An inquiry by the UK government into the bulk interception of communications data has cleared the country's spy agencies of wrong-doing. The report by the Intelligence and Security Committee (ISC) said that the UK's spies "do not seek to circumvent the law," and that their activities do not constitute "blanket surveillance" or "indiscriminate surveillance." However, the report condemns the legal framework surrounding digital surveillance in the UK, saying it is "unnecessarily complicated and – crucially – lacks transparency."
"The current, overly complicated, legislation."
The inquiry by the ISC was launched in 2013 after leaks by former NSA contractor Edward Snowden revealed the extent of online surveillance by both the US and UK. "In a democratic society," says the heavily-censored report, "those powers cannot be unconstrained: limits and safeguards are essential." The report concludes that its findings are "reassuring," but that they "do not obviate the need for a thorough overhaul of the current, overly complicated, legislation."
The ISC states that the bulk interception of data by GCHQ and other UK spy agencies is necessary not only to investigate specific threats, but also discover new leads. GCHQ reportedly targets a "very small percentage of the ‘bearers’ that make up the internet" (these bearers are described as international fibre optic cables carrying up to 10 gigabits of data per second), and that only a "very tiny percentage" of communications that are collected are actually opened by analysts.
"fewer than *** of *** per cent of the items that transit the internet are read."
However, it's difficult to judge just how small this percentage actually is, as any concrete figures are censored. For example, the report says with regards to the interception of messages: "In practice, this means that fewer than *** of *** per cent of the items that transit the internet in one day are ever selected to be read by a GCHQ analyst."
A separate report from the UK's Interception of Communication Commissioner's Office (IOCCO) also published today offers a little more insight. It says that in 2014, the UK issued 2,795 warrants to intercept communications data, that is, to open up and read a message's content. Of these, says the IOCCO, 60 were "interception errors," a category that includes mistakes ranging from "over-collection" to "unauthorized selection."
Access to Communications data was authorized half a million times
In 2014, however, the UK also saw more than half a million authorizations (517,236) for police and law enforcement agencies to access "communications data." In the ISC's report this category is defined as "the details about a communication – the ‘who, when and where’ – but not the content of what was said or written." The IOCCO says that although there were "some examples where [these] powers had been used improperly or unnecessarily," on the whole it was happy that there was no "significant institutional overuse" of communications data.
The report by the ISC also said that a small number of staff at intelligence agencies in the UK had been dismissed for inappropriately accessing data. One GCHQ staff member is mentioned as being "dismissed" for "misusing access to GCHQ’s systems," while an undisclosed number of individuals from other agencies have been "disciplined – or in some cases dismissed." Lord Butler of Brockwell, one of the ISC members, said that there were only "very small single figures of abuse."