Over the past month, details of highly classified intelligence-gathering programmes run by the US National Security Agency (NSA) have been revealed by whistleblower Edward Snowden.
“We have reviewed the reports that GCHQ produced on the basis of intelligence sought from the US, and we are satisfied that they conformed with GCHQ’s statutory duties,” the ISC said in a statement.
The ISC conducted an investigation in response to the “very serious allegation” that GCHQ acted illegally by accessing communications content, via the Prism programme.
“This is a matter of very serious concern: if true, it would constitute a serious violation of the rights of UK citizens,” the ISC said.
According to the ISC, the investigation included scrutiny of GCHQ’s access to the content of communications, the legal framework which governs that access, and the arrangements GCHQ has with its overseas counterparts for sharing such information.
Read more about Prism and the NSA
- Yahoo wins legal fight on Prism documents
- Security Think Tank: Prism fallout could be worse than security risks
- Security Think Tank: Prism is dangerous for everyone
- Security Think Tank: Prism – Sitting duck or elaborate honeypot?
- NSA surveillance whistleblower reveals identity
- US repeatedly hacked China, claims NSA whistleblower
- FBI spies on internet users
- UK links to US internet surveillance remain unclear
- Technology companies call for more transparency over data requests
- Compliance: The Edward Snowden, NSA program controversy continues
The ISC said it had discussed the Prism programme with the NSA and US Congressional counterparts, taken oral evidence from the director of GCHQ and questioned him in detail.
The ISC said that in each case where GCHQ sought information from the US, a warrant for interception, signed by a minister, was already in place, in accordance with the legal safeguards contained in theRegulation of Investigatory Powers Act 2000 (Ripa).
Similarly, the US government has stated that the Prism programme is regulated under the US Foreign Intelligence Surveillance Act (FISA), and applications for access to material through Prism have to be approved by the FISA Court, made up of 11 senior judges.
US authorities maintain that access under Prism is specific and targeted, not a broad ‘data mining’ capability, as has been alleged.
The ISC statement on the investigation’s findings comes a week after the publication of the annual ISC report that said the threat the UK is facing from cyber attacks is at its “highest level ever” and is “disturbing” in its scale and complexity.
When the report was released, ISC chair Malcolm Rifkind MP said an investigation into the allegations against GCHQ was underway and that he would publish the findings as fully as possible, subject only to restrictions on grounds of national security or sub judice rules.
Despite the finding, the ISC said “it is proper to consider further whether the current statutory framework governing access to private communications remains adequate”.
The ISC notes that: in some areas the legislation is expressed in general terms and more detailed policies and procedures have been put in place around this work by GCHQ in order to ensure compliance with their statutory obligations under the Human Rights Act 1998.
“We are therefore examining the complex interaction between the Intelligence Services Act, the Human Rights Act and the Regulation of Investigatory Powers Act, and the policies and procedures that underpin them, further,” the ISC said.
Foreign secretary William Hague, who has insisted all along that any data obtained from the US was subject to proper UK statutory controls and safeguards, has welcomed the ISC’s findings.
“The ISC is a vital part of the strong framework of democratic accountability and oversight governing the use of secret intelligence in the UK,” said Hague.
“It will continue to have the full cooperation of the government and the security and intelligence agencies,” he added.