Europe’s top rights body says scale of NSA spying is ‘stunning’ and suggests UK powers may be at odds with rights convention

Europe’s top rights body has said mass surveillance practices are a fundamental threat to human rights and violate the right to privacy enshrined in European law.

The parliamentary assembly of the Council of Europe says in a report that it is “deeply concerned” by the “far-reaching, technologically advanced systems” used by the US and UK to collect, store and analyse the data of private citizens. It describes the scale of spying by the US National Security Agency, revealed by Edward Snowden, as “stunning”.

The report also suggests that British laws that give the monitoring agency GCHQ wide-ranging powers are incompatible with the European convention on human rights. It argues that British surveillance may be at odds with article 8, the right to privacy, as well as article 10, which guarantees freedom of expression, and article 6, the right to a fair trial.

“These rights are cornerstones of democracy. Their infringement without adequate judicial control jeopardises the rule of law,” it says.

There is compelling evidence that US intelligence agencies and their allies are hoovering up data “on a massive scale”, the report says. US-UK operations encompass “numerous persons against whom there is no ground for suspicion of any wrongdoing,” it adds.

The assembly is made up of delegates from 47 member states, including European Union and former Soviet countries. It is due to debate the report’s recommendations on Tuesday.

Though the recommendations are not binding on governments, the European court of human rights looks to the assembly for broad inspiration, and occasionally cites it in its rulings.

Several British surveillance cases are currently before the Strasbourg court. Amnesty International, the American Civil Liberties Union, Privacy International and Liberty all argue that GCHQ’s mass collection of data infringes European law. In December the UK’s investigatory powers tribunal (IPT) dismissed their complaint.

The 35-page assembly report, written by a Dutch MP, Pieter Omtzigt, begins with a quote from the Russian novelist Alexander Solzhenitysn: “Our freedom is built on what others do not know of our existences”. It says the knowledge that states do engage in mass surveillance has a “chilling effect” on the exercise of basic freedoms.

It says the assembly is deeply worried by the fact that intelligence agencies have deliberately weakened internet security by creating back doors and systematically exploiting weakness in security standards and implementation. Back doors can easily be exploited by “terrorists and cyber-terrorists or other criminals”, it says, calling for a greater use of encryption.

Another concern is the use of “secret laws, secret courts and secret interpretations of such laws” to justify mass surveillance. Typically, these laws “are very poorly scrutinised”.

The assembly acknowledges there is a need for “effective targeted surveillance of suspected terrorists and organised criminals”. But citing independent reviews carried out in the US, it says there is little evidence that mass surveillance has stopped terrorist attacks. It notes: “Instead, resources that might prevent attacks are diverted to mass surveillance, leaving potentially dangerous persons free to act.”

There is no mention of the recent attacks in Paris by three jihadist terrorists who shot dead 17 people. All three were known to the French authorities, who had them under surveillance but discontinued eavesdropping last summer. David Cameron has argued that the Paris attacks show that British spies need further surveillance powers. The report implicitly rejects this conclusion.

Facebook Twitter Pinterest Edward Snowden speaks to the Parliamentary Assembly of the Council of Europe from Moscow Photograph: Vincent Kessler/Reuters

The assembly has been taking evidence on mass surveillance since last year. In April Snowden spoke to delegates via a video link from Moscow. He revealed that the NSA had specifically targeted non-governmental organisations and other civil groups, both in the US and internationally.

Snowden’s decision to leak documents to the Guardian and other media organisations in June 2013, was courageous, Omtzigt said, and had “triggered public debate on the protection of privacy”. American officials, meanwhile, turned down an invitation to address the assembly, the MP said.

The draft report will be debated in committee and by the full assembly later this year.

It calls for:

• Collection of personal data without consent only if court-ordered on the basis of reasonable suspicion.

• Stronger parliamentary/judicial control of the intelligence services.

• Credible protection for whistleblowers (like Snowden) who expose wrongdoing by spy agencies.

• An international “codex” of rules governing intelligence sharing that national agencies could opt into.

Governments are free to implement or ignore the recommendations. However, if they reject them they have to explain why. They usually reply within six months.

The report says that Europe’s intelligence services work closely with their American counterparts. It says the Netherlands, for example, intercepted vast amounts of Somali telephone traffic in order to combat piracy, and shared it with the NSA. Denmark has collaborated with the US on surveillance since the late 1990s.

The relationship between the NSA and the BND, Germany’s foreign intelligence agency, has been “intimate” for the past 13 years. Revelations that the NSA spied on Angela Merkel’s mobile phone may have strained relations, but Germany still hosts several major NSA sites, including the NSA’s European headquarters in Stuttgart.

According to Omtzigt, surveillance powers have grown, and political oversight has diminished. Political leaders have lost control over their own intelligence agencies. The result is a “runaway surveillance machine”. Moreover, most politicians can no longer understand the immensely technical programmes involved, the report says.

The MP cites the case of James Clapper, the US director of national intelligence, who in April 2013 told the Senate that the NSA didn’t “wittingly” collect data on millions of Americans. Clapper later apologised for giving an untrue answer. “I still do not want to believe that he lied,” Omtzigt writes, adding that much intelligence work has been outsourced to private companies.

Facebook Twitter Pinterest James Clapper, the Director of National Intelligence, speaks at the International Conference on Cyber Security in New York Photograph: Mark Lennihan/AP

The assembly sent a letter to the German, British and US authorities asking whether they colluded with each other – in other words, got round laws preventing domestic spying by getting a third party to do it for them. The Germans and British denied this; the US failed to reply.

The report concludes that the UK response was probably true, given extensive British laws that already allow practically unlimited spying. The new Data Retention and Investigatory Powers Act – Drip, for short – passed in July, allows the wide-ranging collection of personal data, in particular metadata, the report says. “There seems to be little need for circumvention any more,” it concludes.