British security services “routinely” collect personal data on bulk from thousands of public and private organizations, including confidential medical and financial records, newly-disclosed documents show.
The previously-confidential files, obtained by campaign group Privacy International (PI) as part of an ongoing legal case challenging the collection of bulk personal datasets (BPDs), have revealed “the staggering extent to which the intelligence agencies hoover up our data.”
In March 2015, the government first owned up to the use of BPDs by its intelligence agencies, including by MI6, MI5 and GCHQ. BPDs include call logs, internet traffic, and medical, financial and travel records of British citizens.
“It goes far beyond monitoring our text messages, email messages, and social media posts. The intelligence agencies have secretly given themselves access to potentially any and all recorded information about us,” PI explains.
“The agencies themselves admit that the majority of data collected relates to individuals who are not a threat to national security or suspected of a crime. This highly sensitive information about us is vulnerable to attack from hackers, foreign governments, and criminals,” PI’s legal officer Millie Graham Wood said in a statement.
BPDs currently account for 5 percent of all data stored by GCHQ, the files reveal.
An oversight committee reviews the storage of BPDs every six months. Since 2005, home secretaries have had to reauthorize the collection of these data sets twice a year.
Wood warned the government’s controversial Investigatory Powers Bill would codify and legitimize these practices.
“The agencies have been doing this for 15 years in secret and are now quietly trying to put these powers on the statute book for the first time, in the Investigatory Powers Bill, which is currently being debated in Parliament. These documents reveal a lack of openness and transparency with the public about these staggering powers and a failure to subject them to effective Parliamentary scrutiny.”
In a statement, the Home Office defended the use of BPDs, saying their acquisition provides “vital and unique intelligence.”
The document cache also contains guidance for intelligence officers who have access to surveillance systems. One document aimed at MI6 employees warns officers not to scour the surveillance databases “for information about other members of staff, neighbors, friends, acquaintances, family members and public figures unless it is necessary to do so as part of your official duties.”
The revelations come after a survey revealed the majority of Britons remain unconcerned about the potential ramifications of the Investigatory Powers Bill.
Of 1,600 respondents surveyed by Broadband Genie, 75 percent said they had not heard of the IP Bill. Asked if they backed the government’s plans to ramp up mass surveillance in Britain, a third said they didn’t care either way.