Privacy International, based out of London, is an advocacy group that "envisions a world in which the right to privacy is protected, respected, and fulfilled." It has been engaged in activism and legal challenges opposing mass surveillance and the collection of citizens' data in the United Kingdom and countries across the world.
In an Orwellian twist, the group discovered this week that the British government has been secretly collecting and looking at their private data.
Privacy International was one of the activist groups that legally challenged the bulk surveillance conducted by the U.K. government, and which had been revealed by U.S. whistleblower Edward Snowden. A couple of weeks ago, the European Court of Human Rights, of which the U.K. is a member, validated Snowden's warnings by ruling that the U.K.'s mass collection of citizens' online metadata was a violation of their privacy rights.
On Tuesday, Privacy International was informed during a hearing over this legal challenge that MI5, England's domestic intelligence and security agency, had unlawfully collected and held their data. MI5 also acknowledged that communications data they'd gathered had been accessed and viewed by MI5 personnel.
All this matters because the government previously said it had not kept the data it had collected. Then, defenders of this mass data collection conceded that, sure, they were collecting and storing all this info for a while, but they weren't accessing or looking at it without good reason or without following proper safeguards. None of this turned out to be true. The Register, a U.K.-based site that reports on information technology, notes:
MI5's admission was the focus of today's proceedings because it had initially said it held no such data on the charity pre-avowal—but last year amended its position.
Moreover, the discovery of that data has exposed a previously unknown cache of information that officers have amassed while working on cases—and one that MI5 admitted lacked the safeguards that exist for other regimes.
In court, Privacy International's counsel, Thomas De la Mare, equated the situation to an "MI5 sofa".
The agency initially "had a look under the cushions" and found nothing, he said, but when it later poked down the back it dug up "a whole bunch of data" about his clients.
The explanation of how this all happened gets a little technical and complicated—there is a stage of intelligence gathering that lacked processes for review, retention, and deletion. And so it's apparently not even clear to the government what data they had in their possession or how they handled it. Privacy International is now demanding to know how and why, exactly, MI5 could claim it did not possess or access data that it did, in fact, possess and access.
Ultimately, the big takeaway here is that the lack of transparency surrounding data collection and mass surveillance allows for both sinister abuses and actual mistakes to occur, and then go unnoticed for years.
It's also your regular reminder that secret surveillance tools have historically been used to keep tabs on people who are critical of government behavior, not just folks believed to have criminal aspirations or terrorist connections.