Beyond the dark arts of GCHQ, an increasing number of government agencies and statutory authorities have been gifted with data-matching and communication data-gathering mechanisms via existing legislation (including RIPA).
Now, there looms the Investigatory Powers bill, otherwise known as the ‘Snoopers’ Charter’, which is currently going through Parliament.
But behind all this, sits a burgeoning industry that specialises in finding out everything that’s legally possible to be known about almost everyone in the UK – and then selling that information on.
One business that conducts such activities and which stands out from the crowd is run by a rogue intelligence officer whose evidence given at a major public inquiry was described by the British government as “not crediible”.
Sadly, we’re in an age where most people have foregone their ‘right’ to security – and so it’s not surprising when private companies exploit this gap in the ‘market’ to trade on the personal details of people by utilising standard data-matching technologies, but on an industry-level scale.
There is money to be made here, with the information garnered passed on – for a fee, of course – to third parties, ranging from charities, call-centres, or simply anyone willing to pay the price.
And the law protects such dubious transactions: just another feature of capitalism.
Force Research Unit agent
One such business is owned and run by a former British intelligence operative, a member of the infamous Force Research Unit (FRU) – a clandestine British Army body that operated in Northern Ireland during the height of ‘The Troubles.’ The FRU was subsequently shown to have infiltrated all sides in the conflict to create a ‘strategy of tension’ and exploit the consequences. At one point FRU had up to 80 officers and about 100 support staff.
The former operative is Ian Hurst, whose erstwhile cover name was Martin Ingram. Hurst – a highly controversial character – later became a ‘whistleblower’. In the 2012 Report of the Patrick Finucane Review, the Rt Hon Sir Desmond de Silva QC referred to Hurst’s testimony as ‘not credible’.
Over the years, Hurst has seemingly played both sides – claiming at one point ideological support for a united Ireland, while at the same time making statements that denigrate the Republican leadership and exposing operational details of the FRU. He is currently restricted by an injunction on what he can further say about the role of the British Army in Northern Ireland.
Hurst has previously alleged in a statement to Cryptome that Sinn Fein leader Martin McGuinness worked for British intelligence, but in a ‘Restricted’ document – a full transcript of his testimony to the Savile Inquiry into ‘Bloody Sunday’ – he states categorically that McGuinness did not fire the first shot, as some accused, on that fateful day in Derry.
It is unclear whether Hurst various claims are facts, or disinformation.
So when a person with such a history is able to collate and sell on information about most people in the UK to the highest bidder (or any bidder they choose), shouldn’t alarms bells begin to ring?
The website
Hurst’s data-matching facility was operational at least as far back as 2010 (with a Manchester accommodation address). However, according to the Information Commissioner’s Office, Hurst registered with the ICO earlier this year.
Hurst’s website utilises low-tech methods and so no amount of high-tech security tools/applications – such as Tor, Tails, PGP or VPN – can prevent this level of intrusion. Some may argue that in many ways such basic data-matching is far more dangerous to ordinary people, living ordinary lives, than the totalitarian surveillance technologies of the bigger players.
Some of Hurst’s data-matching services are free. Others are fee-paid services.
Hurst displays his Bolton address on the website, though not his name. Ownership of the website is easily confirmed via Whois (see image above).
In addition, thanks to the efforts of a former Mossad officer – see below – it is also known (as of last year) that Hurst has a residential address in France and a registered address in Spain relating to his business interests.
20 million names on database
Hurst’s website – which is registered under the Data Protection Act 1998 – boasts 20 million names on its own database as well as the 24+ million names on the searchable public electoral register. It offers the following services:
- Reverse search over 30 million UK mobile telephone numbers
- Reverse search over 85million UK land line telephone numbers
- Search over 18 million current UK ex directory phone numbers
- Search over 30 million personal mobile phone numbers
- Search over 50 million personal email addresses
Land Registry data is also examined.
Charges are made for the removal of a record of yourself, providing you are not included on the open consented electoral roll. To remove a record, you also have to provide proof – e.g. driver’s licence, birth certificate, etc – of who you are.
Unanswered questions
Perhaps the most worrying aspect of Hurst’s data-matching site is that fee-paying inquirers are asked to provide detailed information about themselves. The website states:
Personal Information provided by the client and collected and collated by Search Electoral Roll Ltd during the registration and subscription stage is provided on the clear condition that it will be used in UK people finding databases and may be sold to other companies for use in commercial activity including direct marketing or other people finding databases.
Confusingly the website also states: “It is strictly forbidden to use any data accessed via our services for direct marketing purposes. We do not allow any private individual or company to register for and use our services with the aim of using our data for direct marketing purposes.”
