MI5’s poor surveillance data handling

It’s not often a data protection or records management news story gets this much press attention.

MI5 accused of unlawful handling of surveillance data
MI5 has been accused of “extraordinary and persistent illegality” for holding on to data obtained from members of the public. The human rights organisation Liberty has taken the security service to court over the way that it gathers and stores information under the Investigatory Powers Act.

MI5 ‘unlawfully’ handled bulk surveillance data, lawsuit reveals
“The documents show extraordinary and persistent illegality in MI5’s operations, apparently for many years,” said civil liberties organisation Liberty, which is bringing the case. “The existence of what MI5 itself calls ‘ungoverned spaces’ in which it holds and uses large volumes of private data is a serious failure of governance and oversight, especially when mass collection of data of innocent citizens is concerned.”

MI5’s use of personal data was ‘unlawful’, says watchdog
The security service MI5 has handled large amounts of personal data in an “undoubtedly unlawful” way, a watchdog has said. The Investigatory Powers Commissioner said information gathered under warrants was kept too long and not stored safely. Civil rights group Liberty said the breaches involved the “mass collection of data of innocent citizens”. The high court heard MI5 knew about the issues in 2016 but kept them secret.

Liberty’s challenge to UK state surveillance powers reveals shocking failures
The challenge, by rights group Liberty, led last month to an initial finding that MI5 had systematically breached safeguards in the UK’s Investigatory Powers Act (IPA) — breaches the Home Secretary, Sajid Javid, euphemistically couched as “compliance risks” in a carefully worded written statement that was quietly released to parliament.

This was first reported last month …

MI5 slapped on the wrist for ‘serious’ surveillance data breach
Home Secretary Sajid Javid has confessed to Parliament that MI5 bungled the security of “certain technology environments used to store and analyse data,” including that of ordinary Britons spied on by the agency. In a lengthy Parliamentary statement made last week, Javid obliquely admitted that spies had allowed more people to help themselves to its treasure troves of data on British citizens than was legally allowed.

Sajid Javid admits MI5 committed serious safeguard breaches
In a written statement to parliament last week that was not widely noticed, Javid said he was notifying MPs of “compliance risks MI5 identified and reported within certain technology environments used to store and analyse data, including material obtained under the Investigatory Powers Act”.

… but now the story has been picked up by everyone, including the Middle East Eye

UK’s MI5 spy agency handled surveillance data unlawfully, court hears
An internal agency review warned more than three years ago that storage systems may have become “ungoverned spaces”, which would mean that they were operating in breach of both UK and European law. Despite this, MI5 continued to build new electronic storage systems which did not allow the agency to review its contents and decide what material should be deleted, as the law requires. The problems were withheld from the official watchdog, the Investigatory Powers Commissioner, until earlier this year, the High Court was told.

… and even Russia Today and Sputnik News are getting in on it.

‘Extraordinary & persistent illegality’: UK’s MI5 accused of mishandling bulk surveillance data
MI5 has no control of its storage of vast volumes of people’s calls, messages, web browsing history, as well as other personal data that the agency has managed to obtain on the basis of surveillance warrants, which were often issued under false pretext, the High Court heard on Tuesday in a legal challenge brought by the human rights organization Liberty.

Outcry as High Court finds MI5 engaged in ‘unlawful’ storage, handling of bulk surveillance
Ten internal documents from senior MI5 officials, including an 11 March letter from director Sir Andrew Parker, revealed significant non-compliance issues in how citizens’ data had been kept and used, including a subsequent cover-up of internal failures and that “data might be being held in ungoverned spaces in contravention of our policies”.

Let’s hope some good comes from all this.

Setting precedents for privacy: the UK legal challenges bringing surveillance into the open
These debates highlight the importance of collective efforts to assert respect for privacy and other rights as a core part of public life. We are on the cusp of a positive shift in power towards open public debate and accountability about data and the way it is used against us.

Money – too much, not enough

Nicer problems to have.

Mind my Picasso… superyacht owners struggle to protect art
Pandora Mather-Lees, an Oxford-educated art historian and conservator, started giving lessons after a billionaire asked for help to restore a Jean-Michel Basquiat painting damaged not by sea spray, but by breakfast cereal. “His kids had thrown their cornflakes at it over breakfast on his yacht because they thought it was scary,” Mather-Lees said. “And the crew had made the damage worse by wiping them off the painting.”

[…]

Tilman Kriesel, founder of an art advisory firm, told the conference one client asked how to display a Rothko that was too tall for a yacht’s grand saloon. “We turned the piece by 90 degrees,” he said. “The artist would probably be turning in his grave, but we took a deep breath and said ‘it’s your painting, do what you like’.”

Another of Kriesel’s clients had a piece by the Japanese modern artist Takashi Murakami that he wanted to display in the “beach club” – the rear of superyachts where owners access jet skis and other water toys – but again it was the wrong size. “In the end we cut it up to make it fit,” he said.

Meanwhile.

money-too-much-not-enough-1

What it’s like to slash millions from Council budgets: Local Authority leaders speak out
Local authorities have already lost 60 per cent of their central government funding over the last decade, substantially more than any other area of government. And it is in the loss of valued frontline community services that the impact of this austerity drive is most keenly felt by communities across England.

Regardless of their political stripes, the council leaders each called on central government to invest in local government saying the cuts have now gone far enough. […] So acute are the financial challenges that even the most basic services – such as libraries, school lollipop patrols, street lighting, road repairs, cemetery maintenance, gritting – are now being considered for savings.

And that’s what makes all the time, energy and money wasted on Brexit so shameful.

