GCHQ does not engage in indiscriminate blanket surveillance

When Edward Snowden blew the whistle on the activities of the NSA, it sparked a global interest in how internet traffic is monitored. The UK's Intelligence and Security Committee of Parliament today published a report into online surveillance carried out by GCHQ, MI5 and MI6 after an 18-month inquiry.

Among the findings is the conclusion that surveillance is legal, but an overhaul is needed to increase transparency. The suggestion that GCHQ's interception of emails "does not equate to blanket surveillance, nor does it equate to indiscriminate surveillance" is likely to be met with skepticism. But what's likely to raise more eyebrows is the revelation that the agency has apparently managed to crack encryption.

While the Intelligence and Security Committee of Parliament found that surveillance was entirely legal, countering allegations that UK laws had been circumvented, the report recognizes that there is a need for change. There is the admission that the "legal framework is unnecessarily complicated and lacks transparency", the suggestion being that the current lack of transparency leads people to be suspicious of all monitoring activities. Bulk surveillance was singled out for particular attention by the inquiry.

It was found that there are three stages of selecting data for viewing: targeting, filtering and selection. The report suggests that this process means that only a very small proportion of collected data is actually read -- something that the NSA said of its dragnet data collection. "Only a very tiny percentage of those collected are ever seen by human eyes". There is also the statement that:

"GCHQ is not collecting or reading everyone's emails: they do not have the legal authority, the resources, or the technical capability to do so".

Despite this, data about entirely innocent people has been collected. It's no good thinking that your private data is safe if you've opted to use encryption, because GCHQ is actively engaged in cracking it:

c) Reading Encrypted Communications

179. Terrorists, criminals and hostile states increasingly use encryption to protect their communications. The ability to decrypt these communications is core to GCHQ’s work, and therefore they have designed a programme of work -- *** -- to enable them to read encrypted communications. There are three main strands to this work:

i) ***;

ii) developing decryption capabilities ***;185 and

iii) ***.186

As this section shows, the report is heavily redacted, and this can make it difficult to fully get a sense of what activities have been taking place. While the report looks to the historic activities of UK intelligence agencies, it looks to the future more than it does to the past.

The main recommendation for moving forward is that the piecemeal collection of acts and laws that govern surveillance should be replaced by a single law. It is suggested that this would help to eliminate ambiguities. Statutory oversight of the use of bulk datasets should also be introduced as the agencies attempt to battle public suspicion.

Photo credit: Gil C / Shutterstock