Hacking of smartphone, computer and network by the British security and intelligence agency Government Communications Headquarters (GCHQ) is legal, says a security tribunal. The investigatory power tribunal (IPT) has recently ruled the computer network exploitation (CNE) technique, which might include remotely activating microphones and cameras on electronic devices without the owner's knowledge, is legal.

The IPT, which deals with complaints about surveillance and the intelligence services, has found in favour of the Foreign Office and GCHQ, in a case that was brought by the Privacy International and a group of seven internet service providers: GreenNet, Riseuo, Mango, Jinbonet, Greenhost, Media Jumpstart and Chaos Computer Club.

The case, which was heard in 2015, was the first time wherein the GCHQ admitted to have carrying out hacking in the UK and overseas. Privacy International, in its response said, "We will challenge this undermining of the fundamental right that a warrant should identify a specific property or person."

Brit spies hacking phones

During the hearing, GCHQ admitted that it carries out CNE inside and outside the UK and in 2013 about 20% of its intelligence report contained information derived from hacking, reports the Guardian.

The IPT judgement states, "The use of CNE by GCHQ, now avowed, has obviously raised a number of serious questions, which we have done our best to resolve.

"Plainly, it again emphasises the requirement for a balance to be drawn between the urgent need of the intelligence agencies to safeguard the public and the protection of an individual's privacy and/or freedom of expression.

"We are satisfied that with the new [equipment interference code] and whatever the outcome of parliamentary consideration of the investigatory powers bill, a proper balance is being struck in regard to the matters we have been asked to consider."

According to the judgement the legal regime under which warrants are issued for the agency to carry out Equipment Interference (EI), also known as CNE, in the UK has been compatible with human rights law.

Philip Hammond, foreign secretary praised the ruling, saying: "I welcome the IPT ruling and its judgment that a proper balance is being struck between the need to keep Britain safe and the protection of individuals' privacy."

"The ability to exploit computer networks plays a crucial part in our ability to protect the British public. Once again, the law and practice around our Intelligence and Security Agencies' capabilities and procedures have been scrutinised by an independent body and been confirmed to be lawful and proportionate."

Out-dated surveillance laws

Scarlet Kim, legal officer at Privacy International, "We are disappointed by the IPT's judgment today, which has found government hacking lawful based on a broad interpretation of a law dating back to 1994, when the internet and mobile phone technology were in their infancy.

"Until we brought this case, GCHQ would neither confirm nor deny that it was they were engaging in mass hacking of computers, mobile devices and entire computer networks.

"During the course of the proceedings the government sought to create law 'on the hoof', changing anti-hacking laws (the Computer Misuse Act 1984) through an addition to the Serious Crime Act 2015 and producing a Code of Practice for hacking. Hacking is one of the most intrusive surveillance capabilities available to intelligence agencies.

"This case exposed not only these secret practices but also the undemocratic manner in which the Government sought to backdate powers to do this under the radar. Just because the government magically produces guidelines for hacking should not legitimise this practice.

"The IPT has decided that GCHQ can use 'thematic warrants', which means GCHQ can hack an entire class of property or persons, such as 'all phones in Birmingham'.

"In doing so, it has upended a longstanding English common law principle that such general warrants are unlawful. Allowing governments to hack places the security and stability of the internet and the information we exchange on it at stake."