The US has recently taken steps to cut back on its surveillance programmes. In the UK, the government has just received the green light to continue.
The UK can continue to collect bulk data on overseas communications and can access bulk data held by telephone companies and internet service providers on UK citizens.
An investigation by the Independent Reviewer of Terrorist Legislation into the effectiveness of surveillance legislation has concluded that the UK government does need to access bulk communications data in the interests of national security.
A final report by lawyer David Anderson, published on June 11, acknowledges that there needs to be a clearer and more consistent legal framework to govern surveillance activities – but still concludes that public bodies need to be able to respond to security threats and “follow suspects in a borderless online world”.
The investigation was launched partially in response to the revelations of NSA whistleblower Edward Snowden about the extent to which the UK and US governments were spying on their citizens. Almost two years on, after an enormous backlash, the US Congress recently passed the USA Freedom Act, restricting the ability of intelligence agencies to collect bulk data on US citizens.
Targeted surveillance is very different to bulk data collection. In targeted cases, it’s generally accepted that the government should be able to access an identified person’s communications where sufficient grounds, such as a threat to national security, are established.
Bulk data collection, on the other hand, involves gathering large amounts of data, including that relating to persons who are not under suspicion for any wrongful activity.
In approving the government’s bulk data collection activities, Anderson recommended additional safeguards, such as the identification of a specific mission to be accomplished, to ensure that it is only aimed at those believed to be outside of the UK.
The report also backs the Data Retention and Investigatory Powers Act, under which service providers may be required to retain communications data on their customers for up to a year. The data collected is detail about communication such as the number dialled, the date and time, rather than the actual content of calls and emails.
While bulk data collection is aimed at overseas communications, the government can be authorised to access the communications data of UK citizens when held by service providers.
The end of privacy?
The silver lining for privacy campaigners in all this is that the report does recommend greater oversight of data collection and greater transparency about the activity. Under its recommendations, a new body called the Independent Surveillance and Intelligence Commission would be established to monitor the activities of the government. This would include issuing warrants for bulk data collection.
Anderson says the confusion surrounding existing laws on surveillance is “undemocratic, unnecessary and – in the long run – intolerable”. He recommends a “comprehensive and comprehensible” law be drafted from scratch, setting out the limits of the government’s intrusive powers.
The new law should make it clear that any surveillance that takes place must be necessary, for example in the interests of national security, and any intrusion into privacy proportionate to that need.
Immediately following the publication of the report, Home Secretary Theresa May announced that a draft surveillance bill would be published in the autumn, with legislation in place by the end of 2016.
Although it says that the commission charged with overseeing the government’s activities will be independent and well resourced, Anderson’s report will come as a blow for privacy campaigners.
But the report is not all good news for the government. Whereas ministers currently approve warrants for intercepting communications for agencies like GCHQ, Anderson suggests handing that role to judges. This is the one area touched on in the report that the government might push back on.