Newly disclosed documents offer a rare insight into the secretive legal regime underpinning the British government’s controversial mass surveillance programs.
The London-based group Privacy International obtained the previously confidential files as part of an ongoing legal case challenging the scope of British spies’ covert collection of huge troves of private data.
Millie Graham Wood, legal officer at Privacy International, said in a statement Wednesday that the documents show “the staggering extent to which the intelligence agencies hoover up our data. This can be anything from your private medical records, your correspondence with your doctor or lawyer, even what petitions you have signed, your financial data, and commercial activities.”
She added: “The agencies themselves admit that the majority of data collected relates to individuals who are not a threat to national security or suspected of a crime. This highly sensitive information about us is vulnerable to attack from hackers, foreign governments, and criminals.”
The documents, published online Wednesday, primarily relate to the opaque rules regulating British spy agencies’ use of so-called bulk personal data sets, which are obtained without any judicial authorization and contain “personal data about a wide range of individuals, the majority of whom are not of direct intelligence interest,” according to the agencies’ own definition of them.
The data sets could cover a wide variety of information, the documents suggest, potentially revealing details deemed particularly “sensitive,” such as people’s political opinions, religious beliefs, union affiliation, physical or mental health status, sexual preferences, biometric data, and financial records. They may also contain data revealing legally privileged information, journalists’ confidential sources, and “details about individuals who are dead,” one document says.
The documents include internal guidance codes for spies who have access to the surveillance systems. One memo, dated June 2014, warns employees of MI6, the U.K.’s equivalent of the CIA, against performing a “self-search” for data on themselves, offering a bizarre example that serves to illustrate the scope of what some of the repositories contain.
“An example of an inappropriate ‘self search’ would be to use the database to remind yourself where you have traveled so you can update your records,” the memo says. “This is not a proportionate use of the system, as you could find this information by another means (i.e. check the stamps in your passport or keep a running record of your travel) that would avoid collateral intrusion into other people’s data.”
Another document warns MI6’s employees that they must not trawl the surveillance databases “for information about other members of staff, neighbors, friends, acquaintances, family members and public figures.” That is, it adds, “unless it is necessary to do so as part of your official duties.” The agency says that it has monitoring systems in place to catch any abuses, but it is unclear whether the checks that are in place are sufficient. One 2010 policy paper from MI6 states there is “no external oversight” of it or its partners’ “bulk data operations,” though the paper adds that this was subject to review.
Elsewhere in the documents, eavesdropping agency Government Communications Headquarters (GCHQ) and domestic intelligence agency MI5 admit that they have obtained the bulk data sets on several occasions dating back more than a decade — GCHQ beginning in 1998, and MI5 in 2005 — under Section 94 of the 1984 Telecommunications Act. The agencies argue that the data has thwarted terror plots and is needed “to identify subjects of interest, or unknown individuals who surface in the course of investigations; to establish links between individuals and groups, or otherwise improve understanding of a target’s behavior and connections; to validate intelligence obtained through other sources; or to ensure the security of operations or staff.”
Last year, The Intercept exposed how GCHQ has in recent years attempted to create what it described as the world’s largest surveillance system, covertly harvesting in excess of 50 billion records every day about people’s emails, phone calls, and web browsing habits. In one program code-named KARMA POLICE, the agency said it was seeking to obtain “a web browsing profile for every visible user on the internet.”
Top photo: Inside GCHQ headquarters in Cheltenham, England.
IT’S EVEN WORSE THAN WE THOUGHT.
What we’re seeing right now from Donald Trump is a full-on authoritarian takeover of the U.S. government.
This is not hyperbole.
Court orders are being ignored. MAGA loyalists have been put in charge of the military and federal law enforcement agencies. The Department of Government Efficiency has stripped Congress of its power of the purse. News outlets that challenge Trump have been banished or put under investigation.
Yet far too many are still covering Trump’s assault on democracy like politics as usual, with flattering headlines describing Trump as “unconventional,” “testing the boundaries,” and “aggressively flexing power.”
The Intercept has long covered authoritarian governments, billionaire oligarchs, and backsliding democracies around the world. We understand the challenge we face in Trump and the vital importance of press freedom in defending democracy.
We’re independent of corporate interests. Will you help us?
IT’S BEEN A DEVASTATING year for journalism — the worst in modern U.S. history.
We have a president with utter contempt for truth aggressively using the government’s full powers to dismantle the free press. Corporate news outlets have cowered, becoming accessories in Trump’s project to create a post-truth America. Right-wing billionaires have pounced, buying up media organizations and rebuilding the information environment to their liking.
In this most perilous moment for democracy, The Intercept is fighting back. But to do so effectively, we need to grow.
That’s where you come in. Will you help us expand our reporting capacity in time to hit the ground running in 2026?
We’re independent of corporate interests. Will you help us?
I’M BEN MUESSIG, The Intercept’s editor-in-chief. It’s been a devastating year for journalism — the worst in modern U.S. history.
We have a president with utter contempt for truth aggressively using the government’s full powers to dismantle the free press. Corporate news outlets have cowered, becoming accessories in Trump’s project to create a post-truth America. Right-wing billionaires have pounced, buying up media organizations and rebuilding the information environment to their liking.
In this most perilous moment for democracy, The Intercept is fighting back. But to do so effectively, we need to grow.
That’s where you come in. Will you help us expand our reporting capacity in time to hit the ground running in 2026?
We’re independent of corporate interests. Will you help us?
Contact the author:
Latest Stories
The Intercept Briefing
“Me Too” Comes Back To Congress
Intercept staffers discuss the themes emerging this midterm election season.
Voices
Kash Patel Is Using MAGA’s Favorite Tool to Muzzle the Free Press
By suing The Atlantic for defamation, the FBI director is leveraging one of Trump’s legal tactics to tamp down free speech.
License to Kill
Trump Has Already Spent at Least $4.7 Billion Attacking Latin America
It’s not cheap to attack Venezuela and capture its president or conduct dozens of strikes on civilian boats.