UK faces Human Rights challenge to state’s bulk hacking abroad

Privacy rights organization Privacy International has filed another legal challenge to the UK government’s use of bulk hacking against foreigners.

The filing, with the European Court of Human Rights, follows Privacy International’s attempt earlier this year to challenge the use of bulk hacking against foreigners via the local oversight court for the UK’s intelligence agencies, the IPT.

However the Tribunal refused to rule on whether GCHQ’s use of bulk hacking against entities outside the UK complies with the European Court of Human Rights. The IPT further judged the government’s use of hacking lawful under domestic law. Hence the move to file a challenge with the European court now.

Privacy International has previously this year filed a separate judicial review at the UK High Court focused on another aspect of the IPT’s decision — challenging the use of so-called ‘thematic warrants’.

Another of its legal challenges to the UK government’s surveillance practices resulted in the IPT’s first ever ruling against the domestic intelligence agencies — when in February 2015 it deemed GCHQ to have previously acted illegally in sharing data with the NSA.

“By taking this case to the European Court of Human Rights, we aim to bring the government’s hacking under the rule of law,” writes Privacy International of its latest action. “The government is currently hacking abroad based on a very vague and broad power that provides few if any safeguards on this incredibly intrusive power.”

The body is joined in the action by Germany’s Chaos Computer Club, GreenNet (UK), Jinbonet (Korea), May First (US) and RiseUp (US).

Commenting in a statement, Scarlet Kim, Legal Officer at Privacy International, added: “The IPT’s decision permits the British Government to hack untold numbers of computers devices or networks abroad without any proper legal framework, oversight or safeguards. Hacking is extremely intrusive, allowing the hacker to, for example, switch on the webcam of a computer, or the mic of a phone without the owner having any idea.

“Allowing the British Government to hack therefore sanctions an extraordinary expansion of state surveillance capabilities, with alarming consequences for the privacy and security of many people around the world. The European Court of Human Rights has a strong track record of ensuring that intelligence agencies act in compliance with human rights law. We call on the Court to hold GCHQ accountable for its unlawful bulk hacking practices.”

The UK government is in the process of updating domestic surveillance legislation. The Investigatory Powers bill, currently at the review stage in the House of Lords, seeks to cement bulk hacking powers at the heart of the surveillance state via an updated legal framework.

However the IP bill’s bulk powers are the subject of an independent review, taking place this summer. The opposition Labour party pushed the government for an outside review, calling for it to set out a robust operational case for their inclusion.

Critics argue bulk powers are disproportionate and unnecessary. It will be up to QC David Anderson — who is leading the review, and who previously played a key role for the government when it was drafting the IP bill — to assess whether the use of bulk powers is justified and whether the bill contains sufficient safeguards for their operation. Although, unlike a judgement from the European Court of Human Rights, Anderson’s opinion will not be legally binding.