Report: Privacy and Security: A Modern and Transparent Legal Framework (Intelligence and Security Committee of Parliament)

The Intelligence and Security Committee of Parliament (ISC) is a statutory committee of the UK Parliament that has responsibility for oversight of the UK intelligence agencies. The ISC works to scrutinise the work of the UK intelligence community and hold them to account. A report published by the ISC in 2015 investigatea the legality of the agencies use of interception and other powers.[1]

The report describes the dilemma it addresses as an issue of security against privacy. The ISC considers the role of intelligence and security agencies to be crucial to protect UK citizens “from threats to their safety,” but also menstions “economic well-being” and the “detection and prevention of serious crime.” On the other hand, the committee notes that “in a democratic society those powers cannot be unconstrained” and suggests several changes to the current system of surveillance. One of the main recommendations is a legislative overhaul of the current legal framework governing the intelligence and security agencies. While the ISC is satisfied that the agencies do not seek to circumvent the law, they do conisder the current framework to be “piecemeal, and […] innecessarily complicated.” The resulting lack of transparency is not in the public interest. The ISC seeks to establish a more appropriate legal regime, which would address the following:

  • “the need for greater transparency;a more streamlined, simpler process;
  • greater safeguards in relation to British citizens overseas, and for individuals who work in ‘sensitive’ professions that require privacy for their work;
  • and,increased oversight by the Interception of Communications Commissioner.”

A major focus of the investigation was the scale of Agency interception of communications. The committee found that GCHQ’s bulk interception systems collect only a small amount of communications from a small percentage of the bearers that make up the Internet; these activities “cannot therefore realistically be considered blanket interception.” The ISC considers it to be reassuring that “GCHQ are not reading the emails of everyone inthe UK.” The use of filters and search queries reduce the quantity of communications that are opened and read by human analysts. This does not address the issue whether the collection of data should be considered to be an infringement to the right of privacy.

For example, the ISC recommends to separate intelligence and law enforcement functions and distinguishes between ‘internal’ communications between two or more people in the UK, and ‘external’ communications’ involving at least one foreign participant. In the current framework, different systems of warrants apply here: in the former case, a RIPA 8(1) warrant signed by a Secretary of State naming the individual is required for targeted interception; in the latter case, a broader authority exists under section 8(4) for searching without naming an individual, also through a warrant signed by a Secretary of State.

The ISC considers the issue of the access to and use of communications data (CD), or metadata. It finds a continuing meaningful distinction between content and communications data, finding that “while the volume of CD available has made it possible to build a richer picture of an individual, this remains considerably less intrusive than content. It does not therefore require the same safeguards as content does. [3]” Nonetheless, the report highlights the growing grey area between these two categories of data, including “information such as web domains visited or the locational tracking information in a smartphone.” The report therefore recommends that this category of data be labelled ‘Communications Data Plus”, and that it should “attract greater safeguards than the narrowly drawn category of Communications Data.”

In addition, the report considered agency use of other powers, including targeted surveillance, interference with property and wireless technology, the reading of encrypted communications and the use of covert human intelligence sources.

[1] Intelligence and Security Committee, Report on Privacy and Security, 2015. Accessible at http://isc.independent.gov.uk/files/20150312_ISC_P+S+Rpt(web).pdf