Blighty’s spying nerve center GCHQ has a license to hack computers and devices at will, a UK intelligence oversight court has ruled.
The judgment was handed down on Friday after Privacy International and seven ISPs launched a legal challenge against the agency’s hacking operations – operations that were laid bare by documents leaked by NSA whistleblower Edward Snowden.
During the case, GCHQ officially admitted infiltrating PCs and mobiles for the first time.
“The use of computer network exploitation by GCHQ, now avowed, has obviously raised a number of serious questions, which we have done our best to resolve in this Judgment,” reads the lengthy ruling [PDF] from the Investigatory Powers Tribunal (IPT).
“Plainly it again emphasises the requirement for a balance to be drawn between the urgent need of the Intelligence Agencies to safeguard the public and the protection of an individual’s privacy and/or freedom of expression.”
The tribunal is tasked with scrutinizing Blighty’s agents; it says it “investigates and determines complaints of unlawful use of covert techniques by public authorities infringing our right to privacy.”
During the case, some of which was held in closed sessions for national security reasons, GCHQ said that about 20 per cent of the reports produced by the agency use material obtained by hacking. The agency said it had installed malware, used a phone’s microphone and camera remotely, and tracked suspects via GPS.
All this is done under a self-imposed code of conduct, and the IPT ruled that this gave it legal cover of its activities at home and abroad. These will be reinforced by the forthcoming Investigatory Powers Bill, aka the Snooper’s Charter.
“We are disappointed that the IPT has not upheld our complaint and we will be challenging its findings,” said Scarlet Kim, legal officer at Privacy International.
Kim said that Privacy International would be challenging the ruling on the grounds that it broke the European Convention on Human Rights when it comes to surveilling people in the trading block but outside of the UK.
“The ability to exploit computer networks plays a crucial part in our ability to protect the British public,” Foreign Secretary Philip Hammond told the BBC.
“Once again, the law and practice around our Security and Intelligence Agencies’ capabilities and procedures have been scrutinised by an independent body and been confirmed to be lawful and proportionate. It will provide our Security and Intelligence agencies with the powers they need to deal with the serious threats our country faces, subject to strict safeguards and world-leading oversight arrangements.” ®
Building secure multi-factor authentication