If you use Yahoo! chat then the answer may well be yes.
Today’s remarkable revelation that GCHQ has been capturing images (a “surprising” number of which were of people who may not have been fully clothed)
As the Guardian reports:
GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not.
In one six-month period in 2008 alone, the agency collected webcam imagery – including substantial quantities of sexually explicit communications – from more than 1.8 million Yahoo user accounts globally.
Secretly intercepting and taking photographs from millions of people’s webcam chats is as creepy as it gets. We have CCTV on our streets and now we have GCHQ in our homes.
It is right that the security services can target people and tap their communications but they should not be doing it to millions of people. This is an indiscriminate and intimate intrusion on people’s privacy.
It is becoming increasingly obvious how badly the law has failed to keep pace with technology and how urgently we need a comprehensive review of surveillance law and oversight structures. As more people buy technology with built-in cameras, from Xbox Kinect to laptops and smart TVs, we need to be sure that the law does not allow for them to be routinely accessed when there is no suspicion of any wrongdoing.
Orwell’s 1984 was supposed to be a warning, not an instruction manual.
Last week the Scottish Government passed a staggeringly disproportionate piece of legislation that may see thousands of innocent families lives intruded upon by public sector busybodies.
Despite opposition from the public, church leaders, legal experts, MSPs and civil liberties groups, the Children and Young People Act was passed in Scotland. This new piece of legislation now means from birth until the age of 18, every child in Scotland will have a specific state-appointed ‘guardian’ to safeguard their interests and oversee their safety. Initially, this person is likely to be a health visitor or midwife, with the role latterly being taken over by a school teacher who will have a “duty” and responsibility to act as the child’s guardian. Not only that, but to allow these ‘guardians’ will have legal authority to access information from the police, council, NHS, amongst others.
Resources should be focused on those families in genuine need and on those children in real danger. As soon as you create an army of guardians they are going to have to justify their positions and that will mean more paperwork, more intrusion and more families being treated as suspects when they have done nothing wrong.
In a campaign victory for Big Brother Watch, medconfidential and others, the care.data scheme has been delayed for six months.
This is not the end of the issue. We have significant ongoing concerns regarding the care.data scheme, both in terms of how patients have been told about what is happening and the long term privacy implications of creating a new database and releasing data that could be used to re-identify patients.
We welcome the fact that NHS England has recognised its efforts to communicate the scheme have been inadequate, something we have repeatedly warned about, not least the use of a junk mail leaflet to households that did not mention any of the risks involved.
Simply, however, NHS England had one job – to ensure patients and GPs were properly aware of the scheme and could make an informed choice about participation. Despite more than a year to achieve this, they have totally failed to do so. NHS England has serious questions to ask about its strategy that has tried to railroad through a significant change in how our medical records are used.
Today two articles have appeared on care.data, with are worthy of a few comments.
Firstly, George Freeman MP writes in the Telegraph:
“We must do everything to ensure a robust regime that will protect data from hacking and from any potential misuse. But at the same time, we must not block life-saving advances.”
As we have repeatedly pointed out, the Data Protection Regime is woefully inadequate and those who committ a criminal offence under Section 55 of the DPA cannot be sent to prison, merely fined. Mr Freeman does not suggest this should change, as we have repeatedly called for.
Equally, Mr Freeman writes: “we need to move health from being something done to you by government to something citizens take responsibility for themselves”
Interestingly, Mr Freeman also has his own legislation on this topic – the Patient Data Bill. The first two principles the bill states are:
(2) The Ownership Principle is that patients own their medical data.
(3) The Control Principle is that patients have the right to access their medical data and to control its use (including the right to share it for research or other purposes).
Yet care.data does neither of those things – quite the opposite. If you believe in people controlling their records, pulling them into a central database purely on the back of a junk mailing is hardly making patient ownership and control a reality.
From passing on incorrect information to snooping on friends, a number of shocking data protection breaches in police forces have been uncovered. With hundreds of incidents every year it is time to start asking whether it is too easy for police databases to be abused to snoop on innocent people.
