UK Government Authorized GHCQ to Hack Any Device
Last year, Privacy International legally challenged the UK government for information on its hacking powers via GHCQ. The request was based on documents leaked by Edward Snowden which alleged state-sponsored hacking. Not on the part of governments like the Democratic People’s Republic of Korea, but on the part of western governments.
The most shocking part of the revelations was that this hacking was done without any terrorist or criminal probable cause. Months later they received a response from government lawyers and later decided to publish it. The document outlines the ways in which it felt GHCQ’s hacking was legal and necessary. It also reveals that the data collection and hacking of any device, anywhere did not only affect British citizens. Citizens anywhere should be concerned about the breadth of this program.
Hacking is Okay for “Legitimate Purposes”
From the court document given to Privacy International:
CNE operations vary in complexity. At the lower end of the scale, an individual may use someone’s login credentials to gain access to information. More complex operations may involve exploiting vulnerabilities in software in order to gain control of devices or networks to remotely extract information, monitor the user of the device or take control of the device or network. These types of operations can be carried out illegally by hackers or criminals. In limited and carefully controlled circumstances, and for legitimate purposes, these types of operations may also be carried out lawfully by certain public authorities.
It then outlines circumstances under which hacking is authorized:
(a) the wanted communications are not in the course of their transmission and cannot therefore be intercepted;
(b) there is no communications service provider on whom a warrant can be served to acquire particular communications; or
(c) a more comprehensive set of the target’s communications or data of intelligence interest is required than can be obtained through other means.
Neither Confirmed Nor Denied
The government then makes an amazing leap, utilizing a legal loophole which allows it to not perjure itself, previously outlined in the document (read the document for full details).
… whilst the specific factual allegations which are made in these proceedings are neither confirmed nor denied for the reasons set out above, it is denied that GCHQ is engaged in any unlawful and indiscriminate mass surveillance activities. Such activities are clearly precluded by the clear statutory regime which governs GCHQ’s activities as set out in detail below.
But last month, in a landmark ruling, a UK judge decided that this warrantless search of property and communications was illegal. Now, anyone in the world can inquire as to whether they were personally spied on. Whether or not the government agency will choose to tell the truth is far from certain, but the move on the part of the judge to take Privacy International’s side is certainly an interesting development for those who value privacy.
For a more entertaining rundown of the situation, watch the video below.