GCHQ To Spy On Consumer Shopping Data

Tesco store carpark shop logo © JuliusKielaitis Shutterstock

Proposed new surveillance bill is too broad and could allow GCHQ to access people’s shopping history, warns campaigner

A privacy campaigner has warned Parliament that the proposed Investigatory Powers Bill is too broad, and it could allow the intelligence service unfettered access to people’s bank accounts and even shopping habits.

So said Jim Killock, executive director of the privacy campaign group the Open Rights Group.

Bulk Data

Killock was quoted by the BBC as making the comments to MPs sitting on the Parliamentary committee examining the draft Investigatory Powers Bill.

The bill is highly controversial, as it will force Internet Service Providers (ISPs) to store the details of people’s online activity for a year. And it includes a lesser-known clause would let the security services download personal details from “bulk” databases.

social media

According to Jim Killock, this could even include shopping purchases listed on schemes such as Tesco’s Clubcard or Sainbury’s Nectar card.

“What is a bulk data set? Which have been accessed and grabbed by GCHQ so far? Who might that apply to?” Killock was quoted as saying. “Just about every business in the country operates a database with personal information in it.”

“This could be Tesco Clubcard information,” he reportedly said. “It could be Experian’s data around people’s financial transactions, it could be banking details, it could certainly be any government database that you care to mention. It’s kind of hard to see where surveillance ends with bulk data sets.”

Snoopers Charter Mark Two?

The government has long contended that the bill has dropped the more “contentious” aspects of its 2012 predecessor, the infamous “snooper’s charter”.

Home Secretary Theresa May has previously claimed the new bill would no longer require communications service providers to store Internet traffic from companies abroad, and she insisted it includes “strong” warrant authorisation requirements for authorities wanting to gain access to a user’s detailed Internet browsing history.

Yet despite this government assurance of strict safeguards, including a ban on councils accessing people’s internet records, there remains plenty of highly controversial aspects to the new bill.

Campaigners fear that the legislation will give security services’ carte blanche to hack, bug and spy on people’s online habits, with judicial oversight that is still to be determined.

There is little doubt that the government wants ISPs to keep the meta data of all their customers’ use of the web, including their phones and social media interactions for 12 months. It should be noted that this meta data will not include the content, which has to be authorised by a ministerial intercept warrant.

Are you a security pro? Try our quiz!