A recent investigation has highlighted the severe failings of MI5's supposedly ‘world-class’ safeguarding techniques.
An investigation by human rights group Liberty has highlighted MI5’s failure to adequately safeguard consumer data – putting our personal information, such as our internet history, calls, messages and location, at risk.
While the Investigatory Powers Commissioner’s Office (IPCO) considered the security breach serious enough to warrant a week long investigation at MI5, the government has so far attempted to keep it under wraps.
User data is readily available to MI5 as a result of the UKs Investigatory Powers Act. Passed in 2016 and commonly known as the Snooper’s Charter, the act facilitates state surveillance and has come under much scrutiny for violating user privacy and security.
Under this legislation, Internet Service Providers (ISPs) must keep a record of citizen’s online behaviour for up to a year. The act also grants UK police and security agencies access to large databases of personal information collected from internet browsing and phone records. And it enables the government to request the removal or limitation of device encryption by technology companies.
Investigating the snoopers
This most recent investigation by the human rights group has highlighted the severe failings of MI5’s ‘world-class’ safeguarding techniques. Liberty discovered that the intelligence agency has failed to uphold security protocols, such as the timely destruction of user data and the correct handling of sensitive, legally privileged material. They also found that MI5 has been aware of these failings since January 2016 but has kept the public in the dark.
Perhaps what’s most shocking is the acknowledgement of MI5’s deputy director general that user’s private data was stored in “ungoverned spaces” with a “a high likelihood [of material] being discovered.” This is absolutely not what you would expect from the UKs top intelligence agency and raises huge concerns over the ways this data was potentially misused, given that it was so easily accessible.
To make matters worse, the IPCO only found out about the security breach in February this year.
In a statement issued in May, Secretary of State Sajid David acknowledged the IPCOs claim that MI5’s failings were ‘serious and required immediate mitigation’, and said that MI5 are in the process of implementing these mitigations.
The results of Liberty’s investigation highlights the significant risks to consumer privacy that have arisen from the Snoopers Charter. Furthermore, given that MI5s ‘world-class’ security protocols were used to pitch the issuing of warrants for bulk surveillance, these findings show these warrants should never have been issued at all.
What you can do
Using a Virtual Private Network is one way you can grant your data extra protection. VPNs encrypt your data and re-route it via a remote server, disguising your location and making your browsing activity unreadable to anyone spying on your network. Investing in a VPN based outside the UK that has a no-logs policy will mean your provider can’t hand over any data to authorities if requested.
Other ways you can protect your data include switching to encrypted email and messaging services such as ProtonMail, WhatsApp and Signal.
However, while these measures will help protect the privacy of the average consumer, if authorities really want to access your data, they will find a way.
MI5’s failure to protect our data and the government’s decision to keep the public in the dark raises huge red flags for our privacy and security. We have a right to know how our data is being stored, especially when a lack of adequate safeguards have left it accessible and open to misuse.
Katherine Barnett is a censorship and digital rights researcher at VPN review site Top10VPN.
Like this article? Left Foot Forward relies on support from readers to sustain our progressive journalism. Can you become a supporter for £5 a month?
Leave a Reply