This article is more than 3 years old

Law enforcement agencies should not be above the law.

For more than 17 years British security and intelligence agencies broke the law, illegally collecting vast amounts of data about UK citizens without proper oversight.

That’s the judgement of the Investigatory Powers Tribunal (IPT), the only court that hears complaints against MI5, MI6 and GCHQ, after human rights campaigners at Privacy International launched a legal complaint in June 2015.

The IPT’s ruling has declared that the agencies’ collection of bulk communications data (BCD) – the metadata, or “who, when, where and how” of telephone and internet use – was unlawful from its commencement in March 1998 until November 2015.

Some may think that such metadata can do little harm, but that couldn’t be further from the truth as a huge amount of information can be extrapolated.

Meanwhile, the collection and retention by British security agencies of bulk personal datasets (BPD) – which might include details of innocent people’s biographical details, financial and commercial activities, communications and travel data – was also ruled unlawful between “circa 2006” and March 2015.

The revelation of BPDs was finally made public in a report by the UK parliament’s Intelligence and Security Committee.

These BPDs are “large databases containing personal information about a wide range of people”, used to “identify individuals during the course of their investigations, to establish links between Subjects of Interest, and to verify information that they have gathered through other means”.

Some of the data collection failed to comply with article 8 of the European Convention on Human Rights – the basic human right to privacy.

So, what changed in 2015 to make the intelligence agencies’ activities suddenly lawful?

Wired explains that Theresa May (then Home Secretary, and now Prime Minister) had a part to play:

When Theresa May, as Home Secretary, introduced the controversial Investigatory Powers Bill – to reform the UK’s surveillance laws – in November 2015, it was admitted that the bodies used Section 94 of the Telecommunications Act 1984 to collect data under both the BCD and BPD regimes. The tribunal said a number of opportunities to admit to this before 2015 had not been taken. The powers put in place in 2015 were deemed lawful by the tribunal. However, it is not known what will happen to data collected under the unlawful regimes.

The full 70-page ruling can be found on the IPT’s website.

Remember this – just because you’re a law enforcement agency doesn’t mean you should be above the law.

It’s hard to imagine that anything would have been done to bring the unlawful actions of British intelligence agencies to the public’s attention if it hadn’t been for the revelations made by former NSA contractor Edward Snowden.

He was the one who blew the whistle. And once again, his actions are vindicated.

Meanwhile, the British government pushes ahead with the controversial Investigatory Powers bill – commonly known as the snooper’s charter.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.