GCHQ and Mass Surveillance

The Intelligence and Security Committee has published the findings of its Privacy and Security Inquiry. At the same time Open Rights Group is publishing its own report into the activities of GCHQ and their impact on British citizens.

The consequences of GCHQ’s activities have the potential to harm society, the economy and our foreign standing. These have not been fully explored by Parliament. We hope that this report helps MPs to understand the range of GCHQ’s activities and the fact that they affect ordinary people not just those suspected of threatening national security.

The chapters of the report are available below in PDFs. This is a working document. We will be revising the content for a second edition in the light of the ISC report, and any feedback you may wish to give us.

Please contact Javier Ruiz about the report javier@openrightsgroup.org

For press queries please contact Pam Cowburn pam@openrightsgroup.org

GCHQ and Mass Surveillance Report Recommendations

Read the full report below

Reforming the law

1. The main laws that regulate surveillance, RIPA and DRIPA, should be repealed and replaced by new comprehensive surveillance legislation that complies with human rights law and reflects the current technical landscape. These would mean:

  • Targeted surveillance not mass surveillance

  • Prior judicial authorisation for all surveillance decisions

  • Increasing the legal protection for communications data so that it is the same as for the content of communications

  • Ending statutory definitions that are out outdated in the digital age – such as the current distinctions between ‘internal’ and ‘external’ communications.

Reforming oversight

2. We need to reform the ISC so they are:

  • fully independent and accountable to Parliament not the Executive

  • properly resourced and staffed with independent experts able to undertake detailed forensic investigations, and an independent secretariat, including independent legal and technical advisors

  • have a thorough understanding of the risks that mass surveillance poses and how these are balanced against national security. These include risks for society, the economy and the security of the Internet

  • are able to explain these risks to the public.

3. The Prime Minister must report to Parliament and the ISC to explain their understanding of the cost benefit analysis that informs decisions behind surveillance. We need to know when the security of the Internet should take precedence over national security and who decides if it’s right that GCHQ breaks the security systems of private companies in the name of national security.

4. The “Neither Confirm Nor Deny” policy must be reduced to what is strictly necessary, combined with official acknowledgement and engagement on overall capabilities and major programmes. All oversight bodies need to be able to publish more detailed reporting.

Protect the security of the internet

5. We need primary legislation to regulate the interference of equipment, domestically and internationally.

6. We need a national debate about how to govern cyber warfare and how this affects GCHQ’s surveillance remit.

7. We need a parliamentary debate about how to constrain GCHQ’s activities that threaten Internet security.

Protecting national security

8. We need a full public debate about the impact on sovereignty of the high levels of technical integration of GCHQ and the NSA and the near total sharing of sources of raw data. This will require the publication of more information on the agreements governing these relationships.

9. The new National Security Strategy should recognise that the security of individuals and organisations should be a primary goal.

Protecting foreign standing

10. We need an independent review of the GCHQ’s operations on our wider foreign policy, including the impact on multi-stakeholder internet governance and our human rights objectives.

GCHQ and Mass Surveillance Report – Chapters as PDFs

00 – Introduction

01 – Part One, Chapter One – Passive Collection

02 – Part One, Chapter Two – Invasive Collection

03 – Part One, Chapter Three – Analytics and Usage

04 – Part One, Chapter Four – Global Surveillance

05 – Part One, Chapter Five – Offensive Capabilities

06 – Part Two, Chapter Six – The Legal Regime

07 – Part Two, Chapter Seven – Oversight

08 – Part Two, Chapter Eight – Threats and Risks

09 – Conclusion

10 – Recommendations

11 – Acknowledgements