MI5 Breached Surveillance Law for Years

Written by

MI5’s breaches of the law in its handling and retention of bulk surveillance data are much worse than first thought, according to new legal documents revealed as part of an ongoing case.

Rights group Liberty is challenging outgoing Prime Minister Theresa May’s flagship Snoopers’ Charter, aka the Investigatory Powers Act (IPA): a law which allows the security services to hack devices and intercept communications en masse, collecting and storing info on countless innocent citizens.

Last month it was revealed that MI5 had breached IPA safeguards, something home secretary Sajid Javid described as “compliance risks” that require “serious and required immediate mitigation.”

However, this week Liberty disclosed 10 further documents and letters from MI5 and watchdog the Investigatory Powers Commissioner (IPCO) detailing “undoubtedly unlawful” conduct from the security service for as long as the IPA has been in existence.

“Without seeking to be emotive, I consider that MI5’s use of warranted data...is currently, in effect, in ‘special measures’ and the historical lack of compliance... is of such gravity that IPCO will need to be satisfied to a greater degree than usual that it is ‘fit for purpose',” the commissioner wrote in one.

MI5 failed to safeguard citizens’ privacy by, for example, destroying material in a timely manner or protecting legally privileged material, and knew about such “compliance gaps” for three years before telling the IPCO, according to Liberty.

MI5’s false assurances extended to its maintaining to senior judges that data handling obligations were being met, resulting in warrants for bulk surveillance being issued that otherwise would not have been forthcoming.

The new evidence also revealed that personal data collected by MI5 is being stored in “ungoverned spaces,” and that the intelligence service’s lawyers claim there is “a high likelihood [of it] being discovered when it should have been deleted, in a disclosure exercise leading to substantial legal or oversight failure.”

The government is now trying to minimize the fallout from more damaging revelations by applying for further details to be provided to the court through private hearings.

“These shocking revelations expose how MI5 has been illegally mishandling our data for years, storing it when they have no legal basis to do so. This could include our most deeply sensitive information – our calls and messages, our location data, our web browsing history,” argued Liberty lawyer, Megan Goulding.

“It is unacceptable that the public is only learning now about these serious breaches after the government has been forced into revealing them in the course of Liberty’s legal challenge. In addition to showing a flagrant disregard for our rights, MI5 has attempted to hide its mistakes by providing misinformation to the Investigatory Powers Commissioner, who oversees the government’s surveillance regime.”

What’s hot on Infosecurity Magazine?