The UK's Intelligence and Security Committee of Parliament today published a report into online surveillance carried out by GCHQ, MI5 and MI6 after an 18-month inquiry.
Among the findings is the conclusion that surveillance is legal, but an overhaul is needed to increase transparency. The suggestion that GCHQ's interception of emails "does not equate to blanket surveillance, nor does it equate to indiscriminate surveillance" is likely to be met with skepticism.
But what's likely to raise more eyebrows is the revelation that the agency has apparently managed to crack encryption.
While the Intelligence and Security Committee of Parliament found (opens in new tab) that surveillance was entirely legal, countering allegations that UK laws had been circumvented, the report recognises (opens in new tab) that there is a need for change. There is the admission that the "legal framework is unnecessarily complicated and lacks transparency", the suggestion being that the current lack of transparency leads people to be suspicious of all monitoring activities. Bulk surveillance was singled out for particular attention by the inquiry.
It was found that there are three stages of selecting data for viewing: targeting, filtering and selection. The report suggests that this process means that only a very small proportion of collected data is actually read - something that the NSA said of its dragnet data collection. "Only a very tiny percentage of those collected are ever seen by human eyes".
There is also the statement that: "GCHQ is not collecting or reading everyone's emails: they do not have the legal authority, the resources, or the technical capability to do so".
Despite this, data about entirely innocent people has been collected. It's no good thinking that your private data is safe if you've opted to use encryption, because GCHQ is actively engaged in cracking it:
As this section shows, the report is heavily redacted, and this can make it difficult to fully get a sense of what activities have been taking place. While the report looks to the historic activities of UK intelligence agencies, it looks to the future more than it does to the past.
The main recommendation for moving forward is that the piecemeal collection of acts and laws that govern surveillance should be replaced by a single law.
It is suggested that this would help to eliminate ambiguities. Statutory oversight of the use of bulk datasets should also be introduced as the agencies attempt to battle public suspicion.