Privacy International to ISC: UK intelligence laws unfit for modern digital era
The current legal framework governing intelligence activities in the UK is unfit for purpose in the modern digital era, and reform is urgently needed.
With this in mind, today Privacy International responded to the Intelligence and Security Committee’s call for evidence, addressing the question, “Whether the legal framework which governs the security and intelligence agencies’ access to the content of private communications is ‘fit for purpose’, given the developments in information technology since they were enacted.”
While we welcome scrutiny of the UK’s legal framework, we do have concerns about the process. In a separate letter sent to the ISC, Privacy International along with Big Brother Watch and Liberty called on Parliament to establish a full and independent inquiry, given the deeply flawed nature of this present investigation.
Nonetheless, in our submission Privacy International argues that evolving technology has rendered the current legal framework deficient in numerous ways. There are two particular shortcomings that have not received as much attention as they deserve: the secretive Five Eyes security arrangement and the discriminatory nature of British surveillance law.
Information access and sharing among Five Eyes is inadequately regulated
First, since the late 1940s the United Kingdom has been sharing and receiving intelligence from its partners in the Five Eyes alliance – the United States, Canada, Australia and New Zealand. In recent years, this information sharing has reportedly increased significantly as the Fives Eyes have rapidly developed their technological ability to obtain and share massive amounts of data.
Despite this, the agreements between States governing intelligence sharing remain secret, and current UK law places no meaningful restrictions on the information that the intelligence and security services can share with and obtain from this network. Privacy International believes that this lack of a clear and foreseeable legal regime governing Five Eyes data sharing is a violation of the European Convention on Human Rights (ECHR), and requires immediate reform.
Discriminatory RIPA violates ECHR
Second, the Regulation of Investigatory Powers Act 2000 (RIPA) contravenes the ECHR by prescribing differential standards for the interception of external, as opposed to internal, communications, providing a framework whereby the former can be intercepted and retained en masse.
This disparate treatment not only violates the privacy of those whose communications are interfered with, but also discriminates against non-UK nationals in violation of Article 14 of the ECHR. Given the nature of modern communications, which may be routed and intercepted anywhere in the world without the sender’s knowledge, such discrimination is neither reasonable nor justifiable.
While we welcome the gesture to investigate, we nonetheless believe that the ISC's inquiry is flawed from the start.
UK officials, including the members of the ISC, have repeatedly said that they will not comment on intelligence matters. While in the US more than 40 legal opinions and court rulings have been declassified, ministers here remain silent and refuse to even acknowledge the existence of the mass surveillance programs outlined in the Snowden documents.
With this lack of information, it is impossible to conduct a proper inquiry. Without explaining the application and interpretation of the current legal framework, the ISC cannot properly reassure the public that UK intelligence agencies have not acted beyond the law or undermined cyber security. The investigation is further hindered in that the call for comment does not even seek opinions on the oversight regime that has seemingly failed to keep the intelligence agencies in check. For at least these reasons, real reform in the UK is unlikely to occur until a full and independent inquiry involving outside experts is convened.