Hacking by GCHQ 'fundamentally weakens the security of the internet', says UK lawyer

Hacking and computer exploitation by cyber spooks at the UK's Government Communications Headquarters (GCHQ) threatens to "fundamentally weaken" the security of the internet, a legal expert with London-based campaigning group Privacy International (PI) has told IBTimes UK.

Scarlet Kim, who previously worked for the International Criminal Court and as a fellow at the New York Civil Liberties Union, has hit out against the recent ruling by the Investigatory Powers Tribunal (IPT) that found intelligence agency spying – and computer hacking – to be perfectly legal.

"This ruling sends a dangerous message to other governments that endangering all of our communications is acceptable behaviour," said Kim. "It also legitimises the incredible privacy intrusions entailed by state hacking. It opens the door for other states to engage in broad hacking operations against their own citizens, as well as those that reside outside their borders.

"Government hacking fundamentally weakens the security of the internet because it incentivises the state to maintain and exploit vulnerabilities in software and hardware."

The recent security tribunal ruling was brought forward in a co-ordinated effort by PI alongside seven internet service providers. It comes in the wake of the Edward Snowden disclosures in 2013, which exposed a number of mass-spying programmes such as Prism, Tempora and XKeyscore. When the motion was originally heard in 2015, it was the first time that the notoriously secretive GCHQ had admitted to being involved with computer hacking in the UK and overseas.

"Until we brought this case, GCHQ was hacking in secret and there was no clear legal basis for them to do so," explained Kim, while admitting that her organisation was taken aback by the UK ruling.

"Yes, we were surprised. During the proceedings, the UK government pushed changes to the law to try and bring hacking into conformity with the law. Yet, the tribunal still found GCHQ hacking to have been lawful all along."

This legal hacking, somewhat controversially, contained a spate of so-called computer network exploitation (CNE) techniques such as snooping on webcams and remotely activating microphones on laptops and smartphones without the owner's knowledge. Following the ruling, Foreign Secretary Philip Hammond praised the decision of the tribunal. He said: "I welcome the IPT ruling and its judgement that a proper balance is being struck between the need to keep Britain safe and the protection of individuals' privacy."

"The ability to exploit computer networks plays a crucial part in our ability to protect the British public. Once again, the law and practice around our Intelligence and Security Agencies' capabilities and procedures have been scrutinised by an independent body and been confirmed to be lawful and proportionate."

Yet the next step, according to Kim, is to "challenge the tribunal's findings".

"At the same time, we are advocating against the hacking powers outlined in the draft Investigatory Powers Bill," she told the IBTimes.co.uk. "While we welcome a public debate regarding hacking, the draft Bill perpetuates the broad scope of GCHQ hacking. We will fight to constrain that scope and push for stronger safeguards and oversight of hacking."

For its part, the UK government is currently scrutinising the draft Investigatory Powers Bill which seeks to legitimise a number of the more murky surveillance and spying techniques available to government, police and intelligence experts.