Britain’s intelligence services do not need a warrant to receive unlimited bulk intelligence from the NSA and other foreign agencies, and can keep this data on a massive searchable database for up to two years, according to secret internal policies revealed today by human rights organizations.
Details of previously unknown internal policies, which GCHQ was forced to reveal during legal proceedings challenging their surveillance practices in the wake of the Snowden revelations, reveal that intelligence agencies can gain access to bulk data collected from US cables or through US corporate partnerships without having to obtain a warrant from the Secretary of State. This position seems to conflict with reassurances by the Intelligence Services Committee in July 2013 that whenever GCHQ seeks information from the US a warrant is in place.
The “arrangements”, as they are called by Government, also suggest that intercept material received from foreign intelligence agencies is not subject to the already weak safeguards that are applied to communications that are intercepted by the UK’s Tempora program. On the face of the descriptions provided to the claimants, the British intelligence agencies can trawl through foreign intelligence material without meaningful restrictions and can keep such material, which includes both communications content and metadata, for up to two years.
Descriptions of the policies were disclosed to the parties after a secret hearing at the Investigatory Powers Tribunal, which is currently considering a challenge to GCHQ’s surveillance practices that has been brought by human rights organizations including Privacy International, Liberty and Amnesty International. A public hearing of the case was held in July, but these “arrangements” were revealed to the Tribunal in a closed hearing that the claimants were barred from attending. Some details about the policies are now disclosed in order for the claimants to provide comment.
It is the first time the Government has made available some details of the secret internal “arrangements”, the existence of which they rely on to show that their mass surveillance practices and extensive exchange of surveillance material with the NSA are in accordance with the law. The Government says these “arrangements” make their actions compliant with the Human Rights Act, even though the arrangements remain secret and immune from public scrutiny.
The disclosed “arrangements” bring into sharp relief the minimal safeguards and weak restrictions on raw intelligence sharing with foreign governments, including between the UK and the United States. The fact that GCHQ can request and receive large quantities of “unanalyzed” raw bulk data from foreign intelligence agencies without a warrant in place, simply because it would “not be technically feasible” to obtain it in the UK, shows the inadequacies in RIPA to deal with intelligence agency co-operation. Under these “arrangements”, there is a clear risk that agencies can sidestep British legal restrictions to obtain access to vast amounts of data.
The release of some details of the arrangements also raises serious doubts about the level of oversight provided by the ISC, which last week heard evidence from the Foreign Secretary as part of its current investigation into privacy and security. In July 2013 the ISC conducted an investigation of GCHQ’s access to the NSA’s PRISM program, and reassured the public that “in each case where GCHQ sought information from the US, a warrant for interception, signed by a Minister, was already in place, in accordance with the legal safeguards contained in the Regulation of Investigatory Powers Act 2000.”
This statement obscures whether GCHQ could have sought information without a warrant in place, thus failing to reveal that RIPA interception warrants are not required for GCHQ access to intercepts obtained under programs such as PRISM and Upstream. Furthermore, the ISC’s statement confines itself to instances in which GCHQ specifically seeks information, but doesn’t stipulate what processes are in place when it receives unsolicited bulk data from the NSA.