British spies unlawfully retained people’s intercepted data for nearly five years, a landmark tribunal has ruled, with judges criticising “widespread corporate failure” at M15 and the Home Office.
Under laws dubbed the Snoopers’ Charter by privacy campaigners, UK intelligence agencies are empowered on national security grounds to impose tight surveillance on collecting people’s data and intercepting their communications – with strict conditions on how such data is handled.
In a “landmark” ruling on Monday, the Investigatory Powers Tribunal – which investigates complaints about the security services – found “serious and wide-ranging” failures by MI5 to comply with privacy safeguards, dating as far back as 2014.
The judges also ruled that the Home Office failed to make “adequate enquiries” into these safeguarding risks, despite multiple warnings – leaving successive home secretaries unclear on whether surveillance warrants they signed off on included “effective safeguards”.
In a statement to parliament, home secretary Suella Braverman admitted that MPs would be “troubled” by the ruling that her predecessors had unlawfully approved warrants between December 2016 and April 2019 – but said that the cases were “historic”.
The legal action was brought by human rights groups Liberty and Privacy International, who said the ruling showed there had been years of rule-breaking by MI5, which was “overlooked” by the Home Office.
The tribunal ruled that MI5 had unlawfully held large amounts of data, and failed “to have and to apply a proper system for review retention and deletion of material” – safeguards set out in the Regulation of Investigatory Powers Act 2000 and the Investigatory Powers Act 2016, laws which critics allege grant police and spies some of the most extensive snooping powers in Europe.
But the three judges said it would be “disproportionate” to order that all surveillance warrants issued as a result of unlawfully held data should be quashed, or that unlawfully retained data be deleted, arguing that it would “be very damaging to national security”.
“It was not a failure which means MI5 should never have had the material at all. It is a failure which means that a small proportion of the material was retained for longer than it should have been,” the judges said.
While it is not clear whose data was involved, Liberty alleged that this data was “likely to include many people who are not suspected of any wrongdoing due to the nature of the broad surveillance powers given to MI5”.
But the judges said that there was “no evidence” that any individual has suffered any harm as a result of the unlawful behaviour of MI5.
And while it had been a “serious misjudgement” by MI5’s management board in not disclosing the compliance failings, which “ought to have been addressed urgently”, the judges said it was not “appropriate or necessary” to single out any individuals at MI5 or the Home Office for blame.
The ruling confirms that “surveillance safeguards are not fit for purpose and fail to protect our fundamental privacy rights”, said Liberty’s Megan Goulding, urging the government “to step up and create restrictions that protect our privacy rights”.
“For years, MI5 knowingly broke the rules and failed to report it, the internal oversight body did not detect it and the government failed to investigate clear red flags. Instead, the Home Office continued to issue unlawful warrants, and MI5 kept information from the authorities about it mishandling our data.
“Mass surveillance doesn’t make us safer. The security services shouldn’t be allowed to spy on us and collect our data, these powers breach our privacy and undermine core pillars of our democracy. Today has shown that the so-called safeguards are totally ineffective in protecting our rights and holding those in power to account.”
Additional reporting by Reuters
