A British security tribunal has ruled in favor of the legality of hacking activities conducted by intelligence agency GCHQ. According to the court, GCHQ is operating within the bounds of the law when it hacks into computers and smartphones.
The case against GCHQ was brought to court in 2015 by Campaigners Privacy International who alleged that the intelligence agency's hacking operations are overly intrusive and in violation of European law. GCHQ admitted for the first time that it carried out extensive hacking in the UK and overseas.
The five panel members of the investigator powers tribunal (IPT) ruled on Friday that computer network exploitation (CNE) is legal. According to The Independent, CNE is executed by remotely activating microphones and cameras on electronic devices without the owner's knowledge and consent. The decision also provides that installing malware, logging keystrokes, copy documents and tracking locations can be done legally.
GCHQ disclosed that 20% of its intelligence reports held information extracted from hacking. The agency also admitted to "persistent" and "non-persistent" operations. "Persistent" hacking refers to bugging a targeted device.
"Plainly, it again emphasizes the requirement for a balance to be drawn between the urgent need of the intelligence agencies to safeguard the public and the protection of an individual's privacy and/or freedom of expression," IPT stated, as quoted by The Guardian.
The equipment interference code addresses the legal questions being raised with regard to CNE. It will be incorporated into the Investigatory Powers Bill to give it firmer legal footing. The bill is set to become a law this year.
The legal structure on which the GCHQ relies for the validity of its operations was found to be compatible with the European convention on human rights.
As for the hacking performed on networks outside the UK, the IPT reiterated that while there may be circumstances that warrant a claim for breach of rights to privacy and freedom of expression, it doesn't necessarily lead to a general conclusion that the GCHQ has failed to comply with the provisions of human rights law.
"The ability to exploit computer networks plays a crucial part in our ability to protect the British public. Once again, the law and practice around our security and intelligence agencies' capabilities and procedures have been scrutinized by an independent body and been confirmed to be lawful and proportionate," Foreign Secretary Philipp Hammond said.
BBC reported that Scarlet Kim, legal officer of Campaigners Privacy International, has expressed disappointment at the IPT's decision.
Kim said by legalizing "thematic warrants" that allows the GCHQ to hack into an entire system or class of persons, it has overturned an long-entrenched English common law principle on the unlawfulness of such general warrants.