The UK’s domestic-facing intelligence agency, MI5, has admitted that it captured and read Privacy International’s private data as part of its Bulk Communications Data (BCD) and Bulk Personal Datasets (BPD) programmes, which hoover up massive amounts of the public’s data. In further startling legal disclosures, all three of the UK’s primary intelligence agencies – GCHQ, MI5, and MI6 – also admitted that they unlawfully gathered data about Privacy International or its staff.
The intelligence agencies have repeatedly denied that their BPD and BCD programmes are tantamount to mass surveillance of people not suspected of any wrongdoing. Documents published today demonstrate that Privacy International, an international NGO, has been caught up in MI5’s investigations because its data was part of the UK intelligence agencies vast databases.
These revelations came during the course of Privacy International’s challenge to the BPD and BCD powers, which is currently pending before the Investigatory Powers Tribunal (IPT), a court which is set up to hear claims against the UK intelligence services. The IPT is required to inquire into any unlawful activity by the UK intelligence agencies, and to provide a summary of such activity to any claimant that comes before it.
Today’s news comes in the wake of last week’s judgment by the European Court of Human Rights which found another of the UK’s mass surveillance programmes – the mass interception of internet communications – to be unlawful. A major aspect of the Court’s criticism of the mass interception programmes was the lack of oversight and safeguards surrounding how the data is collected, searched, and accessed. Today’s revelations highlight the danger that can arise from such a lack of safeguards, the absence of which has allowed an intelligence agency to extract data about a human rights charity from that massive trove.