Britain’s laws governing the intelligence agencies and mass surveillance require a total overhaul to make them more transparent, comprehensible and up to date, parliament’s intelligence and security committee (ISC) has said in a landmark report prompted by the revelations of Edward Snowden, the former US National Security Agency contractor.
The 18-month inquiry finds that the existing laws are not being broken by the agencies and insists the bulk collection of data by the government does not amount to mass surveillance or a threat to individual privacy.
But it also says that the legal framework is unnecessarily complicated and – crucially – lacks transparency. The current laws could be construed as providing the agencies with a “blank cheque to carry out whatever actives they deem necessary”, it says.
In what it describes as its key recommendation it calls for all the current legislation governing the intrusive capabilities of the security and intelligence agencies to be replaced by a new, single act of parliament.
This new legal framework should for the first time explicitly set out surveillance capabilities, detailing the authorisation procedures, privacy constraints, transparency requirements, targeting criteria, sharing arrangements, oversight, and other safeguards.
The report will form a central pillar of the discussions in the next parliament on how to redraft UK surveillance laws, including a report from the Royal United Services Institute (Rusi) commissioned by Nick Clegg and work being undertaken by the commissioner on intelligence law.
This inquiry, disrupted by the last-minute resignation of the committee chairman, Sir Malcolm Rifkind, over allegations concerning cash for influence, has always been viewed sceptically by libertarians, who regard the ISC as the democratic voice for the agencies as opposed to their scrutineers.
The report concludes that the “UK’s intelligence and security agencies do not seek to circumvent the law”.
It says: “Our report also contains substantial recommendations about each of the agencies’ intrusive capabilities, which we consider are essential to improve transparency, strengthen privacy protections, and increase oversight.”
The committee gives a lengthy defence of the bulk collection of data, one of the chief Snowden revelations, and concludes: “We have established that bulk interception cannot be used to search for and examine the communications of an individual in the UK unless GCHQ first obtain a specific authorisation naming that individual, signed by a secretary of state.”
The committee says: “GCHQ requires access to internet traffic through bulk interception primarily in order to uncover threats – whether that might be cyber-criminals, nuclear weapons proliferators or Isil [Islamic State] terrorists.
“They need to find patterns and associations, in order to generate initial leads. This is an essential first step before the agencies can then investigate those leads through targeted interception.”
It sets out how GCHQ’s bulk interception systems involves three stages of targeting, filtering and then selecting data.
“Given the extent of targeting and filtering involved, it is evident that while GCHQ’s bulk interception capability may involve large numbers of emails, it does not equate to blanket surveillance, nor does it equate to indiscriminate surveillance.
“GCHQ is not collecting or reading everyone’s emails: they do not have the legal authority, the resources, or the technical capability to do so,” it says.
The report finds: “The legal framework has developed piecemeal and is unnecessarily complicated. We have serious concerns about the resulting lack of transparency, which is not in the public interest.”
It says: “The lack of clarity in existing laws and the lack of transparent policies beneath them has not only fuelled suspicions and allegations but has also meant the agencies could be open to challenge for failing to meet their human rights obligations.”
Further into the report the committee details a succession of reforms designed to constrain the security services. It says: “We consider the communications of UK nationals abroad should receive the same level of protection under the law irrespective of where the person is located. The interception and communication of data should be authorised through an individual warrant signed by a secretary of state.”
It also recommends that misuse of GCHQ’s interception capabilities should become a criminal offence. It calls for commissions responsible for overseeing the activities of the agencies to be put on a statutory footing since the current non-statutory framework is “unsatisfactory and inappropriate”.
It also finds it unacceptable that MI6 undertakes intrusive operations abroad but is under no requirement to keep comprehensive and accurate records of when it uses these powers.
In a controversial move, the committee redacts the percentage of items that transit the internet in one day that are ever selected to be read by a GCHQ analysts but say “they will have gone through several stages of targeting, filtering and searching so they are believed to be the ones of the very highest intelligence value”.
It adds: “The current legal framework of external and internal communications has led to much confusion. However, we have established that bulk interception cannot be used to target the communications of an individual in the UK without a specific authorisation naming the individual signed by a secretary of state.”
It recommends that communications data that does not fit beyond the narrow definition of “what when where of a communications” – such as web domains visited or locational tracking information in a smartphone – has “the potential to reveal a great deal about a person’s private life, his or her habits, tastes and preferences and should be subject to new safeguards”.
The report rejects proposals for the responsibility to issue intrusive warrants be taken from ministers and handed to judges.
The senior Labour committee member, Hazel Blears, said in a press statement: “The internet has transformed the way we communicate and conduct our day-to-day lives.
“However, this has led to a tension between the individual right to privacy and the collective right to security. This has been the focus of considerable debate over the past 18 months, and set the context for the committee’s inquiry into the range of intrusive capabilities used by MI5, MI6 and GCHQ.
“All those who contributed to our inquiry agreed that the security and intelligence agencies have a crucial role protecting UK citizens from threats to their safety. The importance of this work is reflected in the fact that the agencies have been given legal authority to use a range of intrusive powers, which they use to generate leads, to discover threats, to identify those who are plotting in secret against the UK and to track those individuals.
“However, in a democratic society those powers cannot be unconstrained: limits and safeguards are essential. In the UK, investigative action which intrudes into an individual’s privacy can only be taken where it is for a lawful purpose and is determined to be necessary and proportionate.
“The question we have considered is whether the intrusion is justified and whether the safeguards are sufficient.”