Parliament’s intelligence and security committee (ISC) has released a landmark report calling for an overhaul of the laws governing Britain’s intelligence agencies and mass surveillance to make them more transparent, comprehensible and up to date. Here are some of the key findings:

All the surveillance activities of the intelligence agencies are lawful and proportionate. However, the Intelligence Services Act 1994 and the Security Service Act 1989 “could be misconstrued as providing the agencies with a ‘blank cheque’ to carry out whatever activities they deem necessary”. It recommends that the agencies’ powers are set out clearly and unambiguously under a new law. The agencies all need warrants signed by secretaries of state to access the content of communications. MI5 provides detailed rationale and justification but GCHQ and MI6 do not provide so much detail when applying to the foreign secretary. The committee recommends they copy the approach of MI5. The government should be allowed to reveal the existence of interception warrants where this does not damage national security.

The agencies are using “targeted techniques” to read the content of communications without a specific warrant approved by a minister. This needs further safeguards, the report says. Its recommendation is: “All capabilities which provide the content of an individual’s communications should be subject to the same legal safeguards, ie they must be authorised by a secretary of state and the application to the minister must specifically address the Human Rights Act ‘triple test’ of legality, necessity and proportionality.”

GCHQ conducts bulk interception but this is carried out in a targeted and filtered way. The agency discovers unknown threats and generates leads through “complex searches to draw out communications most likely to be of greatest intelligence value”. The committee says it is unavoidable that some innocent communications may have been incidentally collected.

The disruption of terror attacks trumps privacy concerns when it comes to bulk interception. The report says: “While we recognise privacy concerns about bulk interception, we do not subscribe to the point of view that it is acceptable to let some terrorist attacks happen in order to uphold the individual right to privacy – nor do we believe that the vast majority of the British public would. In principle it is right that the intelligence agencies have this capability, provided – and it is this that is essential – that it is tightly controlled and subject to proper safeguards.”

GCHQ collects bulk external communications, which are “communications where at least one end is overseas”. The committee found the the current system of ‘internal’ and ‘external’ communications is confusing and lacks transparency in relation to the internet and recommends that the government publishes an explanation of which internet communications fall under which category.

The protections afforded to people in the UK when it comes to the agencies reading their communications should be extended to UK nationals abroad.

The committee is concerned that while misuse of GCHQ’s interception capabilities is unlawful, it is not a specific criminal offence. It recommends that the law should be amended to make abuse of intrusive capabilities a criminal offence.

Some categories of communications data can reveal details about a person’s private life (ie their habits, preferences and lifestyle). The committee says there should be a new category called “communications data plus” that requires greater safeguards.

The agencies use something called “bulk personal datasets” – large databases containing personal information about a wide range of people – to identify individuals in the course of investigations, to establish links, and as a means of verifying information obtained through other sources. The committee says this is already lawful but should be given its own statutory footing.

The intelligence agencies are carrying out intrusive surveillance under the authority of other public bodies, which needs greater oversight. They are not keeping comprehensive records of intrusive surveillance conducted outside the UK, which is “unacceptable”. Ministers should be give a list of these operations every six months.

A new oversight regime may be needed to govern the way intelligence agencies conduct “IT Operations against computers or networks in order to obtain intelligence” given the growth of this intrusive work.

GCHQ only seeks information from foreign partners on individuals whom they themselves are intercepting – therefore there would always be a RIPA warrant in place already. However, this is only a matter of policy and is not required by legislation. The committee recommends that future legislation should clearly require the agencies to have an interception warrant in place before seeking communications from a foreign partner.

