• Media Enquiries

    07505 448925(24hr)

Time for surveillance transparency

Today the three heads of Britain's intelligence agencies appear infront of Parliament's Intelligence and Security Committee in a televised hearing, the first time for such a hearing to be broadcast. Progress, yes, but let's not get ahead of ourselves - the head of the CIA first appeared on TV speaking to congress in 1975, so it's hardly a revolution in oversight. Today we have published new polling by

GCHQ faces legal action over mass surveillance

Today Big Brother Watch, working with the Open Rights Group, English PEN and German internet activist Constanze Kurz, has announced legal papers have been filed alleging that GCHQ has illegally intruded on the privacy of millions of British and European citizens. We allege that by collecting vast amounts of data leaving or entering the UK, including the content of emails and social media messages, the UK’s spy

Patients win choice of sharing medical records

Earlier this year, we led the concern that a new NHS data sharing plan would see every patient's medical records uploaded to a new information system without the right to opt-out. We warned at the time that patient records would be out of patient control. On Friday, the Secretary of State confirmed that this will not be the case. We have worked closely with MedConfidential and Privacy International to ensure

Boom in private investigators risks avoiding surveillance regulation

Our latest report highlights the growing use of private investigators by local and public authorities, particularly the number of times they are used without RIPA authorisation. The law in the UK, particularly the Police and Criminal Evidence Act 1984, is broadly drawn to allow evidence to be introduced in court that in other jurisdictions would not be deemed admissible. Contrasted with the fruit of the poisonous

Counter Terrorism and Security Bill

Posted on by Emma Carr Posted in Home | 4 Comments

commons dayThe Counter Terrorism and Security Bill is due to be published today, making it the seventh major counter terrorism law introduced in Britain since 9/11. The Bill can be accessed here.

Although we are still waiting to see the detail of the Bill, there are three Big Brother Watch briefing notes which are relevant: TPIMs, IP address matching, and the capability gap.

A brief analysis of what the Bill will include:

  • Barring returning terrorists

Temporary exclusion orders will be introduced to control the return of British citizens suspected of involvement in terrorism-related activity abroad.This will result in the cancellation of travel documents and inclusion of the individual’s details on British border “watch lists”, which could include a no-fly list.

It is this proposal that has seemingly received the most backlash from politicians, with concerns about its legality and practicality.

  • Fighting campus extremism

Colleges, schools, prisons, probation providers, police and councils will face a statutory  duty to “prevent individuals being drawn into terrorism”.

Many educational establishments have had a policy for several years of denying a platform to ‘extremist’ speakers. However this has not been an easy policy to implement, largely due to the nature of defining ‘extremist’.

Read more

BRIEFING NOTE: Counter Terrorism and Security Bill and IP address matching

Posted on by Emma Carr Posted in Research and reports | 1 Comment

commons dayThe Government has announced that it will bring forward proposals to enable IP address matching. The measures would require internet firms to keep records of customer information, to enable law enforcement bodies to decipher who was using a device, such as a smart phone or computer, at a given time.

We have produced a briefing note (PDF) on the proposals.

The key issues with the proposals are:

  • There are questions over whether or not this will be technically feasible.
  • Proper safeguards must be introduced to ensure that these techniques are used transparently, that there is a proper level of authorisation and that the oversight and redress mechanisms can function effectively.
  • If this measure is introduced, time should be allowed to ensure that its effectiveness to law enforcements investigations can be evaluated with due care and transparency.

Home Secretary announces plans to introduce IP address matching powers

Posted on by Emma Carr Posted in Home | 15 Comments

Theresa MayWhen the Communications Data Bill was scrapped in 2013, one of the issues that appeared to have full political consensus was the ‘resolution of IP addresses’ – particularly where mobile phone operators may have millions of customers using just a few hundred IP addresses.

In the simplest of terms, an IP address is the address you access the internet through (although ways of masking this are nothing new nor particularly technically challenging). The Home Secretary has announced her intention to include measures to tackle this in the Counter Terrorism and Security Bill.

It is perfectly reasonable that powers to provide the police with the ability to match an IP address to the person using that service is investigated. However, if such a power is required, then it should be subject to the widespread consultation and comprehensive scrutiny that has been sorely lacking to date with industry, civil society and the wider public when it comes to introducing new surveillance powers. It is important to also recognise that the Communications Data Bill went far, far beyond being a focused attempt to solve this problem.

Read more

Who’s watching your webcam?

Posted on by Emma Carr Posted in Home | 3 Comments

Image3The Daily Mail has revealed that people could be being watched in their own homes or at work as hackers are targeting webcams and uploading the live footage to the internet. The warning comes from the Information Commissioner’s Office (ICO), which is urging people to upgrade their passwords from the default setting.

Very few people would leave their front doors unlocked, yet failing to password protect your devices carries the same risks to both their privacy and security. As the capability of these devices becomes increasingly sophisticated, it is inevitable that users will inadvertently expose themselves and their lives to hackers.

It has been reported that a Russian website is featuring live feeds from the UK, including a gym in Manchester, a bedroom in Birmingham, and an office in Leicester. In light of the 350,000 estimated cameras that were sold in the UK in 2013, the number of vulnerable cameras could be in their tens of thousands.

Read more

The Capability Gap

Posted on by Emma Carr Posted in Research and reports | Leave a comment

serversWith the concept of a ‘capability gap’ in the acquisition of communications data being increasingly discussed, we have created a briefing on the key issues and definitions of the issue which can be viewed here (PDF).

The purpose of the briefing is to demonstrate that using the concept as an argument for the introduction of mass communications data collection is fundamentally flawed and unhelpful to what is a serious debate.