I’ve never really thought about yachts before. They sound horrible.

The lonely life of a yacht influencer
“Nah, I’m nobody you’d know,” he assured me. “I’m here to take some pictures and post some video stories of the yacht, which a brokerage group is trying to sell. The watch is a loaner from a friend. I wear it, take a picture of my wrist and tag his company on my Instagram account. It’s just a small part of the hustle.”

Life and death on a superyacht: ‘If something goes wrong, they can just raise the anchor and leave’
While it is a dream job for some, other deckhands and chefs have horror stories of working punishing hours. Accidents, injuries and deaths are also commonplace, with union leaders believing working on superyachts to be more dangerous than life on oil rigs; over the past few years at least three young Brits have died while serving their billionaire bosses.

IT in the dock

Things aren’t going well in the courts at the moment.

HMCTS suffers major IT issues
Significant IT issues at the HM Courts and Tribunal Service (HMCTS) have caused chaos across the UK’s courts as users have been unable to connect to the network and use IT systems that require access to it.

The issues began last week and are mainly affecting devices trying to connect to the main Ministry of Justice (MoJ) network, which is used by the department as well as all its agencies and several arm’s-length bodies.

Law courts in chaos as IT meltdown disrupts thousands of cases
The communication failures, which started last week, are a significant embarrassment for the Ministry of Justice, which is investing £1.2bn in a high-profile programme promoting online hearings which aims to replace the legal profession’s traditional reliance on mountains of paperwork.

The IT breakdown meant that staff at the MoJ were unable to send emails, wireless connections went down, jurors could not be enrolled and barristers could not register for attendance payments. Courts were left unsure of when some defendants were due to appear and some court files could not be retrieved, leading to prosecutions being adjourned.

The Register had reported on this a few days before, when the problem seemed to be restricted to just their CJSM (Criminal Justice Secure eMail) system.

Lawyers’ secure email network goes down, firm says it’ll take 2 weeks to restore
For reasons that were not immediately clear, Egress Technologies, provider of CJSM, said in an emailed update to users seen by The Register that restoring CJSM would involve wiping their mailboxes for up to two weeks.

It’s now more serious than that.

Nationwide UK court IT failure farce ‘not the result of a cyber attack’ – Justice Ministry
The Ministry of Justice has said a data centre outage was responsible for the widespread collapse of the UK’s civil and criminal court IT infrastructure over the past days.

In a statement to Parliament today, justice minister Lucy Frazer pinned the fault on Atos and Microsoft, saying there had been an “infrastructure failure in our suppliers’ data centre”.

Here’s a report from 2016, highlighting the issues the department was facing…

Ministry of Justice IT systems are ‘fragile and precarious’, say MPs
The Ministry of Justice (MoJ) must get to grips with its poor IT systems or risk “further demoralising essential staff”, the Public Accounts Committee (PAC) has warned. […]

“ICT systems in probation are inefficient, unreliable and hard to use,” the PAC said. “In a service that relies on successful joint working between multiple partners, it is essential that ICT supports, rather than frustrates, effective and efficient collaboration. This is far from the case for probation.”

… which led to the £1,000,000,000 plan to “transform courts with better use of technology”.

UK justice system set for ‘wholesale shift’ to digital
The reform programme foresees “a wholesale shift to accessing justice digitally” and flags up two “significant developments” that will affect the way courts and tribunals operate: “The first is our aim for all cases to be started online, whether or not they are scheduled for the traditional system or for online resolution. The second will be the completion of some cases entirely online, which will be much more convenient for everyone involved.”

How was that received? With not much confidence, it seems.

PAC doubts justice system transformation programme will be a success
Public Accounts Committee says it’s difficult to see how the government’s “extremely challenging” £1.2bn project to overhaul courts through use of technology “will ever work”.

I don’t know if that’s related to today’s IT breakdowns there, but it makes you wonder.

Not going Microsoft's way

Government plan to adopt ODF file format sparks standards debate
“The recommendation of HTML for browser-based editable text and PDF as the default for non-editable documents is uncontroversial, as they can both be read on most computer platforms. However, when it comes to exchanging drafts of documents between government departments, or between government and citizens or suppliers, the choice of an editable file format is proving more controversial.”

As always with these things, it’s best to see what The Register has to say, especially about Microsoft’s hissy fit in response.

Twitter strategies, visualising data, managing projects

Template Twitter strategy for Government Departments
You might think a 20-page strategy a bit over the top for a tool like Twitter. After all, microblogging is a low-barrier to entry, low-risk and low-resource channel relative to other corporate communications overheads like a blog or printed newsletter. And the pioneers in corporate use of Twitter by central government (see No 10, CLG and FCO) all started as low-profile experiments and grew organically into what they are today. But, having held back my JFDI inclinations long enough to sit down and write a proper plan for BIS’s corporate Twitter account, I was surprised by just how much there is to say – and quite how worth saying it is, especially now the platform is more mature and less forgiving of mistakes.

50 great examples of data visualization
50 of the best data visualizations and tools for creating your own visualizations out there, covering everything from Digg activity to network connectivity to what’s currently happening on Twitter.

University of Edinburgh Records Management Section – advice on freedom of information, data protection and records management
The Records Management Section provides help and advice to all units of the University on information management issues including records management practices and procedures, data protection and freedom of information.  We are also responsible for the Central Records Registry and the day-to day management of the records of the central administrative areas formerly known as Policy and Planning.

University of Edinburgh Projects Web Site
A one stop source of information about University IT projects – Templates and methodologies to assist in the successful management of projects – A filing system and repository for project related documentation – A communication vehicle for keeping stakeholders informed about project progress.