UK intelligence watchdog says MI5 spies broke dozens of privacy rules… by ‘mistake’

Thames House, the headquarters of the British Security Service (MI5) is seen in London © Peter Nicholls
British spies have been censured by the government’s intelligence watchdog for breaking dozens of agency rules last year, including failing to obtain authorization to conduct surveillance and plugging cell phones into computer systems.

Security services failed to follow procedures on 83 occasions, twice the number of mistakes made in 2014, the watchdog’s report stated.

Intelligence Services Commissioner Sir Mark Walter said that all of these errors had led to an intrusion into privacy “to some degree.

Errors made by British spooks included failing to obtain authorization to conduct surveillance, failing to renew authorizations, and operating outside the parameters set out in authorizations in the erroneous belief they were authorized.

Some 67 of the 83 mistakes were made by Britain’s domestic spy agency MI5, while 11 were made by overseas security service MI6, and three by listening post GCHQ.

Walter said MI5 obtains a “significantly larger number of warrants and authorisations” than other agencies and that the error rate is proportionally low.

All but one of the mistakes was listed as a human error, with the remaining mistake categorized as an administrative error.

Walter said all of the authorizations would have been granted had proper procedures been followed.

On six occasions, unauthorized devices – likely cell phones – were connected to MI5 computer systems for charging.

The report also stated that GCHQ accidentally kept a bulk data set containing information on a large group of people when it was not appropriate.

Last month, the Interception of Communications Commissioner said that MI5’s staff had made 210 “clear contraventions” of agency guidelines over a five-year period in relation to the way it accessed private internet and telephone data.

The security service had authorized access to its database of bulk communications data verbally, rather than in writing, as is laid out in the code of practice.