Privacy group sues UK government over surveillance programs

A privacy group has filed legal action against the U.K. government for conducting mass surveillance on citizens across the U.K., including accessing data about people located in the U.K. that is collected and passed on by the U.S. National Security Agency.

Privacy International, a charity in London that works in the area of privacy, has charged in a statement Monday that “the expansive spying regime is seemingly operated outside of the rule of law, lacks any accountability, and is neither necessary nor proportionate.”

The claim in the Investigatory Powers Tribunal is based on disclosures through newspaper reports by former NSA contractor, Edward Snowden, about the surveillance programs of the NSA and British intelligence agency Government Communications Headquarters (GCHQ). The tribunal was set up in 2000 to consider complaints about the use of intrusive powers by intelligence services, law enforcement agencies and public authorities.

One of the programs cited in the complaint is called Prism and reportedly gives the NSA real-time access to the content on servers of Internet companies like Facebook and Google. The Internet companies have denied their participation in the program. The other program referred to in the complaint, called Tempora, is said to be a GCHQ program for tapping fiber-optic cables and sharing the data with the NSA.

The reports about mass surveillance in the U.S., U.K. and some other countries have triggered off a variety of legal actions. In the U.S., Electronic Privacy Information Center (EPIC) asked the Supreme Court on Monday to throw out an order by the Foreign Intelligence Surveillance Court, a secret surveillance court, allowing the NSA to collect all Verizon phone records.

The American Civil Liberties Union also filed a lawsuit in a U.S. federal court last month challenging the legality of the collection of metadata from Verizon customers.

To intercept phone calls, emails, and other communications of individuals located in the U.K., or require the disclosure of that information when it is stored by telecommunications or Internet companies, U.K. authorities must comply with the Regulation of Investigatory Powers Act 2000, according to the complaint from Privacy International. But RIPA does not apply if U.K. authorities solicit or otherwise receive the information from their US counterparts, even if the communications in question were sent and received in the U.K., it added.

The complaint also refers to a news report in the Guardian that under Tempora the GCHQ has intercepted more than 200 fiber-optic cables landing in the U.K.

Tempora was purportedly authorized under certificated warrants issued under RIPA that do not have to name or describe any one person or a single set of premises as the subject of the interception, according to Privacy International. The certificates are renewed on a rolling basis by the Secretary of State for the U.K. Home Office, and do not require judicial authorization or approval of warrants or certificates.

The effect of Tempora is that all communications using fiber-optic cables are subject to the risk of interception, search and storage, putting at risk of interception all Internet and telephone users in the U.K. and other parts of the world, Privacy International said in the complaint.

The privacy group has asked the tribunal for a declaration that Tempora is in violation of various regulations including RIPA and the European Convention on Human Rights. It has also asked for an order to destroy all unlawfully obtained material. The complaint also cites rights to privacy and freedom of expression in ECHR to ask the tribunal for a declaration against the Secretary of State for not ensuring that there is in place a legal regime governing the soliciting, receiving, storing and transmitting by U.K. authorities of private communications of individuals located in the U.K. which have been obtained by US authorities.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John’s e-mail address is john_ribeiro@idg.com