Bulk data includes bulk personal datasets and bulk communications data, both of which are essential to MI5's investigations.
Bulk personal datasets (BPDs) are sets of personal information about a large number of individuals, the majority of whom will not be of any interest to MI5. The datasets are held on electronic systems for the purposes of analysis, although analysts will only actually look at the data relating to the minority who are of intelligence interest. Examples of these datasets include the electoral roll, telephone directories or travel-related data.
BPDs are essential in helping MI5 identify subjects of interest or individuals who surface during the course of an investigation, to establish links between individuals and groups, to better understand a subject of interest's behaviour and connections, and to quickly exclude the innocent. In short, BPDs enable MI5 to join the dots in an investigation and to focus its attention on individuals or organisations that threaten national security. The analysis of BPD is a critical part of our response to the increasingly complicated and challenging task of defending the UK's interests and protecting its citizens in a digital age.
MI5 has powers under the Security Service Act 1989 and the Intelligence Services Act 1994 to acquire and use BPDs to help us fulfill our statutory functions, including protecting national security. At present, these are subject to regular audit and inspection by the Intelligence Services Commissioner. However, the Investigatory Powers Act will replace the Intelligence Services Commissioner with the Investigatory Powers Commissioner who will also have oversight of the BPD regime. The Investigatory Powers Act will also bring in additional safeguards relating to the retention and use of BPDs.
Bulk communications data is the "who", "where", "when", "how" and "with whom" of communications, but not what was written or said. It includes information such as the subscriber to a telephone service or an itemised bill. Public authorities such as MI5 and the police may acquire this data, which is usually obtained via Communications Service Providers (CSPs).
Fast, secure access to bulk communications data is essential to MI5 in pursuing our investigations. It has played a part in every major counter-terrorism operation over the last decade. It's a fundamental investigative tool that the agencies use on a daily basis, enabling us to identify and investigate potential threats in complex and fast-moving investigations.
Bulk communications data is currently acquired under section 94 of the Telecommunications Act 1984. This has been approved by successive governments. The capability was first used at scale in the UK in 2001 after the 9/11 attacks in New York, and later extended following the attacks on the London transport system on 7 July 2005 to respond to the terrorist threat. However, the Investigatory Powers Act will create a new statutory basis for the acquisition and retention of communications data that reflects its current usage. The Act will clarify that MI5 may only apply for a bulk acquisition warrant in relation to its three statutory purposes: in the interest of national security, for the prevention and detection of serious crime, and in the interests of the economic well-being of the UK where there is also a direct link to national security.
Once introduced, the Bill will provide for MI5's acquisition of communications data about people in Britain for the purposes of preventing or detecting serious crime, as well as the acquisition of communications data people overseas where it's in the interests of the economic well-being of the UK (in so far as it's relevant to national security). As with bulk personal data, once the Bill is introduced the regime will be overseen by the Investigatory Powers Commissioner.
In practice, access to bulk communications data in MI5 is regulated through a system of internal authorisations and this is likely to continue for the foreseeable future.