20 April 2016
Previously confidential documents published today reveal the staggering extent of UK Government surveillance that has been kept secret from the public and Parliament for the last 15 years. Revealed in a case brought by Privacy International about the use of so-called ‘Bulk Personal Datasets’ and a law dating back to 1984, the extracts show that the UK Government’s intelligence services, GCHQ, MI5, and MI6, routinely requisition personal data from potentially thousands of public and private organisations. This includes data held by financial institutions and may also include anything from confidential NHS records to databases of people who have signed electronic petitions.
The term ‘Bulk Personal Datasets’ was first used in March last year in an Intelligence & Security Committee (ISC) Report. Even the ISC, the Parliamentary Committee that oversees the work of the intelligence agencies and has full security clearance, was unaware of the use of BPDs until recently. The papers released today act as proof of, and show the sheer scale of, British intelligence agency surveillance of our personal data. It goes far beyond monitoring our text messages, email messages, and social media posts. The intelligence agencies have secretly given themselves access to potentially any and all recorded information about us.
The documents reveal the potential to requisition medical records and confidential information shared with a doctor (including blood group, physical characteristics (hair/eye colour), biometrics), travel records, financial records, population data, commercial data (details of corporations and individuals involved in commercial activities), regular feeds from internet and phone companies, billing data or subscriber details, content of communications (including with lawyers, MPs, or doctors), and records from government departments.
The Intelligence and Security Committee reported (paras 156, 158) that there are hundreds of millions of records which may be linked together. The datasets are likely to contain significant quantities of information about British citizens. None of the intelligence agencies have been able to provide statistics about the volume of personal information about British citizens included in the datasets.
The extent of abuses of personal sensitive data has also been revealed for the first time. In recent years only three cases of non-compliance or misuse resulted in staff being disciplined. It is not apparent that any victims have been notified.
The documents also describe the intelligence agencies’ use of Section 94 of The Telecommunications Act 1984 to access data in bulk. The Telecommunications Act is pre-internet legislation that was never intended to enable this level of intrusion in a digital age. Until November 2015 that use of Section 94 to require telecommunications companies to provide bulk access to communications data outside the protections of the RIPA (Regulation of Investigatory Powers Bill) regime was unknown…..
< – >
Court asks DOJ for basic info on NITs. DOJ says “no” and all but slaps the court in the face