Watching the watchers: Is the Technical Advisory Panel a match for MI5, MI6 and GCHQ?

Can the TAP keep pace?

Can this small group of experts act as an effective counterbalance to organisations such as GCHQ, MI5 and MI6, which had a combined budget of £4.5bn in 2004-2005?

Calder is confident that they can. “We have a broad range of expertise, and all of our expertise overlaps. I don’t want to use the word polymath, but I have just said it,” she says.

“It’s obvious that we were going to be doing something on AI. People are very rightly raising issues of fairness, transparency and bias, but they are not always unpicking them and asking what this means in a technical setting”

Muffy Calder, Technical Advisory Panel

“We are able to contribute to areas outside of our particular expertise and we have lots of different networks, so when we don’t know about something, we know who to ask,” she adds.

The TAP’s close working relationship with the intelligence services has prompted some to ask whether the regulator may be too trusting.

The BBC reported in June 2025, for example, that MI5 persuaded IPCO to change a report into MI5’s handling of a violent neo-Nazi agent after the spy agency provided it with false information.

IPCO told the BBC that it had been “misled” into amending its draft report and that assurances provided by MI5 were “incorrect”.

IPCO approved Apple ‘backdoor’

One of the investigatory powers commissioner’s most recent controversial decisions was to sign off on a technical capability notice (TCN) issued by the home secretary, Yvette Cooper, against Apple in January 2025.

Rather than comply with the order, Apple withdrew its Advanced Data Protection (ADP) service from the UK, though it remains available in the rest of the world.

The existence of the order was protected by a secrecy order, until it was leaked to the Washington Post.

Computer Weekly understands that Leveson did not consult the TAP before he approved the TCN against Apple. Calder is unable to comment on the Apple case.

“I feel that we are consulted appropriately and that we can make our voice heard appropriately,” she says. “I am very comfortable that when we are asked, our answers are taken very seriously. It would be rare that we get involved in specific details,” she adds.

Turning on the TAP

The TAP began life shortly after IPCO was formed in September 2017. Sir Bernard Silverman, former chief scientific advisor to the Home Office and professor of statistics at Oxford University, became its first chair.

Muffy Calder, professor of formal methods (computing science) at Glasgow University, Derek McAuley, professor of digital economy at the University of Nottingham, and John Davies, a former chief technology officer from BAE Systems Applied Intelligence, were the first to join the panel in 2018.

Today, the panel has grown to six people, split equally between three academics and three technology experts with backgrounds in the defence industry and the intelligence services (see box: Current members of the Technical Advisory Panel).

Panel members spend their time roughly equally on three tasks. The first is advising judicial commissioners – the serving or retired judges responsible for authorising surveillance warrants for the police and intelligence services – on technical aspects of surveillance and privacy.

They accompany judicial commissioners to on-site inspections of intelligence and police organisations. And they act as an antenna for IPCO to pick up trends in technology and brief the organisation on the implications of those trends for oversight of intelligence and surveillance.

“We try to keep a balance. Are we responding to a question or a query? Are we doing horizon scanning, thinking about changing technologies? Are we educating ourselves and making sure that we are up to date with changing technologies? And are we going out on inspections? Because that helps us understand how technology is being applied,” she says.

Horizon scanning

The TAP’s day-to-day work is to advise IPCO on the potential impact of technologies that could be used by the intelligence services before they are deployed.

Our members all bring something to the table. They have a lot of expertise, and they are able to contribute. You can’t shut us up

“We might raise a technology because we could see its potential, not because we knew it was going to be used, but we could imagine that it could be used. So, we would raise something that we are [horizon] scanning about, but that’s kind of why we are here,” she says.

One of the biggest challenges facing IPCO is the impact of artificial intelligence on surveillance oversight. AI enables computers to make deductions and draw links from vast amounts of data gathered by GCHQ, from probes into internet cables, harvesting passwords and user names, and exploiting vulnerabilities to access mobile phones and computers.

IPCO contracts TAP members to work 20 days a year, but Calder says the work is interesting and rewarding, so she ends up putting in more time than her allotted hours.

The TAP is not a committee, which means it operates informally, says Calder.

“Our members are all there because they bring something to the table. They have got a lot of expertise, and they are able to contribute. You can’t shut us up. We always have things to talk about and new areas of technology,” she says.

Why it is not possible to measure intrusion

When the TAP first began its work, its members were interested in finding a way of scientifically measuring the intrusiveness of different surveillance measures.

The panel organised a workshop in Cambridge, opening it up to academics with a range of views on privacy, including the civil society organisations Privacy International and the Open Rights Group.

