Privacy International files judicial review to UK’s ability to hack devices en masse

Digital rights group Privacy International has filed a judicial review in the UK High Court of an earlier decision by the oversight body of the UK’s security agencies to sanction the use of so-called “thematic warrants” — aka a highly intrusive investigatory capability that can cover an entire class of unidentified persons or property.

Privacy International challenged the legality of the general warrants with the IPT, back in May 2014, arguing that such untargeted hacking activities violate Articles 8 and 10 of the European Convention on Human Rights, pertaining to privacy and free speech rights.

However the oversight tribunal rejected those claims in February this year, although the body has a long history of finding in favor of the state agencies it oversees (only last year breaking that pattern, after the Snowden revelations brought closer scrutiny of state security agency activity).

These warrants are also one of the most controversial elements of the draft surveillance legislation, the Investigatory Powers Bill, that the UK government is seeking to get onto the statute books this year.

Privacy International is by no means the only critic here. Thematic warrants have been targeted by committee members involved in scrutinizing the IP bill. The normally pro-security ISC committee, for example, recommended mass hacking provisions be removed entirely from the bill, saying it had not been provided with “sufficiently compelling evidence” to justify sanctioning such an intrusive capability.

Others have also sounded alarm bells over the risks of such intrusive and untargeted powers being enshrined in UK law.

Privacy International is arguing that the IPT’s decision to sanction thematic warrants “fundamentally undermines 250 years of English common law”, as well as also failing to comply with international human rights law.

“The common law is clear that a warrant must target an identified individual or individuals. Parliament is presumed not to have overridden such a profound and fundamental right unless it clearly and expressly states that general warrants are now permissible — which it has not,” it writes today.

Illustrating the potential risks, it notes that bulk warrants coupled with hacking powers enable the government to “log keystrokes, track locations, take covert photographs and videos, and access stored information”, as well as opening up the risk of security holes being created by state agencies that can then be exploited by criminals or other actors in future.

“Hacking can also be used to corrupt files, plant or delete documents and data, or send fake communications from a device. These techniques can be mobilised against entire networks, comprising the devices of large groups of people,” it adds.

Back in January, Home Secretary Theresa May was questioned by a joint select committee on the purpose of thematic warrants — and she claimed they are not intended to target broad swathes of the population but rather intended to be used in circumstances when state agencies are investigating a fast-moving group criminal activity.

“The purpose of the thematic warrant is for example circumstances in which perhaps there’s a kidnap, there’s perhaps a threat to life, and there’s only certain information available and it’s necessary because of the pace at which something is developing to be able to identify the group of people who are involved with that particular criminal activity as being within the thematic warrant,” she said in January.