The NSA collected data from British citizens who were not the initial targets of surveillance operations. Photograph: Alex Milan Tracy/NurPhoto/Corbis.
The watchdog tasked with scrutinising the work of Britain’s intelligence agencies is to demand an urgent report from GCHQ about revelations that the phone, internet and email records of British citizens have been analysed and stored by America’s National Security Agency.
Sir Malcolm Rifkind, the chair of the parliamentary intelligence and security committee, told the Guardian he would be seeking an explanation of a secret deal that appeared to allow the NSA to “unmask” personal data about Britons not suspected of any wrongdoing.
This material had always been off-limits because the US and UK are the two main partners in an intelligence-sharing alliance – and the governments had agreed not to spy on each other’s citizens.
But that code of conduct changed fundamentally in 2007, with the approval of British intelligence officials, according to documents from the whistleblower Edward Snowden.
Rifkind, whose committee is under tremendous pressure to prove it can credibly keep tabs on UK’s spy agencies, said on Thursday: “As with any significant stories concerning any of the intelligence agencies, we will require and receive a full report from them on this.”
Nick Clegg, the deputy prime minister, also reacted to the latest disclosures, which were made in a joint investigation by the Guardian and Channel 4 News, saying the case was growing for a broad-ranging inquiry into the activities and oversight of GCHQ, MI5 and MI6.
“My view is with each passing day there is a stronger and stronger case … to look at this in the round.” He said the flow of information from the Snowden files was chipping away at public support for the intelligence and security services, which he said could be dangerous.
Clegg said technological advances meant the capabilities now used by the agencies would have been unimaginable a few years ago, and that it was right to question “the proportionality of intelligence gathering today and the accountability of the services”.
He added: “I do think there is a legitimate question to ask in this modern age. I have an open mind about how you try and capture all these different issues to make sure that we keep up with this revolution in the power of these information technologies, which are now available to our intelligence agencies and, of course, are also available to people who want to do us harm.”
Clegg was speaking after the Guardian revealed that British citizens have been caught up in American mass surveillance programmes, with one NSA memo describing how personal data about Britons is being put in databases where it can be made available to other members of the US intelligence and military community.
According to the document, the rules were changed in May 2007 to allow the NSA to analyse and retain British citizens’ mobile phone and fax numbers, emails and IP addresses. Previously, this data had been stripped out of NSA databases – “minimised”, in intelligence agency parlance – under rules agreed between the two countries.
These communications were “incidentally” collected by the NSA, meaning the individuals were not the initial targets of surveillance operations and therefore were not suspected of wrongdoing.
A separate draft memo, marked top secret and dated 2005, reveals a proposed NSA procedure for spying on the citizens of the UK and other members of the Five Eyes intelligence-sharing alliance – Australia, New Zealand and Canada. The memo makes clear that partner countries must not be informed about this surveillance or even the procedure itself.
Jack Straw was foreign secretary in 2005 and Margaret Beckett succeeded him in 2007. Neither was prepared to comment after being approached by the Guardian. The government and GCHQ were asked for a comment a fortnight ago, but they also declined.
MPs, peers, academics and privacy groups reacted with alarm to the latest disclosures.
“This shows yet again how much the rules have been stretched, from targeting people where there is suspicion, to the wider public,” said Julian Huppert, a member of the home affairs select committee. He was also on the panel that reviewed the data communications bill, known as the ‘snooper’s charter’.
“This should not have changed so fundamentally without public consent.”
Lord Strasburger added: “So now it seems that as well as being snooped on by our own spies, the last government allowed the Americans to spy on innocent Brits. As far as we know, they still are. Who have the Americans decided to share our private data with? Who knows? It’s high time the coalition got a grip on this. It can no longer ignore these very disturbing revelations.”
Privacy International said it had long suspected that members of Five Eyes have been playing “a game of jurisdictional arbitrage to sidestep domestic laws governing interception and collection of data”.
“Secret agreements such as these must be placed under the microscope to ensure they are adequately protecting the rights of British citizens,” said Eric King, the group’s head of research.
“The British government has repeatedly insisted that appropriate warrants were in place in all instances of international intelligence collaboration. We now know this isn’t the whole truth. Trust must be restored, and our intelligence agencies must be brought under the rule of law. Transparency around an accountability for these secret agreements is a crucial first step.”
Professor Peter Sommer, a security expert, said the 2007 arrangement to allow the US to analyse data on Britons looked like another example of collecting information on the basis that “you never know what might be useful in the future”.
He said it was a variant of the “collecting haystacks to find needles” argument that has caused civil liberties groups such concern.
“I suspect there are two justifications for holding on to this personal data incidentally acquired. The first operational convenience: you never know we may need it in the future. The second is that humans don’t look at it, just a machine, and therefore there is no privacy intrusion.
“This kind of arrangement is used for collecting DNA samples. A sample initially collected simply to eliminate the innocent is nevertheless retained because, it is argued, you never know, that person may turn up in other circumstances as a rapist.”
On Wednesday a number of Labour peers waded into the surveillance debate, sparked by questions posed to the government by Strasburger.
The Labour peer Lord Soley said it was terrifying that the files leaked by Snowden could be accessed by 800,000 intelligence officials. He told Baroness Warsi, who was answering for the government in the Lords, that ministers needed to undertake an urgent review of security arrangements.