As a mathematician and a computer scientist, Calder wanted to investigate whether there was a way to scientifically measure the degree of intrusion into privacy caused by different surveillance methods.

“I thought, we can quantify this. It’s not just the quantity, it’s the nature of the data. For example, how to compare [the privacy impact of] data for a few people over a longer period of time against data held on a few people over a shorter period of time – you can start to quantify it.”

But mathematics alone cannot provide a meaningful measure of intrusion. Too much depends on context.

“Increasingly, our view, and certainly my view, has become much more sophisticated about how we make the judgement about what is less intrusive,” she says. “I am not sure we will ever have metrics of intrusion in a quantified sense.”

Internet connection records

The TAP has advised IPCO over a new investigatory power introduced under the Investigatory Powers Act 2016, which allows intelligence and law enforcement agencies to monitor internet connection records (ICRs).

Internet connection records, which are collected and retained by phone and internet service providers, record the services people have accessed through the internet. They could range from a website or the use of an instant messaging app, such as Signal or WhatsApp, or a service like Google Maps.

They do not include the content of a website or messaging apps, but can be used, for example, to identify everyone who has visited a particular website, or the communication services used by a particular individual or group of individuals.

The Investigatory Powers Act was amended last year to allow government agencies to monitor who is accessing websites or web services without the need for independent approval from the Investigatory Powers Commissioner, in a move that opposition MPs said would lead to “fishing expeditions”.

The UK is the only country among the Five Eyes nations (Australia, Canada, New Zealand, UK, US) to have required communications companies to store ICRs for 12 months, but its expansion has been gradual because it requires service providers to have the right technology in place to capture records.

A TAP member advised a judicial commissioner before the commissioner approved two communications data retention notices issued to two unidentified telecommunications companies in 2019 for the first trial of ICR surveillance.

The National Crime Agency (NCA) briefed TAP members on the trial, which focused on monitoring access to websites whose sole purpose was to provide access to illegal images of children. It identified more than 120 subjects of interest.

The Home Office’s National Communications Data Service quietly expanded the use of ICRs in 2022, when it awarded a contract, worth up to £2m, to BAE Systems Applied Intelligence as part of a programme to create a National ICRs Service, first reported by Public Technology.

Calder was not personally involved in IPCO’s consultations over ICRs but other members of the TAP “were certainly out, helping and advising on the trials”.

This included providing briefings for judicial commissioners and IPCO’s legal advisors and inspectors on ICRs and producing internal guidance for IPCO staff.

The TAP was able to make a “significant” difference by offering advice on the intricacies of internet addresses, including, for example, the differences between a website address and website content – a line that is not always clear cut, says Calder.

“The whole thing is very dynamic and changing. What constitutes an internet address, what constitutes data, and what constitutes metadata,” says Calder.

The risks of AI to intelligence oversight

In 2019, the then director of GCHQ, Jeremy Flemming, warned of the risks posed by accelerating technology, particularly AI, to proper oversight of the intelligence agencies.

He told a meeting of the Five Eyes Intelligence Oversight and Review Council in London that changes in technology were “identifying potential weaknesses or gaps in regulatory standards, governance structures and ethical norms”.

AI has the potential to automate every aspect of surveillance, from automating applications for warrants, to speeding up the collection, analysis and assessment of intelligence.

That raises new questions for IPCO, including whether AI will, as appears inevitable, allow greater numbers of people to be covertly monitored and investigated. What will that mean for individuals’ privacy rights when they are deliberately targeted, and what will it mean for the privacy rights of people accidentally caught up in covert surveillance as collateral damage?

“While AI holds the potential to generate new insights and predictions, its application could have significant implications for privacy if not managed responsibly,” the oversight body warned in a policy document about AI published in March.

AI now inevitably forms a significant part of the TAP’s work. Its members have “engaged” with the UK intelligence community, with the aim of ensuring compliance and safeguards are built into AI developments, rather than considered as an afterthought.

TAP members have taken part in AI workshops at GCHQ, received briefings from other intelligence agencies and developed a three-tier training programme for judicial commissioners and other IPCO staff.

The panel has also produced an “assessment aid” to assist police, intelligence services and around 600 other government agencies regulated by IPCO, to think about whether the use of AI is proportionate and minimises invasion of privacy. It is also available to other organisations.

AI may also have the potential to automate oversight of the government agencies monitored by IPCO, for example, by detecting inappropriate database use and activities that may not be legally compliant. However, Calder says that is not part of the TAP’s remit.

“We are more concerned with the use of AI in the bodies we oversee, not how we use it ourselves,” she adds.

And how are those bodies using it? Calder says that’s a question best addressed to them.

