Many of the surveillance techniques — such as scooping up the metadata of communications and using malware to gain access to the computers and mobile phones of terrorism suspects — have already been in use by U.K. spy agencies and the law now gives them explicit authority.