Home > All, Security Issues > HMRC ordered by the judge to think again about withholding information from Privacy International

HMRC ordered by the judge to think again about withholding information from Privacy International

Privacy International has been attempting to get blood from a stone; otherwise known as getting information out of Her Majesty’s Revenue and Customs. It has wanted to know if Gamma International is being investigated for potential breach of UK export controls.

finfisher 260x160

Spyware used by repressive regimes to monitor activists

Gamma International, you may recall, is the company behind the FinFisher surveillance malware. FinFisher is used by repressive regimes to spy on political activists — and it is a stain on Britain’s collective conscience that it provides the software that can lead to imprisonment and torture.

More than 2 years ago, HMRC told PI that it had no power to provide information about its investigations to PI or any other third-party. PI did not accept this, and went to court to force HMRC’s hand. HMRC rapidly retraced its steps, saying instead that it chose not to disclose that information, and doesn’t need to.

Whether it must or not is an important issue in itself. If an investigation is under way but HMRC decides not to prosecute, that decision can be challenged via a judicial review. And we can be pretty certain that PI would do so. But if nobody knows whether there has been an investigation, there can be no judicial review on a failure to prosecute.

Privacy International – a guardian of the public conscience

Privacy International – a guardian of the public conscience

The law is a strange and dusty thing, and arguments are tied up in intricate semantic analyses. But to the ANAL layman, HMRC’s argument for non-disclosure was simply ridiculous.

In written argument submitted after the oral hearing Mr Peretz [appearing for HMRC] made the following point about confidence:

“HMRC accept in principle, by analogy with the reasoning set out by Sales J in Ingenious Media, that the maintenance of public confidence in the system of export control assists their ability, under CEMA as applied by article 41 of the ECO, to investigate allegations of potential infringements of export control rules: if such confidence were undermined, such investigations could be hindered, for example because public co-operation was withheld from HMRC. As a result, disclosure that assists in maintaining such public confidence is capable of falling within article 43(2)(a) of the ECO or section 18(2)(a) of the CRCA.

However, as HMRC have maintained consistently in evidence to the Public Accounts Committee, effective tax collection depends on individuals and businesses believing that information that HMRC hold in connection with their functions will be appropriately protected. The same point applies in relation to export control. So a particular disclosure that increased confidence in the system of export control but, in HMRC’s assessment in the circumstances of the case, had the wider and more serious impact of undermining confidence that HMRC would keep sensitive information confidential, would not – overall – benefit HMRC’s ability to investigate alleged infringements of any matter for which they are responsible: such a disclosure would not, therefore, fall within section 18(2)(a) of the CRCA or article 43(2)(a) of the ECO. As canvassed in oral argument, a number of other factors may also be relevant to that assessment, in any particular case”.

The judge didn’t buy it. “If HMRC’s submission here is that because it can argue that it is permissible always or invariably to withhold information in the tax arena that the same can be applied, mutatis mutandis, to the export control arena, then I disagree.”

HMRC’s position is, of course, further undermined if not totally destroyed by its current plans to sell off our tax data in exactly the same way that the NHS is planning to sell our health data.

HMRC collects taxes and enforces export controls

HMRC collects taxes and enforces export controls

But there is one other exchange of views that to my mind perfectly summarizes HMRC. The judge noted that it has no formal protocol to help it to decide how to handle different requests for information. HMRC responded that if the judge were to ‘invite’ it to develop such a protocol, it would be considered; but the judge could do no more than invite it to do so. The judge replied that HMRC was wrong and that he did indeed have the authority to instruct HMRC — but at this time he would not.

The impression we get is that of a government agency so steeped in bureaucratic secrecy and so arrogant over its own power that it believes that it, and not the law, governs how it operates.

It is wrong. “For all of the above reasons this application for judicial review succeeds. The Decision of the Defendant is quashed and it is remitted to the Defendant to be re-taken.”

We may now learn whether Gamma International has been investigated for breach of the UK’s export controls; and whether it is being or is likely to be prosecuted. If the answer to either of that is negative, we can further expect Privacy International to ask the courts to examine the reason.

Categories: All, Security Issues
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s