The revelation of the covert U.S. intelligence gathering program known as PRISM by NSA whistleblower Edward Snowden has reignited an international debate over privacy versus security. The Guardian, which first broke the story, released documents showing that this PRISM intelligence system has been mining data from U.S. internet giants such as Google, Facebook, Apple, Skype, and others. Collectively, this has given the U.S. unprecedented free access to the vast majority of online email, search, video, and communications networks.
The British government and its intelligence gathering agency the Government Communications Headquarters (GCHQ) has also been implicated in using PRISM at least since May 2010, generating 197 intelligence reports last year. In a public statement to parliament, William Hague, the British Foreign Secretary, denied allegations that the U.K. has used Prism to bypass U.K. laws governing the collection of and retention of personal data. Hague also added that it was “fanciful” and “nonsense” to suggest that GCHQ would work with an agency in another country to circumvent the law and that “intelligence-gathering … is governed by a very strong legal framework to balance the right between the liberties and privacy of the people, and the security of the country.”
However, the strength of the legal framework that claims to balance privacy versus security is the very crux of what is so wrong with GCHQ’s use of PRISM information. If the goal of the GCHQ is to obtain intelligence reports or access communications, there are ample well-governed legal protocols to do so. In order to request information form an internet company in the U.S., the GCHQ would have to make a formal request to the U.S. Department of Justice, which would approach the internet firm on the U.K.’s behalf and follow established checks on gathering this information. In the U.K., GCHQ is bound by the Regulation of Investigatory Powers Act and required to seek approval before intercepting U.K. telecom or internet data.
The GCHQ is not denied access to intelligence. In fact, getting information through legal means is actually easier that is should be. The Parliamentary Intelligence and Security Committee, which reviews whether agencies are working to the letter of the law, has been criticized as having inadequate resources to execute proper oversight and its lack of knowledge of how mega-databases and internet and communications systems work lead it to not be able to ask the right questions. The only issue for the intelligence community is that going through these legal checks on intelligence gathering are time consuming and bothersome. So it seems that the only reason GCHQ would ever need to access a database like Prism is to circumvent the laws that seek to protect the rights of individual citizens.
Governments have the right to collect intelligence to provide security to its citizens. But that security cannot come at the cost of its people’s right to privacy and search and scrutiny without cause. Since maintaining the secrecy and confidentiality of the intelligence community is indeed important to security interests, there is an even greater responsibility for governments to transparently show people that strong and effective measures are taken to ensure that the actions of the intelligence community do not violate our rights.