Britain’s laws governing the intelligence agencies and mass surveillance require a total overhaul to make them more transparent, comprehensible and up to date, the intelligence and security committee of parliament (ISC) has said in a landmark report prompted by the revelations of Edward Snowden, the former US National Security Agency contractor.
The 18-month inquiry finds that the existing laws are not being broken by the agencies and insists the bulk collection of data by the government does not amount to mass surveillance or a threat to individual privacy.
But it also says that the legal framework is unnecessarily complicated and – crucially – lacks transparency.
In what it describes as its key recommendation it calls for all the current legislation governing the intrusive capabilities of the security and intelligence agencies be replaced by a new, single act of parliament.
This new legal framework should for the first time explicitly set out surveillance capabilities, detailing the authorisation procedures, privacy constraints, transparency requirements, targeting criteria, sharing arrangements, oversight, and other safeguards.
The report will form a central pillar of the discussions in the next parliament on how to redraft UK surveillance laws, including a report from the Royal United Services Institute (Rusi) commissioned by Nick Clegg and work being undertaken by the commissioner on intelligence law.
This inquiry, disrupted by the last-minute resignation of the committee chairman, Sir Malcolm Rifkind, over allegations concerning cash for influence, has always been viewed sceptically by libertarians, who regard the ISC as the democratic voice for the agencies as opposed to their scrutineers.
The report concludes the “UK’s intelligence and security agencies do not seek to circumvent the law”.
It says: “Our report also contains substantial recommendations about each of the agencies’ intrusive capabilities, which we consider are essential to improve transparency, strengthen privacy protections, and increase oversight.”
The committee gives a lengthy defence of the bulk collection of data, one of the chief Snowden revelations, and concludes: “We have established that bulk interception cannot be used to search for and examine the communications of an individual in the UK unless GCHQ first obtain a specific authorisation naming that individual, signed by a secretary of state.”
The committee says: “GCHQ requires access to internet traffic through bulk interception primarily in order to uncover threats - whether that might be cyber-criminals, nuclear weapons proliferators or Isil [Islamic State] terrorists.
“They need to find patterns and associations, in order to generate initial leads. This is an essential first step before the agencies can then investigate those leads through targeted interception.”
It sets out how GCHQ’s bulk interception systems involves three stages of targeting, filtering and then select data.
“Given the extent of targeting and filtering involved, it is evident that while GCHQ’s bulk interception capability may involve large numbers of emails, it does not equate to blanket surveillance, nor does it equate to indiscriminate surveillance.
“GCHQ is not collecting or reading everyone’s emails: they do not have the legal authority, the resources, or the technical capability to do so,” it says.
The senior Labour committee member, Hazel Blears, said in a press statement: “The internet has transformed the way we communicate and conduct our day-to-day lives.
“However, this has led to a tension between the individual right to privacy and the collective right to security. This has been the focus of considerable debate over the past 18 months, and set the context for the committee’s inquiry into the range of intrusive capabilities used by MI5, MI6 and GCHQ.
“All those who contributed to our inquiry agreed that the security and intelligence agencies have a crucial role protecting UK citizens from threats to their safety. The importance of this work is reflected in the fact that the agencies have been given legal authority to use a range of intrusive powers, which they use to generate leads, to discover threats, to identify those who are plotting in secret against the UK and to track those individuals.
“However, in a democratic society those powers cannot be unconstrained: limits and safeguards are essential. In the UK, investigative action which intrudes into an individual’s privacy can only be taken where it is for a lawful purpose and is determined to be necessary and proportionate.
“The question we have considered is whether the intrusion is justified and whether the safeguards are sufficient.”
The report includes, for the first time in a single document, a comprehensive review of the full range of intrusive capabilities available to the UK intelligence agencies.
