Bulk interception is NOT mass surveillance, says parliamentary committee

Little human involvement

Lawmakers and peers arriving at this conclusion said is worth reviewing step by step, as explained in an extract from the ISC's statement on its report (below).

First, choosing which communications links, or bearers, to access: GCHQ’s systems operate on a very small percentage of the bearers that make up the internet.

Then, selecting which communications to collect from those links that are being accessed: GCHQ applies levels of filtering and selection such that only a fraction of the material on those bearers is collected.

Finally, deciding which of the communications collected should be read: further targeted searches, ensuring that only those items believed to be of the highest intelligence value are ever presented for analysts to examine.

Only a very tiny percentage of those collected are ever seen by human eyes.

Given the extent of targeting and filtering involved, it is evident that while GCHQ’s bulk interception capability may involve large numbers of emails, it does not equate to blanket surveillance, nor does it equate to indiscriminate surveillance.

The report also reveals the use of certain capabilities by UK intel agencies – such as Bulk Personal Datasets and Directions under the Telecommunications Act 1984 – for the first time.

The parliamentarians concluded: "GCHQ is not collecting or reading everyone’s emails: it does not have the legal authority, the resources, or the technical capability to do so".

The committee established that "bulk interception cannot be used to search for and examine the communications of an individual in the UK unless GCHQ first obtains a specific authorisation naming that individual, signed by a Secretary of State".

The findings, however, "do not obviate the need for a thorough overhaul of the current, overly complicated, legislation," the ISC concludes.

"There's a tension between the individual right to privacy and the collective right to security," said Hazel Blears MP, who sits on the ISC, in a statement (PDF). "This has been the focus of considerable debate over the past 18 months, and set the context for the Committee’s Inquiry into the range of intrusive capabilities used by MI5, MI6 and GCHQ."

"Agencies have been given legal authority to use a range of intrusive powers which they use to generate leads, to discover threats, to identify those who are plotting in secret against the UK and to track those individuals."

"However, in a democratic society those powers cannot be unconstrained: limits and safeguards are essential. In the UK, investigative action which intrudes into an individual’s privacy can only be taken where it is for a lawful purpose and is determined to be necessary and proportionate."

The 149 page report – Privacy and Security: A modern and transparent legal framework – can be found here. ®