A much-anticipated government report officially acknowledges what Edward Snowden revealed to the world many months ago: the UK has been intercepting communications en masse. But rather than condemn the widespread snooping, the report endorses the so-called “bulk” surveillance practices. This outcome raises serious concerns about the effectiveness of oversight mechanisms in the UK.
The report, released March 12 by the UK Parliament Intelligence and Security Committee, raises more questions than it answers. For example, the committee describes the Government Communications Headquarters (GCHQ) mass interception practices as “bulk,” but states they are not “indiscriminate” or “blanket”. The average Internet user may not see much distinction between these terms in assessing the risk to their privacy, especially since the committee also acknowledges that the GCHQ collects a “very significant number of communications each day.” These findings provide cold comfort and leave many unanswered questions about how narrowly “targeted” these programs are.
How many communications and individuals are potentially at risk of state intrusion each day? We don’t know. At what point would GCHQ’s mass collection constitute a disproportionate and unacceptable intrusion into their private life? The committee leaves us guessing. The report’s analysis of how many communications are collected, read or analyzed is heavily redacted. Without more information, the report provides little assurance to global Internet users that their communications are not unnecessarily swept up.
The committee found no evidence that UK security and intelligence agencies have sought to circumvent the law. But it sidesteps the key problem – the overbroad nature of the UK legislation that makes GCHQ’s practices lawful. The committee recommends a comprehensive overhaul of legislation governing the agencies, as well as any sharing arrangements. But the committee’s concern is only the laws’ lack of transparency, not that the law violates the right to privacy.
These laws should be reformed and any new regulation should constrain the government’s expansive surveillance powers and ensure greater transparency. The fact that these programs are only now being subject to debate (and only thanks to Snowden) suggests current oversight is deeply flawed and is failing to safeguard the public’s interest. The ISC has repeatedly failed to hold the government to account for the failings of the security services. Despite modest tweaks to its mandate, the prime minister still nominates its members, and has the final say on what material in the committee’s reports can be made public.
Surveillance capabilities will continue to expand as technology makes spying and data analysis cheaper and more efficient. Governments around the world are building their own mass surveillance systems, which are increasingly used to target critics and facilitate other abuses. The UK should lead by example: UK policymakers should future-proof privacy protections through better laws and stronger oversight mechanisms as well as greater transparency. Accepting the legitimacy of current mass surveillance programs is another step towards a surveillance state. We cannot allow our digital privacy to disappear.