Home Secretary Theresa May on Wednesday (4 November) revealed that the MI5 and GCHQ have been secretly collecting vast amounts of telephone and email data of the UK public for the past 15 years. May's revelation came with the unveiling of the Investigatory Power Bill, which seeks to give police and security agencies the power to spy on the online communication of suspects.
May said she and her predecessors had secretly approved the bulk collection of communication data in the UK since 2001. It was earlier thought that most of the data collected were from individuals based overseas. The data collection has reportedly been going on since the 9/11 attacks in the US.
The programme was "so secret that few even in MI5 knew about it, let alone the public", sources told BBC security correspondent Gordon Corera. David Anderson QC, who is an independent reviewer of terrorism legislation, said the programme was "so vague that anything could be done under it".
"It wasn't illegal in the sense that it was outside the law, it was just that the law was so broad and the information was so slight that nobody knew it was happening," he added.
The Investigatory Power Bill will establish "world-leading oversight to govern an investigatory powers regime which is more open and transparent than anywhere else in the world," May was quoted as saying by The Telegraph.
On the other hand, shadow home secretary Andy Burnham said the proposal is "neither a snoopers' charter nor a plan for mass surveillance". He added: "In a world where the threats we face internationally and domestically are growing, Parliament cannot sit on its hands and leave blind spots where the authorities can't see."
Under the bill, internet and communication companies will need to keep the web browsing history of the public for up to a year, which police and spy agencies can use when investigating terrorism and criminal cases. The bill will also require the companies to hack into phones and computers of suspects so as to allow police and spy agencies to eavesdrop and take remote access of those devices.