New Documents Show UK Intelligence Agencies Hacking Computers With Little To No Oversight
from the because-of-course-they-are dept
Privacy International, which has been engaged in legal challenges over GCHQ spying for the past few years, has obtained an oversight document as a result of its litigation. What they show is the agency's broad hacking powers and the reluctance of its oversight to condone these actions.
The Commissioner of the Intelligence Services was slow to respond to hacking. Many of the concerns the Commissioner raised in his 2014 report [published July 2015] are the subject of PI's legal complaint, including whether it is lawful to use broad "thematic warrants" to justify the hacking of people in the UK. The Commissioner questioned this practice in depth. He was concerned that current law "does not expressly allow for a class of authorisation", and therefore the warrants were too broad. As a result, the Commissioner was worried that the Secretary of State was unable to properly assess whether the warrant authorised activity was necessary and proportionate. [ibid, p18] This means that GCHQ could get a warrant in the UK to hack the computer of everyone in Birmingham with little meaningful oversight.
Broad warrants at home -- signed by someone who may not have had any idea exactly what they were authorizing. No warrants, for the most part, for extraterritorial hacking. Testimony on behalf of the GCHQ by its director of cyber-security points out that the Secretary of State (who handles surveillance warrants) is rarely consulted when the target is foreign. The only exceptions are if the GCHQ feels the target may be "sensitive" or "politically risky." Otherwise, the GCHQ grants itself permission to carry out these attacks.
Two other agencies that write their own hacking orders (MI5 and the Secret Intelligence Service) also do what they can to eliminate whatever minimal paper trail these actions might generate.
The Intelligence and Security Committee Report in March 2015 called MI5's and SIS's failure to keep accurate records of their overseas hacking activities "unacceptable", [ISC report, p.66] as it makes effective oversight impossible [Witness Statement of Ciaran Martin, 71L].
Arguably, the oversight was never "effective" to begin with. Privacy International's Caroline Wilson Palow points out that Parliament was never notified in the first place by these agencies about their hacking activities. The oversight of three intelligence agencies is pretty much limited to one guy (Sir Mark Waller) who engages in spot checks of warrants periodically. With none of the agencies feeling any particular urge to seek warrants for overseas surveillance, it does cut down on Waller's workload, but it doesn't do much to ensure they aren't abusing their (often) self-awarded privileges.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: gchq, oversight, surveillance, uk
Companies: privacy international
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
I live in the UK and believe me, we are decent people. It's the lobby-ist led government that's the problem. And GCHQ is much too cozy with the security/surveillance industry for my liking. That said, the problem is global. I'd be surprised to find any government of a major power with clean hands where surveillance is concerned.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
The only real alternative we've got is the left-wing Jeremy Corbyn but I'm not sure where he stands on surveillance. His deputy Tom Watson is fairly good on digital rights but needs to go further.
Whether or not Labour has a realistic chance of winning the next election is another matter. Clinging to dinosaur politics on one side and running with the neoliberal/neocon herd on the other is causing internal divisions and none of it is doing the country any favours. I wish they'd base their policies on describing the world as it actually is but none of them appear to have any interest in doing so, which puts me off voting for them.
[ link to this | view in chronology ]
Medical Records.
[ link to this | view in chronology ]