UK spies aren’t breaking law by using PRISM data, security oversight committee claims

After Edward Snowden exposed the NSA’s PRISM program, one of the first follow-on stories to come out was that the UK was receiving information on its own citizens from the Americans. The question there was whether this was legal – after all, the British government had repeatedly tried and failed to bring in new laws which would let them snoop on British citizens. Wasn’t this just a way around that problem?
According to the British Parliament’s Intelligence and Security Committee, everything is above board. The committee issued a statement on Wednesday in which it said it had extracted “substantive reports” out of UK intelligence service GCHQ, which detailed which citizens were monitored through PRISM, what information was gleaned, which warrants were obtained and so on. The committee also talked to the NSA and Congress.
The committee said in its statement:

“It has been alleged that GCHQ circumvented UK law by using the NSA’s PRISM program to access the content of private communications. From the evidence we have seen, we have concluded that this is unfounded.
“We have reviewed the reports that GCHQ produced on the basis of intelligence sought from the U.S., and we are satisfied that they conformed with GCHQ’s statutory duties. The legal authority for this is contained in the Intelligence Services Act 1994.
“Further, in each case where GCHQ sought information from the U.S., a warrant for interception, signed by a Minister, was already in place, in accordance with the legal safeguards contained in the Regulation of Investigatory Powers Act 2000.”

However, that’s not the end of it. The committee also acknowledged that the legislation being relied on is sometimes “expressed in general terms”, so it is now “examining the complex interaction between the Intelligence Services Act, the Human Rights Act and the Regulation of Investigatory Powers Act, and the policies and procedures that underpin them, further.”
This is indeed a complex mess to wade through. In terms of protection from unwarranted surveillance, British citizens are supposed to be able to rely on the Regulation of Investigatory Powers Act (RIPA), but RIPA arguably only applies when the information is collected by British agencies, not when it comes from the NSA. Brits obviously can’t seek redress from the U.S. authorities either, as they are considered under FISA to be fair game for surveillance, so a key question is where the accountability does lie.
A group of privacy campaigners in the UK wrote to a separate parliamentary committee (covering home affairs) last week to complain about the way in which the security services have been interpreting RIPA, arguing that “these powers are being interpreted far more broadly than was ever intended by parliament”. It may be that these laws get a lot more scrutiny in the coming months, and not just from the Intelligence and Security Committee.
It’s also worth noting that the committee made no mention in its statement of Tempora, the British surveillance scheme that Snowden said involves tapping into internet backbone cables around the world. Both the PRISM data-sharing and Tempora are subjects of a lawsuit launched against the British government last week by activist group Privacy International.