Britain’s spies should be allowed to continue harvesting large amounts of data from emails, the government’s reviewer of terror legislation said.
David Anderson has published a review of so-called bulk interception powers.
He found there was no viable alternative to the use of the powers by GCHQ, MI5 and MI6 in the fight against terror.
He also backed the hacking of phones and computers “in principle”, with some reservations.
The operational case for this kind of surveillance, known as “bulk equipment interference,” was “not yet proven” as it had yet to be used, he said.
His findings are a boost for Prime Minister Theresa May, who ordered the review when she was home secretary, in response to privacy concerns raised by Labour.
Many of the practices investigated by Mr Anderson, who was given access to details of operations by British spies in Afghanistan and other foreign territories, had been secret until recently.
They will be put on a firm legal footing by the government’s Investigatory Powers Bill, dubbed the “snooper’s charter” by critics, which is due to return to Parliament later this year.
The review focused on the activities of the security services and did not examine the case for the retention of internet records for 12 months – the other controversial aspect of the bill.
In a statement, Mrs May said: “Mr Anderson’s report demonstrates how the bulk powers contained in the Investigatory Powers Bill are of crucial importance to our security and intelligence agencies.
“These powers often provide the only means by which our agencies are able to protect the British public from the most serious threats that we face. It is vital that we retain them, while ensuring their use is subject to robust safeguards and world-leading oversight which are enshrined in the IP Bill.”
Shadow Home Secretary Andy Burnham welcomed the report but said it was “concerning” that Mrs May had not accepted it in full.
“She and the home secretary must accept the report in its entirety and deliver on the separate concessions extracted by Labour in the Commons – tougher restrictions on the use of Internet Connection Records and stronger protections for journalists and lawyers,” he said.
Bulk interception differs from targeted interception – bugging a suspect’s phone for example – in that it involves the harvesting of large quantities of data from the internet and emails. The data is then sifted and sorted by investigators.
In his review, David Anderson said bulk powers were used by Britain’s spy agencies for “cyber-defence, counter-espionage and counterterrorism,” as well as investigations into child sexual abuse and organised crime.
Alternative methods of gathering data were available but were “often less effective, more dangerous, more resource-intensive, more intrusive or slower,” the review says.
He backed three kinds of bulk data acquisition:
- Bulk interception: The tapping of internet cables by GCHQ to target suspects outside the UK. The review says this is of “vital utility” to the security and intelligence agencies, citing the case of a kidnapping in Afghanistan that would have led to the killing of hostages, if spies had not used these powers.
- Bulk acquisition of communications data: The gathering of data about communications but not the content of it. Only disclosed publicly in November last year, for MI5 it has “contributed significantly” to the disruption of terrorist operations, Mr Anderson’s report said.
- Bulk personal data sets: Databases of personal information, which could include everything from the electoral register to supermarket loyalty schemes, which the security services acquire openly or covertly.
But he expressed some reservations about a fourth practice – bulk equipment interference, which involves hacking into smart phones or computers over “a large geographical area”, saying there was “a distinct (though not yet proven) operational case” for it.
Unlike the other bulk powers described in the review, this one has yet to be used, it says.
Mr Anderson also recommended that an independent panel of technical experts be set up to advise about the impact of changing technology “on how MI5, MI6 and GCHQ could reduce the privacy footprint of their activities”.
Lib Dem home affairs spokesman Alistair Carmichael welcomed the report – but said it was now up to MPs and peers to scrutinise the Investigatory Powers Bill to ensure privacy intrusion is kept to a minimum.
But he also criticised the fact that a similar review has not been carried out into plans to retain internet records, describing this as an “excessive and authoritarian measure that not only erodes our privacy but will likely to prove to be a waste of money and fall foul of our courts”.
Bella Sankey, policy director at campaign group Liberty, said: “Liberty called for an impartial, independent and expert inquiry into these intrusive powers – yet sadly this rushed review failed on all three counts.”
She added: “This was an opportunity to properly consider the range of targeted methods that could be used as effective alternatives to indiscriminate and potentially unlawful powers. That chance has been wasted.”