The government has admitted that its intelligence services have the broad power to hack into personal phones, computers, and communications networks, and claims they are legally justified to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime.
That is the claim of pressure group Privacy International, following admissions by the government in a court document published today by the organisation. It follows two court cases initiated last year against GCHQ that challenge what Privacy International claims is invasive state-sponsored hacking that was revealed by Edward Snowden.
In the document, the government outlines the broad authority it has given UK intelligence services to infiltrate personal devices, the internet, and social media websites. In addition, government lawyers claim that while the intelligence services require authorisation before they are allowed to hack into the computer and mobile phones of "intelligence targets", GCHQ is equally permitted to break into computers anywhere in the world, even if they are not connected to a crime or a threat to national security.
"Such powers are a massive invasion of privacy. Hacking is the modern equivalent of entering someone's house, searching through filing cabinets, diaries and correspondence, and planting devices to permit constant surveillance in future," commented the organisation.
"If mobile devices are involved, the government can obtain historical information, including every location visited in the past year and the ongoing surveillance will capture the affected individual wherever they go."
The court document relies heavily on a draft code on "equipment interference", according to the pressure group, which was quietly released to the public on the same day that the Investigatory Powers Tribunal found that GCHQ had engaged in unlawful information sharing with the US National Security Agency (NSA).
For the past decade, GCHQ has been involved in state-sponsored hacking without this code being available to the public, claims Privacy International, which means that they have almost certainly been acting against the law. Indeed, the draft code has not even been approved by Parliament yet, and remains open for public comment until 20 March.
Privacy International has been involved in two separate complaints to the Investigatory Powers Tribunal, one filed on its own that challenges the UK security services' presumed rights to attack any computer devices in the perceived pursuit of its work; the other is with seven internet service providers and communications companies, which calls for GCHQ to be stopped from attacks against communications networks.
"The government has been deep in the hacking business for nearly a decade, yet they have never once been held accountable for their actions. They have granted themselves incredible powers to break into the devices we hold near and dear, the phones and computers that are so integral to our lives," said Eric King, deputy director of Privacy International.
He continued: "What's worse is that without any legitimate legal justification, they think they have the authority to target anyone they wish, no matter if they are suspected of a crime. This suspicionless hacking must come to an end and the activities of our intelligence agencies must be brought under the rule of law."
The cyber gang has largely remained in dark since breaching the systems of Democratic National Committee in 2016
The feature was introduced in May 2018 for Chrome desktop users
A patch for the bug affecting Echo and Kindle devices was released by Amazon earlier this year
Tuning into the BBC iPlayer or Netflix when you're overseas can be a challenge. The solution? A UK IP address
The worm moves in small bursts, but remains relatively inept overall