Heads of the UK’s intelligence services insist all they do in terms of mass surveillance is strictly within the confines of UK law.
GCHQ director Iain Lobban, head of MI5 Andrew Parker, and head of MI6 John Sawers were responding to the first ever public questions from parliament’s Intelligence and Security Committee (ISC).
Lobban said that in searching through the immense haystack of the internet, GCHQ designs its queries around the data to draw out only the “needles”.
“We do not spend our time listening to calls or emails that are innocent – that would not be legal,” he said. “We do not look at any of the ‘hay’ because we cannot look at content without specific authorisation.”
All three men stated that their agencies operate only within the framework of UK law, with rigorous oversight from various sources.
In terms of those safeguards, Lobban said GCHQ is not entitled to monitor the activities of people who do not pose a serious security threat to the country.
“The strict criteria of the law are designed to protect privacy to the maximum, and insist on necessity and proportionality that guide the way we think and work,” he said.
Snowden revelations put intelligence operations at risk
However, all three were firm in their belief that the revelations by whistleblower Edward Snowden had been damaging to UK security and would make their jobs more difficult for years to come.
GCHQ is not entitled to monitor the activities of people who do not pose a serious security threat to the country
Iain Lobban, GCHQ
Sawers said he was not sure journalists managing the information are in a position to make judgements on the real effects of publishing that information.
“Snowden’s leaks have been damaging and have put our operations at risk. By alerting our targets about our capabilities, it has made it more difficult to collect the intelligence the UK needs.
Lobban said that since the publication of documents leaked by Snowden, GCHQ has seen discussions among various terror groups about changing their tactics.
“They have been discussing almost on a daily basis moving away from communications methods they now perceive to be less secure and moving to methods they now perceive to be more secure,” he said.
Although all three said the global nature of the internet and cyber threats are international and require collaboration with overseas intelligence agencies, none touched on the specific relationship with the US.
There was also no specific reference to GCHQ’s involvement with the US National Security Agency’s (NSA) Prism internet surveillance programme.
And while several related topics were touched on by questions from the ISC, very little new light was shed on the main questions around GCHQ’s links with the NSA and internet surveillance in general.
Responding to the ISC hearing, Nick Pickles, director of Big Brother Watch, said it was surprising that while world leaders and international experts express concern about the scale of surveillance and the need to review the laws and policies involved, Lobban, Parker and Sawers think there is no need for reform.
“Many people will find it is surprising that the head of GCHQ was not even asked about how a 29-year-old contractor in Hawaii [Edward Snowden] gained access to so much information about his organisation, or that the concerns of Tim Berners-Lee about weakening encryption were not addressed in any meaningful way,” he said.
Pickles said senior figures in the UK and US have all said that the Snowden revelations have not damaged national security, but the ISC seemed uninterested in challenging the “now familiar well-rehearsed soundbites from officials”.
He said while the public hearing is a welcome step towards long overdue transparency and a genuine debate about the legal framework, on today’s evidence there is still a long way to go.
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners.
If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com