The key areas covered in the briefing are:

  • The definition of the capability gap
  • Key issues with the capability gap
  • The Interception of Communicatiions Commissioner’s Report
  • Resolving the capability gap

EU DNA Database Back on the Agenda

Posted on by Dan Nesbitt Posted in Data Protection, Databases, DNA database, Europe, International | 1 Comment

dna-3Following Monday night’s confused debate on EU Justice and Home Affairs powers it has been revealed that the Government is embarking upon a scheme that would give European states limited access to the UK DNA database and potentially pave the way to a linking of the UK and EU databases.

This is a worrying development, made more so by the fact that, as the Financial Times reported, the move seems to have been made to appease certain member states who were concerned about the UK’s withdrawal from other EU police schemes.

It is disappointing that after sticking to their promise to stay out of the wider Prüm Convention, the Government seems to be getting close to implementing it in all but name, prioritising the wishes of other states over the safety of its own citizens.

Read more

New Report: Patient confidentiality broken 6 times a day

Posted on by Emma Carr Posted in Home, Research and reports | 12 Comments

3797160719_337b4742e7_bOur new report, NHS Data Breaches (PDF), highlights the  scale of data breaches in the NHS. The research reveals examples of medical data being lost, shared on social media, and inappropriately shared with third parties.

The report shows that between 2011 to 2014, there have been at least 7,255 breaches. This is the equivalent to 6 breaches every day. Examples of the data breaches include:

  • At least 50 instances of data being posted on social media
  • At least 143 instances of data being accessed for “personal reasons”
  • At least 124 instances of cases relating to IT systems
  • At least 103 instances of data loss or theft
  • At least 236 instances of data being shared inappropriately via Email, letter or Fax
  • At least 251 instances of data being inappropriately shared with a third party
  • At least 115 instances of staff accessing their own records.
  • There have been at least 32 resignations during the course of disciplinary proceedings.
  • There is 1 court case pending, for a breach of the Data Protection Act. In this instance the individual may have also resigned prior to proceedings.

Read more

Parliament to vote on the European Arrest Warrant

Posted on by Dan Nesbitt Posted in Europe, European Arrest Warrant, Extradition | 2 Comments

EThis afternoon MPs will take part in a vital debate, the main point of which is to decide whether or not Britain should opt back into the European Arrest Warrant (EAW). Big Brother Watch has been clear in the past that the EAW risks seeing UK citizens extradited for minor crimes and in some instances forced to spend months in detention before their case even comes to trial.

In an article for ConservativeHome Mark Field MP, a member of the Intelligence and Security Committee argues that the EAW is vital for tackling serious international crime, such as terrorism and large scale fraud. Whilst the measure was introduced in the wake of the September 11th terrorist attacks, as part of the EU’s attempts to combat international terrorism and cross-border crime, there has been a significant shift in its focus in the intervening years.

The original aims of the EAW are certainly laudable, but it has been subject to severe mission creep since 2002. This has led to a situation whereby warrants have been sent to the UK for the extradition of a man guilty of stealing a wheelbarrow and some tools or another who had committed the crime of piglet rustling. The number of frivolous requests and the resulting administrative burden this has created is clearly shown by a report by the European Parliamentary Research Service: in 2011  the UK received 6760 EAWs, of these 5761 were not executed.

Read more

GCHQ Chief Criticises Tech Firms

Posted on by Dan Nesbitt Posted in GCHQ, Google, Online privacy, RIPA, Social Networking, Surveillance | 2 Comments

serversIn an unusual step the new head of GCHQ, Robert Hannigan, has written an article  accusing technology companies of aiding terrorism and failing to help with investigations. The article is entirely vague in its criticisms of the tech companies, giving little detail of what information GCHQ is failing to receive from the tech companies.

The article in  the Financial Times states that “the largest US technology companies that dominate the web” were “in denial” about the roles they played in helping terror groups evade intelligence agencies. He went on to argue that these websites had become the “command and control networks of choice” for terrorists.

What is concerning is that there is no indication that the tech companies already assist law enforcement and intelligence agencies at all. When in fact there are official treaties (the Mutual Legal Assistance Treaty) and voluntary schemes with individual companies. For instance, in August 2013 Facebook published its first transparency report. It showed that the UK requested data on 1,975 occasions, of these only 32% were rejected. As well as this in 2012 UK law enforcement bodies made the most requests for information from Skype, nearly double the amount made in Germany.

Clearly, if UK agencies want information about individuals that they believe pose a threat to national security there is a proper process to follow and if this process is followed the data will be released. What is more urgent is the need for greater Government transparency around the requests it makes. It should not be up US companies to publish data on how our law enforcement bodies use their powers.

Read more

More RIPA Revelations

Posted on by Dan Nesbitt Posted in GCHQ, Online privacy, Privacy, RIPA, Surveillance | 2 Comments

Image3Yet more evidence has come to light to show that the Regulation of Investigatory Powers Act 2000 (RIPA) is woefully out of date.

It has been revealed that GCHQ, has the ability to request large amounts of un-analysed communications from foreign intelligence agencies without first obtaining a warrant. The documents, obtained in the course of a case brought before the Investigatory Powers Tribunal (IPT), show that the use of a warrant was not necessary if it is “not technically feasible” for GCHQ to obtain one.

This is not the first revelation from the case, which was brought by a number of groups including Liberty and Privacy International. In June this year it was revealed that messages sent via platforms such as Facebook and Twitter are classed as “external communications” even if they have been sent between UK citizens. This means that there is no need to apply for a warrant before collecting the information.

As it stands the legislation being used to authorize surveillance was passed before the advent of social media, which revolutionized the way in which we communicate. When MPs were debating this bill they could not have been expected to anticipate the dramatic change in how we would communicate with each other after the launch of Facebook (2004) and Twitter (2006). As a result RIPA has not kept pace with technology and is now open to worrying interpretations.

Read more