The sheer scale of UK Government’s overwatch activities (or spying) on its own citizens has been revealed in new documents.

The information came to light after campaign group Privacy International last June filed a legal challenge in the Investigatory Powers Tribunal, about whether “the acquisition, use, retention, disclosure, storage and deletion of Bulk Personal Datasets is in accordance with the law and necessary and proportionate.

Bulk Data Collection

For those that don’t know, the Investigatory Powers Tribunal is the oversight body that handles complaints against UK intelligence agencies including MI5, MI6 and GCHQ.

As a result of its legal challenge, Privacy International gained a cache of more than 100 memorandums, forms and policy papers.

The documents show that respective Home Secretaries, of both political hues, have been authorising the bulk collection of personal data for much longer than was first thought. Indeed, the documents shows that since 2001, intelligence agencies have been using powers granted by section 94 of the 1984 Telecommunications Act to collect and store bulk data.

Essentially, the bulk data collection process mined information from a wide variety of sources including financial records, medical records, travel records, passports, telephones calls, emails, social media and other sources, in order to build up personal data about not just criminal and terrorist suspects, but also the vast majority of British citizens.

The extracts show that the UK Government’s intelligence services, GCHQ, MI5, and MI6, routinely requisition personal data from potentially thousands of public and private organisations,” said Privacy International. “This includes data held by financial institutions and may also include anything from confidential NHS records to databases of people who have signed electronic petitions.”

The documents reveal the potential to requisition medical records and confidential information shared with a doctor (including blood group, physical characteristics (hair/eye colour), biometrics), travel records, financial records, population data, commercial data (details of corporations and individuals involved in commercial activities), regular feeds from Internet and phone companies, billing data or subscriber details, content of communications (including with lawyers, MPs, or doctors), and records from government departments,” said Privacy International.

And it should be remembered that this bulk personal data about British citizens would more than likely be exchanged with foreign governments, namely the five key intelligence allies (the US, Australia, Canada and New Zealand).

The documents also show that both the government and intelligence agencies are well aware of the legal implications of handling this amount of personal data.

The documents revealed that in recent years only three cases of non-compliance or misuse resulted in staff being disciplined. Privacy International said it is not apparent that any victims have been notified.

Staggering Extent

The information revealed by this disclosure shows the staggering extent to which the intelligence agencies hoover up our data,” said Millie Graham Wood, Legal Officer at Privacy International.

“This can be anything from your private medical records, your correspondence with your doctor or lawyer, even what petitions you have signed, your financial data, and commercial activities.”

This data is integrated into databases that could be used to build detailed profiles about all of us,” said Graham Wood. “The agencies themselves admit that the majority of data collected relates to individuals who are not a threat to national security or suspected of a crime.”

This highly sensitive information about us is vulnerable to attack from hackers, foreign governments, and criminals,” said Graham Wood. “The agencies have been doing this for 15 years in secret and are now quietly trying to put these powers on the statute book for the first time, in the Investigatory Powers Bill, which is currently being debated in Parliament. These documents reveal a lack of openness and transparency with the public about these staggering powers and a failure to subject them to effective Parliamentary scrutiny.”

Bulk powers have been essential to the security and intelligence agencies over the last decade and will be increasingly important in the future,” a Home Office spokesman told the Guardian newspaper.

Criminal Treatment

The acquisition and use of bulk provides vital and unique intelligence that the security and intelligence agencies cannot obtain by any other means,” said the Home Office. “The security and intelligence agencies use the same techniques that modern businesses increasingly rely on to analyse data in order to overcome the most significant national security challenges.”

But despite this Government claim, security experts are alarmed at the scale of the Government’s bulk data collection programme.

The UK Government and its intelligence agencies are watching UK citizens as if they were criminals,” said Jacob Ginsberg, Senior Director at security specialist Echoworx. “This kind of cyber surveillance is no different to old school wire-tapping.”

However, a wiretap may only be approved by a court if evidence of reasonable suspicion can be found,” said Ginsberg. “The Government should not be allowed to circumvent existing laws that have been put in place to protect law abiding citizens from potentially harmful intrusion. Having the power to sweep someone’s phone records, financial data, medical records and internet communications without a warrant during bulk data collection is morally wrong.”

Meanwhile a trail at the investigatory powers tribunal, behind closed doors, is scheduled for this July. It will hear complaints about state-authorised surveillance.

Think you know about privacy issues? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

AT&T Admits Data Breach Impacted “Nearly All” Customers

American telecommunications giant AT&T admits that “nearly all” customer accounts were compromised in 2022 breach

2 days ago

Elon Musk’s X Breached DSA Rules, EU Finds

X's Blue checks 'used to mean trustworthy sources of information. Now our preliminary view is…

2 days ago

Japan’s SoftBank Acquires AI Chip Start-up Graphcore

SoftBank Group has purchased another British chip firm, with the acquisition of Bristol-based Graphcore Ltd…

2 days ago

Samsung AI-Upgraded Bixby Voice Assistant Coming This Year

Samsung reportedly confirms it will launch the upgraded voice assistant Bixby this year, that will…

3 days ago

Next Neuralink Brain Implant Coming Soon, Says Musk

Despite an issue with first Neuralink implant in a patient, Elon Musk says second brain…

3 days ago

EU Accepts Apple’s Legal Commitments To Open NFC Access

Legal commitment over Apple's NFC-based mobile payments system, which is to be opened to rival…

3 days ago