The United Kingdom government has quietly rewritten its anti-hacking laws, now exempting the GCHQ, police and other electronic intelligence agencies from facing any legal repercussion for hacking into computers and cell phones or carrying out warrantless surveillance.
Details regarding the recent change were announced at the Investigatory Powers Tribunal, the government body who investigates complaints against intelligence agencies, police and public authorities related to electronic surveillance.
A little over a year ago, a coalition of Internet Service Providers (ISP) teamed up with Privacy International to expose and take legal action against the GCHQ and their unlawful hacking techniques. However, new legislation grants the GCHQ and other intelligence agencies legal protection through the Computer Misuse Act (CMA). Now the GCHQ will not feel any ramifications regarding their illegal hacking and surveillance.
The changes to the CMA were introduced June 6, just two weeks after Privacy International filed a complain against the GCHQ for conducting computer hacking to gather intelligence unlawfully under the current CMA at the time.
The complaint being proposed would hold the GCHQ and other intelligence agencies accountable for their actions, but as of March 3, 2015, new legislation simplifies agencies overreach, ruling there is no overreach, now extending their scope of actions.
Privacy International was informed of the recent CMA changes on Thursday, where they complained that the change occurred during an open case under that very legislation. Thus, the company should have been informed on the upcoming changes before being signed into law.
“It appears no regulators, commissioners responsible for overseeing the intelligence agencies, the Information Commissioner’s Office, industry, NGOs or the public were notified or consulted about the proposed legislative changes,” Privacy International wrote in a post Friday. “There was no public debate.”
“Instead, the government is continuing to neither confirm nor deny the existence of a capability it is clear they have, while changing the law under the radar, without proper parliamentary debate,” said Eric King, the deputy director of Privacy International.
Complaints against the GCHQ following the Privacy International case utilized revelations leaked from NSA whistleblower, Edward Snowden, who revealed secrets regarding the U.S. and British intelligence agencies’ ties and capabilities to carry out mass global surveillance.
Snowden revealed amass of sensitive documents, some even exposing the National Security Agency (NSA) and their British counterpart, GCHQ had the ability to monitor all electronic communications including web traffic, phone calls, text messages, emails and the ability to infect millions of computers and mobile phones will illegal surveillance software.
According to Privacy International, the CMA reform not only hurts the organizations complaint it “grants UK law enforcement new leeway to potentially conduct cyber attacks within the UK.”
New laws exempt the GCHQ from charges regarding:
- S1 – Unauthorized access to computer material (hacking)
- S2 – Unauthorized access with intent to commit or facilitate commission of further offenses
- S3 – Unauthorized acts with intent to impair, or with recklessness as to impairing operations of computer, etc.
- S3A – Making, supplying or obtaining articles for use in offense under section 1 or 3.
However, the Investigatory Powers Tribunal has rejected all claims made by Privacy International, stating there have been no recent changes to the CMA that would affect the scope of surveillance agencies.