Privacy Rights Group Files Legal Challenge To GCHQ's Extensive Hacking Activities

from the one-of-the-better-uses-of-normally-useless-anti-hacking-laws dept

Indispensable organization Privacy International has filed a legal challenge against GCHQ’s hacking of computers and devices, seeking to use the UK government’s own Computer Misuse Act against its national security agency.

Much like the (frequently maligned) CFAA (Computer Fraud and Abuse Act) here in the US, the CMA prohibits unauthorized access of computers as well as knowingly impairing computers and devices with malicious software. Privacy International argues that GCHQ (in conjunction with the NSA in many cases) has done both — multiple times.

The extent of GCHQ’s capabilities was revealed by the Snowden documents, which detail how GCHQ and NSA are using malware to conduct surveillance that is potentially far more intrusive than any other current surveillance technique, including the interception of communications. GCHQ’s hacking capabilities are so advanced that they are able to surreptitiously:

  • take over a device’s microphone and record conversations taking place near the device (NOSEY SMURF);
  • take over a device’s webcam and snap photographs (GUMFISH);
  • record Internet browsing histories and collect login details and passwords used to access websites and email accounts (FOGGYBOTTOM);
  • log keystrokes entered into a device (GROK);
  • extract data from removable flash drives that connect to an infected computer (SALVAGERABBIT);
  • identify the geographic whereabouts of the user (TRACKER SMURF); and
  • retrieve any content from a phone, including text messages, e-mails, web history, call records, videos, photos, address books, notes, and calendars.

Because the leaks have made these programs public knowledge, there’s very little GCHQ can do to deny the claims. Instead, it will most likely invoke its “legal authority” to perform these acts, granted to it (albeit not in those specific words) by the UK’s Intelligence Services Act of 1994, as PI’s Caroline Wilson explains.

Section 5(1) of the ISA provides: “No entry on or interference with property or with wireless telegraphy [by GCHQ] shall be unlawful if it is authorised by a warrant issued by the Secretary of State under this section.” In other words, so long as GCHQ is acting under a warrant then its interference with computer and mobile devices may be authorised under Section 5, even if its otherwise against the law.

This assertion rests on the presumption that these acts are always carried out under a warrant. And even if not, the broad reading of the law has allowed GCHQ to declare its operations are completely legal. The CMA itself also provides another loophole for GCHQ, nullifying the stipulations of Section 1 of the act if performed under government authority.

This may not look all that promising for Privacy International, but the UK can’t rely solely on its own laws to protect GCHQ from this legal action. It also has to answer to the European Union.

[T]he law authorizing GCHQ’s hacking must at the least set out the nature of the offenses that might lead GCHQ to intrude on our personal devices, define that categories of people who might be affected, limit the duration and extent of any intrusion, set out the procedure for examining, using and storing any information obtained, prescribe how that information will be secured and shared with other parties, and define when the data collected will be erased or destroyed. The ISA’s bare bones authorisation most certainly does not meet these basic requirements.

[GCHQ’s] hacking is so intrusive, giving GCHQ unlimited control over any target device, that it is hard to imagine how it could made proportionate […] This intrusion is only compounded when it is indiscriminately deployed to potentially millions of devices.

Privacy International argues that it is the breadth of GCHQ’s activities that make it run afoul of both UK and EU law. Leaked documents have shown several programs instituted under the title of anti-terrorism that have failed to prohibit abusive use or even hold the agency to a reasonable definition of “relevant.” Much like the NSA, the capabilities have outstripped the narrowly-defined goal, providing the agencies with unprecedented levels of intrusion.

Privacy International has filed its complaint with the UK’s Investigatory Powers Tribune, the only body with the power to hear challenges of GCHQ’s activities. The legal authority GCHQ claims gives it the permission to sabotage and infiltrate computers on a widespread basis is far from clear. Much of what’s been granted to the agency has been done in complete secrecy and, as the leaks have been unleashed, its oversight has been exposed as completely worthless.

This legal battle (joining others filed by citizens and Amnesty International) will also likely end up being fought in the dark, obscured by cries of “national security.” But at least one of the combatants will be making an effort to publicize every detail of the fight.

