UK gov publishes whitewash investigation into PRISM
Privacy & Security Posted on July 19, 2013
The UK Intelligence and Security Committee has attempted to absolve UK authorities of any responsibility in the PRISM scandal and has published the results of an investigation into claims GCHQ along with the NSA violated UK law.
The investigation, headed by Sir Malcom Rifkind, only looked at PRISM and not the Tempora programme, which was specific to the UK intelligence services. Surprise, surprise, Rifkind doesn’t find any fault with the UK intelligence services’ conduct when it comes to working with US authorities and sharing data on UK citizens.
Rifkind says the most serious allegation against GCHQ is that the organisation acted illegally by accessing communications content via the PRISM programme. This accusation was
backed-up by the Guardian’s report on GCHQ’s involvement with PRISM and the culture of ‘don’t ask don’t tell’ with regards to intelligence information gleaned from the NSA’s activities.
Here are the key points on what Rifkind says about the validity of the accusations:
“It has been alleged that GCHQ circumvented UK law by using the NSA’s PRISM programme to access the content of private communications. From the evidence we have seen, we have concluded that this is unfounded.
We have reviewed the reports that GCHQ produced on the basis of intelligence sought from the US, and we are satisfied that they conformed with GCHQ’s statutory duties. The legal authority for this is contained in the Intelligence Services Act 1994.
Further, in each case where GCHQ sought information from the US, a warrant for interception, signed by a Minister, was already in place, in accordance with the legal safeguards contained in the Regulation of Investigatory Powers Act 2000.”
Ignoring the bigger picture
Let’s take Rifkind’s arguments point by point. Number one: Yes there may be no direct evidence that GCHQ circumvented UK law by accessing private communications, but that misses the point of the accusations, which were that the NSA withheld how it obtained most of the communications data from the UK authorities (with GCHQ’s consent). It also specifies the “content” of communications and not the metadata surrounding the communications, which appeared to be PRISM’s main purpose and was what most of the accusations concerned.
Two: Rifkind reaffirms the statutory basis for PRISM in the 1994 Intelligence Services Act. This justification has already been torn down by others. Yes, maybe no laws have been broken. But how can surveillance legislation drafted in 1994 have any relevance to the internet era, where data mining is taking place on a scale that no one imagined two decades ago. The law clearly isn’t fit for purpose.
Three: Rifkind then invokes RIPA, which itself has been the subject of controversy, as it allows so many disparate agencies and authorities the ability to access communications data without a warrant. The government no long records the amount of communication requests made under RIPA, but last count – in 2009 – it stood at over 500,000 per year.
Inadequate laws
However, the ISC’s report wasn’t a total whitewash. Rifkind does point out the confusion around the laws regarding surveillance in the UK. He admits the currently legal framework is a “complex interaction” between the Human Rights Act, the Intelligence Services Act and RIPA. All of this legislation is rather dated and doesn’t take into account the communications shift presented by the internet. This is also something Rifkind thankfully admits, saying:
“Although we have concluded that GCHQ has not circumvented or attempted to circumvent UK law, it is proper to consider further whether the current statutory framework governing access to private communications remains adequate.”
If the Intelligence Services Committee is saying the current statutory framework governing access to private communications may be inadequate, then politicians should pay close attention.
Suggest an edit on GitHub.