The British intelligence agency MI5 been unlawfully retaining innocent people’s data for years.
At a judicial review of the spy agency’s activities, lawyers for privacy watchdog group Liberty said that MI5 had acknowledged internally that data was being mishandled.
The spy agency did not store data correctly and kept it for too long. The intelligence services have long been known to store vast quantities of data.
The Investigatory Powers Act (IPA) – known as the Snoopers’ Charter – arms the security services with special powers, under warrants issued by judicial commissioners, to hack computers and phones and intercept people’s communications.
This then allows the government to carry out surveillance on people who are of no intelligence interest. That information is then stored by the security services for potential investigations in the future.
Liberty said the Investigatory Powers Commissioner’s Office (IPCO) had delivered a highly critical assessment of the domestic spy agency in London’s High Court over storage of data it had gathered.
The IPCO is responsible for checking that sweeping intrusive powers allowed under the Investigatory Powers Act (IPA) are used appropriately, including how data is stored or deleted.
It was partly introduced to provide more transparency around surveillance powers, provides vital tools to protect the public from criminals, paedophiles and terrorism, government and security officials.
Critics argue it grants police and spies some of the most extensive snooping capabilities in the West.
“These shocking revelations expose how MI5 has been illegally mishandling our data for years, storing it when they have no legal basis to do so,” said Megan Goulding, a lawyer for the civil liberties group.
“This could include our most deeply sensitive information – our calls and messages, our location data, our web-browsing history.”
Use of data
Liberty said documents presented at court by the Commissioner, Adrian Fulford, showed that MI5 had in effect been put into “special measures” over its use of data obtained under warrants.
Fulford had also said compliance failures first become clear back in January 2016 but were only brought to the IPCO’s attention in February this year, it said.
In May, Home Secretary Sajid Javid said “compliance risks” had been identified with how MI5 handled data.
In a statement to Parliament, he wrote: “The report of the Investigatory Powers Commissioner’s Office into these risks concluded that they were serious and required immediate mitigation.”
“The Commissioner also expressed concern that MI5 should have reported the compliance risks to him sooner.”
Mr Javid said MI5 had taken “immediate and substantial mitigating actions” to address concerns and the IPCO was monitoring this to ensure enough progress was being made.
Both the Home Office and IPCO said they had no further comment on the issue.
This is not the first time that the intelligence and security services have come under scrutiny.
Former U.S. security agency contractor Edward Snowden leaked details of mass monitoring tactics used by U.S. and British agents in 2013.
In 2015 then Home Secretary Theresa May admitted to Parliament that MI5 and GCHQ had been bulk collecting the phone and email data of the general public since 2001.