The privacy and security debate over digital intelligence continues, but little by little the fog of controversy that followed the publication of material leaked by Edward Snowden is being cleared away.

Last month, the Prime Minister received the report[1] from the Independent Surveillance Review commissioned under the last government by Nick Clegg, then Deputy Prime Minister. The review panel reached a unanimous set of conclusions, perhaps to the surprise of some, given how broadly based the review panel was. It included former heads of the three British intelligence agencies and a senior retired police officer as well as a leading investigative journalist, parliamentarians, a law professor and an internet entrepreneur. The report called for fresh legislation both to justify necessary intrusions into privacy by the state and to regulate such activity through clear law and effective oversight.

The title of the RUSI report conveys its message: a new democratic licence to operate is needed for the security and intelligence agencies and for law enforcement. A licence for intrusive investigation that could be said to be based on three Rs: rule of law, regulation and restraint. The rule of law would allow the authorities, when necessary, through open and clear legislation, to acquire the secret intelligence needed for national security and to keep the public safe. Regulation would provide a set of strict processes for authorization of such activity, only when necessary and proportionate, and to provide for effective independent oversight to supervise and investigate governmental intrusion. Restraint would ensure that it never becomes routine for the state to intrude into the private lives of its citizens. The hallmark of a civilized society must be that the state is reluctant to intrude, is restrained in the powers it chooses to use and properly authorized when it deems it necessary.

This general approach has been reflected in other important recent reports. The Parliamentary oversight body, the Intelligence and Security Committee, has concluded, as has the distinguished QC David Anderson, the government's independent reviewer of counterterrorism legislation, that public safety and security today relies upon digital intelligence. This applies to countering jihadist terrorism, cyber criminality or people smuggling, or simply dealing with kidnaps, missing persons and would-be suicides. Just one example is the way in which law enforcement needs the leads that access to digital information about internet use and mobile communications can provide. But these major reports also concluded that the present legal framework authorising the interception of communications is unclear. They stated that it is not satisfactory for the intrusive powers used by the intelligence agencies and the police to be scattered over a number of acts of Parliament whose import in practice is, to say the least, obscure.

There is therefore increasing recognition that the public has not been satisfactorily kept abreast of how existing law has been used, for essential and legitimate purposes, to allow the interception of digital communications of all types, the use of bulk personal databases and of covert access to computer systems and networks. The case for fresh consolidating legislation has strengthened as it has become clearer how rapid developments in communication and data technology are affecting intelligence work – not least in the need to access cyberspace to defend the UK public from the effects of hostile cyber attacks.