Privacy activists and left-wing and progressive internet companies from across the world are taking the British government to the European Court of Human Rights (ECHR) over GCHQ's mass spying powers. The alliance has turned to the ECHR, after a UK tribunal ruled that the GCHQ's ability to hack and compromise people's computers, smartphones and entire networks was legal under British laws.

The complaint has been brought forward by Privacy International, and four internet social enterprises and a hacker collective.

More Technology News

In a statement released on 5 August, Privacy International said, "Hacking is one of the most intrusive surveillance capabilities available to the government and entails a serious interference with the right to privacy. By taking this case to the European Court of Human Rights, we aim to bring the government's hacking under the rule of law. The government is currently hacking abroad based on a very vague and broad power that provides few if any safeguards on this incredibly intrusive power."

The UK-based charity previous filed a complaint with the Investigatory Powers Tribunal (IPT) over the powers granted to GCHQ to hack into computer systems across the world, under sections five and seven of the Intelligence Services Act 1994. The IPT ruled that GCHQ – the British equivalent of the US National Security Agency (NSA) – is permitted to compromise people's computers and networks under British laws and the European Convention of Human Rights.

However, the IPT refused to rule on whether section seven of the Intelligence Services Act – which deals with hacking computers outside of the UK – was permitted under the Convention. It is question that Privacy International wants the ECHR to rule on.

Privacy International said in a statement, "Hacking is one of the most intrusive surveillance capabilities available to the government and entails a serious interference with the right to privacy. By taking this case to the European Court of Human Rights, we aim to bring the government's hacking under the rule of law. The government is currently hacking abroad based on a very vague and broad power that provides few if any safeguards on this incredibly intrusive power."

"The court case has shown that the secret services interpreted a vague law completely arbitrarily, evading the need for specific warrants and providing no protection for journalists, activists or the general public. We are now even more convinced of the need for judicial pre-authorisation and for these sections of the Intelligence Services Act to be clarified. It is regrettable that the failure of the IPT to address the lack of either technological or legal limitations on assumed powers has made this challenge necessary," said Cedric Knight of GreenNet.

Privacy plaintiffs

  • Privacy International – UK-based charity which says it campaigns 'for strong national, regional, and international laws that protect privacy'.
  • GreenNet – a UK non-profit collective which provides 'internet services, web design and hosting to supporters of peace, the environment and human rights'.
  • Chaos Computer Club – 'CCC' is a German collective of hackers.
  • Jinbonet – also known as Korean Progressive Network Center, this network provides web hosting, mailing lists and webmail services to that Korea's progressive movements and unions.
  • May First/People Link – a US/Mexican co-operative that supplies ISP services to 'left-wing, progressive and social justice' groups.
  • Riseup Collective – a group linked to the hacktivist alliance Anonymous, Riseup provides secure online communication tools to 'people and groups working on liberatory social change'.

"As currently practised, GCHQ's hacking powers are neither in accordance with law nor proportionate, both of which they must be in order to satisfy Articles 8 and 10 [of the ECHR]. Our case focuses on the in accordance with law requirement, which says that if an intrusive surveillance practice like hacking is to be used, it must have an explicit legal basis that makes its use foreseeable and must be accompanied by stringent safeguards," Privacy International's general counsel Caroline Wilson Palow told Motherboard.

In response to challenges to the online surveillance powers granted to British law enforcement and intelligence services, while she was home secretary, Prime Minister Theresa May introduced the Draft Investigatory Powers Bill. Despite privacy groups expressing major concerns over the Bill granting the British government the power to conduct mass hacking outside of its territory, the bill reached the House of Lords with few changes and is expected to be made law in due course.