MI5 slammed by watchdog for failing to delete intercepted phone and internet data
#1
A watchdog has criticised MI5 for unlawfully storing and accessing data about people’s telephone and internet activities.

The Security Service failed to inform the Office of the Investigatory Powers Commissioner of serious “compliance risks” for at least a year after it became aware of them, a report the Investigatory Powers Commissioner reveals.

MI5 showed “serious deficiencies” in meeting legal requirements to limit sharing of intercepted phone, email and web browser data and to destroy it when it was no longer needed, the Investigatory Powers Commissioner said yesterday.

MI5 collects bulk data on the population’s phone calls, phone location, email and web browsing activities under warrants approved by the Home Secretary and independent judicial commissioners.

It also accesses databases, known as bulk personal datasets, which contain biographical data and records of the commercial and financial activities, travel and communications of people in the UK, the majority of whom are of no intelligence interest.

In a report published yesterday, Adrian Fulford, who stepped down as Investigatory Powers Commissioner in October 2019, said it was a matter of “serious concern” that MI5 did not bring compliance failures to his attention at an earlier stage.

MI5 was aware that the IT systems, known as “technology environments” used to store and analyse data, were at risk of breaching legally required privacy safeguards since at least 2018, and “probably considerably earlier”, he said in ICPO’s 2018 annual report.

MI5 should have considered whether it could legally continue to collect surveillance data on systems that failed to meet the legal safeguards laid down in the Investigatory Powers Act 2016, also known as the Snoopers’ Charter.

Quote:“We judge that, by January 2018 (indeed, most probably considerably earlier), MI5 had a clear understanding of the principle compliance risks associated with these technology environments, to the extent that they should have carefully considered the legality of continuing to store and exploit operational data on those systems,” Fulford wrote.


The report gives only a partial account of the problems discovered at MI5, however documents reveal that MI5 board was alerted to serious risks in the way it managed information as early as May 2003.



https://www.computerweekly.com/news/2524...ernet-data
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Crypto is the best way to bust Internet censorship Ladyanne3 6 3,095 Mar 10, 2024, 15:52 pm
Last Post: maskaw
  Italian data protection authority strikes another major blow to Google Analytics Resurgence 0 11,239 Jun 24, 2022, 00:29 am
Last Post: Resurgence
  US: Hidden anti-cryptography provisions in Internet anti-trust bills Resurgence 0 11,349 Jun 23, 2022, 00:57 am
Last Post: Resurgence
  Mullvad VPN server audit found no information leakage or logging of customer data Resurgence 0 10,707 Jun 23, 2022, 00:52 am
Last Post: Resurgence
  Mongolians to be alerted when their personal data is used Resurgence 0 9,704 Jun 22, 2022, 00:49 am
Last Post: Resurgence



Users browsing this thread: 1 Guest(s)