as examples that prove my point.

      I protested the invasions and occupations of Afghanistan and Iraq, and our state dropped a tonne of bricks on me - blacklisted, questioned for terrorism, my family harassed, and really annoyingly accused of being a fascist. In case it needs to be said, peace protester, anti-fascist. I'll be doing a NVDA outside the Russian consulate when/if I'm fitter.

      Our state had my fingerprints and DNA on my first arrest 20 years ago, and I'm sure they still do but it's kind of shitty they are sharing them. I'd maybe want to visit Canada or New Zealand, can't risk that now despite no convictions.

      My heart breaks for Russian peace protesters who know they will be arrested, imprisoned, beaten-up, excluded. And I am furious at the hypocrisy of our politicians condemning Russian state acts without admitting their own crimes. Last week Tony Blair said the invasion of Iraq was maybe a mistake. Aye, ye think so Tony? Is that right? I guess that makes everything alright then.

      I loathe Nietzsche who was never a philosopher just a master of bon mots. "Battle ye not with monsters lest ye become a monster."

      As always Nietzsche was wrong, we have to battle monsters but keep our finger off the trigger.

      I seem to have strayed off topic somewhat. Initially I opposed DNA collection like I opposed CCTV, on principle. I don't really mind now. I don't rape or murder anyone, and it is the status quo.

      You were the guy who was stabbed for wearing a puffer jacket, right? When I was 11 I was beaten up by a catholic thug for wearing a snorkel jacket. I was a good fighter, but he just pulled down my hood and repeatedly kicked me in the face. Fatal flaw in the jacket design but I thought I was just battling the cold.

      It cheers me up to see you posting here, and not many things cheer me up.

      Heroiam slava!

      1. Eclectic Man Silver badge

        Re: ROTM - IT Surveillance Threshold

        Hi Danny 2,

        "You were the guy who was stabbed for wearing a puffer jacket, right?", not quite. I was once beaten up for being seen leaving a gay bar. Then years later after attending London Pride one year a guy called me a "queer c**t" and threatened to stab me. It was my friends, David and Stephen, who were stabbed in June 2020 in broad daylight in a park after a BLM march, David and two others died at the scene, Stephen survived (I was not there).

        I'm afraid that politicians at the top almost always seem to hypocrites. Today's news that Boris Johnson and Rishi Sunak, the two most senior politicians on the country have been fined for breaking their own covid lockdown rules surprises no-one. Neither does Boris's decision not to resign but 'carry on' after taking 'full responsibility'*. We Brits, well past Brits, created concentration camps in South Africa during the Boer Was, and used smallpox against the native Americans, and of course there was the infamous Irish famine when potato blight destroyed the potato crop (which were eaten by the Irish) while the wheat was exported.

        I've never really got on with Nietzsche, as I find most of his writings incomprehensible, but he was definitely wrong not to consider that his 'Ubermensch' might have had some compassion for lesser beings.

        Sadly the situation in Ukraine gets worse by the day, I suspect it will last a lot longer before three is any meaningful resolution.

        All the best!

        *Can someone please explain what taking 'full responsibility' for something that went wrong actually means? AFAIK it seems to mean 'let's not talk about this ever again', but that doesn't make an sense to me, an admittedly amateur philosophiser.

  7. Anonymous Coward
    Anonymous Coward

    Why don't they just buy it from Google and Facebook, like everybody else?

    I normally never give out my mobile number. But I did give it to a health information website when I was asking urgently about Covid. The site promised anonymity of all my data, but a few days later the junk calls on my mobile upped by an order of magnitude. Health services feature strongly, when I can understand the foreign accents.

    Mass surveillance systems? Why bother?

    1. Schultz

      The site promised anonymity of all my data ...

      Anonymity is not privacy. Those junk callers surely had no clue who you are, otherwise they would not not have bothered calling you, right.

      That's why you should sign up to Google's / Apple's / Amazon's all inclusive ad targeting program. You'll get more and better targeted calls, each call is worth more to your chosen advertisement partner, and we can all throw a big year-end party when the GDP numbers are announced. And don't worry, even your lack of cooperation will generate value: you never have to take a call, look at an ad, or spend a dime on the advertised products. You will be conveniently billed whenever you buy your groceries or gadgets. So your hard-earned dime can do its part fueling the continued rise of the AdMen without you worrying your small brains about it. Somebody smarter than you, richer than you, made the right call.

  8. FlamingDeath Silver badge

    My critical analysis of the situation here on earth, is epitomised by the words of Frito

    "I Like Money"

  9. Anonymous Coward
    Anonymous Coward

    I'm not worried about the government spying on me; they have better things to do with their time.

    What I am concerned about is the amount of information about me available for sale from data brokers, so finely granular that it can be de-anonymized with relative ease. There are apparently no regulatory restrictions on that "market", and no oversight bodies...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like