Privacy security

MI5 staff repeatedly overrode data surveillance rules

MI5 staff failed to follow the agency’s rules for accessing details of the population’s email, web browsing and phone use on more than 200 occasions over five years.

Documents reveal that security service investigators requested and authorised access of its database of bulk communications data verbally rather than in writing, overriding the agency’s own code of practice.

MI5 reported the failure to the interception of communications commissioner, Stanley Burnton, in May 2016. He subsequently revealedthere had been 210 “clear contraventions of the handling arrangements and the security service’s internal policies”.

According to evidence given by an anonymous deputy director of MI5, staff generally filled in a form later, but admitted: “In a very small number of cases there is no record of written authorisation.”