SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
19 Oct 2017

UK spies using social media data for mass surveillance

Privacy rights group Privacy International says it has obtained evidence for the first time that UK spy agencies are collecting social media information on potentially millions of people.

It has also obtained letters it says show the intelligence agencies’ oversight body had not been informed that UK intelligence agencies had shared bulk databases of personal data with foreign governments, law enforcement and industry — raising concerns about effective oversight of the mass surveillance programs.

The documents have come out as a result of an ongoing legal challenge Privacy International has brought against UK intelligence agencies’ use of bulk personal data collection as an investigatory power. (The group also has various other active legal challenges, including to state hacking). It says now that the Investigatory Powers Commissioner’s Office (IPCO) oversight body “sought immediate inspection when secret practices came to light” as a result of its litigation.

The use by UK spooks of so-called bulk personal datasets (BPDs) — aka massive databases of personal information — was only publicly revealed in March 2015, via an Intelligence and Security Committee report, which also raised various concerns about their use.

Although the report revealed the existence of BPDs it was heavily redacted — for example scrubbing info on exactly how many BPDs are held by the different agencies. Nor was it clear where exactly agencies were sourcing the bulk data from.

It did specify that the stored and searchable data can include details such as an individual’s religion, racial or ethnic origin, political views, medical condition, sexual orientation, and legally privileged, journalistic or “otherwise confidential” information. It also specified that BPDs “vary in size from hundreds to millions of records”, and can be acquired by “overt and covert channels”.

A key concern of the committee at the time was that rules governing use of the datasets had not been defined in legislation (although the UK government has since passed a new investigatory powers framework that enshrines various state surveillance bulk powers in law).

But at the time of the report, privacy issues and other safeguards pertaining to BPDs had not been considered in public or parliament.

While access to BPD data had been authorized internally without ministerial approval. And there were no legal penalties for misuse — and perhaps unsurprisingly the report also revealed all intelligence agencies had dealt with cases of inappropriate access of BPDs.

The documents obtained by Privacy International now put a little more meat on the bones of BPDs. “New disclosure reveals that the UK intelligence agencies hold databases of our social media data,” the group writes today. “This is the first confirmed concrete example of the type of information collected by the UK intelligence agencies and held in large databases.

“The social media database potentially includes information about millions of people,” it further writes, adding: “It remains unclear exactly what aspects of our communications they hold and what other types of information the government agencies are collecting, beyond the broad unspecific categories previously identified such as ‘biographical details’, ‘commercial and financial activities’, ‘communications’, ‘travel data’, and ‘legally privileged communications’.”

In one of the new documents — a draft report from last month summarizing the findings of a 2017 audit of the operation of BPDs — the IPCO, which only took over oversight duties for UK investigatory powers last month, makes a stated reference (below) to “social media data” when discussing how agencies handle different BPD databases; indicating that content from consumer social networks such as Facebook and Twitter is indeed ending up within spy agencies’ bulk databases. (Though no services are mentioned by name.)

Additional documents in the new bundle obtained by Privacy International show the IPCO flagging the role of private contractors that are given ‘administrator’ access to the information UK intelligence agencies’ collect — and raising concerns that there are currently no safeguards in place to prevent misuse of the systems by third party contractors.

Part of the UK government’s defense to the group legal challenge over intelligence agencies’ use of BPDs is that there are effective safeguards in place to prevent misuse. But Privacy International’s contention is that the new documents show otherwise — with the IPCO stating the Commissioner was never made aware of any practice of GCHQ sharing bulk data with industry.

Commenting in a statement, Privacy International solicitor Millie Graham Wood said: “The intelligence agencies’ practices in relation to bulk data were previously found to be unlawful. After three years of litigation, just before the court hearing we learn not only are safeguards for sharing our sensitive data non-existent, but the government has databases with our social media information and is potentially sharing access to this information with foreign governments.

“The risks associated with these activities are painfully obvious. We are pleased the IPCO is keen to look at these activities as a matter of urgency and the report is publicly available in the near future.” The six additional documents were disclosed to Privacy International on October 13, which also notes it is back in court today for the BPDs litigation. A full list of the disclosure and documents pertaining to its bulk personal datasets challenge can be found here.

Tags:
surveillance United Kingdom
Source:
TechCrunch
1856
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015