British spies are right to draw on the data gathered by the US National Security Agency’s PRISM programme, a parliamentary committee said yesterday, one of the first outside assessments of the surveillance programme exposed by whistleblower Edward Snowden.
The UK’s Intelligence and Security Committee also said there is nothing to suggest that Britain’s eavesdropping agency GCHQ, the Government Communications Headquarters, is using PRISM to get around restrictions on domestic espionage.
“It has been alleged that GCHQ circumvented UK law by using the NSA’s PRISM programme to access the content of private communications,” the committee said in a three-page statement posted to its website. “From the evidence we have seen, we have concluded that this is unfounded.”
The mechanics of PRISM are still little-understood, but initial reports described it as being able to pull private data directly from the servers of Silicon Valley’s biggest firms. The exposure of PRISM and other programmes by the Guardian and The Washington Post set-off a global debate over the explosion of surveillance in the digital age and the role of the United States as the lynchpin of the online economy.
The companies involved have since denied offering the NSA wholesale access to their data, but the news that GCHQ also uses PRISM sparked concern in Britain that privileged access to US companies’ data had been used to leapfrog UK law.
The Intelligence Committee said it had received detailed evidence from GCHQ about PRISM, including a list of counter-terrorism operations for which GCHQ had drawn on US intelligence, a list of all UK individuals monitored through the programme, and an undisclosed number of intelligence reports which drew on PRISM data. Lawmakers said that they had also discussed the programme with its US congressional counterpart and with the NSA.
The committee, chaired by Conservative lawmaker and former minister Malcolm Rifkind, said its review of the evidence left it satisfied that GCHQ was operating within the law. It also flatly denied that PRISM was linked to data mining, the name given to the process of sifting through mountains of data to look for patterns and hunt for suspicious behaviour.
“Access under PRISM is specific and targeted,” it said.
Britain’s Government welcomed the statement, but civil liberties groups expressed reservations.