Big Brother Watch has long been concerned about the number of data breaches occurring within police forces. In 2011, we published the report ‘Police Databases: How More Than 900 Staff Abused Their Access’. The report highlighted a shocking number of data protection breaches and the subsequent limited number of punishments that were handed out. We also commented on the recent case of a police officer being charged with stealing thousands of accident victims’ details from her police force’s computer to sell to law firms.
February 10, 2014
Posted in CCDP, Civil Liberties, Communications Data Bill, Databases, GCHQ, Information Commissioner, Legal Action, Mastering the Internet, Online privacy, Technology, Terrorism Legislation, United States
Big Brother Watch was invited to submit a paper to the Intelligence and Security Committee of Parliament, relating to it’s inquiry into the balance between security and privacy.
You can now read our submission below.
In a Democratic society, some secrecy is tolerated, as are some intrusions upon liberty and privacy, provided the legal framework is transparency, the oversight mechanisms robust and the overall sacrifices of liberty made with an appropriate level of understanding.
Recent revelations have made clear the scale of intrusion on our privacy in the name of security, enabled by an explosion in digital communications and the computing resources available to the state.
Ministers have assured the public no central database of internet communications would be created. We now know it existed already. Parliament and the public were not informed by Ministers, the Intelligence and Security Committee or the Commissioners.
As NHS England remains adamant to push through the care.data scheme despite concerns not being properly addressed, it was only a matter of time before GP’s started to publicly speak about. Unsurprisingly this has not gone down well with NHS England.
A GP in Oxford has accused the NHS of using ‘blatantly bullying’ tactics to ‘bulldoze’ doctors and patients into complying with the scheme. The government has made several statements about the fact that GP’s are responsible for their patients’ data, yet it now appears that they are being told that they aren’t able to act when they have genuine concerns.
Dr Gancz has revealed that he received a ‘threatening’ email from Thames Valley NHS England warning him that he would be ‘in breach of his contract’ if he did not automatically opt his patients in to the scheme. He said it also contained the ‘Big Brother-ish’ demand that he remove a statement on his surgery’s website which warned patients that he was ‘concerned’ about the scheme.
The Deregulation Bill, debated by MPs today, has caused alarm after it was highlighted that one of its clauses, which alters the process for obtaining production orders with regard to material held by journalists, significantly undermines the essential protections for journalists from being forced to hand over material to the police.
Of particular concern is a warning from Gavin Millar QC, who is currently representing BSkyB in a case where the Metropolitan Police are seeking material from them, is that this change could be combined with a ‘Closed Material Procedure’ – where a court sits in closed, or secret, session – and would mean the media is not present, or in some cases even notified of the hearing, when the police make an application to seize material.
Currently requests for material belonging to a journalist or media organisation must be made in open court, with the opportunity for challenge by the organisation affected. The combined effect of this change and closed material proceedings could lead to a situation where a judge is asked to consider a production order in a secret hearing without adversarial debate between the requesting body and the media organisation involved.
Yesterday the new European Union anti-terror chief appeared infront of MPs to discuss various issues, including what people are reading online.
As we’ve previously warned, the UK’s Anti-Extremism task force has already alluded to greater filtering of web content and now the EU has taken it one step further, with Gilles de Kerchove telling MPs he wanted to remove “not illegal, undesirable websites.”
Setting out the action being taken by the EU he said: “The Commissioner for Home Affairs will set up a forum to discuss with the big players – Google, Facebook, Twitter – how we can improve the way one removes from the internet the illegal and if not illegal, undesirable websites.”
Freedom of speech, and of the press, are essential parts of a free and democratic society. It should not be in the gift of politicians to decide what we read or who can write it and absolutely not on the basis of what some may consider undesirable. If content is to be blocked, it should be a decision taken by a court of law and only when a clear criminal test has been met establishing the content is illegal.
If GCHQ or any other agency is obtaining mobile phone data through the Dishfire programme without a RIPA notice, that is circumventing British law.
The statements made have sought to only address questions about content being accessed, not metadata. This confusion should be urgently addressed.
Under UK law, if an agency or police force want access to details of who you have texted, where you were when you sent or received a text or the dates and times of your text massages they can obtain it from your phone company. The Regulation of Investigatory Powers Act (RIPA) provides for this. Such powers relate to obtaining communications (or meta) data and not content. Acquiring content requires a warrant from a Secretary of State.