Today it has been announced that computer and smartphone hacks used by the intelligence agency GCHQ are legal according to the UK’s Investigatory Powers Tribunal. The inquiry was launched after the extents of the agency’s hacking was uncovered by whistleblower Edward Snowdon, which led to GCHQ revealing that they had agents hack into devices both within the UK and aboard.
At the conclusion of the inquiry, the senior judges on the panel ruled that they were satisfied that GCHQ’s ability to forcefully gain access to devices in order to gather intelligence was striking a proper balance between safeguarding the privacy of individuals and the ability to investigate crime and protect the public. Understandably, Privacy International, the civil liberties group who launched the investigation said they were “disappointed” with the outcome and would continue to combat state-sponsored hacking.
GCHQ’s hacking efforts were reported to the tribunal as covering computers, smartphones, servers, routers and more. They were told that it was possible for the hackers to remotely enable microphones and cameras, log keyboard input, install malware, track locations and even copy documents from target devices. Currently, the only restrictions on hacking in place are laid out in the Home Office’s code of practice for hacking, or “equipment interference”, which is set to be expanded as part of the Government’s Investigatory Powers bill which is currently being drafted. These documents dictate that a warrant must be issued before any hacks can take place. The judges agreed that these codes had the right balance between the “urgent need for the Intelligence Agencies to safeguard the public and the protection of an individual’s privacy and/or freedom of expression”. These restrictions did not exist when the investigation was originally launched, however, which brings GCHQ’s previous actions into question.
Once again, the cyber security and privacy of citizens are under threat from government agencies, who strive to increase their own power and supposedly the safety of their people at the cost of their freedom. While in future GCHQ’s hacking is expected to be kept in check by codified legal rules, the fact that their previous actions were ruled to be lawful could set a dangerous precedent if a security agency tried to take advantage of the circumstance to work outside these laws.