GCHQ Hacking Deemed Legal by Tribunal

Today it has been announced that computer and smartphone hacks used by the intelligence agency GCHQ are legal according to the UK’s Investigatory Powers Tribunal. The inquiry was launched after the extents of the agency’s hacking was uncovered by whistleblower Edward Snowdon, which led to GCHQ revealing that they had agents hack into devices both within the UK and aboard.

At the conclusion of the inquiry, the senior judges on the panel ruled that they were satisfied that GCHQ’s ability to forcefully gain access to devices in order to gather intelligence was striking a proper balance between safeguarding the privacy of individuals and the ability to investigate crime and protect the public. Understandably, Privacy International, the civil liberties group who launched the investigation said they were “disappointed” with the outcome and would continue to combat state-sponsored hacking.

GCHQ’s hacking efforts were reported to the tribunal as covering computers, smartphones, servers, routers and more. They were told that it was possible for the hackers to remotely enable microphones and cameras, log keyboard input, install malware, track locations and even copy documents from target devices. Currently, the only restrictions on hacking in place are laid out in the Home Office’s code of practice for hacking, or “equipment interference”, which is set to be expanded as part of the Government’s Investigatory Powers bill which is currently being drafted. These documents dictate that a warrant must be issued before any hacks can take place. The judges agreed that these codes had the right balance between the “urgent need for the Intelligence Agencies to safeguard the public and the protection of an individual’s privacy and/or freedom of expression”. These restrictions did not exist when the investigation was originally launched, however, which brings GCHQ’s previous actions into question.

Once again, the cyber security and privacy of citizens are under threat from government agencies, who strive to increase their own power and supposedly the safety of their people at the cost of their freedom. While in future GCHQ’s hacking is expected to be kept in check by codified legal rules, the fact that their previous actions were ruled to be lawful could set a dangerous precedent if a security agency tried to take advantage of the circumstance to work outside these laws.

Fake Data-Collecting Mobile Towers Discovered in London

A joint investigation by Sky News and German security company GMSK Cryptophone has uncovered up to 20 fake mobile towers in London that are collecting user data from nearby mobile phones. The “towers” are effectively Stingray boxes – recently used illegally by police in the US to monitor citizens – that mimic mobile towers, tricking a passing phone into revealing its international mobile subscriber number (IMSI) and electronic serial number (ESN), making it possible to track the location of the phone.

The Metropolitan Police has responded to the revelation, but its statement is about as vague and non-committal as it gets. Commissioner Bernard Hogan-Howe told Sky News, “We’re not going to talk about it, because the only people who benefit are the other side, and I see no reason in giving away that sort of thing.”

Human rights watchdog Privacy International (PI) has described the Metropolitan Police’s position on the matter as “laughable,” adding that it is possible that the Police themselves could be responsible. “We can’t be sure that all these are used by law enforcement agencies,” said Matthew Rice, advocacy officer for PI. “They can be used by criminals, and are easily bought from the internet for about £1,000. The police need to explain what they are doing to protect the public from criminals using such equipment as well as explaining how they use it.”

“Even when used by police, IMSI catchers are very difficult to use in a targeted manner, meaning when used in urban areas thousands of people’s mobile phones would be swept up in that dragnet,” he added. “What police do with that data, we don’t know. With 20 IMSI Catchers now confirmed to be deployed across London – we need law enforcement to step up, have an honest conversation about their use, so we can ensure the public are being properly protected.”

The Metropolitan Police has refused any further comment.

Thank you BBC News for providing us with this information.

Image courtesy of High Tech Forum.

UK Government Exempt From Laws Making Hacking Illegal

The UK government has adapted existing anti-hacking laws to allow British intelligence and security agencies to legally hack and launch cyber attacks, according to campaigners.

Human rights watchdog organisation Privacy International was in the process of launching legal action against the UK government for unlawful spying by use of hacking and cyber attacks until Parliament changed the law in order to protect themselves. The change not only protects existing actions, but also “grants UK law enforcement new leeway to potentially conduct cyber attacks within the UK,” according to Privacy International. While Privacy International still intends to bring a case against the UK government for its actions, it will now be launched on the basis of “hypothetical facts”.

This marks the second time that the UK has rewritten online surveillance laws to protect its interests: back in February, a revised code of practice for GCHQ gave “UK spy agencies sweeping powers to hack targets, including those who are not a threat to national security nor suspected of any crime,” Privacy International said.

“The underhand and undemocratic manner in which the Government is seeking to make lawful GCHQ’s hacking operations is disgraceful,” Eric King, deputy director of Privacy International, said.

“Hacking is one of the most intrusive surveillance capabilities available to any intelligence agency, and its use and safeguards surrounding it should be the subject of proper debate.”

“Instead, the government is continuing to neither confirm nor deny the existence of a capability it is clear they have, while changing the law under the radar, without proper parliamentary debate.”

Last week, GCHQ began recruiting hackers, seeking those who could engage in “computer network operations against terrorists, criminals and others posing a serious threat to the UK”.

Thank you The Independent for providing us with this information.

Privacy International Will Find Out if GCHQ Spied On You

Privacy International, one of the human rights groups that brought a case against UK intelligence agency GCHQ for unlawful surveillance, has launched a new campaign to enquire on your behalf as to whether you were illegally spied on by the intelligence outfit.

To submit to Privacy International’s enquiry, all you need to do is enter your details here. The organisation will collate all details it receives and forward them to the Investigatory Powers Tribunal – the body that ruled GCHQ’s actions unlawful – for comparison against its records. The request is permitted through the European Convention for Human rights, specifically Article 8 (‘right to respect for personal and family life’) and Article 10 (‘right to freedom of expression and information’).

Deputy Director of Privacy International, Eric King, said:

“The public have a right to know if they were illegally spied on, and GCHQ must come clean on whose records they hold that they should never have had in the first place. There are few chances that people have to directly challenge the seemingly unrestrained surveillance state, but individuals now have a historic opportunity finally hold GCHQ accountable for their unlawful actions.”

Source: The Next Web

Amnesty International Releases Anti-Spyware Program

A new piece of software, called Detekt, designed specifically to protect political activists and dissidents from spyware attacks from their own governments, has been unveiled by Amnesty International. Amnesty produced the software in conjunction with three other rights groups, the Electric Frontier Foundation, Privacy International, and Digitale Gesellschaft.

Detekt was developed to look for the digital footprint that spyware tends to leave on an infected computer. This spyware can monitor keystrokes, grab images from a connected webcam, or even access on-board microphones. Detekt’s scan is so intensive that the computer cannot be used while it is running. The software has been designed for Windows, since that is the most common operating system to be targeted by spying programs.

Tanya O’Carroll, adviser on technology and human rights at Amnesty International, spoke about the impetus behind the creation of Detekt, saying, “These spying tools are marketed on their ability to get round your bog-standard anti-virus.” She added, “It’s easier to name the countries that are not using these spying tools than those that are.”

Claudio Guarnieri, the creator of Detekt, furthered the point, saying, “People think the uses of spyware by governments are isolated cases. They are not.”

Detekt can be downloaded now from resistsurveillance.org.

Source: BBC