Mass surveillance and Snoopers' Charter
MI5 broke the law by committing “serious” breach of surveillance safeguards, Liberty litigation reveals
Posted on 14 May 2019
MI5 has systematically breached safeguards in the Investigatory Powers Act when handling the public’s data.
- Investigatory Powers Commissioner’s Office (IPCO) called breach “serious” and criticised handling by MI5
- Breach shows surveillance safeguards, and oversight system, are fatally flawed
- Government still trying to keep secret nature and extent of error by applying for secret closed proceedings in Liberty litigation
MI5 has systematically breached safeguards in the Investigatory Powers Act when handling the public’s data, it has been revealed.
This data can include private messages, browsing history and location information.
So serious was the breach that, when first notified, IPCO – the body responsible for overseeing government surveillance practices – sent a team of inspectors in to MI5 for a week to investigate.
In a statement quietly released late last week by Home Secretary Sajid Javid, it was confirmed that IPCO had complained of compliance risks in how MI5 handled and retained data obtained under bulk surveillance warrants. According to the statement, IPCO concluded those risks were “serious and required immediate mitigation”. Home Secretary, Sajid Javid, has said that he will now establish an independent review of this incident.
However, though the government has admitted that “handling arrangements” around how long MI5 holds people’s data and who it shares it with failed, it has nevertheless refused to disclose details about exactly what the breach was, when it took place, how long it went on before it was discovered, who gained or had unauthorised access, or what type of information has been put at risk from among the vast array of innocent people’s private information MI5 stores and can access.
The breach shows that current legal safeguards are not sufficient to give the public confidence that bulk surveillance powers do not put us at risk, contrary to the Government’s repeated assertions.
Megan Goulding, a lawyer at Liberty, said: “This is a clear cut example of how the supposed safeguarding and oversight system is failing to protect us from the excessive and unwarranted surveillance and data retention powers created under the Snooper’s Charter.
“The breach in itself is deeply concerning but on top of that the way this has unfolded – with IPCO only finding out because MI5 reported it, and the wider public only knowing apparently because of our legal case – shows how fatally flawed the oversight system for security services is.
“It is possible, from what is known, that millions of innocent people’s data is being shared widely with foreign governments. If the Government has its way, we will never know if this is the case.
“If the UK’s surveillance regime is to have a semblance of legitimacy, the public needs to know what happened, and how badly our privacy and the security of our information were put at risk.”
Liberty fight for public right to know about inadequate safeguards and oversight
IPCO failed to spot the breach until MI5 itself reported it, calling into question whether it has the tools and resources it needs to act as an effective safeguard against unlawful surveillance. The Investigatory Powers Commissioner has also complained that MI5 was too late in notifying IPCO of its breach, demonstrating the free reign that the security services have in breaching, unnoticed, the Investigatory Powers Act.
When IPCO was made aware of the problem, it kept secret both the problem and the remedy it ordered, despite repeated promises from the oversight agency that it would act in a transparent and independent manner. It appears that the information was made public only because of Liberty’s ongoing legal challenge to the Investigatory Powers Act.
The fact that the Home Secretary has launched a review demonstrates the inadequacy of IPCO in rectifying the breach and ensuring lawful behaviour by the security services going forward.
In June, Liberty will tell the High Court that the Government’s use of bulk surveillance – broad powers to collect our messages and browsing history, hack devices, and create large datasets, all without suspicion – dangerously undermines our privacy and free expression.
To continue its cover-up of the nature and extent of the breach, the Government has now applied to the Court in Liberty’s case to have all information regarding the breach heard in secret closed proceedings, from which Liberty and the public are excluded – a move that will prevent the public and Parliament from learning more about this violation of the law. Liberty will fight in the case to uncover for the public information about the breach and what happened to our data. The case will be heard next month.
MI5 is also investigating other instances of potential non-compliance in two further areas, according to the Government’s application, but no further information is given.
Background
This is the second part of Liberty’s challenge to the Investigatory Powers Act. In April 2018, Liberty won the first part of this case when the High Court found the Government’s power to order private companies to store communications data, including internet history, so that state agencies can access it, breached our right to privacy.
The Government has since had to amend this part of the Investigatory Powers Act.
The Investigatory Powers Act became law in late 2016. It was intended to introduce transparency to state surveillance following Edward Snowden’s revelations of unlawful mass monitoring of the public’s communications. However, it legalised the practices he exposed and introduced hugely intrusive new powers.
A public petition calling for its repeal attracted more than 200,000 signatures, but was not debated by Parliament.
The Investigatory Powers Act allows the state to collect the content of people’s digital communications and records about those communications created by our devices, and hack computers, phones and tablets on an industrial scale. It also allows the creation and linking of huge ‘bulk personal datasets’. The state can do all of this regardless of whether it suspects anyone of a crime or other threat.
In September last year, Liberty, along with 13 other human rights and journalism groups and two individuals, won its challenge to the previous surveillance regime, at the European Court of Human Rights. The European Court found that the UK’s previous regime for bulk interception of communications data was unlawful.
The Investigatory Powers Act replaced, replicated, and expanded the intrusive surveillance powers that the European Court found to breach our rights to privacy and free expression.
Liberty instructs Shamik Dutta at Bhatt Murphy Solicitors, and Martin Chamberlain QC and David Heaton of Brick Court Chambers, and Ben Jaffey QC of Blackstone Chambers.
For enquiries and interviews, please contact the Liberty press office: 0207 378 3656 / 07973 831 128 / pressoffice@liberty-human-rights.org.uk
I'm looking for advice on this
Did you know Liberty offers free human rights legal advice?
What are my rights on this?
Find out more about your rights and how the Human Rights Act protects them
Did you find this content useful?
Help us make our content even better by letting us know whether you found this page useful or not