Privacy International has filed a legal complaint against the UK’s intelligence group GCHQ (Government Communications Headquarters), accusing it of unlawfully infecting millions of PCs and mobile devices with snooping software.
The privacy advocacy group said GCHQ is in cahoots with the National Security Agency (NSA) in the US and infected devices with malicious software that gives them the ability to sweep up reams of content, switch on users’ microphones or cameras, listen to their phone calls and track their locations.
This is the first UK challenge to the use of hacking tools by intelligence services.
It was filed in the UK’s Investigatory Powers Tribunal.
“Given that GCHQ and the NSA have no clear lawful authority to conduct hacking, which if performed by a private individual would involve the commission of criminal offences, their conduct is unlawful and must be halted immediately,” Privacy International said.
Snowden revelations
GCHQ’s capabilities were exposed in documents from former CIA contractor Edward Snowden that revealed how both GCHQ and NSA used malware to conduct surveillance on private individuals.
This enabled them to gather information on a person’s gender, marital status, finance, sexual orientation, private communications and potentially their most intimate thoughts.
“The hacking programmes being undertaken by GCHQ are the modern equivalent of the government entering your house, rummaging through your filing cabinets, diaries, journals and correspondence, before planting bugs in every room you enter,” said Eric King, deputy director of Privacy International.
“Intelligence agencies can do all this without you even knowing about it, and can invade the privacy of anyone around the world with a few clicks.
“All of this is being done under a cloak of secrecy without any public debate or clear lawful authority. Arbitrary powers such as these are the purview of dictatorships, not democracies.
“Unrestrained, unregulated government spying of this kind is the antithesis of the rule of law and government must be held accountable for their actions.”
Mobile hacking capabilities allegedly used by GCHQ:
· Take over a device’s microphone and record conversations taking place near the device (NOSEY SMURF)
· Take over a device’s webcam and snap photographs (GUMFISH)
· Record internet browsing histories and collect login details and passwords used to access websites and email accounts (FOGGYBOTTOM)
· Log keystrokes entered into a device (GROK)
· Extract data from removable flash drives that connect to an infected computer (SALVAGERABBIT)
· Identify the geographic whereabouts of the user (TRACKER SMURF)
· Retrieve any content from a phone, including text messages, emails, web history, call records, videos, photos, address books, notes, and calendars.
Spyware image via Shutterstock