Ever wonder whether the UK's listening post, GCHQ – the Government Communications Headquarters – was tuning in to your life a little too closely?
Well, now you may be able to find out, thanks to an online campaign launched by spy-botherers Privacy International (PI). There is a bit of a catch, as you'll see. Just a bit of a catch.
The charity has set up a webpage where you can provide personally identifiable information – your name, email address, IP address, MAC address and so on – and then submit a claim to the Investigatory Powers Tribunal (IPT). The IPT oversees the security services, and asks it to confirm whether your details are included in a vast database of information held by the UK security services.
According to PI, the IPT is legally obliged to let you know if those details are included. The goal is to highlight just how broadly the GCHQ dragnet stretches – it's not just suspected terrorists that are subject to governmental spying.
There are two caveats: one, it will be you filing a claim with the tribunal, not PI on your behalf, so be prepared to get involved in a lengthy process; and two, you should bear in mind that you would be providing the security services with personally identifiable information that can then be linked to you. This, ironically, would make it easier for them to spy on you in future.
It's also in your interest to file as soon as possible, as the Tribunal will only search records that go back a year. And, since the UK government simply changed the law to make GCHQ's previously illegal activity legal, you will only get back information up to 5 December 2014. So if you file today on 14 September 2015, the search will only cover 14 September 2014 to 5 December 2014.
Death by a thousand papercuts
It's not the first time that PI has taken the mass paperwork approach to force greater transparency.
Back in February, the charity encouraged people to send in their personal details in an effort to seek confirmation that their information had been covered up, most likely by the NSA, and sent on to GCHQ.
That approach came following a ruling [PDF] by the IPT that said the huge sharing of information between the US and UK was illegal prior to 5 December 2014 because the rules for sharing that information were secret.
In response, the UK government went to the IPT and argued that it did not need to tell people if their information was included in that now-illegal sharing of information. The Tribunal rejected that argument in a further decision [PDF], so now it is obliged to tell you if your details are included in that database.
Cat and mouse
This most recent effort to prise open the doors on GCHQ is just the latest in a cat-and-mouse game between the UK security services and Privacy International (among others).
The Edward Snowden revelations created a number of openings for privacy advocates to challenge what had previously been secret activities. Since then, there have been a series of reports and committees digging in GCHQ's activities.
Unsurprisingly, those reports have found that GCHQ did not break the law. However, reading between the lines it is possible to see that new compliance procedures have been put in place and a call for new laws to cover what the listening post does has restricted some of what its employees were doing. For now at least.
What became clear from the review of Britain's anti-terrorism law done by David Anderson QC is that the security services hugely value the information they derive from bulk interception of communications. GCHQ told Anderson that it contributes to more than half of all intelligence reports and is mostly used to find patterns that flag up specific individuals as warranting further investigation. ®