In an effort to put an end to the bulk data collection of phone records and other large datasets from millions of people, campaign group Privacy International has filed a complaint with a U.K. court.
The complaint was filed with the U.K. Investigatory Powers Tribunal, which deals with claims against U.K. intelligence agencies, including the country's Government Communications Headquarters (GCHQ). It is meant to put an end to bulk data collection that was already banned in the U.S.
Last Tuesday, the U.S. Senate passed the USA Freedom Actwhich put a stop to the old U.S. National Security Agency's (NSA) bulk collection of domestic telephone records, restoring a limited telephone records program.
The U.S. is so much further ahead on the issue than the U.K., the campaign group said, adding that the bulk collection of data of millions of people who have no ties to terrorism and are not suspected of any crime is plainly wrong.
In the U.K., intelligence agencies also collect bulk personal datasets, a report by the U.K. Parliament's Intelligence and Security Committee showed in March. The Committee considered the bulk collection of data to be relevant to national security investigations.
According to GCHQ, bulk data collection is an increasingly important tool to identify people they have an interest in, the partly redacted report said. The datasets vary in size "from hundreds to millions of records", and where possible, they may be linked together so that analysts can quickly find all the information linked to a "selector" such as a phone number, it said.
While this kind of investigation is described as "highly intrusive", the report does not reveal which datasets have been collected, Privacy International noted, adding that there is no proper legal regime in place to restrict the bulk collection of data. Moreover, the collection of bulk data is not authorized by a judge or minister, the group said, and called for strong safeguards to prevent misuse of the collected data.
Telecommunications companies are required to store records detailing the who, where and when of every phone call made under the country's Data Retention and Investigatory Powers Act (DRIPA). Privacy International believes GCHQ then collects those phone records in bulk. Similar powers could be used to collect data from other databases such as medical records, financial records and travel records in bulk, the group said.
Privacy International's complaint comes on top of earlier complaints filed together with other groups against GCHQ mass surveillance practices in the U.K. The groups are waiting for a final judgement in those cases.
Two complaints were also filed against GCHQ over hacking powers, while there is also a legal challenge against mass surveillance pending at the European Court of Human Rights.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.