GCHQ empowered to hack any device anywhere without terrorist, criminal threat – UK court doc
The startling revelation surfaced after civil rights group Privacy International (PI) filed a legal challenge in 2014 questioning the hacking powers of UK government intelligence agency GCHQ.
The legal challenge sought to examine allegations relating to “state-sponsored hacking” uncovered by ex-NSA computer analyst and whistleblower Edward Snowden.
PI subsequently obtained a court document, penned by government lawyers, in which the government outlined its authority to infiltrate mobile phones, laptops, iPads and networks used on a day-to-day basis.
The privacy rights group made the decision to publish the document on Wednesday.
Nestled deep within its body, is the admission that UK intelligence services need authorization to hack into devices used by “intelligence targets,” but hold the power to infiltrate computers and mobile phones worldwide – irrespective of whether they are suspected of being linked to a criminal or terrorist threat.
PI, which has long campaigned for increased privacy rights in Britain, said these powers amount to a “massive invasion of privacy.”
“Hacking is the modern equivalent of entering someone’s house, searching through her filling cabinets, diaries and correspondence, and planting devices to permit constant surveillance in future,” the group warned.
“If mobile devices are involved, the government can obtain historical information including every location visited in the past year and the ongoing surveillance will capture the affected individual wherever they go.”
The privacy rights group added intelligence agencies such as GCHQ assert the right to “exploit communications networks” in clandestine maneuvers that seriously undermine the security of the world wide web.
The court document, central to PI’s revelations, was heavily reliant on draft code relating to equipment interception. Previously a secret government policy, it was made public on the same day Britain’s Investigatory Powers Tribunal found GCHQ had unlawfully shared information with America’s National Security Agency (NSA).
Over the last decade, GCHQ has engaged in widespread “state-sponsored hacking,” in the absence of this code, PI says.
The group warns this glaring lack of transparency violates the requirement that British intelligence agencies comply with UK law. The draft code is yet to be backed by Parliament.
“The government has been deep in the hacking business for nearly a decade, yet they have never once been held accountable for their actions,” said Eric King, Deputy Director of Privacy International.
“They have granted themselves incredible powers to break into the devices we hold near and dear, the phones and computers that are so integral to our lives,” he added.
King warned the spy agency believes it has the right to target anyone it wishes in the absence of legal justification.
He called for an end to this “suspicionless hacking,” and for British intelligence agencies to be forced to comply with UK law.
Jan Girlich, a spokesperson for Germany’s Chaos Computer Club, said GCHQ appears to think its powers are unlimited.
“Hacking of network infrastructure and people's phones and devices for claimed national security reasons is actually undermining the IT security on a structural level,” he said.
Girlich stressed the UK government cannot justify hacking devices worldwide by simply publishing rules governing these activities.
“It leaves our infrastructure vulnerable and the people's personal information in the hands of a secret service not bound to the law, wielding massive power over everybody they wish,” he said.
RT queried GCHQ directly on the extent of its hacking powers. Asked how the hacking of communications devices and networks in the absence of a related criminal or terror threat can be justified, a spokesperson for the spy agency declined to specify. She insisted, however, GCHQ’s hacking practices are regulated.
"As will be seen from the Government's Open Response, assertions/suggestions that GCHQ can carry out Computer Network Exploitation (CNE) operations in an unregulated way are simply untrue,” she told RT. “Strict legal controls, safeguards and requirements apply to this activity, which can only be carried out for statutory purposes e.g. national security."