Our report on private investigators, published earlier this year, highlighted the growing use of the industry by public authorities, with particular concern being raised about the occasions that they were used without RIPA authorisation.
The research has spurred investigations into how public authorities are using private investigators, with two stories from this week alone detailing shocking incidents of staff being placed under highly covert and intrusive surveillance, including a mother having a GPS tracker fitted to her family car. The Home Office has agreed with us that the industry should be regulated, stating that operating as an unlicensed private investigator will become a criminal offence.
However, far more could be done to rein in who is allowed to launch surveillance operations and making them responsible for the investigators working on their behalf. If the FBI are required to go to court to get a warrant then there is simply no reason why in Britain we shouldn’t expect snooping operations to be signed off by a judge.
The Home Secretary yesterday confirmed plans to regulate private investigators, including a new penalty for working as an unlicensed private investigator or supplying unlicensed investigators of a fine of up to £5,000 and up to six months in prison.
In our report earlier this year, we warned that private investigators were potentially being used to circumvent surveillance law by public authorities, and also identified their work as being a major threat to privacy where the information could be used in court if it had been obtained by improper means. We are pleased the Home Office has agreed with our recommendation to regulate private investigators.
We also highlighted in our evidence to the Leveson inquiry how journalists were not the only people using private investigators and that the wider issue was essential to address. As recent revelations about SOCA show, this is a very real problem and potentially involves a much greater scale of illegal activity than seen in the media.
While the Data Protection Act does offer legal protections, at present you cannot be sent to prison for breaching Section 55. We believe that this change will improve privacy protections, particularly as it broadens out the range of activities that might have been difficult to prosecute under the DPA. It is also important that those hiring a PI will be held liable if they are not properly licensed.
There is much more work to be done to ensure that people’s privacy and confidential information is protected from untoward surveillance and intrusion, including more rigorous enforcement of the Data Protection Act and custodial sentences. Regulating private investigators is an important part of this process.
Going forward, we hope that the consideration of whether evidence is admitted in court takes into account whether the regulatory framework has been complied with, particularly where those involved are aware that they are acting without a license.
In light of recent debate about Twitter and trolling, the US State Department issued a rather timely statement:
“We believe that when public speech is deemed offensive, be it via social media or any other means, the issue is best addressed through open dialogue and honest debate.”
Those calling for prosecutions, users to be banned and active policing of what is and is not acceptable on Twitter should tread very carefully.
The statement was issued when one Government decided that a social networking site dedicated to discussing the role of religion in the country was offensive, and the person who organised the site was sentenced to seven years in prison and 600 lashes.
That Government was Saudi Arabia and if the West is to stand up for freedom of speech abroad, we need to remember that those same values – however uncomfortable they may be sometimes – must not be forgotten at home.
Over the last few years we have highlighted various privacy concerns about a range of government databases, from the National DNA Database to the DVLA database. Our report in 2011 found how nearly 1,000 police officers had been disciplined for unlawful accessing information over a three year period. Violations of the Data Protection Act included running background checks on friends and potential partners and passing on sensitive information to criminal gangs and drug dealers.
Today The Register has revealed that the RSPCA is able to access information from the PNC, despite not having any formal prosecution powers and not being a statutory-organisation. The information handed over is subsequently going unaudited by the Association of Chief Police Officers Criminal Records Office (ACRO) – run by the Association of Chief Police Officers – who also charge for the access. This is despite the PNC User Manual specifically stipulating that auditing is required for organisations that have had access to ‘sensitive information’. If auditing is not being carried out, it is impossible to know whether the RSPCA are using the sensitive data under necessity and proportionately and if they are deleting it when their investigation has concluded.
Earlier in the year we published a report on the growing use of private investigators by local and public authorities, warning that they were being used without RIPA authorisation. Now the Serious Organised Crime Agency (SOCA) is facing serious calls for it to publish its list of companies and individuals who used corrupt private investigators to obtain personal information.
Attempting to keep this information secret will rightly be seen as an attempt to cover up SOCAs colossal failure to enforce the law. It also reinforces the view that the police are all too willing to use hollow security concerns as a way of hiding their own failings.
Members of Parliament from both the Labour and Conservative parties have raised concerns about the lack of transparency from SOCA, with Stella Creasy MP, a Labour home affairs spokesman, writing to Trevor Pearce, SOCA’s director-general, to ask why a list of 101 of the investigators’ clients it has handed to the Commons Home Affairs Select Committee must remain closed.
The Conservative MP David Davis has also called for the list to be made public, saying: “Yet again a police agency is hiding behind excessive secrecy. It is simply not acceptable for SOCA to withhold information of serious public interest three years after the event under the excuse of an ‘on going police investigation’.”
The Independent revealed that banks, pharmaceutical, law, insurance and financial services companies have used private investigators for years to get private data, for example through mobile phone records and bank statements.
The fact that SOCA have repeatedly failed to act on the industrial invasion of people’s privacy by blue chip companies and their investigators is a matter of great public concern and the Home Affairs committee must take every step to ensure the serious questions raised are answered, and answered publicly. It is only right that every one of these crimes is dealt with to the full extent of the law, and those responsible for turning a blind eye are held accountable and properly punished.
Today the Information Commissioner has ruled on a joint complaint from Big Brother Watch, No CCTV and Privacy International, concerning the use of automatic number plate recognition technology in Royston?
