The report of the Intelligence and Security Committee was like a piece of bad theatre. A ghostly giant loomed over the proceedings, making mice of those who made up the committee. The giant was a man with short hair and horn-rimmed glasses: Edward Snowden.
It was his leaks to The Guardian that forced the committee to address the issues of a completely out-of-control surveillance system, in the UK and elsewhere. Not that you’d guess it from the report: Snowden gets two incidental mentions.
The committee would clearly like him in a lockup somewhere, preferably one whose key was on the seabed in the Mariana Trench in mid-Pacific.
Not once in the whole dreary 147 pages of the report did these eminent law-makers, all members of the Privy Council, address the key crime identified in the UK by Snowden – the criminal and unlawful Prism programme.
Prism is the espionage programme of a foreign state, albeit an ally, which is being run in the UK. The programme is implemented by nine companies, although there may be others, who are paid, and take their orders, from the National Security Agency in Maryland, US.
The companies – Apple, Microsoft (including Hotmail), Google, Facebook, Yahoo, YouTube, Pal Talk, AOL and Skype – are ordered to obtain “email, chat, video and voice, videos, photos, stored data, VoIP, file transfers, video conferencing, notification of target activity, logins, online social networking details, special requests”.
This makes a tasty meal of unauthorised mass surveillance and warrantless interception, the latter a criminal offence.
Unanswered legal questions
Here is what Sir Anthony May, the Interception Commissioner, told the Prime Minister, David Cameron, last year about the UK’s Regulation of Investigatory Powers Act (RIPA): “Section 1(1) of RIPA makes it an offence for a person intentionally and without lawful authority to intercept at any place in the United Kingdom, any communication in the course of transmission by means of a public postal service or public telecommunications system.”
The text of Section 1, part 2 of RIPA also covers private communications.
Relying on May’s observation, it is possible to say that the nine companies have no warrants, since they are not named in RIPA as bodies that may obtain warrants.
RIPA, as May has observed, is a difficult act. That is the one fact that the committee agreed on. RIPA may be awful, but so are the other 13 associated acts. And the committee wants them all reformed.
Why Cameron has not yet escaped Prism
Given that the Prime Minister had vetted the committee report, it must have come as something of a shock to him yesterday to find that he had not quite escaped the spectre of Prism. Around tea time, he was presented with some awkward written questions from the House of Lords.
The culprit, Lord Laird, a fellow of the BCS and a former computer programmer, had previously written to the PM asking him what the programme was and whether it affected Parliament.
Cameron used William Hague to dodge the question and answer the letter. But Hague did admit the government knew about Prism in June 2013. Presumably even the government reads The Guardian, where the Snowden revelations appeared on 6 and 7 June 2013.
And what about human rights?
The committee relied enormously on the assertion by the intelligence services that they were, whatever else, compliant with Article 8 of the Human Rights Act, which prohibits interferences with private correspondence and family life.
Last year, Sir Anthony May rather pointedly reminded the Prime Minister that, in the light of public concerns about the potential intrusive invasion of privacy following the Snowden revelations, particularly in the US and Europe, that“unjustified and disproportionate invasion of privacy by a public authority in the UK would breach Article 8 of the European Convention on Human Rights just as much here as in other parts of the European Union”.
If we take GCHQ at its word, as the committee did, then the only public authority invading privacy in the UK is the authority behind Prism, the National Security Agency of the US. And the committee never addressed the issue. This is in line with the stance adopted not by the intelligence services, but by the Prime Minister.
UK may have tried and failed to stop Prism
The assumption has to be that any attempts by Cameron to get President Obama to stop Prism in the UK have been in vain. One indicator of how far the Prime Minister may have gone to try to get the US to see reason was the amazing article in The Financial Times on 4 November last year.
It was written by Robert Hannigan, incoming director of GCHQ, and can only have been released with the Prime Minister’s permission. In the strongest language ever used by a high British official about anything American, Hannigan described the web as the “terrorist’s command and control network of choice” and went on to say that the intelligence services needed “greater support.. from the largest US technology companies which dominate the web”.
Hannigan suggested that the public is critical of the US internet giants because of their tax avoidance, lack of regard for their customers’ privacy and child protection.
He may have overestimated the public’s position, however. The Financial Times conducted a poll of its readers, asking whether they were prepared to sacrifice the right to privacy in the fight against terrorism. Some 664 readers responded, with 35% saying yes and 65% saying no. Privacy, as the great US Supreme Court judge Louis Brandeis observed, is precious.
“They [the signatories of the US constitution] sought to protect Americans in their beliefs, their thoughts, their emotions and their sensations,” he said. “They conferred against the government, the right to be let alone – the most comprehensive of rights and the right most valued by civilized men.”
Parliamentary sovereignty ignored
The Intelligence and Security Committee was alerted, in some of the evidence it received, to the fact that Prism poses a threat to the private data of parliament and itself, and to the private communications of MPs, which it ignored totally.
John Hemming, an MP and cryptographer who has written to the Prime Minister raising concerns about the security of parliamentary data, is critical of the ISC report, saying: “The committee appears to have failed to consider that its own emails are now more available to the US security services than they are to the UK security services.”
Some people may be happy for the government to have back-door access to everything they do on the internet, but Hemming sees a need for the balance to be shifted back to personal privacy.
“The laws relating to surveillance do need to be reviewed, but a greater emphasis on human rights and the rule of law internationally will have a greater long-term effect on reducing terrorism,” he says.
Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK
This was first published in March 2015