Intelligence in Democracies

International repository of legal
safeguards and oversight innovation

 

Introduction

All democracies rely on intelligence agencies to keep their open societies safe. They provide actionable intelligence to decision-makers on a wide range of security and foreign policy matters. Intelligence services master a range of clandestine methods to acquire such information. Some methods – including the electronic surveillance of communications data – are difficult to reconcile with the fundamental principles of democratic governance, such as rule of law, transparency, and accountability. They may also infringe on fundamental human rights and civil liberties, such as the right to privacy as well as the rights to freedom of opinion, of expression, of association, and of assembly.

Nevertheless, all major democracies allow their intelligence services to intercept communications data in enormous quantities – most parliaments have even expanded those powers in recent years. The process of bulk surveillance, that is the untargeted interception, collection, and processing of telecommunications data and its subsequent data management (including transfers), has developed into a standard intelligence practice. In order to ensure public trust and the legitimacy of intelligence governance, democracies need to place all intelligence activities on a solid legal footing and subject them to rigorous and effective oversight. 

Context

Unprecedented public debates about intelligence governance following the revelations of Edward Snowden have not changed the fact that all major democracies allow their national intelligence services to intercept communications data in enormous (and growing) quantities. Many people question the efficiency of bulk surveillance practices and their compatibility with fundamental rights. Others worry about its effect on the social fabric of democratic societies. 

Yet, the fact is that most parliaments have expanded, rather than curtailed, surveillance powers in recent intelligence reforms. What is more, recent jurisprudence by different national and European courts (the Court of Justice of the European Union with Schrems II, and its Privacy International and Quadrature du Net & others cases, the European Court of Human Rights with Big Brother Watch and others vs. the UK, the German Federal Constitutional Court with its decision on the Federal Intelligence Law (BND Act)) have confirmed that the practice is key for the provision of national security and can be legitimately used by state agencies provided there are rigorous safeguards and effective oversight mechanisms in place.

This website

As the stakes for fundamental rights and democracy are high, it is important to ensure signals intelligence is executed in the least intrusive and most democratically legitimate way. This website offers individual examples of legal provisions and oversight practices that, by comparison, stand out as being more balanced or more innovative responses to the many thorny challenges that ought to be met. It features a wide range of high-water marks from different national surveillance regimes. It shows that each nation – despite constitutional and political differences, and irrespective of individual reform trajectories – has a lot to learn from its international partners.

This website is structured by countries and intelligence oversight phases roughly inspired by the Intelligence Oversight Analysis Cycle. It features a wide range of laudable examples of legal provisions and oversight practice that we identified over the course of our research. Those good practices can be filtered by country, by oversight phase, by whether they are a legal safeguard or oversight practice, and by oversight category. More information on our research and good practices can be found on the Methodology page.

We invite you to browse this database of good practices. This field is evolving, and our repository does not claim to provide an exhaustive list. Thus, we welcome feedback and submissions of additional oversight innovations and promising legal safeguards.

Why this project?

Although intelligence services are globally connected worldwide, the exchange of information and knowledge regarding their governance and control under the rule of law is still limited. Yet, it is precisely in this area, which is so crucial for security policy, that it is important to examine the practices and laws of other democratic countries. However, many people find it very difficult to maintain an overview in this complex field. In addition to different structures and language barriers, it is also in the nature of things that intelligence laws, including the oversight mechanisms, are often incomprehensible. 

A comprehensive study published in 2018 by the Stiftung Neue Verantwortung and the Heinrich Böll Foundation provided an important impetus for developing a better overview of good supervisory practices in various democratic countries. The practices from 13 democracies listed there show that exemplary democratic control is certainly compatible with functioning intelligence services. The UN Special Rapporteur on the right to privacy, Prof. Joe Cannataci, further recommends: “The competent authorities in Member States when contemplating the use of bulk powers for surveillance, should first examine, then prioritise and adopt to the greatest possible extent, the measures for introducing the good practices that are recommended in the compendium of Stiftung Neue Verantwortung” (A/HRC/40/63).

