MI5 has no control of its storage of vast volumes of people’s calls, messages, web browsing history, as well as other personal data that the agency has managed to obtain on the basis of surveillance warrants, which were often issued under false pretext, the High Court heard on Tuesday in a legal challenge brought by the human rights organization Liberty.
Liberty claims that the MI5 persistently violates privileges obtained by the Investigatory Powers Act (IPA), which allows the security services to hack individuals’ computers and phones in the name of national security. The agency’s failures have been identified by the head of the Investigatory Powers Commissioner’s Office (IPCO), Sir Adrian Fulford, who is tasked with safeguarding the storage and timely deletion of bulk data. A series of 10 documents and letters from MI5 and IPCO have been shared with the court in support of the claims.
The spy agency has been aware of breaches of compliance with the IPA for at least three years but has “kept the failings secret,” according to the evidence presented. The MI5 handling of people’s data was found to be “undoubtedly unlawful”by Fulford, who accused the intelligence service of “historical lack of compliance” with IPA safeguards.
Furthermore, the spying apparatus is being accused of misleading the judges when applying for surveillance warrants under false assurance that proper storage of the data will be met. Hacking warrants would have never been issued if breaches were known, Fulford pointed out.
“MI5 have been holding on to people’s data – ordinary people’s data, your data, my data – illegally for many years,” Megan Goulding, a lawyer for Liberty, said. “Not only that, they’ve been trying to keep their really serious errors secret – secret from the security services watchdog, who’s supposed to know about them, secret from the Home Office, secret from the prime minister and secret from the public.”
According to Yair Cohen, a social media lawyer and the author of the book ‘The Net is Closing: Birth of the e-police’, the issue here is not necessarily the collection of the data but the way it has been unlawfully stored.
“The storage of the data exceeded the time it was allowed to be stored, which means that the whole exercise can be rendered unlawful,” Cohen told RT. Failure to erase bulk data once it is no longer needed could “endanger people whose data MI5 possessed,” he claimed.
“This type of data has been kept in an insecure manner. It means that it was perhaps open for hundreds of people to view it…maybe there would have been leaks of the data to all sort of organizations that shouldn’t really be accessing the data for national security reasons,” Cohen explained.