British spies hacked themselves and family members to get personal information to send birthday cards, new papers reveal

New papers show that UK spies have been collecting bulk personal data on citizens since the 90s, and that the information found is liable to abuse

Andrew Griffin
Thursday 21 April 2016 11:59 BST
A security camera overlooks the radar domes of RAF Menwith Hill in north Yorkshire
A security camera overlooks the radar domes of RAF Menwith Hill in north Yorkshire (Getty)

British spies have been collecting bulk data on people for years, and abusing it to find out people’s addresses for birthday cards, new releases show.

MI5, MI6 and GCHQ have been collecting and relying on huge amounts of data collected on almost every person in the country, according to new documents obtained by Privacy International during a legal hearing.

And spies have even been hacking themselves to find out that personal information so that they can use it for booking holidays and spying on their family members to get personal details, the papers show.

The papers also prove that the collection of bulk data has been happening for much longer than previously known.

The files show the huge amount of information that is being gathered by British spying groups. Ministers have previously argued that only people who are suspected of criminal or terrorist behaviour will be tracked – but they show that spies have been collecting bulk personal datasets on a range of innocent people for years, and arguing that they are used to find legitimate suspects.

The papers show how that same information has been used by spies to find out personal information, like looking up people’s addresses to send birthday cards.

“We’ve seen a few instances recently of individual users crossing the line with their database use, looking up addresses in order to send birthday cards, checking passport details to organise personal travel, checking details of family members for personal reasons. Another area of concern is the use of the database as a ‘convenient’ way to check the personal details of colleagues when filling out service forms on their behalf.

The papers also show how the organisation had to explicitly tell spies not to search for themselves within the database – a practice that can often lead to accidental intrusion into other people’s lives.

“An example of an inappropriate ‘self search’ would be to use the database to remind yourself where you have travelled so you can update your records,” a policy added to the documents in 2001 says. “This is not a proportionate use of the system, as you could find this information by another means (i.e. check the stamps in your passport or keep a running record of your travel) that would avoid collateral intrusion into other people’s data.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in