Accompanying IPCO inspection teams

One of the key roles of the TAP is to accompany inspection teams on visits to law enforcement and intelligence agencies, where they can explain technical issues (see box: Technical Advisory Panel inspections and visits).

IPCO has three specialist inspection teams, one focusing on interception agencies, including the UK intelligence community, the ministry of defence and the National Crime Agency (NCA).

Another inspects a wide range of government bodies that have access to records of phone and internet communications data, showing, for example, who phoned or emailed whom, how long the call took and when it took place, but not the content of the communication.

A third inspects public authorities’ use of surveillance, covert human intelligence sources and property interference powers.

According to the most recent full-year figures available, IPCO carried out more than 380 inspections in 2023, including over 130 inspections on local authorities, 115 on law enforcement and police, 54 on prisons and 38 on intelligence agencies.

By attending inspections, Calder says TAP members can gain a better understanding of what IPCO does, allowing them to offer better advice. TAP members can also help to explain technical issues to the inspectors.

“We can understand what the inspector is trying to get at, but they might not know the details of the technology, so we can help them phrase the question, or indeed understand the answer,” she says.

The equities process

Since 2021, TAP members have attended inspections of GCHQ’s “equities process”. This is the process where GCHQ and other government agencies decide whether to alert businesses and technology suppliers to known security vulnerabilities, or keep them secret so they can be lawfully used by intelligence and law enforcement agencies for hacking into computer systems and phones.

Calder says she has no views on where the balance lies between disclosing vulnerabilities so that organisations can secure their computer systems, or keeping them secret so they can be used as a tool by law enforcement and intelligence services for equipment interference (hacking).

“We don’t set policy. We don’t set views. We are scientific and technical advisors,” she says.

“But we would listen, and we might be able to contribute because there is a subjective decision being made there, and we might be able to contribute to the implications of going either way,” she says.

That could mean, for example, advising on the technical consequences of greater disclosure, or lower disclosure.

David and Goliath?

Since it became fully operational in 2019, the TAP has had multiple briefings with intelligence agencies on the technical aspects of interception and surveillance.

According to public reports, it has received briefings from GCHQ on developments in computing, including AI and machine learning, legal issues and bilateral arrangements on data sharing between the UK and the US.

“It is important that we are briefed, so that we understand the context on which we are giving advice, so we understand what is being used now and what might be used in the future,” she says.

Trust versus legal powers

The Technical Advisory Panel has legal powers under Section 247 of the Investigatory Powers Act to require organisations to disclose documents and information required for its work.

In practice, the TAP has never used these powers. The work of the TAP, Calder suggests, is less about invoking legal powers and more about building a trusted relationship with the agencies that IPCO oversees.

“I think, theoretically, we are allowed to go anywhere and ask anything we want to, except we can’t hold up an investigation [by police or an intelligence agency],” she says.

Over the years, the TAP’s relationship with the organisations IPCO oversees has “changed and evolved as we figured out how to work with the agencies”, she says. “It feels like we are in a position of trust.”

When trust fails

There are occasions when trust between IPCO and the organisations it oversees becomes strained.

The Security Service, MI5, has been criticised by the Investigatory Powers Tribunal for its less than candid approach to the oversight body and the courts.

BBC journalist Daniel De Simone revealed in June 2025 that MI5 had given false statements to IPCO and had provided false evidence to multiple courts.

MI5 had previously attempted to dissuade De Simone from reporting the activities of an MI5 agent known as X, a violent right-wing extremist who violently assaulted his girlfriend.

When that failed, it took legal action to prevent the agent from being named, despite the risk X posed to other women.

MI5’s false evidence led IPCO to rewrite a previously critical report about MI5 in a positive light, according to the BBC report.

De Simone wrote that the episode “raises questions about how easily IPCO accepts false assurances from MI5, when it is supposed to ensure the Security Service works within the law and in the public interest”.

Calder and IPCO said that with proceedings ongoing, it would be inappropriate to comment on the case until after the court had given its judgment.

MI5’s technical environment

Members of the TAP also took part in inspections of MI5’s computer systems, known as the “technical environment”, after the intelligence service failed to disclose serious compliance issues that put MI5 in breach of the law.

MI5 knew about the problems with some of the data collected as early as 2015 and 2016, describing the problem areas as akin to the “Wild West” in internal documents, but had failed to alert the home secretary or oversight bodies such as IPCO.

The Investigatory Powers Tribunal found in 2023 that MI5 had unlawfully gathered and retained millions of people’s private data and that successive home secretaries continued to sign off on surveillance warrants, even after they had received clear indications that it was acting unlawfully.

