The United Kingdom’s GCHQ is taking advantage of loopholes in the rules meant to regulate the spy agency and monitoring British communications that take place on U.S.-based social media platforms, including Facebook, Twitter and Google, according to Privacy International and other civil liberties watchdogs.

Director General of the Office Security and Counter-Terrorism Charles Farr, the highest-ranking counter-terror official in the U.K., said the surveillance is legal since even though the messages are sent by and intended for Britons, they travel through servers hosted in America. In response to a legal challenge to the GCHQ policy by Privacy International, Farr described the data sent on those services as “external” rather than “internal.”

The GCHQ is required to obtain a warrant to collect communication transmitted inside Britain, although it does have a broad authority to intercept messages sent outside the country.

Farr, formerly a member of MI6, asserted that while the social media communication is collected under the agency's “external” jurisdiction, the messages “cannot be read, looked at or listened to.” The legal terms of the policy are defined in the regulation of Investigatory Powers Act, which covers “common factual scenarios involving the use of the Internet, such as a Google search, a search of YouTube for a video, a tweet on Twitter, or the posting of a message on Facebook,” he added.

The director’s witness statement was published Tuesday as part of the government’s defense against a case brought by Privacy International, Liberty, Amnesty International and a number of other civil rights organizations before the Investigatory Powers Tribunal, which deals with legal complaints against the British intelligence services, the Guardian reported.

Farr’s statement marks the first time a British official has commented on the record about how the government exploits broad legal language to monitor Britons’ Internet activity.

The legal challenges were inspired by reports in the Guardian and on Glenn Greenwald’s website the Intercept based on intelligence documents leaked by former U.S. National Security Agency contractor Edward Snowden. More than simply logging British communication, those sites reported, intelligence analysts have developed sophisticated malware capable of recording an individual’s keystrokes and of hacking an individual computer’s camera without that person’s knowledge.

Privacy International blasted the GCHQ’s alleged surveillance methods, arguing that it constitutes the same thing as “entering someone’s house, searching through his filing cabinets, diaries and correspondence, and planting devices to permit constant surveillance in future, and, if mobile devices are involved, obtaining historical information including every location he had visited in the past year.”

Farr argued in his 48-page explanation that such accusations are exaggerated, and that the surveillance that is conducted is necessary to protect national security.  

“Any regime that … only permitted interception in relation to specific persons or premises would not have allowed adequate levels of intelligence information to be obtained and would not have met the undoubted requirements of intelligence for the protection of national security,” he said.