LONDON — British spies are right to draw on the data gathered by the U.S. National Security Agency's PRISM program, a parliamentary committee said Wednesday, one of the first outside assessments of the surveillance program exposed by leaker Edward Snowden.
The U.K.'s Intelligence and Security Committee also said there is nothing to suggest that Britain's eavesdropping agency GCHQ — the Government Communications Headquarters — is using PRISM to get around restrictions on domestic espionage.
"It has been alleged that GCHQ circumvented U.K. law by using the NSA's PRISM program to access the content of private communications," the committee said in a three-page statement posted to its website. "From the evidence we have seen, we have concluded that this is unfounded."
The mechanics of PRISM are still little-understood, but initial reports described it as being able to pull private data directly from the servers of Silicon Valley's biggest firms. The exposure of PRISM and other programs by the Guardian and The Washington Post set off a global debate over the explosion of surveillance in the digital age and the role of the United States as the lynchpin of the online economy.
The companies involved have since denied offering the NSA wholesale access to their data, but the news that GCHQ also uses PRISM sparked concern in Britain that privileged access to U.S. companies' data had been used to leapfrog U.K. law.
The Intelligence Committee said it had received detailed evidence from GCHQ about PRISM, including a list of counterterrorism operations for which GCHQ had drawn on U.S. intelligence, a list of all U.K. individuals monitored through the program, and an undisclosed number of intelligence reports which drew on PRISM data. Lawmakers said that they had also discussed the program with its U.S. congressional counterpart and with the NSA.
The committee, chaired by Conservative lawmaker and former minister Malcolm Rifkind, said its review of the evidence left it satisfied that GCHQ was operating within the law. It also flatly denied that PRISM was linked to data mining — the name given to the process of sifting through mountains of data to look for patterns and hunt for suspicious behavior.
"Access under PRISM is specific and targeted," it said.