If you thought that United States intelligence and law enforcement agencies around the country were incredibly adamant about spying on its citizens (going to extreme lengths to do so), you haven’t seen anything yet. Across the pond, the Campaigners Privacy International filed a formal complaint against the UK’s GCHQ, levying claims that the agency’s efforts to hack the devices of ordinary citizens was unlawful.
However, not only did the GCHQ acknowledge that it was involved in a widespread hacking campaign (reversing previous denials on the matter), but the Investigatory Powers Tribunal (IPT) actually condoned the actions, which it calls Computer Network Exploitation (CNE), and deemed them lawful. As the BBC notes, the GCHQ is given full authority to “remotely activate cameras and microphones on devices, without the owner's knowledge, log keystrokes, install malware, copy documents and track locations.”
The tribunal went on to add, “It has been accepted that any CNE operations which are carried out by GCHQ are conducted in such a way as to minimize the risk of leaving target devices open to exploitation by others.”
So the GCHQ is free to hack away as long as whatever exploits they use don’t open victims up to additional attacks from other malicious parties. This seems like a rather dubious justification, and the violation of privacy against what could very well be innocent citizens is downright alarming.
The tribunal further justifies the GCHQ’s actions, writing:
[There is a need for] balance to be drawn between the urgent need of the Intelligence Agencies to safeguard the public and the protection of an individual’s privacy and/or freedom of expression. We are satisfied that with the new E I Code, and whatever the outcome of Parliamentary consideration of the IP Bill, a proper balance is being struck in regard to the matters we have been asked to consider.
For its part, British Foreign Secretary Philip Hammond applauded the ruling, stating, "The ability to exploit computer networks plays a crucial part in our ability to protect the British public.
“[The draft Investigatory Powers Bill] will provide our Security and Intelligence agencies with the powers they need to deal with the serious threats our country faces, subject to strict safeguards and world-leading oversight arrangements."
Phillip Hammond shaking hands with U.S. Secretary of State John Kerry
These are similar justifications that U.S. intelligence agencies have made with regards to accessing encrypted information on devices like smartphones in order to thwart criminals. The big distinction, however, is that FBI Director James Comey at least is hoping to break through with a court order in hand (whereas the GCHQ is free to do whatever it wants, whenever it wants). That still isn’t enough justification from some, including Apple CEO Tim Cook. “The notion that people have devices, again, that with court orders, based on a showing of probable cause in a case involving kidnapping or child exploitation or terrorism, we could never open that phone? My sense is that we've gone too far when we've gone there,” said Comey in October 2014.
More recently, Comey has expressed his dissatisfaction with the fact that intelligence investigators still can’t access the phone used by one of the two San Bernardino terrorists that killed 14 and wounded 20 in December. "We still have one of those killer's phones that we haven't been able to open," said Comey in a hearing before the Senate Intelligence Committee that was discussing threats to the homeland. "It's been over two months now. We are still working on it."
Comey went on to add the he understands the desire to have encryption to safeguard personal data, but on the other hand, "The risk is we won't be able to make a case, and a really bad guy will go free.”