Drawing on this compendium and further updates since then, this website presents good practices that, by comparison, stand out as being more balanced or more innovative responses to the many thorny challenges that ought to be met. It thus features a wide range of high-water marks from different national surveillance regimes. It shows that each nation – despite constitutional and political differences, and irrespective of individual reform trajectories – has a lot to learn from its international partners. These practices, we believe, should be widely promoted, for they increase the legitimacy and effectiveness of a controversial practice that is here to stay. 

The website aims to provide a public good and hopes to provide a service to a wide range of actors, including oversight professionals, subject matter experts in parliament, and various ministries, journalists, scientists, as well as the interested public. It intendeds to make intelligence oversight, bulk surveillance mandates, and ways to write safeguards and restrictions into the law more accessible and transparent. The easy juxtaposition between the different countries and the highlighted good practices will provide advocates of more effective oversight with good arguments to consolidate intelligence accountability in Europe and render it more professional.

Intelligence Oversight Analysis Cycle

Legend

Legal Safeguard Oversight Innovation
Strategic Planning

The first phase of the SIGINT process involves the identification and formulation of intelligence priorities. The process of strategic planning should draw on insights from previous assessments of collected intelligence and their value after analysis.

Application Process
With a warrant, the intelligence service (or, as the case may be, the ministry performing executive control over a particular intelligence service) submits an application for authorization to collect data in bulk. Warrants need to describe and delimit bulk SIGINT measures based on specific criteria regarding both the form and content of the warrants that are set out in law. Warrants are a core element of accountability in intelligence governance, although they have to provide details and particularity in order to constitute an effective safeguard against overly intrusive surveillance authorities. In the SIGINT world, warrants might therefore be tied to classes of individuals or activities rather than specific persons. Although terminology is tricky and warrants for untargeted collection or bulk surveillance are not a feature of some legal systems, they are included here as a useful comparative category. Warrants can be a powerful tool to specify the minimization rules, the authorization requirements, and the purpose limitations of a measure. The more specificity a bulk warrant can provide, the better its protective function. Warrants may also be used to exclude certain data categories from collection and limit the use of the data collected. It is important to note that many such limits and conditions could appear in a law governing intelligence surveillance. The major advantage of warrants, though, is the active involvement of an independent judicial authorization body before the collection begins (see phase 3), which allows for case-by-case controls. Ideally, a clear legal mandate is combined with obligatory, independent, ex-ante controls of all applications for bulk data collection.  
Authorization / Approval
After a warrant has been issued, the requested bulk SIGINT measure must be authorized or – as the case may be in different jurisdictions – approved by a review body that assesses the necessity and proportionality. Differences exist across nations as regards the moment when the independent judicial review process comes into play. In some countries, the competent minister or other members of the executive authorize warrants. In the United Kingdom, for example, the authorization of warrants is the privilege of the executive. Ministerial authorization, then, has to be approved by independent Judicial Commissioners. By contrast, in the German legal framework, warrants are authorized by bodies such as the G10 Commission or the Independent Control Council (for future foreign-foreign intelligence collection).   The independent ex-ante authorization/approval of data collection is a crucial safeguard against the misuse and abuse of bulk surveillance powers. The legitimacy of surveillance practice depends on the control of executive conduct from the outside. Enacting the control mechanism prior to implementation is crucial, because this can both deter and prevent certain actions from being taken. Independent authorization/approval also contains an important learning element, because the competent bodies can improve their controls, draw lessons from past mistakes, and then declare more assertively that certain measures are not required, or that no sufficient proof was presented.   Across many democracies, a dual system of authorization/approval has emerged that combines a judicial and an executive control function. A judicial oversight body – ideally a court – is best suited to administer a competent legal review of a bulk surveillance application.  
Collection / Filtering
