The UK GCHQ intelligence agency’s hacking of computers, mobile devices, smart devices, and computer networks has been ruled to be legal, no matter where it happens in the world, and compatible with the European convention on human rights.
The ruling was made by the Investigatory Power Tribunal, a UK court that hear and decides on complaints regarding surveillance by public bodies.
The aforementioned hacking and surveillance efforts include logging keystrokes, taking screenshots and photos, recording video and audio, accessing, modifying and deleting files, tracking the target’s location, impersonating the target by sending messages from his or her device, and so on.
The verdict has been brought in relation to a complaint made by Privacy International and a group of seven Internet service providers after hacking revelations in documents from Edward Snowden’s NSA trove.
“Our complaint is the first UK legal challenge to state-sponsored hacking, an exceptionally intrusive form of surveillance. We contended that GCHQ hacking operations were incompatible with democratic principles and human rights standards. We further argued that GCHQ, which until these proceedings was hacking in secret, had no clear authority under UK law to deploy these capabilities,” Privacy’s International’s legal officer Scarlet Kim explained.
The verdict on GCHQ hacking
Unfortunately, the court decided in favour of the intelligence agency.
“The use of CNE (Computer Network Exploitation) by GCHQ, now avowed, has obviously raised a number of serious questions, which we have done our best to resolve. Plainly, it again emphasises the requirement for a balance to be drawn between the urgent need of the intelligence agencies to safeguard the public and the protection of an individual’s privacy and/or freedom of expression,” the IPT’s ruling says.
“We are satisfied that with the new [equipment interference code] and whatever the outcome of parliamentary consideration of the investigatory powers bill, a proper balance is being struck in regard to the matters we have been asked to consider,” it concludes.
This legal fight is also the first time that the GCHQ admitted hacking within and outside the UK, at what Privacy International considers to be “an alarmingly broad scale.”
“In the proceedings, the Government admitted that it may undertake hacking against a specific device or an entire computer network. It also admitted that it undertakes both ‘persistent’ and ‘non-persistent’ operations, the former referring to hacking activities covering an extended period of time,” Kim pointed out.
Privacy International has announced that they will challenge the Tribunal’s findings. “Allowing Governments to hack places the security and stability of the internet and the information we exchange on it at stake,” she noted.
UK Foreign Secretary Philip Hammond welcomed the ruling.
“Once again, the law and practice around our Security and Intelligence Agencies’ capabilities and procedures have been scrutinised by an independent body and been confirmed to be lawful and proportionate,” he stated.
“The draft Investigatory Powers Bill will further strengthen the safeguards for the Agencies’ use of these powers, including a new double-lock authorisation process.”