Parliament's Intelligence and Security Committee (ISC) today released a report into the laws and regulations governing Britain's intelligence services. In the wake of the Snowden revelations, public trust in Britain's spies, and in the necessity of the work they do, has been seriously damaged. The committee thinks that much of what the public is worried about is rooted in misconceptions about the intelligence services. It reckons that one way to remedy that is to simplify the “unnecessarily complicated” mish mash of laws that exists at the moment into one clear act governing the agencies.
But, while the report does go into a fair bit of detail about the processes used by the intelligence services, it also reveals plenty of gaps in our knowledge. Part of this is to do with the complexity of the issues involved, and part of it is to do with the heavy redactions to which the report has been subjected by the agencies to prevent the release of any compromising information. (If it hadn't been redacted to some extent, “dare I say it wouldn't seem like a real report,” one committee member joked to me afterwards—though along with several other members they stressed that the ISC had done all it could to include the maximum information possible without compromising national security.)
The march towards greater transparency for the intelligence services will, it seems, be gradual. Here are four key things we still don't know about our spies:
The committee has studied the amount of online communications the intelligence agency GCHQ observes, and has concluded that whatever people might think, “GCHQ are not reading the emails of everyone in the UK.” The report says that the agency only has technology in place to collect information from a small number of the “bearers” (data transmission devices) that make up the internet. Within these, the committee says that “only a certain amount of the material on those bearers is collected,” and that “further targeted searches” mean that only “those items believed to be of the highest intelligence value” are actually studied by GCHQ's analysts.
That's good to know, but without the hard figures that have been blanked out above, there's no way we can judge for ourselves if we agree with the committee's assessment of the numbers.
We know that all the intelligence agencies have access to a certain number of sets of personal data. We know that the committee—which has seen a lot of information we aren't allowed to—reckons they only have the access that they need to do their job. But we don't know which datasets they can access, what type of information they contain, and how many are held by each different agency.
The problem is that there are “grey areas:” types of information that aren't content, but reveal a lot more about a user than basic “who, when and where” details that traditionally made up communications data. For example, location tracking on your smartphone isn't quite so private as what you've said to a contact in confidence, but collecting it would let intelligence agencies build up a more detailed picture of your life than many would be comfortable with.
The report recommends that such grey areas be grouped into a third category of data subject to tighter restrictions. Whether the government will take them up on that remains to be seen.
On a wider level, we never know much about what the government thinks about the security services because of a “neither confirm nor deny” policy; in order to prevent inadvertant disclosures that might damage national security, the government thinks it best to say nothing at all. The committee says that will have to change.
But, while the report does go into a fair bit of detail about the processes used by the intelligence services, it also reveals plenty of gaps in our knowledge. Part of this is to do with the complexity of the issues involved, and part of it is to do with the heavy redactions to which the report has been subjected by the agencies to prevent the release of any compromising information. (If it hadn't been redacted to some extent, “dare I say it wouldn't seem like a real report,” one committee member joked to me afterwards—though along with several other members they stressed that the ISC had done all it could to include the maximum information possible without compromising national security.)
The march towards greater transparency for the intelligence services will, it seems, be gradual. Here are four key things we still don't know about our spies:
How much data they collect
One almost comical redaction caught my eye:#redacted#foryoureyesonlypic.twitter.com/EitTKwvCDc
— josh lowe (@JeyyLowe) March 12, 2015
The committee has studied the amount of online communications the intelligence agency GCHQ observes, and has concluded that whatever people might think, “GCHQ are not reading the emails of everyone in the UK.” The report says that the agency only has technology in place to collect information from a small number of the “bearers” (data transmission devices) that make up the internet. Within these, the committee says that “only a certain amount of the material on those bearers is collected,” and that “further targeted searches” mean that only “those items believed to be of the highest intelligence value” are actually studied by GCHQ's analysts.
That's good to know, but without the hard figures that have been blanked out above, there's no way we can judge for ourselves if we agree with the committee's assessment of the numbers.
What they already know about us
Here's another vintage redaction:
We know that all the intelligence agencies have access to a certain number of sets of personal data. We know that the committee—which has seen a lot of information we aren't allowed to—reckons they only have the access that they need to do their job. But we don't know which datasets they can access, what type of information they contain, and how many are held by each different agency.
How hard it is for them to collect more data on us
Regulations governing the intelligence services distinguish between the actual “content” of communications—for example the actual words in an email—and other “communications data”—details about the communication in question such as when it was sent, and to whom. Agencies are subject to fewer restrictions on what they can do with communications data compared to what they can do with actual content, because collecting data about communications is judged to be less intrusive than reading or listening to the content of those communications.The problem is that there are “grey areas:” types of information that aren't content, but reveal a lot more about a user than basic “who, when and where” details that traditionally made up communications data. For example, location tracking on your smartphone isn't quite so private as what you've said to a contact in confidence, but collecting it would let intelligence agencies build up a more detailed picture of your life than many would be comfortable with.
The report recommends that such grey areas be grouped into a third category of data subject to tighter restrictions. Whether the government will take them up on that remains to be seen.
What the government thinks about them
Particularly intrusive actions by the intelligence services need to be approved by a Secretary of State, who signs a warrant presented to them by the relevant agency. We know that an application by the services shouldn't reach the Secretary of State unless it is "necessary, proportionate and legal," but we don't have detail on individual decisions or applications. At the launch of the report earlier today, Labour committee member Fiona MacTaggart said the committee wanted to include a sample warrant in the report, but wasn't able to. The level of “detail and preceision” with which they are composed, she said “would convince you as we have been convinced” that the intelligence services generally have a good case for launching new actions. Again, we will have to take her at her word.On a wider level, we never know much about what the government thinks about the security services because of a “neither confirm nor deny” policy; in order to prevent inadvertant disclosures that might damage national security, the government thinks it best to say nothing at all. The committee says that will have to change.