Spying On You In Britain

Uploaded on 2016-05-11 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, FREE TO VIEW, BUSINESS-Services-Law

Britain’s intelligence agencies have been secretly collecting bulk personal data since the late 1990s and privately admit they have gathered information on people who are “unlikely to be of intelligence or security interest”.

Disclosure of internal MI5, MI6 and GCHQ documents reveals the agencies’ growing reliance on amassing data as a prime source of intelligence even as they concede that such “intrusive” practices can invade the privacy of individuals.

Newly disclosed documents offer a rare insight into the secretive legal regime underpinning the British government’s controversial mass surveillance programs.

London-based group Privacy International obtained the previously confidential files as part of an ongoing legal case challenging the scope of British spies’ covert collection of huge troves of private data.

Millie Graham Wood, Legal Officer at Privacy International, said in a statement recently that the documents show “the staggering extent to which the intelligence agencies hoover up our data. This can be anything from your private medical records, your correspondence with your doctor or lawyer, even what petitions you have signed, your financial data, and commercial activities.”

She added: “The agencies themselves admit that the majority of data collected relates to individuals who are not a threat to national security or suspected of a crime. This highly sensitive information about us is vulnerable to attack from hackers, foreign governments, and criminals.”

The documents, published online, primarily relate to the opaque rules regulating British spy agencies’ use of so-called bulk personal datasets, which are obtained without any judicial authorization and contain “personal data about a wide range of individuals, the majority of whom are not of direct intelligence interest,” according to the agencies’ own definition of them.

The datasets could cover a wide variety of information, the documents suggest, potentially revealing details deemed particularly “sensitive,” such as people’s political opinions, religious beliefs, union affiliation, physical or mental health status, sexual preferences, biometric data, and financial records. They may also contain data revealing legally privileged information, journalists’ confidential sources, and “details about individuals who are dead,” one document says.

The documents include internal guidance codes for spies who have access to the surveillance systems. One memo, dated June 2014, warns employees of MI6, the UK’s equivalent of the CIA, against performing a “self-search” for data on themselves, offering a bizarre example that serves to illustrate the scope of what some of the repositories contain.

“An example of an inappropriate ‘self-search’ would be to use the database to remind yourself where you have travelled so you can update your records,” the memo says. “This is not a proportionate use of the system, as you could find this information by another means (i.e. check the stamps in your passport or keep a running record of your travel) that would avoid collateral intrusion into other people’s data.”

Another document warns MI6’s employees that they must not trawl the surveillance databases “for information about other members of staff, neighbours, friends, acquaintances, family members and public figures.” That is, it adds, “unless it is necessary to do so as part of your official duties.” The agency says that it has monitoring systems in place to catch any abuses, but it is unclear whether the checks that are in place are sufficient. One 2010 policy paper from MI6 states there is “no external oversight” of it or its partners’ “bulk data operations,” though adds that this was subject to review.

Elsewhere in the documents, eavesdropping agency Government Communications Headquarters (GCHQ) and domestic intelligence agency MI5 admit that they have obtained the bulk datasets on several occasions dating back more than a decade.

The agencies argue that the data has thwarted terror plots and is needed “to identify subjects of interest, or unknown individuals who surface in the course of investigations; to establish links between individuals and groups, or otherwise improve understanding of a target’s behaviour and connections; to validate intelligence obtained through other sources; or to ensure the security of operations or staff.”

Last year, The Intercept exposed how GCHQ has in recent years attempted to create what it described as the world’s largest surveillance system, covertly harvesting in excess of 50 billion records every day about people’s emails, phone calls, and Web browsing habits. 

In one program code-named KARMA POLICE, the agency said it was seeking to obtain “a web browsing profile for every visible user on the Internet.”

PicturedRobert Peter Hannigan is a senior British civil servant currently serving as the Director of the signals intelligence and cryptography agency the Government Communications Headquarters GCHQ.

Guardian:     Intercept

 

« IS Forms Mega Hacking Group
Exposing Cybercrime As A Business Model »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NCX Group

NCX Group

NCX Group is committed to helping customers identify and mitigate the risks inherent in today’s interconnected environments and business processes.

Zivver

Zivver

Zivver is the effortless, secure email platform, powering the next generation of secure communications.

Harel Mallac Technologies

Harel Mallac Technologies

Harel Mallac Technologies is a Mauritian organisation that has developed a strong network of ICT specialists with nodes across the African continent.

Search Guard

Search Guard

Search Guard® is an Open Source security suite for #Elasticsearch and the entire #ELK stack that offers encryption, authentication, authorization, audit logging and multi tenancy.

BwCIRT

BwCIRT

BwCIRT is the Computer Incident Response Team (CIRT) for Botswana and provides an official point of contact for dealing with computer security incidents.

Prompt

Prompt

Prompt supports the creation of partnerships and the setting up of industrial-institutional applied R&D projects for all ICT sectors.

Griffeshield

Griffeshield

Griffeshield is a company specialised in new information technologies used to protect Intellectual Property.

ThreatModeler

ThreatModeler

ThreatModeler is an automated threat modeling solution that fortifies an enterprise’s Software Development Lifecycle by identifying, predicting and defining threats.

Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)

Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)

ICS-ISAC is a non-profit, public/private Knowledge Sharing Center established to help facilities develop situational awareness in support of local, national and international security.

Computer Services Inc (CSI)

Computer Services Inc (CSI)

CSI is a leading fintech, regtech and cybersecurity solutions partner operating at the intersection of innovation and service.

RevealSecurity

RevealSecurity

RevealSecurity's TrackerIQ detects malicious activities in enterprise applications.

Prancer

Prancer

Prancer is the industry's first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud.

Zerify

Zerify

Zerify offers the industry’s only video conferencing platform built with a zero-trust architecture to keep your meetings secure, private and business compliant.

Irys Technologies

Irys Technologies

Irys Technologies specialize in pioneering digital transformation solutions designed to streamline communications and enhance maintenance and operational efficiency for a variety of sectors.

Inholo

Inholo

Inholo offers tools to manage the risks of synthetic realities, starting with an AI-photo detection service.

Manifest

Manifest

Manifest is a cybersecurity company dedicated to helping enterprises secure their software supply chains.