Newly released documents reveal the "staggering extent" of the British government's mass surveillance of its citizens, ongoing since at least the 1990s, and its 15-year coverup of those operations.
The documents, acquired by the London-based watchdog group Privacy International, show that the UK's intelligence agencies—MI5, MI6, and Government Communications Headquarters (GCHQ)—"routinely requisition personal data from potentially thousands of public and private organizations" under Section 94 of the 1984 Telecommunications Act.
That includes financial data; confidential health records; travel records; content of communications, including with lawyers, doctors, and ministers of Parliament; and personal online activity, such as petition signing, among other data. The documents also show that agencies continued to request information on scores of citizens despite privately acknowledging (pdf) that it is "unlikely to be of intelligence or security interest."
Privacy International obtained the documents as part of an ongoing case about the use of these so-called "Bulk Personal Datasets" and the 1984 law, which the group describes as "pre-internet legislation that was never intended to enable this level of intrusion in a digital age." A trial will take place later this summer at the Investigatory Powers Tribunal (IPT), which hears cases about surveillance and intelligence.
"The information revealed by this disclosure shows the staggering extent to which the intelligence agencies hoover up our data," said Millie Graham Wood, legal officer at Privacy International. "This can be anything from your private medical records, your correspondence with your doctor or lawyer, even what petitions you have signed, your financial data, and commercial activities."
As the Guardian notes:
The frequency of warnings to intelligence agency staff about the dangers of trespassing on private records is at odds with ministers’ repeated public reassurances that only terrorists and serious criminals are having their personal details compromised.
[....]The papers show that data handling errors remain a problem. Government lawyers have admitted in responses to Privacy International that between 1 June 2014 and 9 February this year, “47 instances of non-compliance either with the MI5 closed section 94 handling arrangements or internal guidance or the communications data code of practice were detected.” Four errors involved “necessity and proportionality” issues; 43 related to mistransposed digits, material that did not relate to the subject of investigation or duplicated requests.
The documents also come as Parliament considers sweeping surveillance legislation known as the Investigatory Powers Bill, and often referred to by opponents as the "Snooper's Charter."
The government has argued that under the law, intelligence agencies would only conduct targeted searches of legally obtained records in national security investigations. However, as Wood explains, "the agencies themselves admit that the majority of data collected relates to individuals who are not a threat to national security or suspected of a crime. This highly sensitive information about us is vulnerable to attack from hackers, foreign governments, and criminals.
"The agencies have been doing this for 15 years in secret and are now quietly trying to put these powers on the statute book for the first time, in the Investigatory Powers Bill, which is currently being debated in Parliament," she said. "These documents reveal a lack of openness and transparency with the public about these staggering powers and a failure to subject them to effective Parliamentary scrutiny."