FinFisher Spyware

A British court has ruled that HM Revenue & Customs acted unlawfully and irrationally in refusing to disclose information on the status of an investigation into the export of a UK-based spyware to repressive regimes.

HMRC, the body responsible for enforcing export regulations, claimed that it was prohibited from revealing information about any activities relating to the exports of British Gamma International's FinFisher surveillance technology.

It was repeatedly asked by Privacy International to reveal whether it had started an investigation into Gamma International, following documentary evidence that it illegally exported surveillance technology to suppressive governments including Bahrain, Ethiopia, Egypt and Turkmenistan.

But HMRC refused to provide any details. It said it was "statutorily barred from releasing information to victims or complainants", the High Court heard.

Justice Green found that HMRC committed a serious error in not providing information about whether it was investigating Gamma International. The court described the actions of HMRC as irrational and inconsistent with the legislation.

It pointed out that "the rationale which justifies the provision of information by HMRC to the press applies in large measure to disclose of information to pressure groups and other NGOs".

The court also established the principle that NGOs and pressure groups such as Privacy International "acts as guardians of the public conscience".

Privacy International's deputy director Eric King said: "For two years we have been asking government to come clean on what they are doing when it comes to the illegal export of FinFisher and to stand up for victims targeted by surveillance technology made on British soil.

"Today's ruling is an important victory and step in the right direction to holding Gamma International, and the rest of this secretive industry, to account."

FinFisher is a sophisticated government spying software used by many countries to monitor dissidents, journalists and human rights activists. The products secretly install software in a target's computers and mobile phone.

FinFisher Servers
A Map of the FinFisher servers around the globe which are now found in 36 countries including the UK and US. (Credit: Citizen Lab)

Privacy International explains:

Once the user installs the software, victims' computers and mobile devices can be taken over, the cameras and microphones remotely switched on, emails, instant messengers and voice calls (including Skype) monitored, and locations tracked. Investigations have revealed that such technology has been used in monitoring and tracking victims who are subsequently subjected to torturous interrogations.

The spyware suite is sold as a "governmental IT intrusion and remote monitoring solutions". It operates in at least 36 countries according to the latest Citizen Lab report, including Bahrain, Egypt and Turkmenistan.

The judgment said NGOs and pressure groups acted "as guardians of the public conscience".