Once a warrant has been authorized or approved, an intelligence agency can proceed with the implementation of a particular surveillance measure. For this, it intercepts the relevant signals, for example by tapping an internet service provider’s (ISP) fiber optic backbone cable or diverting data at an internet exchange point. Afterwards, the collected data has to be filtered for two reasons: First, because of the huge volumes passing through, which would be far too much to be stored long term, gratuitous data that is extremely unlikely to yield any intelligence value is filtered out (e.g., all data from public video feeds); second, the collected data stream has to be filtered so as to abide by legal requirements. Certain data – for example the communications involving lawyers, journalists, priests, or other professions relying on the confidentiality of correspondence – may be offered higher levels of protection in national surveillance laws.
Data Processing
Once data has been collected and filtered, it must be stored, tagged, and later removed or destroyed. This phase of the SIGINT process is particularly relevant for both oversight bodies and the intelligence services because lawful and efficient data management is the basis for relevant data analysis. Bulk data processing presents several complex governance challenges that will occupy oversight bodies for years to come. There is plenty of room for oversight innovation. When drafting intelligence legislation, lawmakers should be sufficiently mindful of the role and depth of multilateral intelligence cooperation. Services exchange raw and evaluated data in enormous quantities with their foreign partners and jointly feed various databases. Legal frameworks should account for the joint responsibility that governments have for joint databases, even if they are not hosted on their territory. Furthermore, there is a pressing need to ensure effective oversight of shared databases, possibly in the form of multilateral oversight. Many oversight bodies seem to agree that much more work needs to be done to independently verify that the services honor their obligations to delete data. Drafting standards for what constitutes proper deletion and how this can be verified would be one important step in this direction.  
Analysis
Whereas data processing refers to administrative or technical data management practices, in the analysis phase data becomes information that is relevant for political decision-making. Different automated data mining methods serve different purposes and are governed by their own specific rules. Large datasets are used both to identify links between already known individuals or organizations as well as to “search for traces of activity by individuals who may not yet be known but who surface in the course of an investigation, or to identify patterns of activity that might indicate a threat.” For example, contact chaining is one common method used for target discovery: “Starting from a seed selector (perhaps obtained from HUMINT), by looking at the people whom the seed communicates with, and the people they in turn communicate with (the 2-out neighbourhood from the seed), the analyst begins a painstaking process of assembling information about a terrorist cell or network.”   Many intelligence agencies embrace new analytical tools to cope with the information overload challenge in our digitally connected societies. For example, pattern analysis and anomaly detection increasingly rely on self-learning algorithms, commonly referred to as artificial intelligence (AI). AI is expected to be particularly useful for signals intelligence (SIGINT) agencies due to the vast and rapidly expanding datasets at their disposal. However, the risks and benefits generally associated with AI also challenge existing oversight methods and legal safeguards; they also push legislators as well as oversight practitioners to creatively engage with AI as a dual-use technology. Conversely, malicious use of AI creates new security threats that must be mitigated.        
Review & Evaluation
Compliance with legal safeguards must be ensured through comprehensive and regular judicial oversight. Examining the effectiveness of data collection measures is equally important. Overseers need to know about this to assess the political value, the cost efficiency, and the need for the reauthorization of warrants. Identifying suitable metrics and methods for this remains a considerable challenge. For example, if data from a certain program or collection stream never feeds into the production of intelligence reports, does this mean that this particular data collection is superfluous and a strain on the limited resources of the intelligence community? Or, in contrast, would this be tantamount to someone cancelling a fire insurance policy simply because, thus far, his or her house has not caught fire?
Reporting
After a SIGINT collection cycle has been completed, both the government and oversight bodies need to provide adequate information about both the surveillance activities undertaken as well as their specific oversight activities thereon. To enhance public trust, the intelligence services should proactively declassify key legal documents of public interest. Such releases have, for example, allowed for the creation of rare public – and quite comprehensive – accounts of different types and patterns of compliance violations over the duration of the U.S. Section 702 program. Although full transparency of oversight activities may not be possible due to secrecy requirements, the regular reporting by oversight bodies is an indispensable means for public trust and accountability. For this, it ought to be as comprehensive and timely as possible.
 

“data subjects must be afforded appropriate safeguards, enforceable rights and effective legal remedies.”

Schrems II, para. 103
 

“Access must be subject to a prior review carried out either by a court or by an independent administrative body whose decision is designed to limit access to and use of data to what is strictly necesary”

Schrems II, Advocate Opinion, para. 293