The legal framework surrounding surveillance is "unnecessarily complicated" and "lacks transparency", a Parliamentary committee says.
The Intelligence and Security Committee (ISC) report also says there should be a single law to govern access to private communications by UK agencies.
Its inquiry has considered the impact of such activities on people's privacy.
Meanwhile, official regulators revealed a case last year when a GCHQ employee was sacked over unauthorised searches.
The Interception of Communications Commissioner's Office (IOCCO) report said it was the first known instance of deliberate abuse of GCHQ's interception and communications data systems in this way.
The ISC inquiry began after leaks in 2013 about surveillance by US and UK agencies.
Edward Snowden, a former US intelligence contractor, who now lives in Russia after fleeing the US, gave the media details of extensive internet and phone surveillance.
'Patterns and associations'
BBC security correspondent Gordon Corera said Mr Snowden's revelations raised concerns in some quarters that spies had accrued too much power in secret.
The committee's report looked at whether current legislation provides the necessary powers, what the privacy implications are and whether there is sufficient oversight and accountability.
Following its publication, Shami Chakrabarti, director of rights campaign group Liberty, said the ISC was "a simple mouthpiece for the spooks".
Among its findings, the report said that the UK's intelligence and security agencies "do not seek to circumvent the law" and that its activities do not equate to "blanket surveillance" or "indiscriminate surveillance".
Analysis: Gordon Corera, BBC security correspondent
Today was not quite a clean bill of health for Britain's spies.
The ISC does come firmly down on the side of GCHQ in arguing that collecting data in bulk in order, but only reading small amounts of it, does not constitute mass surveillance.
But on a wider issue of transparency and accountability, the committee has taken a tougher line.
The legal system is deemed as lacking transparency and requiring a total overhaul.
Some of the problems were evident today.
The committee revealed that "bulk datasets" are acquired, but was not able to tell people what they are.
The interception commissioner will now also oversee the way in which the 1984 Telecoms Act is used to acquire data but the clear implication is that no one was overseeing this in the past.
And finally for GCHQ there is the embarrassing revelation that a member of staff had to be sacked for gross misconduct in conducting unauthorised searches.
It also said the Government Communications Headquarters (GCHQ) agency requires access to internet traffic through "bulk interception" primarily in order to uncover threats by finding "patterns and associations, in order to generate initial leads", which the report described as an "essential first step".
"Given the extent of targeting and filtering involved, it is evident that while GCHQ's bulk interception capability may involve large numbers of emails, it does not equate to blanket surveillance, nor does it equate to indiscriminate surveillance.
"GCHQ is not collecting or reading everyone's emails: they do not have the legal authority, the resources, or the technical capability to do so."
The ISC also said that it had established that bulk interception methods cannot be used to search for and examine the communications of an individual in the UK unless GCHQ "first obtain a specific authorisation naming that individual, signed by a secretary of state".
Ms Chakrabarti said the ISC was "so clueless and ineffective that it's only thanks to Edward Snowden that it had the slightest clue of the agencies' antics".
Who is Edward Snowden?
Edward Snowden, a former Central Intelligence Agency technical worker, is the source of one of the worst information leaks in US history.
In 2013 his exposure of massive US surveillance, including routine tapping of internet traffic, grabbed the headlines worldwide.
A Parliamentary inquiry was launched into whether surveillance laws needed to be updated in light of his leaks suggesting wholesale interception by GCHQ of internet traffic passing through the UK.
But Nigel Inkster, from the International Institute for Strategic Studies, told the BBC's Today programme that the security and intelligence agencies had "pretty adequate" powers of surveillance, which should remain.
He added: "What we're talking about here is the bulk collection of civilian telecommunications, something which has actually been going on for decades without obvious detriment to civil liberties or human rights, in order for the intelligence agencies to identify very narrow and specific sets of information about threats."
The inquiry heard evidence in public and in secret, and among those to appear publicly were:
- the heads of intelligence agencies MI5, MI6 and GCHQ, who defended their work
- Home Secretary Theresa May, who said agencies needed a "haystack" of information and defended the mass collection and selective reading of intercepted messages
- Deputy Prime Minister Nick Clegg, who said an internet "constitution" might be needed to protect the rights and privacy of web users
- Foreign Secretary Philip Hammond, who said the public accepted that "a certain level of intrusion is required"
There were 2,795 interception warrants issued to access communications content in 2014, according to the IOCCO report.
Overall, the commissioner Sir Anthony May said there was relatively little change in the number of interception warrants and communications data requests from intelligence agencies and police.
In June 2013 the Guardian reported that GCHQ was tapping fibre-optic cables that carry global communications and sharing vast amounts of data with the NSA, its US counterpart.
The paper revealed it had obtained documents from Mr Snowden showing that the GCHQ operation, codenamed Tempora, had been running for 18 months.
Although GCHQ did not break the law, the Guardian suggested that the existing legislation was being very broadly applied to allow such a large volume of data to be collected.