Overview
After a SIGINT collection cycle has been completed, both the government and oversight bodies need to provide adequate information about both the surveillance activities undertaken as well as their specific oversight activities thereon. To enhance public trust, the intelligence services should proactively declassify key legal documents of public interest. Such releases have, for example, allowed for the creation of rare public – and quite comprehensive – accounts of different types and patterns of compliance violations over the duration of the U.S. Section 702 program.
Although full transparency of oversight activities may not be possible due to secrecy requirements, the regular reporting by oversight bodies is an indispensable means for public trust and accountability. For this, it ought to be as comprehensive and timely as possible.
Relevant Aspects
Information on oversight methods and capacities, especially with a view to bulk surveillance, should be provided to the greatest extent possible. Reports should draw a holistic picture of all intelligence activities. This leads to the questions: What contextual materials and statistical information are provided to the public? What outreach activities are pursued, and how does the oversight body communicate with the public?
Intelligence governance will benefit from greater public knowledge of oversight activities as well as increased insights on how surveillance is conducted. Our comparative review of national oversight systems has shown that there is room for advanced transparency reporting. This includes both more information on the use of bulk powers in actual practice and the dynamics of oversight (e.g., reporting standards on available statistics regarding the authorization process, such as the total number of approved and rejected applications, the number of authorizations with conditions, etc.). Systematic reporting on errors in bulk surveillance should also be explored.
Although effective whistleblower protections remain crucial – not least in SIGINT agencies – developing more structured and comprehensive accounts of both successes and failures of intelligence activities could also support public trust in the services.
In targeted surveillance systems, persons whose private communications have been intercepted ought to be informed about this so that they have a chance for effective remedy. Although this may not be practicable in non-targeted foreign surveillance regimes, there might be options to introduce an obligation to inform EU citizens when their data is swept up in foreign communications data collection by a fellow European country.