GCHQ Spies Given License to Hack
Britain recently permitted spies to disassemble and reverse engineer a wide range of popular software. The products range from online bulletin board systems to commercial encryption and anti-virus programs. Such activity violates copyright law. GHCQ purported sought warrants to protect itself from such scrutiny.
Despite its effort to immunize itself from legal troubles GHCQ appears to have stumbled into non-compliance. The warrant did not authorize the type of copyright infringement the GCHQ performed. The law pertained to property and wireless telegraphy law – not intellectual property.
The secret reinterpretation of powers, in entirely novel ways, that have not been tested in adversarial court processes, is everything that is wrong with how GCHQ is using their legal powers. – Eric King, deputy director of Privacy International.
One agency memo regarding the reverse engineering warrant notes that internal authorization procedures were not followed by the hacking team. Once discovered, the error was retroactively approved. A 2014 report challenged the rigor of the organizations oversight.
Popular web forum software vBulletin was named in the warrant. Users of vBulletin include Sony Pictures, NASA, Electronic Arts and Zynga. Encryption provider Exlade’s CrypticDisk used by corporations and businesses around the globe, including Intel, IBM, GE, HP and Seagate, also turned up new exploits as a result of the reverse engineering.
One of the more prominent targets was Moscow-based anti-virus maker Kaspersky labs. The software company has over 270,000 corporate clients.
The full extent of the GCHQs use of warrant authority is still unknown but questionable actions like these call into question the damage these programs bring to the interests of these software companies abroad.