Investigatory Powers Commissioner’s Annual Report 2019
IPC, Sir Adrian Fulford, in response has now concluded; this section of our report sets
out the sequence of events and our key findings. In the future, safeguards will form a key
part of our oversight at MI5 as well as the other authorities we oversee (see chapter 7).
Throughout 2020 we will work with MI5 to build our level of confidence in the compliance
of their IT estate with their legal obligations. We are confident that MI5’s internal review of
safeguards, initiated following the realisation of the severity of this issue, will identify any
substantial vulnerabilities in their data handling model.
TE1: Initial investigation
8.45
MI5 first briefed the IPC on compliance risks associated with TE1 on 27 February 2019.
MI5 then formally reported these risks in a letter to the IPC on 11 March. The key
compliance risks highlighted in MI5’s briefing were that, within TE1, MI5 had less assurance
than they would wish regarding where data was stored in the environment; who had access
to it; the extent to which it was being copied or shared; and the deletion processes which
applied to it.
8.46
We conducted our first inspection of TE1 on 18-22 March, with the assistance of the
Technology Advisory Panel (TAP). Our key conclusions related to:
• access controls;
• copying of data;
• review, retention and deletion of data;
• legally privileged material: MI5 had a manual process in place for deleting legally
privileged material from its systems if required to do so; and
• institutional knowledge: having reviewed a number of MI5 internal documents we
concluded that, by January 2018 if not earlier, MI5 had a clear view of some of the
compliance risks around TE1, to the extent that it should have carefully considered the
legality of continuing to store and exploit operational data in TE1. The risks were also
sufficiently clear that they should have been communicated to the IPC at that time.
8.47
In response to our findings, MI5 initiated a series of mitigations which sought to secure
compliance with the requirements of the IPA regarding the handling of warranted data.
The IPC then made a determination on 5 April on the extent to which MI5 could be said
to comply with the relevant IPA safeguards. He concluded that, subject to certain critical
caveats, he was satisfied that MI5 had the capability henceforth to handle warranted data
within TE1 in a way which was compliant with the IPA. He emphasised that “all the relevant
activities must be susceptible to inspection and audit – in other words, MI5 and IPCO must
be able to check in sufficient detail that there has been compliance with the legislation”.
8.48
In coming to this decision, the IPC also noted:
This is a serious and inherently fragile situation. The future will entirely depend on
compliance by MI5 with the legislation and the adequacy of the internal and external
inspection regimes. IPCO will need to be reassured on a continuing basis that new
warranted material is being handled lawfully. In the absence of this reassurance, it is
likely that future warrant applications for data held in [TE1] will not be approved by the
Judicial Commissioners, and I will expect that the proposed mitigations are progressed
at pace. The weaknesses outlined above are of sufficient magnitude to mean that
the immediate mitigatory steps, which will be sufficient for the short term, cannot be
expected to provide a long term solution, and the proposals made by MI5…must be
47