UK’s secret service, MI5, may have broken the law by holding large volumes of citizens’ private data without proper protections, according to documents released today in the High Court.
"The documents show extraordinary and persistent illegality in MI5's operations, apparently for many years”https://t.co/O9IbcdA1Rs
— Middle East Eye (@MiddleEastEye) June 11, 2019
Expert Comments:
Fouad Khalil, VP of Compliance at SecurityScorecard:
“As we consider MI5’s recent privacy violation we confirm that no one and no entity is out of GDPR reach. MI5 seems to have falsely claimed that they had the right to keep personal data and that they had sufficient controls to protect it. We have a situation here where MI5 may have violated many of the laws and regulations enacted for the mere purpose of protecting European residents. And they have done so for a number of years.
MI5 will now be viewed opposite to what it’s known for “keep our country safe and protect our citizens.” MI5’s reputation and credibility is at stake here before any fines or lawsuits even commence.
We all have to learn from these incidents and ask ourselves “are we compliant? Do we have a solid inventory of all personal data and related consent? Do we support our privacy program with sufficient up-to-date documentation? Will we survive an audit or even worse, a breach?”
No one is exempt from protecting our personal data. No company has any rights over my personal data without my consent. All companies must prove the state of control over my personal data and enable deletion or restriction of my data any time I choose to request it.
These rights are well known among all (globally speaking). With laws similar to GDPR brewing in the USA, South America, Asia and Africa, we learn that privacy has become the norm. Organizations must act now to ensure compliance and that they are capable of continuously monitoring for risks to personal data!!! Point-in-time will not cut it.”
Jake Moore, Cybersecurity Specialist at ESET:
“Law enforcement agencies are effectively currently clutching at straws when it comes to intercepting data. And it’s only going to get more difficult for them to collect their intelligence as we rightly insist on making data more private.
As encryption becomes more mainstream in communication apps, the harder it is for agencies to spy on what is going on. However, encryption shouldn’t be seen as the enemy as without it we haven’t really got much of an internet.
If MI5 can apply to judges for warrants to obtain information such as standard phone calls, text messages and clear web browsing history then this just proves that it is out of date and they will need to reconsider how to obtain intelligence on subjects in the future. I’d expect the criminals they are targeting would be using encrypted communication apps and the dark web wherever possible.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.