The GCHQ spying agency has been hacking computers from within the the UK without asking for individual warrants. The information, which was previously secret, was contained in recently released court documents in a lawsuit filed by Privacy International and seven Internet and communications service providers from UK and other countries.
The Commissioner of the Intelligence Services started to worry in 2014 that the "thematic warrants" the GCHQ was using to justify the hacking of anyone in the UK with very little practical oversight from the Secretary of the State, may have been unlawful. He was concerned that the law "does not expressly allow for a class of authorisation," and that the warrants were too broad.
GCHQ admitted earlier this year that its use of hacking was not being specifically authorized by the Secretary of State. His sign-off was requested only when "additional sensitivity" or "political risk" was involved. It should also be emphasized that even these individual "warrants" aren't actually signed-off by a judge, as any warrant should be, but by the Secretary of State. Therefore, even the individual warrant standard for intelligence agencies isn't as strong as it probably should be in a democratic country.
The Commissioner only formally reviewed GCHQ’s individual hacking targets in April 2015. The Intelligence and Security Committee Report in March 2015 called the failure of MI5 and SIS (formerly known as MI6) to keep accurate records of their hacking activities "unacceptable."
Privacy International also warned that the recently published draft for the Investigatory Powers Bill (also nicknamed "Snooper’s Charter") will codify into law the current practice of GCHQ and other UK spy agencies to hack whoever and whenever they want. The non-profit organization said that strict authorization for hacking is necessary to prevent abuses of power that tend to have very little oversight.
Caroline Wilson Palow, General Counsel at Privacy International, said:
"Eighteen months after we first brought this challenge, GCHQ have come to court today to defend their asserted power to hack computers in the UK without individual warrants. The light touch authorisation and oversight regime that GCHQ has been enjoying should never have been permitted. Perhaps it wouldn't have been if Parliament had been notified in the first place that GCHQ was hacking. We hope the tribunal will stand up for our rights and reign in GCHQ's unlawful spying."
The Investigatory Powers Tribunal has tended to be more on the side of the intelligence agencies in the past. However, it has also given a small win to civil liberties groups, mainly in relation to GCHQ not being transparent enough with its spying activities, but it hasn’t done much to restrict those activities. It remains to be seen if it will declare the "thematic warrants' unlawful or not. If Privacy International loses, it can still go to higher European Courts and appeal the decision there.
Lucian Armasu joined Tom’s Hardware in early 2014. He writes news stories on mobile, chipsets, security, privacy, and anything else that might be of interest to him from the technology world. Outside of Tom’s Hardware, he dreams of becoming an entrepreneur.