Via a legal challenge, Privacy International has obtained a trove of documents relating to how British spy agencies - MI5, MI6, and GCHQ - collect bulk data on British citizens.
(You can view and download the documents here, which were previously reported on by The Guardian.)
In one eye-opening document - an internal newsletter from September 2011 - spies are warned against "crossing the line" and abusing the databases available to them.
"We've seen a few instances recently of individual users crossing the line with their database use for instance, looking up addresses in order to send birthday cards, checking passport details to organise personal travel, checking details of family members for personal reasons," the newsletter says. "Another area of concern is the use of the database as 'convenient' way to check the personal details of colleagues when filling out Service forms on their behalf."
It then includes some do's-and-don't's for people with access to the database. Do ensure you're compliant with the database Code of Practice and "report any accidental viewing to a member of the security team." Don't "share data from the database in a way that is not necessary," or "search for individuals for which you have no business need to do so (eq. public figures, family members)."
It's not clear whether spies have been caught searching for public figures and celebrities, or if this was just a precautionary warning.
The Guardian reports that spies have been disciplined for misusing bulk data before, and that a GCHQ employee was fired last year for "making unauthorised searches."
These kind of abuses aren't limited to the
The documents obtained by Privacy International also reportedly concede that many of the people whose data is collected by the intelligence services' surveillance programs are "unlikely to be of intelligence or security interest."