Caroline Wilson Palow, director of Privacy International, which together with Liberty, brought the case against MI5, tells Computer Weekly: “Unfortunately, the agencies have a history of not always living up to the trust placed in them by oversight bodies.

“MI5 knew about these failures for years without revealing them to either the home secretary or relevant oversight bodies. When it comes to oversight, we must verify, not trust alone.”

The case for transparency

Ian Brown, a consultant on internet regulation, particularly relating to information security and privacy, argues that there is a case for more transparency over the TAP’s advice and how judicial commissioners have responded to it.

He suggests that members of the TAP could appear before Parliament’s Intelligence and Security Committee – in private when it’s necessary – to discuss matters of national security for greater democratic scrutiny.

The TAP produces classified versions of its reports, which are sent to the home secretary and Scotland’s cabinet secretary for justice. Unclassified versions are published in IPCO’s annual report, the most recent of which was published in 2022.

“I don’t want to stray into having an opinion here, but I will say I am very content with this,” says Calder. “I think our relationships are built on trust, and we actually have a lot of trust in the system, and you are just going to have to trust me when I say this.

“I do think this setup is world-leading, and it works very well because we work on trust. I don’t think there would be anything to be gained; it would become so much more bureaucratic and formulaic,” she adds.

Calder is confident that judicial commissioners take the advice of the TAP under genuine consideration when they make decisions. The role of the TAP is not simply to provide “technology washing” to judicial decisions.

“I simply wouldn’t be in this role if that wasn’t the case. It’s my professional personal standing. This is something that matters. I wouldn’t do it if it was a token.”

During her time in the TAP, Calder says that there has not been a case of the TAP’s advice being ignored. And if it was, she would feel very comfortable about raising it with the investigatory powers commissioner.

How to join the TAP

It is not possible to apply to become a member of IPCO’s Technical Advisory Panel. Jobs are not advertised. Candidates are invited.

One of the requirements is that candidates have to be prepared to go through “developed vetting”, the most comprehensive and intrusive level of security clearance, required for people having regular access to top secret material.

Candidates can come from the intelligence and defence community, academia and industry.

“In the panel, we discuss who we might need and what skills we might need, and where potential candidates might come from. But it’s very much on their expertise and their ability to work within the TAP.”

The investigatory powers commissioner, on the advice of the chair of the TAP, makes the ultimate decision.

The TAP in 2025 is split 50:50 between academics and people with backgrounds in the defence industry and the intelligence services. Out of three non-academics on the TAP, at least two have had careers in GCHQ, and one with BAE Systems, which has close connections with the intelligence community. BAE Systems, for example, makes probes used by the intelligence community to intercept data from communications cables.

The TAP has been criticised for being too close to the intelligence services and law enforcement to give entirely objective views on the proportionality of the surveillance techniques it oversees.

But Calder says that is not the case.

“I think you have to come back to our remit. First of all, our members aren’t representing anything. They are experts. They have expertise and they have an ability to work with each other to offer scientific and technical advice,” she says.

IPCO says it regularly engages with non-governmental organisations (NGOs) that advocate privacy. They have been invited to contribute to consultations and information days with judicial commissioners.

In the past, IPCO’s attempts at transparency have foundered. An early attempt by IPCO to hire an expert on the Investigatory Powers Act, supported by former members of the police and intelligence services, was abandoned following objections from MI5.

A court found that the Home Office had unfairly withdrawn Eric Kind’s security clearance after MI5 had complained that his work with pro-privacy NGOs raised questions over his trustworthiness with classified material.

Recently, IPCO has taken steps towards greater openness, with both investigatory powers commissioner Leveson and the chairman of TAP giving public interviews.

IPCO has also held private meetings with NGOs in recent months, with more scheduled. According to one person who attended a meeting, however, the approaches have felt more like “box-ticking” than a genuine attempt to engage with civil society.

Understanding the law

Calder says she has found her time on the TAP extremely interesting and rewarding, but admits that getting to grips with understanding the law has been intellectually challenging.

We had to dedicate a lot of time and effort to understanding the Investigatory Powers Act. It would have been much easier if it had been written in technical language

“We are technologists, and I am a computer scientist. I hadn’t really thought much about the law before, and I was handed this big book, the Investigatory Powers Act, and it’s an awful lot to learn.”

The IPA was not written with technology experts in mind, and even legal professionals find it difficult to interpret.

“We had to dedicate a lot of time and effort to understanding this legislation. It would have been much easier if it had been written in technical language,” says Calder.

“The lawyers do help us, and they talk to us as well. It’s a sort of team activity to help us understand. This is very niche technical advice. We really have to understand the domain,” she says.