UK

US surveillance: Trading secrecy for public trust?

GCHQ
Image caption The foreign secretary has insisted that GCHQ operates within a strict legal framework

Squaring secrecy and accountability is not a new challenge. But the information that Edward Snowden has put into the public domain has raised serious questions about how open the state should be when it comes to surveillance.

UK Foreign Secretary William Hague was forced to respond to allegations about a secret US spy programme Prism and the idea that Britain's GCHQ had used it to evade the law.

There is no doubt that GCHQ and America's National Security Agency enjoy a close, even intimate relationship.

Information is shared as a matter of course in a way that does not happen between MI6 and the CIA, their counterparts in the human intelligence world.

Mr Hague tried to deal head on with concerns that this relationship had been used to swerve the law, but he did so without mentioning Prism or providing any real details, other than a blanket assurance that no laws had been broken and the system of accountability and oversight was strong.

In other words, the public was asked to take his answers on trust.

Patriot Act

The foreign secretary said GCHQ operated under a legal framework.

When I asked one official to explain the legal framework they pointed me to two pieces of legislation - the Intelligence Services Act of 1994 and the Regulation of Investigatory Powers Act 2000.

But when I then started to ask how those two pieces of legislation (written in the early days of the internet age and long before Twitter and social media) applied to the different forms of modern communication, they said they could not go any further.

In other words a legal framework exists, but how it is interpreted and applied by government remains secret.

A similar issue exists in the US. There are sweeping powers under the Patriot Act and other pieces of legislation to gather information. But the way in which these are actually used is not public.

So for instance when the government requests that telecoms company Verizon passes on huge volumes of call data on Americans, it is done through a secret order the public would not have known about without Edward Snowden's revelations.

Governments and intelligence agencies say this has to be the case because too much information about what communications they are intercepting can tip off hostile actors such as terrorists who will then modify their behaviour.

Some analysts already claim that is happening now.

"Jihadists are now actively sharing the reporting from the Washington Post and Guardian on Prism and recommending increased security measures in their operations," according to IntelCenter, which monitors jihadist communications.

"Among the recommended measures are ceasing the use of services listed in the Washington Post and Guardian reports, increased use of encryption tools and other operational security and tradecraft measures designed to significantly impede efforts by intelligence agencies to identify and monitor their activities."

Outrage

Against the argument that the revelations damage national security, though, is the counter-argument that the public have a right to know what is done in their name by institutions they pay for and which are supposed to be accountable to them.

Image caption Whistleblower Edward Snowden has fled to Hong Kong following his revelations

Especially if those actions might involve surveillance of the domestic public itself.

Members of the public do not have much idea what the state is able to do when it comes to surveillance. And the state in the past has wanted to keep it that way.

But the downsides of this are now becoming more apparent.

When the UK's Communications Data Bill emerged (known to critics as the "snoopers' charter"), there was outrage in some quarters at the idea that the government was seeking information about people's phone calls and emails (although not the content).

What many did not realise was that the government already had this power and used it extensively (half a million requests in 2011 were made for communications data) and the new bill was simply a way of expanding it into new forms of online communication and mandating that certain types of information was kept by companies.

Similarly with Prism, some people were shocked that the state might be getting information from companies like Google and Microsoft and did not realise the state could already do this using court orders and warrants.

The lack of information in the public domain may well have suited the state in the past, but the consequences now in terms of public trust could be serious, particularly when faced with a partial release of certain documents by a whistleblower keen to make his point.

Governments in the UK and US will now have to look at whether the potential loss in capability by talking more about the activities of the state is nonetheless necessary in order to ensure public confidence - not just in the intelligence services, but the democratic system as a whole.

More on this story