PRISM, the NSA and internet privacy: questions for the UK

serversRecent days have seen a deluge of revelations about the US’ National Security Agency and a spy programme known as Prism, after 29 year old whistleblower Edward Snowden decided he had seen enough to justify going public with his concerns the scale of the surveillance apparatus being built by America.

There are clearly several issues of serious concern here. Clearly, the legalility of what the NSA Has been doing and whether Britain has been either complicit or unwittingly accessing material illegally obtained is at the fore.

The leaked Verizon order involved the collection of details about millions of American’s phone calls under the PATRIOT Act. Yet one of the Act’s authors, Rep. F. James Sensenbrenner Jr., who was chairman of the House Judiciary Committee in the days after the Sept. 11 attacks and wrote the Patriot Act, has questioned the NSA’s interpretation of their powers. He has written to US Attorney General Eric Holder saying “I do not believe the released [secret court] order is consistent with the requirements of the Patriot Act. How could the phone records of so many innocent Americans be relevant to an authorized investigation as required by the act?”

Secondly, Prism. While the reality is probably closer to secure portals for accessing information under warrant, rather than the all-you-can-eat access suggested in early media reports, the fact GCHQ have been using the system does raise questions.

Firstly, was this information available directly through our own legal channels, which we chose not to use? If that is the case, why? Some requests are refused by the companies involved because they do not meet the necessary standards, and this system must not have been used to gain information denied in formal channels. Secondly, while GCHQ appears to only used the system sparingly – 197 reports were generated in the last year – it is not clear if British infrastructre has been used to collect information on British citizens by the NSA, which would again raise questions of legality.

Equally, if the existence of progammes is kept secret from those overseeing the work of the intelligence agencies, it is clearly impossible to say they have been scrutinised. We still do not know how Britain came to be involved in extraordinary rendition, for example.

Even Lord Carlile, the Government’s former independent reviewer of counter-terrorism, has asked for guarantees that the Patriot Act had no jurisdiction in the UK.

As the Director of National Intelligence, James Clapper, said in a statement: “Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States.  It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States.”

He told the Senate that the N.S.A. did not “wittingly” collect any sort of data on millions of Americans. So are British citizens being designated as foreign-intelligence at the behest of GCHQ?

Given only a few weeks ago the Obama administration accessed records about many Associated Press journalists, far beyond national security concerns, it is important that we know if British citizens have been caught up in the NSA’s operations without proper legal basis, or if GCHQ has made specific requests about British citizens to be placed under surveillance.

It should also be of concern to Governments around the world that the US seems to have no qualms hoovering up data from the rest of the world, even if doing the same to its own citizens would be illegal. At a time of international tension about how the internet is policed, several far from democratic states looking to introduce their own monitoring and global unease about cyberwarfare, it seems the US’s actions risk setting a dangerous precedent.

The Foreign Secretary has led the debate on internet freedom around the world, and he deserves much praise for this work. However, the US risks undermining this entire agenda with blanket, indiscriminate surveillance of the world’s internet use. We share the Foreign Secretary’s views, which he expressed at the Budapest Cyber Security Conference:

We believe that it is not simply enough to address economic and security threats on the internet without also taking steps to preserve the openness and freedom which is the root of its success.
We see growing evidence of some countries drawing the opposite conclusion. Some appear to be going down the path of state control of the internet: pulling the plug at times of political unrest, invading the privacy of net users, and criminalising and legislating against legitimate expression online.
A future where safe, trusted and reliable access to the internet is the norm irrespective of where you are born, in which we are able to harness the power of new technologies to close the digital divide, to spur growth and innovation, to protect cultural diversity and to increase accountability and transparency. A future where the flow of business and ideas drives down barriers to trade and increases choice for citizens. A future where human rights are respected online as well as offline.