Filed Under: , , , , ,
Companies: privacy international

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Privacy Rights Group Files Legal Challenge To GCHQ's Extensive Hacking Activities”

Subscribe: RSS Leave a comment

i wonder if Rifkin will be included? i seem to remember him being involved with the two so-called ‘interrogations’ of the heads of GCHQ, MI5 and MI6. he couldn’t rap that up quick enough, giving them a ‘clean bill of health’ so as to be able to carry on what they had been doing unabated. i also wonder if the NSA involvement will be exposed as well as how much influence it and other USA security forces have had on GCHQ. i suspect that there has been a lot!


Retro to the Rescue

“This assertion rests on the presumption that these acts are always carried out under a warrant.”

They can always retroactively issue a warrant later. Or even retroactive change the law. GCHQ manager to underlings: “Don’t worry if it’s legal or not. Just do it. We can always get it made legal later”.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Older Stuff
13:40 It's Great That Winnie The Pooh Is In The Public Domain; But He Should Have Been Free In 1982 (Or Earlier) (35)
12:06 Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process (28)
10:45 Chinese Government Dragnet Now Folding In American Social Media Platforms To Silence Dissent (14)
10:40 Daily Deal: The 2022 Ultimate Cybersecurity Analyst Preparation Bundle (0)
09:29 A Fight Between Facebook And The British Medical Journal Highlights The Difficulty Of Moderating 'Medical Misinformation' (9)
06:29 Court Ruling Paves The Way For Better, More Reliable Wi-Fi (4)
20:12 Eighth Circuit (Again) Says There's Nothing Wrong With Detaining Innocent Minors At Gunpoint (15)
15:48 China's Regulatory War On Its Gaming Industry Racks Up 14k Casualties (10)
13:31 Chinese Government Fines Local Car Dealerships For Surveilling While Not Being The Government (5)
12:08 Eric Clapton Pretends To Regret The Decision To Sue Random German Woman Who Listed A Bootleg Of One Of His CDs On Ebay (29)
10:44 ICE Is So Toxic That The DHS's Investigative Wing Is Asking To Be Completely Separated From It (29)
10:39 Daily Deal: The 2022 Complete Raspberry Pi And Arduino Developer Bundle (0)
09:31 Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title (24)
06:22 Wireless Carriers Balk At FAA Demand For 5G Deployment Delays Amid Shaky Safety Concerns (16)
19:53 Tenth Circuit Denies Qualified Immunity To Social Worker Who Fabricated A Mother's Confession Of Child Abuse (35)
15:39 Sci-Hub's Creator Thinks Academic Publishers, Not Her Site, Are The Real Threat To Science, And Says: 'Any Law Against Knowledge Is Fundamentally Unjust' (34)
13:32 Federal Court Tells Proud Boys Defendants That Raiding The Capitol Building Isn't Covered By The First Amendment (25)
12:14 US Courts Realizing They Have A Judge Alan Albright Sized Problem In Waco (17)
10:44 Boston Police Department Used Forfeiture Funds To Hide Purchase Of Surveillance Tech From City Reps (16)
10:39 Daily Deal: The Ultimate Microsoft Excel Training Bundle (0)
09:20 NY Senator Proposes Ridiculously Unconstitutional Social Media Law That Is The Mirror Opposite Of Equally Unconstitutional Laws In Florida & Texas (25)
06:12 Telecom Monopolies Are Exploiting Crappy U.S. Broadband Maps To Block Community Broadband Grant Requests (7)
12:00 Funniest/Most Insightful Comments Of 2021 At Techdirt (17)
10:00 Gaming Like It's 1926: Join The Fourth Annual Public Domain Game Jam (6)
09:00 New Year's Message: The Arc Of The Moral Universe Is A Twisty Path (33)
19:39 DHS, ICE Begin Body Camera Pilot Program With Surprisingly Good Policies In Place (7)
15:29 Remembering Techdirt Contributors Sherwin And Elliot (1)
13:32 DC Metro PD's Powerful Review Panel Keeps Giving Bad Cops Their Jobs Back (6)
12:11 Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers (39)
10:48 Oversight Board Overturning Instagram Takedown Of Ayahuasca Post Demonstrates The Impossibility Of Content Moderation (10)
More arrow
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it