Police and intelligence agencies in Colombia have been building "secret and unlawful" systems of mass surveillance over the past decade, according to a new report from the London-based watchdog Privacy International. The report, based on confidential documents and testimony, reveals that various Colombian agencies have covertly sought to expand their bulk collection of phone and internet data, extending beyond the scope of the law and undermining recent efforts at reform.

Colombia has a fraught history of government surveillance, fueled by an ongoing conflict that has killed an estimated 220,000 people since 1958. Backed by US aid, Colombian intelligence agencies have used wiretapping to monitor leaders of the FARC and other rebel groups, though reports have revealed cases of abuse. Top police generals were dismissed in 2007 after it was revealed that the national police force had conducted surveillance on activists, journalists, lawyers, and opposing politicians. In 2011, President Juan Manuel Santos dissolved the Administrative Security Department (DAS) after it was revealed that the national spy agency surveilled and harassed more than 600 politicians and public figures.

These scandals drew international criticism and calls for reform, though today's report claims that Colombia's current privacy safeguards are opaque and inadequate. The report also sheds light on powerful surveillance systems that were not previously disclosed, and which operate outside of Colombian law.

"there are still practices to expose, systems to reveal, and questions to be answered."

"We all thought that Colombia’s history of illegal surveillance and abuses of power was well documented," Matthew Rice, advocacy officer at Privacy International, said in a statement. "This report shows that there are still practices to expose, systems to reveal, and questions to be answered."

Under Colombian law, intelligence agencies can only conduct surveillance with judicial authorization, and mass surveillance is not explicitly authorized. The DEA-backed Esperanza is Colombia's most visible national surveillance system, though agencies have developed their own infrastructures in parallel — partially, the report says, due to ongoing rivalries. In 2005, Colombia's Directorate of Police Intelligence (DIPOL) acquired and deployed the Integrated Recording System (IRS), designed to intercept voice and data communications over 3G networks and trunk lines. Prior to its dissolution, DAS acquired a network probe that apparently conducted surveillance outside of Esperanza. Colombian agencies also acquired IMSI catchers, which enable indiscriminate data-gathering from devices within a small radius, while the Colombian police is a client of the Italian spyware company Hacking Team, corroborating previous reports.

In its report, Privacy International called on Colombian intelligence agencies to fully declassify documents on the procurement of technologies, and for a thorough review of the country's surveillance architecture. "As we stand now, it’s clear that there’s a long way ahead for the compliance of intelligence and criminal investigation activities with human rights standards, and for us, as civil society, to keep our work pointing out these abuses," Carolina Botero, director of the Bogota-based Karisma Foundation, said in a statement.

Today's report is the first of two on Colombia's surveillance architecture. A second report focusing on the dealings of international companies in the country will be published by Privacy International on Wednesday.