New Documents Show UK Intelligence Agencies Hacking Computers With Little To No Oversight

from the because-of-course-they-are dept

Privacy International, which has been engaged in legal challenges over GCHQ spying for the past few years, has obtained an oversight document as a result of its litigation. What they show is the agency's broad hacking powers and the reluctance of its oversight to condone these actions.

The Commissioner of the Intelligence Services was slow to respond to hacking. Many of the concerns the Commissioner raised in his 2014 report [published July 2015] are the subject of PI's legal complaint, including whether it is lawful to use broad "thematic warrants" to justify the hacking of people in the UK. The Commissioner questioned this practice in depth. He was concerned that current law "does not expressly allow for a class of authorisation", and therefore the warrants were too broad. As a result, the Commissioner was worried that the Secretary of State was unable to properly assess whether the warrant authorised activity was necessary and proportionate. [ibid, p18] This means that GCHQ could get a warrant in the UK to hack the computer of everyone in Birmingham with little meaningful oversight.

Broad warrants at home -- signed by someone who may not have had any idea exactly what they were authorizing. No warrants, for the most part, for extraterritorial hacking. Testimony on behalf of the GCHQ by its director of cyber-security points out that the Secretary of State (who handles surveillance warrants) is rarely consulted when the target is foreign. The only exceptions are if the GCHQ feels the target may be "sensitive" or "politically risky." Otherwise, the GCHQ grants itself permission to carry out these attacks.

Two other agencies that write their own hacking orders (MI5 and the Secret Intelligence Service) also do what they can to eliminate whatever minimal paper trail these actions might generate.

The Intelligence and Security Committee Report in March 2015 called MI5's and SIS's failure to keep accurate records of their overseas hacking activities "unacceptable", [ISC report, p.66] as it makes effective oversight impossible [Witness Statement of Ciaran Martin, 71L].

Arguably, the oversight was never "effective" to begin with. Privacy International's Caroline Wilson Palow points out that Parliament was never notified in the first place by these agencies about their hacking activities. The oversight of three intelligence agencies is pretty much limited to one guy (Sir Mark Waller) who engages in spot checks of warrants periodically. With none of the agencies feeling any particular urge to seek warrants for overseas surveillance, it does cut down on Waller's workload, but it doesn't do much to ensure they aren't abusing their (often) self-awarded privileges.



Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: gchq, oversight, surveillance, uk
Companies: privacy international


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 2 Dec 2015 @ 3:54am

    The more I read about the UK, the more I hate them.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Dec 2015 @ 5:22am

      Re:

      Don't hate the UK, hate the fearful oiks who don't understand the concept of security.

      link to this | view in chronology ]

      • identicon
        Wendy Cockcroft, 7 Dec 2015 @ 5:45am

        Re: Re:

        This.^

        I live in the UK and believe me, we are decent people. It's the lobby-ist led government that's the problem. And GCHQ is much too cozy with the security/surveillance industry for my liking. That said, the problem is global. I'd be surprised to find any government of a major power with clean hands where surveillance is concerned.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Dec 2015 @ 4:47am

    "them" the slaves who happen to be born there?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Dec 2015 @ 5:10am

    Damned hackers, something must be done. Good to know they have IP addresses like everyone else. Take your tea and crumpets and fish and chips and stick them where the sun don't shine. Encrypt, use tor, use a VPN. This internet thing is getting to be too much work. Think I'll take up extreme fighting instead.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Dec 2015 @ 2:10pm

    revolution comes when those who hold the power abuse it

    link to this | view in chronology ]

    • identicon
      Wendy Cockcroft, 7 Dec 2015 @ 5:50am

      Re:

      Revolution comes when people forget that violence is not a solution. We DO need regime change but that requires getting people organised under a leader we can all agree on.

      The only real alternative we've got is the left-wing Jeremy Corbyn but I'm not sure where he stands on surveillance. His deputy Tom Watson is fairly good on digital rights but needs to go further.

      Whether or not Labour has a realistic chance of winning the next election is another matter. Clinging to dinosaur politics on one side and running with the neoliberal/neocon herd on the other is causing internal divisions and none of it is doing the country any favours. I wish they'd base their policies on describing the world as it actually is but none of them appear to have any interest in doing so, which puts me off voting for them.

      link to this | view in chronology ]

  • identicon
    Alastair Carnegie, 5 Sep 2016 @ 12:47am

    Medical Records.

    I had a very silly lady in the Medical Records Department, telephone me, because my phone number was on my records, and then have a great giggle with her friends, reading out my Medical Records aloud to me. I wonder if that was organised by G.C.H.Q. ??? It seems a bit like one of the games the staff there would like to play for their own personal entertainment.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.