Max Smolaks — Tech Week Europe May 14, 2014
London-based charity Privacy International has filed a legal complaint against GCHQ, demanding an investigation into claims that the UK spy agency infected millions of computers and mobile devices with malware in order to collect intelligence data.
The charity said documents provided by Edward Snowden revealed that methods employed by GCHQ were in violation of articles 8 and 10 of the European Convention on Human Rights.
Privacy International demands an end to what it calls “unlawful hacking”. It wants an injunction restraining any similar future conduct, and an order requiring the destruction of any information obtained unlawfully.
GCHQ has issued no comment on the complaint.
Privacy International was first formed in 1990 to fight government surveillance and promote the right to privacy across the world. Most of its early campaigns were focused on China and Southeast Asia. However, following the Snowden revelations, its attention has shifted closer to home.
Among the numerous intelligence programmes revealed by former NSA contractor was the ‘Dishwire’ project which gave the US agency the ability to collect around 200 million texts a day, in a database shared with GCHQ. Another surveillance project reportedly had GCHQ collecting millions of images of Yahoo chat users, obtained directly from their webcams.
Meanwhile, the Warrior Pride malware developed by the agency allowed it to remotely record sound and images from smartphones running iOS or Android, as well as retrieve data stored on the devices.
According to the 30-page complaint filed with the Investigatory Powers Tribunal, operations run by GCHQ allowed it to listen in on private conversations, read text messages, watch through webcams and download complete web browsing histories, which infringed on the users’ right to privacy and freedom of expression. Furthermore, GCHQ was practicing “active SIGNIT” – collection of data through manipulation of the user’s property with malware, which is even more intrusive than previously known ‘passive’ methods.
“If the interception of communications is the modern equivalent of wire-tapping, then the activity at issue in this complaint is the modern equivalent ofnentering someone’s house, searching, through his filing cabinets, diaries and correspondence, and planting devices to permit constant surveillance in future, and, if mobile devices are involved, obtaining historical information including every location he visited in the past year,” states the complaint.
“GCHQ has not identified any legal basis for the alleged conduct which if performed by a private individual would involve the commission of criminal offences. “
Privacy international wants GCHQ to admit that its intrusive surveillance methods are illegal, and refrain from using them in the future. It also seeks a public hearing of the complaint – since the conduct of the agency has consistently made the front page for the past 12 months, it says there is no longer any good reason to uphold the usual ‘neither confirm nor deny’ policy.
It is worth noting that cases heard by the Investigatory Powers Tribunal are usually secret and there is no need for the court to justify its decisions.
Privacy International previously filed a complaint against GCHQ over its access to the PRISM and Tempora projects.