Privacy, especially online, is under unceasing threat of being compromised by criminals and government officials — so the defense of civil liberties must evolve along with technology. Big Brother Watch, an Atlas Network partner organization founded in 2009 to raise awareness regarding threats to civil liberties and expanding state surveillance, recently published a 138-page report titled “Safe in Police Hands?,” detailing how hundreds of police staff in the United Kingdom were responsible for at least 2,315 data breaches between June 2011 and December 2015.
“Over 800 members of staff accessed personal information without a policing purpose and information was inappropriately shared with third parties more than 800 times,” the report finds. “Specific incidents show officers misusing their access to information for financial gain and passing sensitive information to members of organised crime groups.”
Of the 2,315 documented breaches, 1,283 — more than half — resulted in no disciplinary action being taken, 258 resulted in verbal or written warnings, 297 cases led to either dismissal or resignation, and 70 (only 3 percent of all cases) resulted in criminal convictions or cautions.
The Investigatory Powers Bill, currently being considered by the U.K. Parliament, threatens to further chip away at its citizens’ right to privacy. Big Brother Watch began a campaign in December opposing the bill in its current form, producing several factsheets that explain the overreaching authority it gives to the government in areas such as equipment interference, data retention, Internet connection records, bulk personal datasets, and interception.
“If the Bill becomes law, the police and the intelligence agencies; MI5, MI6, and GCHQ, will be legally allowed to hack a device, system or network to watch, change, destroy, or obtain data in secret without the user knowing,” the Big Brother Watch “Equipment Interference” factsheet explains. Devices, systems, and networks may be accessed in order to remotely control cameras and microphones, access private passwords or encryption keys, monitor Internet activity in real time, and more.
Two types of warrants would allow for equipment interference. One, targeted equipment interference, authorizes the hacking of particular people, organizations, or locations and is used by police, intelligence agencies, and HM Revenue & Customs (HMRC). The other, bulk equipment interference, authorizes a six-month window for international hacking in situations where intelligence agencies might not yet know exactly what, where, or who they want to hack. The bill’s language would allow officials to hack innocent people via a “middleman attack,” which is used on individuals who are not the target of investigation in an attempt to gather information about the actual target.
The bill may require telecommunications operators to hold information regarding their customers’ Internet activity — such as websites visited and installed phone apps — for an entire year. This information would be available to police, intelligence agencies, and government organizations such as the National Health Service and HMRC. Big Brother Watch notes that basic Internet browsing history is personal information, protected by Articles 8 and 10 of the Human Rights Act — but the Investigatory Powers Bill would circumvent that basic personal right.
“The Investigatory Powers Bill is continuing its relentless path through the UK political process,” said Renate Samson, chief executive of Big Brother Watch. “Having passed through Parliament earlier in June, it has now moved to the House of Lords (the UK’s Second Chamber). Whilst the government promise they are listening, there is still a great deal of work to be done before the Bill becomes law at the end of the year. Parliament still need to ensure they can guarantee innocent people’s privacy as well as their security. Our factsheets continue to be seen as a starting point for many who are unfamiliar with the proposed law.”
The Big Brother Watch “Interception” factsheet details how police, intelligence agencies, and HMRC use targeted and bulk interference in order to listen to phone calls and read online communications of suspected criminals and terrorists. Any evidence gathered via interception, however, is excluded from being used in court in the United Kingdom; it may only be used within the bounds of secret investigations. Regardless, bulk interception casts a wide enough net that any Internet or telephone users may have their private data and communications surveilled.
The “Safe in Police Hands?” report includes several recommendations for amending the Investigatory Powers Bill, such as removing the Internet Connection Records portion of the bill and allowing the creation of criminal records for perpetrators of serious data breaches — who are currently subject to no such penalties.
Big Brother Watch has provided both written and oral evidence to the Joint Committee on the Draft Investigatory Powers Bill, as well as written evidence to the Science and Technology Committee’s inquiry into technical portions of the draft bill. The bill is currently in the committee stage of the House of Lords, after being read for the second time on June 27.
“Aside from concentrating on the Investigatory Powers Bill, we also continue to shine a light on the use and misuse of data by public authorities in the UK,” Samson said. “Our most recent report, ‘Safe in Police Hands?,’ exposed the shocking revelation that British police have been breaching people’s data 10 times every week for the past four years. When we consider that the police may have access to even greater swathes of our personal data through the Investigatory Powers Bill, then discovering that they are still taking risks with existing data access is of profound concern.”