This comes as no surprise after the Snowden revelations. British signal intelligence agency GCHQ has been spying illegally on a large number of internet users. What’s positively surprising is that the UK Surveillance Tribunal finally developed from a rubber stamp into something capable of making real decisions. In short, their recent decision states that the secret information exchange between the NSA and GCHQ was illegal. It’s also a welcome indication that unnecessary secrecy isn’t acceptable. Secrecy is needed in intelligence work, but has widely been misused to hide unlawful activities.
We are, of course, grateful to Privacy International and its supporters, for their important work in this case. But they are not done yet! Their next step is to let you know if you’re a victim. You can submit your contact info and join a campaign where they will reveal if GCHQ has data on you. That’s nice.
The more privacy-savvy of you are probably smiling right now. The campaign page clearly states “I authorise Privacy International and their legal team to pass my information to GCHQ …” That’s naturally necessary when asking GCHQ if they have data on you. But what if they didn’t? Now they have. Submitting private info to an agency that just has been exposed with illegal data processing might not sound as a good idea. And it’s not just your name, email and phone number. What may be less obvious is that your submission ties these pieces of info together. If they had just your mail, now they know to whom it belongs.
Ok, time to take off the tin foil hat. I think Privacy International’s campaign is great and a unique opportunity to get a glimpse into the secret world of intelligence. One should not worry too much about revealing info through this form. What you submit is probably already known to them and they could easily find out, if they had a real interest in you. So just go ahead. But the above is a great reminder that you should think twice before submitting private info. Always think about whom you submit to and for what purpose.
P.S. This reminds me of an old web form at a Russian server. “Enter your credit card number to check if it has been stolen on the net.” No, I didn’t enter mine either.
F-Secure invites our fellows to share their expertise and insights. For more posts by Fennel, click…
April 18, 2018