Following an 18-month review in the wake of Edward Snowden's revelations about NSA and GCHQ surveillance, the ISC concluded yesterday that the intelligence agency does not carry out indiscriminate “bulk interception” of communications in order to find targets, and does not carry out blanket surveillance of the public, as only a tiny percentage of all information collected is seen by a "human eye".
Speaking on behalf of the committee after the release of the 149-page report, “Privacy and Security: A modern and transparent legal framework," Hazel Blears MP, said: "Given the extent of targeting and filtering involved, it is evident that while GCHQ's bulk interception capability may involve large numbers of emails, it does not equate to blanket surveillance, nor does it equate to indiscriminate surveillance.”
"GCHQ is not collecting or reading everyone's emails: they do not have the legal authority, the resources, or the technical capability to do so." However, the same report did note that some agency staff had been fired for inappropriate access to data.
Privacy campaigners were happier with the report's insistence that the legislation governing the actions of MI5, MI6 and GCHQ needs to be more transparent, deeming the current legal framework “unnecessarily complicated” and one which “lacks transparency.”
Blears continued: "There is a legitimate public expectation of openness and transparency in today's society, and the security and intelligence agencies are not exempt from that.
"While we accept that they need to operate in secret if they are to be able to protect us from those who are plotting in secret to harm us, the government must make every effort to ensure that information is placed in the public domain when it is safe to do so. This report is an important first step toward greater transparency."
Emma Carr, director of Big Brother Watch, said in a statement: “This inquiry was established to provide the public with evidence-based reassurances that their communications are not unlawfully or disproportionately being monitored. However, in many areas the report is a missed opportunity with key details having being redacted.
“We welcome the key recommendation of placing the intelligence agencies surveillance operations under one piece of legislation, which should mean that we move away from the current confusing and outdated regime. However, it is critical that time for a public thorough and frank debate be given and that any legislation be well considered.
“Concerns remain particularly in the area of judicial approval and with the revelation of bulk personal data sets which on the surface sound very much like an identity database, collating personal information on many if not all of us.
“The report outlines a number of areas where the public should be told more about the intelligence agencies' practices and their interpretation of the current surveillance law, including clarity on what constitutes an internal and external communication. The Government must publish these explanations quickly in order to move towards greater public clarity.
Shami Chakrabarti, director of rights campaign group Liberty, said: "The ISC has repeatedly shown itself as a simple mouthpiece for the spooks - so clueless and ineffective that it's only thanks to Edward Snowden that it had the slightest clue of the agencies' antics.
"The committee calls this report a landmark for 'openness and transparency' - but how do we trust agencies who have acted unlawfully, hacked the world's largest Sim card manufacturer [allegedly Gemalto – ed] and developed technologies capable of collecting our login details and passwords, manipulating our mobile devices and hacking our computers and webcams?"
However, the civil liberties group subsequently caused outage after one spokesperson suggested that a terrorist attack in Britain was a price worth paying to protect mass personal data from being snooped upon.
Cyber-security expert, Professor Richard Benham, who co-founded the National MBA in Cyber Security with Coventry University Business School, said that it remains a balancing act between security and privacy – a subject which is tackled on the new MBA course.
“The whole matter comes down to trust – do you trust the security services and government to act in your best interests, and have they been found to be abusing that trust?”
“There has to be a need to protect society, particularly given the threats in the cyber-world, and it's for parliament to decide what powers they have and stay within those parameters,” said Benham, adding that privacy should play a part in considering those powers."
Reflecting UK experience, he added: “Quite clearly Edward Snowden has shown that mass surveillance does happen but there's not been a huge backlash from the general public, it's more been from the media.”
He says that stronger legislation obviously needs to come into place, saying that the UK must follow the Obama reforms in the US: “I think we have to follow suit – internet policy is truly global and you can't restrict it per country”
The report, under section 8 (page 61), detail other agencies capabilities, such as reading encrypted communications and interfering with ‘wireless telegraph'.
Antony Walker, Deputy CEO at techUK, commented on the report in an email to SCMagazineUK.com saying it is, "Welcome recognition that we must move from a ‘piecemeal and unnecessarily complicated' legislative environment for intelligence and surveillanceactivities to a clear, legal framework which engenders public trust..... multiple pieces of legislation over the past 15 years have made it increasingly complex for building public trust in the relationship between government and industry.
“If Government is to take forward this positive recommendation for one single piece of legislation, it must be clear about exactly what those powers would be and consult widely on them before putting proposals before Parliament.”