David Anderson, QC, the UK’s independent reviewer of terror laws, rightly called his report on what powers the spooks should have and how they should be made more accountable, A Question of Trust.
He describes the existing laws covering the interception of communications as “undemocratic, unnecessary and – in the long run – intolerable”.
He says warrants for targeted interceptions should be approved by judges, not, as now, by ministers, though big questions remain (see below).
Anderson’s report was published last Thursday. It was not long before elements of the security establishment - the securocracy - struck back.
Three days after Anderson published his 373-page analysis of what is wrong with the way the spooks are allowed to monitor and store private communications, the Sunday Times quoted anonymous sources claiming Russia and China had broken into a secret cache of files top secret files taken by the whistleblower Ed Snowden.
As a result, MI6 had been forces to pull agents out of live operations, a claim the BBC repeated.
It is far from clear how MI6 agents, or their operations, had been compromised, or even how or indeed whether Moscow and Beijing had got hold of the information. With no trace of irony, Downing Street said it did not comment on leaks.
In contrast to what is likely to be increasingly shrill public arguments about the threat from terrorists and the weapons the security and intelligence agencies must be given to cope with it, a sober debate took place at Ditchley Park, a country house not far from Oxford where members of the establishment and their guests discuss important issues of the day.
A report on a recent conference on “Intelligence, security and privacy” chaired by Sir John Scarlett, head of MI6 in the runup to the 2003 invasion of Iraq, and attended by Robert Hannigan, the new director of GCHQ, was published on Friday on the Ditchley website.
“The reaction of the governments most concerned after the Snowden revelations had often appeared as ducking and weaving, trying to reveal as little as possible, or attempting to change the subject, rather than getting ahead of the argument”, the report of the conference drawn up by the Ditchley director, Sir John Holmes, a former ambassador to the UN and France, notes in a clear reference to the UK and US.
“This had only made things worse and increased public suspicions”, Holmes adds.
He continues: “There was a strong view that oversight could no longer be confined to the collection of intelligence and data. It now had to extend to how these were used...”
Though Anderson, in his report, said a new judicial body, the Independent Surveillance and Intelligence Commission, should be responsible for individual targeted intercept warrants, he also said that “is not intended to replace the existing...powers for law enforcement agencies to obtain large volumes of data directly from communication service providers for cell-site analysis when it is necessary and proportionate to do so, for example when searching for or tracking the movements of a suspect.”
Anderson thus in effect paved the way for the introduction of the “snooper’s charter” that the spooks and the home secretary, Theresa May, are so keen to set up – the unwarranted bulk collection of personal communications data that tracks everyone’s use of their phones, the web, and social media.
These are the issues on which the government must be confronted. On what terms, should private companies give personal data to government agencies?
How will the security and intelligence agencies be prevented from hacking the data, secretly breaking into encrypted communications?
According to those attending the Ditchley conference, “companies were willing to give access to their data, but this could only be through the front door, on the basis of properly authorised, legally sound and specific warrants, not through the back door.”
But in what circumstances will the companies agree not to tell customers suspected of criminal intent that the spooks want information held on them?
Meanwhile, Anderson suggests capabilities, though not operations, should be revealed - something GCHQ in particular has strongly objected to.
And how will the bulk data collection be scrutinised properly so that it does not become mass surveillance, something the spooks insist they do not indulge in?
In the end, the use to which data intercepted by computers is used by humans is determined by the employees of GCHQ, MI5, and MI6.
