SuprBay: The PirateBay Forum

Full Version: MI5 slammed by watchdog for failing to delete intercepted phone and internet data
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
A watchdog has criticised MI5 for unlawfully storing and accessing data about people’s telephone and internet activities.

The Security Service failed to inform the Office of the Investigatory Powers Commissioner of serious “compliance risks” for at least a year after it became aware of them, a report the Investigatory Powers Commissioner reveals.

MI5 showed “serious deficiencies” in meeting legal requirements to limit sharing of intercepted phone, email and web browser data and to destroy it when it was no longer needed, the Investigatory Powers Commissioner said yesterday.

MI5 collects bulk data on the population’s phone calls, phone location, email and web browsing activities under warrants approved by the Home Secretary and independent judicial commissioners.

It also accesses databases, known as bulk personal datasets, which contain biographical data and records of the commercial and financial activities, travel and communications of people in the UK, the majority of whom are of no intelligence interest.

In a report published yesterday, Adrian Fulford, who stepped down as Investigatory Powers Commissioner in October 2019, said it was a matter of “serious concern” that MI5 did not bring compliance failures to his attention at an earlier stage.

MI5 was aware that the IT systems, known as “technology environments” used to store and analyse data, were at risk of breaching legally required privacy safeguards since at least 2018, and “probably considerably earlier”, he said in ICPO’s 2018 annual report.

MI5 should have considered whether it could legally continue to collect surveillance data on systems that failed to meet the legal safeguards laid down in the Investigatory Powers Act 2016, also known as the Snoopers’ Charter.

Quote:“We judge that, by January 2018 (indeed, most probably considerably earlier), MI5 had a clear understanding of the principle compliance risks associated with these technology environments, to the extent that they should have carefully considered the legality of continuing to store and exploit operational data on those systems,” Fulford wrote.


The report gives only a partial account of the problems discovered at MI5, however documents reveal that MI5 board was alerted to serious risks in the way it managed information as early as May 2003.



https://www.computerweekly.com/news/2524...ernet-data