And under ‘Privacy’ the website adds: “We may disclose your personal information to third parties… In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.”
Another consideration: if data about an inquirer is matched with data found about the inquiree, then that information becomes a valuable resource that could be sold on, too.
Elsewhere Hurst states:
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual… The data that we collect from you upon registration may be transferred to, and stored at, a destination within the European Economic Area (EEA)
Blacklisting?
On the ICO record it states that Hurst’s facility collects the following information:
- the investigation brief, results and related information
- personal details
- family details
- lifestyle and social circumstances
- goods and services
- financial details
- education and employment details
- physical or mental health details
- racial or ethnic origin
- religious or other beliefs of a similar nature
- trade union membership
- offences including alleged offences
This is far more than mere names, addresses and other contact details. Some of that information could be used, for example, by third parties – for example, employers – for blacklisting purposes.
Third parties revealed
Again, on the ICO record Hurst reveals some of the third parties (by category) whom he passes information to:
- Voluntary and charitable organisations
- Ombudsmen and regulatory authorities
- Business associates and other professional advisers
- Associated companies
- Suppliers
- Financial organisations
- Credit reference, debt collection and tracing agencies
- Police forces
- Private investigators
- Courts and tribunals
- Government
- Traders in personal data
- Family, associates or representatives of the person whose personal data we are processing;
- Current, past or prospective employers
- Examining bodies
Hurst, incidentally, also runs a separate business, Intelligent Tracing Limited, which is registered with Companies House and which specialises in debt collection. It would be inconceivable if that business did not benefit from the data gleaned from Hurst’s data-matching facility.
Even intelligence officers can be listed
And no one, no matter whether ‘ordinary’ or an ‘asset’, is immune from this kind of ‘legal’ snooping.
Last year Olivia Frank, a former Mossad officer and who was also contracted to MI6 in the Arms to Iraq scandal, discovered she was on Hurst’s lists, despite going to great lengths to conceal her whereabouts, including ensuring she was not on the electoral roll. Ms. Frank was therefore alarmed to receive an email one day telling her that her details were on Hurst’s database, but that she could have them removed by paying a fee.
Ms. Frank then inquired with her local council, which confirmed that she and her husband had both been opted-out of the edited register since 2006. The council subsequently passed on her information to the Electoral Commission for investigation.
After a while, the Electoral Commission came back to Ms. Framk with an explanation of how her name had been included on Hurst’s lists. It appeared that Hurst’s facility was able to get the information about her and her husband from ‘third party’ sources, including credit reference agencies.
In other words, exclusion from the Electoral Roll does not mean you are not on the Hurst database.
Hurst found out too
Ironically, Hurst had his own privacy invaded – and in a very dramatic way…
In 2006 Hurst had his emails hacked by Phillip Campbell Smith – later referred to as ‘X’ in the Leveson Inquiry – who was also a former FRU operative, and who later worked for a private investigator, Jonathan Rees, who in turn worked for the News of the World.
MI5 became aware that Smith had targeted Hurst’s email in an attempt to find the location of Alfredo ‘Freddie’ Scappaticci – otherwise known as ‘Stakeknife’. Hurst claims that Stakeknife is a British intelligence informer who infiltrated the Provisional IRA.
Smith was also trying to locate Kevin Fulton – aka Peter Keeley – another alleged informer who claims he warned the RUC of the 1998 Omagh bombing by the Real IRA and that British intelligence was made aware the bombing had been planned. Later, in March 2016, Hurst offered to provide testimony about Scappaticci to any inquiry.
Smith was arrested in 2009 and his computers seized, though it was not until 2011 that Hurst was informed about what had happened. Hurst then went on to tape Smith confessing to the hacking and parts of the recording were subsequently broadcast by a BBC Panorama programme. Smith was later jailed for his role in the hacking scandal. Hurst later provided testimony [redacted] about the hacking to the Leveson Inquiry.
That Hurst sees no contradiction regarding the illegal intrusion into his privacy on the one hand and the unscrupulous selling of personal information about UK residents on the other, fits well with his convoluted history.
In a way Hurst is doing everyone a service, by allowing people to see just how easy it is for our privacy to be invaded. Privacy is not a commodity to be traded, but is precious and should be protected. Relying on the capitalist system to see to that protection is a non-starter. Perhaps it’s time personal security, including online security and privacy safeguards, should be added as a component to our secondary education?
List of Hurst’s “Search Electoral Roll” mirror sites:
Feature image via Flickr Creative Commons
