Disclosure on UK’s Browsing History Tracking to Mark a New Surveillance Era

The United Kingdom has been the testing ground for surveillance techniques for quite some time. Now, according to recent disclosures, the country might enter a new Big Brother era.

Over the last two years, the UK police and internet companies have been secretly collaborating, testing surveillance technology. As part of an ongoing trial, the technology logs and stores the web browsing activity of any individual living in the country.

The UK’s surveillance law, also known as Snooper’s Charter, appointed at the end of 2016, allowed these covert operations.

While they are no longer a secret, one cannot assume they will not be further developed and applied if the initiators (the Home Office and the National Crime Agency) conclude the tests are a success.

If so, the UK will become the first Western country to use surveillance tools at a large scale, as authorized by the law.

Let’s find out more about the UK’s general state of surveillance.

Two ISPs were involved in the surveillance

No officials made any public statements about the surveillance trial. Instead, it was included in a 168-page annual report from the Investigatory Powers Commissioner’s Office (IPCO), published in December 2020.

The trial is ongoing, and the IPCO mentioned they would decide if they’ll expand it to cover the nation once they have a complete evaluation of the results.

Two internet services providers (ISPs) – whose names are still unknown – were involved in these tests. They created internet connection records (ICRs) to show which websites a person visits, when and how much data they download, and their IP addresses.

The ISPs didn’t record what pages or precisely what content people accessed online. However, the collected metadata can reveal significant and essential details, such as:

      • Health information
      • Personal interests
      • Political views or affiliation

The ISPs themselves are prevented from saying if they were involved. The Investigatory Powers Act bans revealing the existence of a data retention notice to anyone else. The Act, supported by a judge’s consent, lets the UK’s secretary of state order internet providers to keep their records for up to a year.

UK’s history with state surveillance

United Kingdom’s history regarding the use of electronic surveillance goes back to World War II and the evolution of signal intelligence.

When the war was over, the UK established Government Communications Headquarters (GCHQ). The country used it in several intelligence programs as part of the Five Eyes surveillance alliance.

In 2013, Snowden’s revelations didn’t just uncover NSA’s (America’s National Security Agency) secret surveillance operations. His discoveries also showed GCHQ was involved in mass surveillance procedures described by the media and privacy activists as highly violating peoples’ civil liberties.

Still, in 2014, the UK Investigatory Powers Tribunal ruled that even if GCHQ collects and analyses data in bulk, its practices do not translate into mass surveillance.

In January 2018, a UK Court of Appeal ruling concluded the Data Retention and Investigatory Powers Act (DRIPA) was illegitimate. DRIPA was a previous law covering state surveillance which has been expanded upon with the Investigatory Powers Act of 2016.

The court ruled that the legislation contravened British people’s rights by collecting internet activity and phone records. It also concluded public bodies should not be allowed access to this kind of personal details with no suspicion of ‘serious crime’.

Yet, as most privacy advocates believe, with Brexit underway, UK government might persist with indiscriminate snooping:

The UK government has been pushing for the ability to access people’s internet connection records for many years, and it is no surprise to see UK agencies like the Home Office and the National Crime Agency moving forward with trials to access and utilize the treasure trove of consumer data being logged by ISPs thanks to the Snooper’s Charter. The lack of EU oversight caused by Brexit could now result in serious concerns for the British public, whose internet connection records and metadata may be harvested en masse by a large cross-section of agencies without the need for a warrant.                                                  Consumers need to be aware of the potential for their internet habits and metadata to be analyzed, and they must seek to protect their privacy at all times by leveraging a VPN to encrypt the internet traffic and prevent ISPs from tracking their online habits. Internet connection records have the power to reveal startlingly precise details about people and their daily lives and habits, and it is extremely concerning that the UK may now move forward with its surveillance regime. Analyzing people’s communications metadata and internet habits is an extremely invasive practice that has never been proven to aid with national security, and it can have serious effects on people’s privacy, their ability to express freedom of speech, and their right to freedom of association.
Ray Walsh, Digital Privacy Expert | ProPrivacy

The surveillance systems currently used in the UK

From a political point of view, discussions about privacy are always tied with the way governmental authorities can balance individual and social interests. The authorities usually claim that the more privacy you lose, the more security you gain.

The United Kingdom has started to enforce surveillance systems in the early 1990s in response to IRA bombings in Birmingham in 1974. After the September 11 US attacks, the London Underground terrorist attacks, and the 2012 Olympics, more surveillance tools were deployed.

Between 2016 and 2018, Metropolitan police had deployed facial recognition software in central London. Around 420,000 CCTV cameras were operating at the time in and around the city. With its 470,000 cameras, London became the second-most monitored city in the world after Beijing.

Simultaneously, the South Wales police started to use automated facial recognition technology to search for people in crowds. Civil rights organizations sent written submissions to the court arguing the tool is racially discriminatory and contrary to data protection laws. They found that the South Wales force captured the biometrics of 500,000 faces, most of them not suspected of any wrongdoing.

The Court of Appeal ruled that the use of automatic facial recognition (AFR) technology by South Wales Police was unlawful.

Other facial recognition software operating in the UK:

      • Yoti has been rolling out its facial analysis software in over 25,000 convenience stores to estimate customers’ age.
      • Facewatch software can recognize known criminals and has been tested by several high-street retailers; the software is included in over 500 stores across London. Facewatch has signed data-sharing deals with the Metropolitan Police and the City of London police.
      • Budgens stores and supermarkets like Tesco, Sainsbury’s, and Marks and Spencer all have cameras using facial recognition; the stores use the cameras for crime prevention and even estimates the age of those buying alcohol or cigarettes.

Privacy advocates’ concerns are regarding the overlap between government and private companies that don’t follow any transparency guidelines. Moreover, private companies can use people’s data as they see fit, and no one has control over them.

There is currently no ethical or regulatory framework for the private use of surveillance technologies.

UK laws governing the use of biometrics, including facial data, focus primarily on DNA and fingerprints.

These laws have not been updated since 2012.

What’s in store for UK’s spying tactics?

Before GDPR, the United Kingdom adhered to the European Union’s Data Protection Directive 95/46/EC.

In 1998, the UK complied with the EU’s Data Protection Directive 95/46/ without once including the word ‘privacy’ in its pages.

In the context of Brexit, key elements of data privacy and protection still remain unclear.

For instance, the UK has to accept the European Court of Justice’s jurisdiction over data and privacy and on how the system works.

But currently, the British legislation still provides UK authorities with the significant legal power to impose surveillance. Plus, international agreements like Five Eyes leave the door open to legitimate spying, including gathering mass data sets.

Or as Amnesty International stated:

It’s not being done with any grounds for suspicion, it’s being done to find the grounds for suspicion. It’s a huge rollback of our liberty.

Keep your data private

Sadly, nowadays, you can’t expect someone else to take care of and protect your data. You need to handle data security yourself.

Regardless, it is not a complicated task. Here are some simple recommendations:

 

What’s your take on surveillance programs? Do you believe they should be allowed and used without people’s consent?

Let me know in the comments below!

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*