The UK’s cyber surveillance agency GCHQ has “taken advantage” of its ability to hack phones and computers and set a “dark precedent” around the world, privacy campaigners have claimed.
All and any material obtained from the agency’s ability to hack into devices should be destroyed and the scheme, which was first disclosed in documents leaked by Edward Snowden, should be declared unlawful, according to Privacy International.
It is claimed by the privacy campaigning group that the hacking abilities of GCHQ include accessing computer cameras and mobile phones.
Hacking of devices, officially known as computer network exploitation (CNE) has been a largely unregulated, but attempts have been made to legitimise the practice after Snowden’s leaks and through the creation of the government’s draft Investigatory Powers Bill (IP Bill).
However, Privacy International said that public acknowledgement and codes of practice around government hacking were not “sufficient”.
“Government hacking remains a troubling and intrusive power, with serious security ramifications, that the draft IP Bill would permit in far too wide a range of circumstances,” the charity said in a statement.
“If made law, this would set a dark precedent globally and green-light similar practices in nations both friendly and unfriendly to the United Kingdom.”
Court documents, released by the privacy group, will ask judges to declare the “intrusion into computers and mobile devices” was unlawful and against the human rights to privacy and freedom of expression.
The documents, which will be used as part of a four-day hearing at the Investigatory Powers Tribunal, also demand that materials obtained under any hacking practices be destroyed and an injunction be granted to prevent any unlawful conduct. The hearing marks the culmination of the legal challenge, which was first launched by the privacy advocates in May 2014.
In March a report produced by the Intelligence and Security Committee confirmed that GCHQ uses zero-day attacks — that exploit unknown security issues — as part of its work.
Snowden, the former NSA contractor, has repeatedly said it is possible for GCHQ and other agencies to access phones without their owners knowledge.
In an interview with the BBC in October he reiterated a “Smurf Suite” — named after the cartoon characters — was used by GCHQ to “own your phone”. The hacking powers contained the ability to turn a phone on or off, turn a devices microphone on and listen to surroundings, and a geo-location tool for detailed user tracking, Snowden said.
GCHQ has rebuffed Privacy International’s claims as “simply untrue”, adding that there are strict procedures in place to ensure they are regulated.
The wider context of the court case comes as the government attempts to reform the surveillance powers available to GCHQ, including provisions for hacking devices. In May GCHQ spies were given immunity from prosecution under alterations to the Computer Misuse Act..
A code of practice, which outlines the “basis for lawful equipment interference activity” was also published in November. It detailed the equipment that may be hacked when laws are suspected to have been broken, including “computers, servers, routers, laptops, mobile phones and other devices”.
The code was published as part of the IP Bill — nicknamed the “snooper’s charter” by critics — and publicly sets out the ability for security services to do so.
Documents with the draft law state: “Equipment interference encompasses a wide range of activity from remote access to computers to downloading covertly the contents of a mobile phone during a search.”
Details of the government’s defence in the case are due to be released by Privacy International and will be added to this story.