A legal challenged brought by Liberty in the UK High Court has pointed to the “undoubtedly unlawful” bulk retention of largely innocent peoples communications data (telecoms and internet) by MI5, which stems from an apparent failure to adhere to the safeguards set out in the Government’s 2016 Investigatory Powers Act (IPAct).
The IPAct supports various measures such as targeted interceptions of communications, computer hacking for investigations and it forces telecoms providers (e.g. fixed line phone, mobile and broadband ISPs) to log the basic calls / internet activity of all their customers for up to 12 months (Internet Connection Records). However the actual content of your communications can only be accessed upon receipt of a warrant.
The new law also introduced safeguards to govern how such information should be stored and handled, which were designed to protect against the misuse of bulk data collection. Despite this Liberty’s court case has unearthed new documents, which shows that the secret service (MI5) “has been unlawfully retaining innocent people’s data for years.”
Advertisement
The first real confirmation of a problem came last month after the Investigatory Powers Commissioner (IPCO), Rt Hon Lord Justice Fulford, warned of “compliance risks identified by MI5,” which he later deemed to be representative of “undoubtedly unlawful” conduct.
In response the Lord sent a team to MI5 to investigate the problem and was seemingly “reassured that MI5 has taken immediate steps to introduce a series of mitigating actions .. [that should] .. provide sufficient reassurance that MI5’s handling arrangements within the particular area of concern are now satisfactory as regards warranted material.”
Liberty’s ongoing legal challenge to the IPAct has now revealed more detail from those breaches, including that “MI5 has failed to meet its legal duties for as long as the IPA has been law.”
Liberty’s Summary of the Documents
Illegal actions: The Commissioner concluded that the way MI5 was holding and handling people’s data was “undoubtedly unlawful”, setting out that: “Without seeking to be emotive, I consider that MI5’s use of warranted data… is currently, in effect, in ‘special measures’ and the historical lack of compliance… is of such gravity that IPCO will need to be satisfied to a greater degree than usual that it is ‘fit for purpose’“.
MI5 knew for three years before informing IPCO: MI5 failed to maintain key safeguards, such as the timely destruction of material and the protection of legally privileged material. This, says Lord Justice Fulford created “serious compliance gaps” in its legal duties. Shockingly, these gaps first became clear to MI5 staff in January 2016, and the MI5 board in January 2018, but were only brought to IPCO’s attention in February 2019. Even then Fulford accuses MI5 officials of continuing to use “misleading euphemism” when describing their failure.
False assurances: Warrants for bulk surveillance were issued by senior judges (known as Judicial Commissioners) on the understanding that MI5’s data handling obligations under the IPA were being met – when they were not. The Commissioner has pointed out that warrants would not have been issued if breaches were known. The Commissioner states that “it is impossible to sensibly reconcile the explanation of the handling of arrangements the Judicial Commissioners were given in briefings…with what MI5 knew over a protracted period of time was happening.“
A senior official at MI5 is also understood to have told Lord Justice Fulford that at least some of the personal data collected was being stored in so-called “ungoverned spaces” (very reassuring). The legal team for MI5 further confirmed there was a “high likelihood [of material] being discovered when it should have been deleted, in a disclosure exercise leading to substantial legal or oversight failure“.
Advertisement
Megan Goulding, Liberty Lawyer, said:
“These shocking revelations expose how MI5 has been illegally mishandling our data for years, storing it when they have no legal basis to do so. This could include our most deeply sensitive information – our calls and messages, our location data, our web browsing history.
It is unacceptable that the public is only learning now about these serious breaches after the Government has been forced into revealing them in the course of Liberty’s legal challenge. In addition to showing a flagrant disregard for our rights, MI5 has attempted to hide its mistakes by providing misinformation to the Investigatory Powers Commissioner, who oversees the Government’s surveillance regime.
And, despite a light being shone on this deplorable violation of our rights, the Government is still trying to keep us in the dark over further examples of MI5 seriously breaching the law.”
The UK Government’s Home Secretary, Sajid Javid MP, has promised to launch an independent review of this incident and Liberty is continuing with their legal challenge of the law.
Does vpn mitigate this or not?
They would only know you’re connected to a VPN.
Well, it might conceal from GCHQ. Whoever is monitoring the VPN’s connectivity to the wider Internet will be snooping instead.
Against GCHQ, No. Against copyright trolls, probably.
Your VPN stands no chance against entities with the resources of a country like the UK. All it does for you is really to add a few extra hoops to the task of unmasking a user’s identity, which simply turns it into an economic question: are you valuable enough to unmask?
Many erstwhile malicious hackers and cryptocurrency (ab)users often learn this the hard way
But remember its China that is the real evil that wants to monitor, intercept and hack us all. We all live in an open, honest, democratic country….. Woops the codswallop meter has just exploded.
no surprises at this piece of news, we were about due for another privacy scandal.