GCHQ Is Hacking Domestic Computers In The UK Without Individual Warrants

The GCHQ spying agency has been hacking computers from within the the UK without asking for individual warrants. The information, which was previously secret, was contained in recently released court documents in a lawsuit filed by Privacy International and seven Internet and communications service providers from UK and other countries.

The Commissioner of the Intelligence Services started to worry in 2014 that the "thematic warrants" the GCHQ was using to justify the hacking of anyone in the UK with very little practical oversight from the Secretary of the State, may have been unlawful. He was concerned that the law "does not expressly allow for a class of authorisation," and that the warrants were too broad.

GCHQ admitted earlier this year that its use of hacking was not being specifically authorized by the Secretary of State. His sign-off was requested only when "additional sensitivity" or "political risk" was involved. It should also be emphasized that even these individual "warrants" aren't actually signed-off by a judge, as any warrant should be, but by the Secretary of State. Therefore, even the individual warrant standard for intelligence agencies isn't as strong as it probably should be in a democratic country.

The Commissioner only formally reviewed GCHQ’s individual hacking targets in April 2015. The Intelligence and Security Committee Report in March 2015 called the failure of MI5 and SIS (formerly known as MI6) to keep accurate records of their hacking activities "unacceptable."

Privacy International also warned that the recently published draft for the Investigatory Powers Bill (also nicknamed "Snooper’s Charter") will codify into law the current practice of GCHQ and other UK spy agencies to hack whoever and whenever they want. The non-profit organization said that strict authorization for hacking is necessary to prevent abuses of power that tend to have very little oversight.

Caroline Wilson Palow, General Counsel at Privacy International, said:

"Eighteen months after we first brought this challenge, GCHQ have come to court today to defend their asserted power to hack computers in the UK without individual warrants. The light touch authorisation and oversight regime that GCHQ has been enjoying should never have been permitted. Perhaps it wouldn't have been if Parliament had been notified in the first place that GCHQ was hacking. We hope the tribunal will stand up for our rights and reign in GCHQ's unlawful spying."

The Investigatory Powers Tribunal has tended to be more on the side of the intelligence agencies in the past. However, it has also given a small win to civil liberties groups, mainly in relation to GCHQ not being transparent enough with its spying activities, but it hasn’t done much to restrict those activities. It remains to be seen if it will declare the "thematic warrants' unlawful or not. If Privacy International loses, it can still go to higher European Courts and appeal the decision there.


Lucian Armasu joined Tom’s Hardware in early 2014. He writes news stories on mobile, chipsets, security, privacy, and anything else that might be of interest to him from the technology world. Outside of Tom’s Hardware, he dreams of becoming an entrepreneur.

You can follow him at @lucian_armasu. Follow us on Facebook, Google+, RSS, Twitter and YouTube.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • utroz
    No big surprise here, the same crap happens in the USA too, matter of fact I think just about every country does it now which is kinda sad..
  • alextheblue
    No big surprise here, the same crap happens in the USA too, matter of fact I think just about every country does it now which is kinda sad..

    They're just playing catch-up to the NSA - the NSA has been doing warrantless / mass warrant actions for ages (and still does no matter what 'Bama claims). Heck the warrants they did obtain were done in secret courts - no punchline. Now they also coerce ISPs into recording and sharing data, so they don't even need a warrant and they can claim legal compliance.
  • thestatic1982
    Perhaps its time to start rolling heads.