Home Technology Cyber Security UK GOVERNMENT claims they are legally justified to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime.

UK GOVERNMENT claims they are legally justified to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime.

By on

UK GOVERNMENT CLAIMS POWER FOR BROAD, SUSPICIONLESS HACKING OF COMPUTERS AND PHONES

Wednesday, March 18, 2015

The British Government has admitted its intelligence services have the broad power to hack into personal phones, computers, and communications networks, and claims they are legally justified to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime.

These startling admissions come from a government court document published today by Privacy International. The document was filed by the government in response to two court cases initiated last year against GCHQ that challenge the invasive state-sponsored hacking revealed by Edward Snowden. In the document, the Government outlines its broad authority to infiltrate personal devices and the networks we use everyday.

Buried deep within the document, Government lawyers claim that while the intelligence services require authorisation to hack into the computer and mobile phones of “intelligence targets”, GCHQ is equally permitted to break into computers anywhere in the world even if they are not connected to a crime or a threat to national security.

Such powers are a massive invasion of privacy. Hacking is the modern equivalent of entering someone’s house, searching through their filing cabinets, diaries and correspondence, and planting devices to permit constant surveillance in future. If mobile devices are involved, the government can obtain historical information including every location visited in the past year and the ongoing surveillance will capture the affected individual wherever they go.

Additionally, the intelligence services assert the right to exploit communications networks in covert manoeuvres that severely undermine the security of the entire internet. The deployment of such powers is confirmed by recent news stories detailing how GCHQ hacked into Belgacom using the malware Regin, and targeted Gemalto, the world’s largest maker of SIM cards used in countries around the world.

The court document relies heavily on a draft code on “equipment interference”, which was quietly released to the public on the same day that the Investigatory Powers Tribunal found that GCHQ had previously engaged in unlawful information sharing with the United States’s National Security Agency.

For the past decade, GCHQ have been involved in state-sponsored hacking, or “Computer Network Exploitation”, without this code being available to the public. This lack of transparency is a violation of the requirement that the intelligence services act in accordance with law. The draft code has not yet been approved by Parliament, and is open for public comment until 20 March 2015.

Last week’s ISC report admits for the first time that GCHQ relies on security vulnerabilities, including, zero-day vulnerabilities, for its CNE operations, but redacts the exact number of vulnerabilities disclosed.

Privacy International assisted in filing two separate complaints to the IPT challenging GCHQ’s widespread hacking. The first, in which Privacy International is the claimant, centres around GCHQ and the NSA’s reported power to infect potentially millions of computer and mobile devices around the world with malicious software that gives them the ability to sweep up reams of content, switch on users’ microphones or cameras, listen to their phone calls and track their locations. It is the first UK legal challenge to the use of hacking tools by intelligence services.

The second complaint was filed by seven internet service and communications providers from around the world, who are calling for an end to GCHQ’s exploitation of network infrastructure in order to unlawfully gain access to potentially millions of people’s private communications. The complaint, filed by Riseup (US), GreenNet (UK), Greenhost (Netherlands), Mango (Zimbabwe), Jinbonet (Korea), May First/People Link (US), and the Chaos Computer Club (Germany), is the first time that internet and communication providers have taken collective action against GCHQ’s targeting, attacking and exploitation of network communications infrastructure.

https://www.privacyinternational.org/?q=node/545

Categories: Cyber Security