If the Intelligence and Security Committee is to be an effective scrutineer, it must be able to rely on the accuracy of the information provided by the security services

Recent events at the Intelligence and Security Committee (ISC), the Parliamentary body tasked with holding MI5, MI6, and GCHQ to account, have shown the difficulty of knowing fully the activities of these organisations. Andrew Defty explores the possibility that representatives from GCHQ may have recently given a misleading impression to the ISC. 

As part of a case currently under consideration by the Investigatory Powers Tribunal (IPT), it was revealed last week that GCHQ receives, unanalysed intercepted communications data from other states without a warrant signed by a Secretary of State under the  Regulation of Investigatory Powers Act (RIPA). According to Privacy International the existence of arrangements to receive intercepted material without a warrant appeared to contradict reassurances given by the Intelligence and Security Committee (ISC) in July 2013 that ‘in each case where GCHQ sought information from the US, a warrant for interception, signed by a Minister, was already in place’.

The IPT case is being brought by Privacy International in association with Amnesty International and Liberty, in response to the Snowden revelations. Although the policy was revealed during a secret hearing of the Tribunal, details were disclosed in order to allow the claimants to comment. According to the evidence provided by GCHQ, in addition to intercepted material which is received under a RIPA warrant, the agency also receives, both solicited and unsolicited, ‘unanalysed intercepted communications’ without a relevant interception warrant when ‘it is not technically feasible to obtain the communications via RIPA interception.’

Under RIPA, warrants may be secured for two categories of material. A warrant under section 8(1) provides for the interception of communications in relation to named persons or premises. In addition, under section 8(4) which relates only to communications outside the United Kingdom, warrants are much less specific requiring only ‘the description of intercepted material the examination of which [the Secretary of State] considers necessary.’ Both warrants apply not only to material collected by British agencies, but also that which they receive through intelligence-sharing arrangements with other powers. The evidence to the IPT suggests that in addition to material received under 8(1) and 8(4) warrants, a third category of unanalysed intercepted material is received without the need for a warrant signed by the Secretary of State.

It is not clear what form this material takes or why a warrant is not considered necessary, although much would appear to hang on the reference to communications which are ‘not technically feasible’ to obtain under RIPA. This may refer to some means of collection which is not covered by RIPA, although this seems unlikely. Whilst RIPA has been rapidly overtaken by technological developments since it was passed in 2000, the legislation has nevertheless been interpreted to encompass these developments, and section 8(4) does appear broad enough to allow for the description of new collection methods.

Alternately, it may refer to material which RIPA does not allow for. While it has been widely assumed that section 8(4) provides for wide scale trawling of communications, it does still require a certificate which describes the material to be collected. If other states are offering packets of raw unanalysed communications data it may be that this precludes even the broad descriptions required under section 8(4) of RIPA. Although if that is the case it would appear to go beyond the intentions of RIPA which appears to rest on the assumption that collection should take place for a reason.

Nevertheless what is clear is that this unwarranted intercept material was not referred to by the ISC in its July 2013 statement on GCHQ’s alleged interception of communications under the US PRISM programme. If the ISC did not know, or wasn’t told, about this category of unwarranted intercepts this does suggest that GCHQ has been less than candid with the committee. This raises further questions about the ISC’s capacity to hold the agencies to account. On a number of previous occasions the agencies have been found to be not entirely forthcoming in providing intelligence to the ISC, in relation to intelligence on Iraqi WMD and the 7/7 bombing. However, the ISC gained new powers to access material under the Justice and Security Act and has also had a significant increase in resources, and members are confident that they now have the capacity to provide rigorous and in-depth oversight.

If the ISC did know about this category of unwarranted material then why did they not say so in their statement in July 2013? This policy, rather than the operational practice which underpins it, hardly seems to fall under the ‘sources and methods’ category which the agencies, and the Committee, are quite rightly, keen to protect. Indeed the process for authorising intercepts, whether that is internal administrative practice, or statutory, would appear to be exactly the kind of thing the ISC should be looking at, and it might be added, seeking to reassure the public about. Moreover, the ISC’s statement does refer to both ‘warrants and internal authorisations’ which suggests some knowledge of internal arrangements beyond the warranting procedure.

What seems more likely is that the receipt and soliciting of material without a warrant did not fall within the ISC’s, self-imposed, remit in relation to its inquiry into GCHQ’s use of PRISM material, and that they therefore chose not to refer to it. The ISC’s statement is very brief and focuses solely on the interception of communications under the US PRISM programme. The ISC claims that PRISM is a specific and targeted programme, and not a broad data-mining capability. If that is the case then any request for access to information resulting from it would be targeted and specific and would therefore be subject to a RIPA warrant. The ISC statement on PRISM confines itself almost exclusively to the provision of information in relation to individuals and not surprisingly, but nevertheless reassuringly, finds that the necessary warrants were all in order. The provision of unanalysed data would appear to be a different category of material altogether.

There is nevertheless, considerable scope for confusion here and if it is the case that the ISC knew about GCHQ’s unwarranted access to intercepted material, albeit outside the PRISM programme, then the ISC’s statement that warrants were in place ‘in each case where GCHQ sought information from the US’ is potentially misleading. Why not simply state that all interception which required a warrant was obtained with a warrant, but that GCHQ also receives some unanalysed data without one? At worst the ISC’s statement represents the kind of obfuscation which has in the past led to criticism that the committee is too close to the agencies.

There is also a broader question here about the position of the ISC within the wider regulatory framework within which the intelligence agencies operate. It is significant that recent revelations about GCHQ’s practices, in relation to the monitoring of social media and liaison with other states, have emerged from the Investigatory Powers Tribunal. Although the IPT is one of the most secretive elements of the UK’s oversight framework, this quasi-judicial process with its adversarial approach has revealed more about the internal practices of GCHQ than the ISC in its previous inquiries or its much publicised evidence session with agency heads. Indeed, it was in part, a response to the more unpredictable nature of legal proceedings which led the government, through the Justice and Security Act, to limit the power of the courts in relation to the handling of intelligence material, and to enhance the powers of the ISC. If the ISC does not live up to this role, recent revelations from the IPT suggest that enterprising individuals and civil liberties groups will find other ways around the perceived limitations in its work.

These are testing times for the ISC. The committee has yet to produce a report since it was reconstituted as a committee of parliament in the Justice and Security Act. The leaking of the committee’s, as yet unpublished, report on the murder of Lee Rigby, although not it seems by the committee itself,  represents the most significant breach in the ISC’s security since its establishment in 1994. It’s new more open approach which includes public evidence sessions, got off to a faltering start when the first public session with agency heads was postponed in July, and proved somewhat less than challenging when it finally went ahead in November.

In a recent interview one former Chair of the ISC, Lord King, said that he felt that the ISC had been too quick to clear GCHQ in relation to the PRISM allegations, and the evidence from the IPT suggests that the ISC’s statement is much more limited than at first appeared. It is to be hoped that the outcome of the ISC’s current Privacy and Security Inquiry clarifies some of the issues raised in the IPT and establishes the ISC as a more robust and effective oversight body than it has been in the past.

This post represents the views of the author only, and not those of Democratic Audit UK, the LSE Public Policy Group, or the LSE. Please read our comments policy before posting. 

Dr Andrew Defty is Reader at the School of Social and Political Sciences at the University of Lincoln. He runs the Watching the Watchers blog at Lincoln University. His book, written with Hugh Bochel and Jane Kirkpatrick, also from Lincoln, have a book on parliament and the intelligence services, “Watching the Watchers”, to be published by Palgrave this September.

Similar Posts