GCHQ Licensed to Hack Phones and Computers

By Tom Jowitt

The surveillance powers of GCHQ, Britain’s intelligence agency, to hack and access anyone’s computer, phone or other forms of communications, are far greater than first thought.

The revelation was made by campaign group Privacy International (PI), which released court papers that detail the amount of surveillance powers given to British spies, and the broad legal remit they have to comply with.

State Hacking

The U.K. court documents are full of legal speak, but they do reveal that GCHQ has the power to hack into computers, phones and networks anywhere in the world. And to make matters worse, GCHQ does not have to have national security or criminal justifications when doing so.

PI has long campaigned against state-sponsored hacking and surveillance, as revealed by the whistle-blower Edward Snowden. As part of its legal challenge to the British government, PI reportedly obtained the court document written by government lawyers. In the document, the British government revealed the authority and legal framework for GCHQ when it is hacking into outside devices.

“In addition the EI Code makes clear … that where it is proposed to conduct equipment interference activity specifically against individuals who are not intelligence targets in their own right, interference with the equipment of such individuals should not be considered as collateral intrusion but rather as ‘intended intrusion'”, said the document.

Essentially, what this all means is that GCHQ and its sister intelligence agencies in the United Kingdom do need authorization to hack into devices used by “intelligence targets.”

However, GCHQ does already have the power and authority to infiltrate anyone’s computers and mobile phones worldwide, irrespective of whether they are suspected of being a national security risk or criminal.

“The government has been deep in the hacking business for nearly a decade, yet they have never once been held accountable for their actions. They have granted themselves incredible powers to break into the devices we hold near and dear, the phones and computers that are so integral to our lives,” said Eric King, deputy director of Privacy International, in a statement emailed to TechWeekEurope.

“What’s worse is that without any legitimate legal justification, they think they have the authority to target anyone they wish, no matter if they are suspected of a crime,” said King. “This suspicionless hacking must come to an end and the activities of our intelligence agencies must be brought under the rule of law.”

Ongoing Practice

Last month the Investigatory Powers Tribunal (IPT) ruled that GCHQ illegally spied on British citizens.

The tribunal, which was created in 2000 to keep Britain’s intelligence agencies in check, stated that GCHQ’s access to intercepted information obtained by the NSA breached human rights laws. It marked the first time that the IPT had ruled against an intelligence agency in its 15-year history.

And GCHQ has been accused of hacking a number of times in the past.

In September 2014, both it and the NSA were alleged to have broken into the networks run by German Internet Service Providers (ISPs), in an effort to map the entire Internet.

And last month, SIM card manufacturer Gemalto’s “thorough investigation” of the illegal hacking of its computer systems, concluded that the NSA and GCHQ were probably behind the attack in 2010 and 2011.