In a victory for BBW, our complaint was upheld and The ICO found that Hertfordshire Constabulary failed to carry out “any effective impact assessments” and that the system was “unlawful” as it breached the Data Protection Act, and that it was not justifiable for Hertfordshire Constabulary to log every vehicle passing through the town on its system.
The ICO’s head of enforcement Stephen Eckersley said: “It is difficult to see why a small rural town such as Royston, requires cameras monitoring all traffic in and out of the town, 24 hours a day. The use of ANPR cameras and other forms of surveillance must be proportionate to the problem it is trying to address.”
He said that other UK police forces should be taking note of Royston’s plight. “We hope that this enforcement notice sends a clear message to all police forces, that the use of ANPR cameras needs to be fully justified before they are installed. This includes carrying out a comprehensive assessment of the impact on the privacy of the road-using public.”
Nick Pickles, director of Big Brother Watch, said: “The idea that it is acceptable for the police to record the details of every car entering and leaving a small town was always ridiculous.
“This sends a clear message that the blanket logging of vehicle movements is not going to be within the law and it is now essential that the ICO ensures other police forces are abiding by the law.
“Yet again we find the public placed under surveillance when the police force was unable to justify why the surveillance was necessary or proportionate. Whoever took the decision to press ahead with this ring of steel and to ignore the law so brazenly should be clearing their desk today.”
The Interception of Communications Commissioner (ICC) 2012 Annual Report has raised serious questions about whether the commissioner’s office is actually fit for purpose. The report has failed to make any mention of Tempora and PRISM whilst at the same time seriously lacks the impression that the ICC has been enforcing serious oversight of the way security agencies acquire and use communications data.
The report has highlighted that the number of requests that security agencies made about texts, emails and other communications data increased by 15% Ito more than 570,000. The report also makes the admission that information that had been released had led to six members of the public being wrongly detained or accused of committing a crime. The ICC and Parliament need to seriously ask themselves how one commissioner with a handful of staff can meaningfully scrutinise 570,000 surveillance requests.
Throughout 2012 the security agencies were desperate to push through new legislation that would allow them to access communications data from the internet, whilst at the same time Tempora and PRISM were giving them all the data that they have wanted.
The ISC has today made a statement on it’s investigation into PRISM, following the revelations made by whistleblower Edward Snowden.
While it appears the investigation was limited to PRISM, as opposed to Tempora or any of the other programmes we now know to be operational, it reaffirms that the statutory basis for PRISM at least is the 1994 Intelligence Services Act.
Of particular significance is paragraph six:
“Although we have concluded that GCHQ has not circumvented or attempted to circumvent UK law, it is proper to consider further whether the current statutory framework governing access to private communications remains adequate.”
Nick Pickles, director of privacy and civil liberties campaign group Big Brother Watch, said: “If the law is not fit for purpose, the question of not breaking it is largely irrelevant. These laws were written when the internet was unknown to the majority of people and was far from the minds of the Parliamentarians who drafted the laws GCHQ is now bound by many years on.
“When the Intelligence and Security Committee is raising concerns that the current legal framework is adequate, alarm bells should be ringing loud and clear that all is not well. Parliament must urgently turn its attention to this issue.
“I am deeply concerned that this investigation appears to have focused on only one of several programmes we now know to be operational, particularly the storage of the content of communications as they leave the UK. We are still a long way from getting to the bottom of what has been happening.”
Recent alarming revelations have raised some incredibly important questions about the use of surveillance techniques and Big Brother Watch, alongside seven other foremost campaign croups, have called on MPs to begin an enquiry into exactly how ministers and the security agencies have been interpreting the Regulation of Investigatory Powers Act (RIPA), as reported in today’s Guardian.
After CIA officer Edward Snowdon revealed documents which showed that GCHQ has used advanced technology to access hundreds of millions of private telecommunications messages, including phone calls, emails and records of internet usage, questions have been rightly asked about the extent of GCHQ’s operations and their legality. The key programme goes by the name of Operation Tempora and it is argued that the gathering of the messages is completely legal because the traffic has left the UK and therefore becomes “external”. In our letter to the Home Affairs Select Committee, we argue that the advanced pace of technology has exposed the inadequate oversight of the surveillance agencies, while legal definitions written for landline telephones are now being used on fibre-optic internet connections.
Yesterday’s Sunday Telegraph reported that Lloyds Banking Group has followed in Barclays’ footsteps by announcing that it could use trillions of data entries from millions of customers’ accounts in order to detect if staff had wrongly sold insurance. Lloyds has justified the move, stating that it would be of “benefit to the customer”, but could this move be purely in the best interests of the bank?
Over the last few months we have seen an increase in reports of companies and banks mining customers’ data for commercial purposes: first it was Barclays and now it seems that Lloyds Banking Group are at it too. Barclays customers were rightly concerned when it was reported last month that the bank had announced that it was planning to sell customers’’ spending data to other businesses. Now it seems that Lloyds Banking Group is also considering using customers’ information for a different purpose: to check whether bank staff wrongly sold insurance.
Lloyds has said that it is prepared to sift through trillions of data entries in millions of accounts in order to identify customers, for example by seeing which customers had been sold breakdown cover but never appear to spend any money on petrol. Lloyds has said that this would be of “benefit to the customer”, but could this actually be a plan to get the Financial Conduct Authority, who has taken a tough line on poor value insurance policies, off its back?