Did MI5 make a mess of its email alert service?

I wasn’t very nice about the new MI5 email alerting service thing… but it was even worse than I thought. According to a BBC report:

Campaigners’ ‘found that data gathered was being stored in the US leading to questions about who would have access to the list of names and e-mail addresses… The activists discovered that the whole system had been contracted and some of it was being run by a company called Mailtrack that specialises in handling large e-mail mailing lists. More worryingly when people signed up to use the alert system, the standard encryption software had been disabled. This would have scrambled personal data, such as name and e-mail address, to stop others eavesdropping.

Even the US company operating the service admitted: ‘we would always encourage people to move it to their own country.’ Whoops. There’s even a suggestion that ‘one of the digital security certificates used in the scrambling process between the MI5 site and a user’s browser while they sign up was only issued two days after the mailing list was unveiled.’