British spies hacked themselves and family members to get personal information to send birthday cards, new papers reveal

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

British spies have been collecting bulk data on people for years, and abusing it to find out people’s addresses for birthday cards, new releases show.

MI5, MI6 and GCHQ have been collecting and relying on huge amounts of data collected on almost every person in the country, according to new documents obtained by Privacy International during a legal hearing.

And spies have even been hacking themselves to find out that personal information so that they can use it for booking holidays and spying on their family members to get personal details, the papers show.

The papers also prove that the collection of bulk data has been happening for much longer than previously known.

The files show the huge amount of information that is being gathered by British spying groups. Ministers have previously argued that only people who are suspected of criminal or terrorist behaviour will be tracked – but they show that spies have been collecting bulk personal datasets on a range of innocent people for years, and arguing that they are used to find legitimate suspects.

The papers show how that same information has been used by spies to find out personal information, like looking up people’s addresses to send birthday cards.

“We’ve seen a few instances recently of individual users crossing the line with their database use, looking up addresses in order to send birthday cards, checking passport details to organise personal travel, checking details of family members for personal reasons. Another area of concern is the use of the database as a ‘convenient’ way to check the personal details of colleagues when filling out service forms on their behalf.

The papers also show how the organisation had to explicitly tell spies not to search for themselves within the database – a practice that can often lead to accidental intrusion into other people’s lives.

“An example of an inappropriate ‘self search’ would be to use the database to remind yourself where you have travelled so you can update your records,” a policy added to the documents in 2001 says. “This is not a proportionate use of the system, as you could find this information by another means (i.e. check the stamps in your passport or keep a running record of your travel) that would avoid collateral intrusion into other people’s data.”