the Interception of Communications Commissioner's Office (IOCCO) has revealed. The number of orders imposed on telephone and internet companies underhas been published for the first time by the surveillance watchdog.The directions were acquired by theThe watchdog sayswhich severely limits what it is able to say about the directions and the actions taken as a result of them. They are related to traffic data and do not include the content of calls or emails.Their operation will be recognized under thewhich is currently under review in the House of Lords.Commissioner Sir Stanley Burnton says theand the review of Section 94 had been very challenging. "Our report highlights clearly the difficulties whenhe said in a statement. "We make extensive recommendations that the intelligence and law enforcement agenciesto clarify and bring consistency to their procedures, to remedy the lack of record-keeping requirements and to ensure that we can oversee properly how Section 94 directions are given and used."The report recommends there be a clear and mandatory process for the application, authorization, review, modification and cancellation of any directions. It says a lack of codified procedures made it challenging to piece together what Section 94 notes had been given, by whom and when, which ones had been modified and whether they were still extant. Some service providers subject to bulk collection orders were worried about publicity and, the report says.from communications data acquired in ... pursuant to Section 94 directions, which directly contributed to an intelligence report." In the same year,under the section.Millie Graham Wood, a legal officer at campaign group Privacy International, told the Guardian the report was aShe says it is "shocking and unacceptable""The agencies have used this vague power to demand our internet and telephone network providers hand over huge swaths of our personal data. The intelligence agencies tell us that they need this data to conduct large searches, however. We need a robust oversight and a transparent authorisation process for access to data."