Intelligence experts at GCHQ have allegedly had easy access to the email communications of British MPs for years, leading to fears that private and confidential messages may have been compromised or intercepted, an investigation has revealed.

UK spies, alongside their counterparts at the US-based National Security Agency (NSA) are collecting massive amounts of email metadata from MPs without permission because the information is being sent to data centres outside the UK, according to ComputerWeekly.

The legal loophole, which was first exposed in documents leaked by former NSA-contractor Edward Snowden in 2013, means that GCHQ has legal backing to monitor and scoop up metadata sent via undersea cables in the Irish Sea and the English Channel.

However, thanks to the UK government's migration to Microsoft's Office 365 in 2014, sensitive information – including email senders, recipients and subject lines – is routinely sent outside UK borders to data centres located in Dublin and the Netherlands – giving the agency free reign to retain it.

Indeed, based on a "forensic analysis" of peers' email traffic, ComputerWeekly revealed that over 60% of the communications are routed internationally and that "every message" contained evidence of passing through computers connected to GCHQ.

Furthermore, it was uncovered these emails can also reportedly be scanned for keywords by analysts using a Symantec-owned network called MessageLabs that provides spam filtering and antivirus protection to parliament.

By using information gleaned from the Snowden revelations, it was alleged that a GCHQ-run project called "Haruspex" allows agency staff to scan emails on the condition of national security. This, like most of the surveillance programmes, lacks any oversight from the UK parliament.

The NSA enters the picture due to its notorious 'Prism' project – which can also reportedly grant "direct access" to parliamentary emails and documents thanks to the 'obligations' it forces upon Microsoft.

In response to the claims, Rob Greig, director of the parliamentary digital service, told IBTimes UK: "All Parliamentary emails are private and are strongly encrypted end-to-end whilst they are in our infrastructure. Like all responsible organisations we take cybersecurity and information security extremely seriously. We regularly review and respond to evolving threats to ensure the integrity of the Parliamentary network."

In any case, the news will likely be troubling for any British politician who still believes the so-called 'Wilson Doctrine' - established in 1966 to restrict intrusion into MPs private telephone conversations - provides any real legal protection in 2016. Indeed, last year the Investigatory Powers Tribunal, a government body set up to investigate complaints against UK spy agencies, ruled that even MPs were not immune to surveillance. "We do not accept that the Wilson Doctrine was ever absolute," it said.

The reports emerged on the same day Home Secretary Theresa May outlined a number of concessions being made to the Investigatory Powers Bill – which has been branded a Snoopers' Charter by opponents – claiming protections for MPs and journalists should be bolstered in the new law.

A Home Office spokesperson said: The government will be bringing forward amendments at report stage and are willing to consider amendments that are in the interest of both improving the bill and of demonstrating the necessity of the powers it contains."

However Harriet Harman, chair of the UK government's human rights committee called for further concessions to be made. "Protection for MPs' communications from unjustified interference is vital," she said. "The bill must provide tougher safeguards to ensure that the government cannot abuse its powers to undermine parliament's ability to hold the government to account."

The next scrutiny stage of the IP Bill – which is set to grant new spying powers to government, police and intelligence agencies – will begin in the House of Commons on 6 June.



This article was updated on 3 June (21:51) to reflect a fresh statement from the UK government