Privacy international has challenged the government of the UK over the GCHQ's hacking operations. Privacy International contends that those hacking operations are illegal under the Computer Misuse Act(CMA) and also violates Article 8 of the European Convention on Human Rights(ECHR), which guarantees a right to privacy. A new law passed by the British parliament may complicate this case by granting special exemptions to the GCHQ.
In a post from last year, Privacy International laid out its case against the GCHQ. In light of the Snowden leaks, it was revealed that the GCHQ, often in cooperation with the NSA, were intruding on the privacy of individuals by hacking their computers and mobile devices to gain access to private information without permission. These activities would normally be in violation of the CMA, however the GCHQ are likely using the Intelligence Services Act(ISA) as the legal basis for these actions. Under the ISA, any act of surveillance or intrusion into personal property is legal as long as it is approved by the Secretary of State. Essentially, it gives one man the authority to approve all manner of privacy violations.
This is where Article 8 of the ECHR comes in. It prohibits privacy intrusions, like those performed by the GCHQ, unless they are "prescribed by law" and "necessary in a democratic society". In order to meet the ECHR's criteria for being prescribed by law, the law must clearly limit the scope of such privacy intrusions. For example, what types of crimes might lead to these privacy intrusions would be one of the many details that needs to be explicitly laid out in the law in order to satisfy the ECHR. A law which gives one person authority to approve any and all privacy intrusions isn't good enough. On this legal basis, Privacy International filed a complaint with the Investigatory Powers Tribunal to challenge the GCHQ's hacking activities.
In an attempt to bring its actions into accordance with the ECHR, the government introduced a bill, soon after Privacy International filed its complaint, that would amend the CMA to grant special exemptions to the GCHQ to intrude on personal privacy. There was no public debate on the bill. It was passed into law in March of this year, and went into effect earlier this month.
The passing of this bill will have serious implications on Privacy International's case against the GCHQ. Perhaps most infuriating is the fact that the government kept quiet about the amendments to CMA and their implications until a day before the case went to court. The case is to be heard based on hypothetical facts, as the government refuses to confirm or deny that any hacking activities took place. With this new law in place, it will be tough to prove that the actions are even hypothetically illegal.
Is this a sneaky underhanded move by the British government or is it totally legit? Leave your comments below.