UK government rewrites surveillance law to get away with hacking and allow cyber attacks, campaigners claim

The British intelligence services have been exempted from laws making hacking illegal

David Connett,Luke Barber,Andrew Griffin
Monday 18 May 2015 06:08 EDT
Last week a number of select committee MPs recommended that MI5, MI6 and GCHQ (pictured) recruit candidates on female-interest websites such as Mumsnet
Last week a number of select committee MPs recommended that MI5, MI6 and GCHQ (pictured) recruit candidates on female-interest websites such as Mumsnet (AFP/Getty)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The British government quietly changed anti-hacking laws to exempt GCHQ and other law enforcement agencies from criminal prosecution, it has been claimed.

Details of the change were revealed at the Investigatory Powers Tribunal which is hearing a challenge to the legality of computer hacking by UK law enforcement and intelligence agencies.

The Government amended the Computer Misuse Act (CMA) two months ago. It used a little-noticed addition to the Serious Crime Bill going through parliament to provide protection for the intelligence services. The change was introduced just weeks after the Government faced a legal challenge that GCHQ’s computer hacking to gather intelligence was unlawful under the CMA.

The challenge, by the charity Privacy International and seven internet service providers, claims GCHQ’s actions were unlawful and called for the techniques to be stopped.

It followed revelations by Edward Snowden, the US intelligence whistle-blower, that US and UK agencies were carrying out mass surveillance operations of internet traffic. He claimed that GCHQ and its US counterpart – the National Security Agency – had the ability to infect potentially millions of computer and mobile handsets with malware which enabled them to gather up immense amounts of digital content, switch on microphones or cameras on user’s computers, listen to phone calls and track their locations.

Eric King, the deputy director of Privacy International, said: “The underhand and undemocratic manner in which the Government is seeking to make lawful GCHQ’s hacking operations is disgraceful.

“Hacking is one of the most intrusive surveillance capabilities available to any intelligence agency, and its use and safeguards surrounding it should be the subject of proper debate. Instead, the Government is continuing to neither confirm nor deny the existence of a capability it is clear they have, while changing the law under the radar.”

Government sources insisted the amendment did not change the law as the intelligence agencies had powers under the Intelligence Services Act. Parliamentary guidance notes explaining the amendment described its purpose was to “remove any ambiguity over the interaction between the lawful exercise of powers … and the offence provisions.”

Privacy International insisted that the notes accompanying the changes to the Serious Crime Bill did not explain its full impact, and that no regulators, commissioners, industry or members of the public were consulted before it came into law. The legislation came into effect on 3 May.

The charity said it wasn’t the first time the Government has changed the law. In February, a code of practice for GCHQ which gives “spy agencies sweeping powers to hack targets, including those who are not a threat to national security nor suspected of any crime”, was released, a charity spokesman claimed.

The Home Office rejected the activists' claims. A spokesperson said: "There have been no changes made to the Computer Misuse Act 1990 by the Serious Crime Act 2015 that increase or expand the ability of the intelligence agencies to carry out lawful cyber crime investigation.

“It would be inappropriate to comment further while proceedings are ongoing.”

Privacy International launched its challenge asserting the use of malware was illegal in England and Wales under the 1990 CMA. It claimed that protection provided by warrants signed by a secretary of state under the Intelligence Services Act conflicted with individuals’ right to privacy under the European Convention on Human Rights.

The full hearing is expected later this year.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in