The government must consider amending the UK's cyber snooping laws following the ruling that the Government Communications Headquarters (GCHQ) did not illegally request PRISM data from the US National Security Agency (NSA).
Sir Malcolm Rifkind MP, who oversaw the Intelligence and Security Committee's (ISC) four-week investigation, said the ruling is the first step that should lead to a wider debate about the powers intelligence agencies should have.
"The focus of our enquiry has been did they break the law, our answer is no they did not. Everything else becomes a question not for GCHQ but for government and parliament," he said, during a parliament session attended by V3.
"In the few weeks we've concentrated exclusively on the allegations themselves. We have focused entirely on these matters relating to whether GCHQ asked the US, tasked the US to provide information from US intelligence sources without a warrant. A warrant was in place, however, we still have to give a considerable amount of thought regarding the wider legislative framework."
However, Rifkind warned that the government must avoid knee-jerk reactions to PRISM and ensure it doesn't rewrite legislation for the sake of it.
"The fact legislation was passed some years ago does not necessarily mean it is no longer appropriate. There have been big changes in 13 years, but that does not mean it is out of date. I am not meaning to prejudge that but it is something that needs to be thought about carefully," he said.
He added that full disclosure about the investigation will also be difficult as some of the data is sensitive: "We as a committee start form the presumption of whatever is in the public interest and that involves considering national security issues. We are not interested in what will embarrass the government, only what is to do with national security."
The ISC's investigation was launched one month ago following allegations the GCHQ had attempted to circumvent UK surveillance laws by illegally requesting PRISM data from the NSA. Rifkind said the investigation proved the GCHQ had behaved within the letter of the law. The MP said he was even "surprised" how forthcoming the agency was and how robust its security protocols were.
"The work we've done on the PRISM allegations comes in the immediate wake of the implementation of new powers that mean we don't simply request but can require agencies to hand over information. I want to put on record that GCHQ could not have been more helpful," he said.
Despite his positivity, Rifkind said the scope of the inquiry was limited to the question of whether the GCHQ had abused PRISM and had not investigated any other allegations, such as Operation Tempora. Reports about Operation Tempora broke after PRISM and suggest the GCHQ has been monitoring the telecoms cables running through the UK.
"It's only been four weeks and we have unashamedly been focused on issues of legality," he said. "No one has alleged that either GCHQ or any other agencies have acted illegally regarding anything except PRISM."
Use the same password for every website? It might be time to change them all
Applicants for parking bay suspensions put at risk of credit card fraud by Islington Council
Robert Swan appointed interim CEO after Brian Krzanich's departure
Should you link your data sets to add value, or leave them separate to reduce risk?