MI5 has been secretly collecting British phone users’ data for more than a decade, it has emerged.
The admission came as Home Secretary Theresa May outlined a new bill regulating online surveillance by authorities.
The covert programme, running under a law described by a British security reviewer as “vague”, has been in action since 2001.
Successive governments have used the 1984 Telecommunications Act to access data from communications companies, including the bulk records of phone calls, Ms May disclosed in her statement to the Commons.
The programme was “so secret that few even in MI5 knew about it, let alone the public," according to the BBC’s security correspondent.
David Anderson, the government’s independent reviewer of terrorism legislation, said the law authorising the surveillance was “so vague anything could be done under it.”
"It wasn't illegal in the sense that it was outside the law, it was just that the law was so broad and the information was so slight that nobody knew it was happening," he said.
It is the first formal admission security forces have been harvesting the British public’s data. It was previously supposed that data was only collected from individuals overseas.
The data involved logging phone calls - detailing not what was said but the contact - with companies required to hand over domestic records.
The admission came as the Home Secretary outlined a new 'Snooper's Charter' for government powers. Under this legislation, formally titled the Investigatory Powers Bill, the internet history of Britons would be stored and available for security services for up to a year.
It would give police and intelligence officers the power to see the sites individuals had visited (but not the specific pages) without a warrant.
It would also legalise the powers used by GCHQ, as uncovered by Edward Snowden’s leaks, allowing officials to collect large amounts of data via the internet.
Join our new commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies