Report detailing GCHQ’s mass surveillance, intrusion and integration with the NSA, detailing the threats and risks it creates
The Intelligence and Security Committee has published the findings of its Privacy and Security Inquiry. At the same time Open Rights Group is publishing its own report into the activities of GCHQ and their impact on British citizens.
The consequences of GCHQ's activities have the potential to harm society, the economy and our foreign standing. These have not been fully explored by Parliament. We hope that this report helps MPs to understand the range of GCHQ's activities and the fact that they affect ordinary people not just those suspected of threatening national security.
The chapters of the report are available below in PDFs. This is a working document. We will be revising the content for a second edition in the light of the ISC report, and any feedback you may wish to give us.
Please contact Javier Ruiz about the report firstname.lastname@example.org
For press queries please contact Pam Cowburn email@example.com
1. The main laws that regulate surveillance, RIPA and DRIPA, should be repealed and replaced by new comprehensive surveillance legislation that complies with human rights law and reflects the current technical landscape. These would mean:
Targeted surveillance not mass surveillance
Prior judicial authorisation for all surveillance decisions
Increasing the legal protection for communications data so that it is the same as for the content of communications
Ending statutory definitions that are out outdated in the digital age – such as the current distinctions between 'internal' and ‘external' communications.
2. We need to reform the ISC so they are:
fully independent and accountable to Parliament not the Executive
properly resourced and staffed with independent experts able to undertake detailed forensic investigations, and an independent secretariat, including independent legal and technical advisors
have a thorough understanding of the risks that mass surveillance poses and how these are balanced against national security. These include risks for society, the economy and the security of the Internet
are able to explain these risks to the public.
3. The Prime Minister must report to Parliament and the ISC to explain their understanding of the cost benefit analysis that informs decisions behind surveillance. We need to know when the security of the Internet should take precedence over national security and who decides if it's right that GCHQ breaks the security systems of private companies in the name of national security.
4. The “Neither Confirm Nor Deny” policy must be reduced to what is strictly necessary, combined with official acknowledgement and engagement on overall capabilities and major programmes. All oversight bodies need to be able to publish more detailed reporting.
5. We need primary legislation to regulate the interference of equipment, domestically and internationally.
6. We need a national debate about how to govern cyber warfare and how this affects GCHQ’s surveillance remit.
7. We need a parliamentary debate about how to constrain GCHQ's activities that threaten Internet security.
8. We need a full public debate about the impact on sovereignty of the high levels of technical integration of GCHQ and the NSA and the near total sharing of sources of raw data. This will require the publication of more information on the agreements governing these relationships.
9. The new National Security Strategy should recognise that the security of individuals and organisations should be a primary goal.
10. We need an independent review of the GCHQ's operations on our wider foreign policy, including the impact on multi-stakeholder internet governance and our human rights objectives.