Skip to navigationSkip to content
Graffiti art is seen on a wall near the headquarters of Britain's eavesdropping agency, GCHQ, in Cheltenham, western England
Reuters/Eddie Keogh
“We’ll only listen if we have permission, promise!”
I SPY

Britain’s overseas hacking powers are being challenged in a European court, and Brexit won’t make a difference

By Joon Ian Wong

The British government’s ability to hack computers and networks abroad is being challenged in the European Court of Human Rights. The non-profit Privacy International, and a group of five internet providers, have lodged an application today (Aug. 5) with the court alleging that the government has violated the right to respect for private life, and the freedom of expression, two articles in the European Convention on Human Rights.

A ruling from the European court will still have weight even if Brexit takes place because the court is not an EU institution. The human rights convention is a separate agreement from the treaties governing the European Union. “So, the UK will remain subject to ruling from the [European Court of Human Rights] even in the event of Brexit,” a Privacy International spokesperson said.

There’s no guarantee that the court will even admit the application, or pass judgment on it. The court has delivered a judgment on just 4% of applications in the first half of 2016, according to the court’s statistics (pdf). Privacy International’s legal officer Scarlet Kim said in a statement that the British government can currently hack computers to turn on webcams, or access phones to turn on their microphones, without appropriate oversight. “The European Court of Human Rights has a strong track record of ensuring that intelligence agencies act in compliance with human rights law. We call on the Court to hold GCHQ accountable for its unlawful bulk hacking practices,” she said. GCHQ is the British intelligence agency.

Privacy International’s application centers on a 2014 complaint to a UK court around mass surveillance by the government. The court ruled that the government had acted legally. But during the proceedings, it was forced to admit that it had indeed engaged in hacking at home and abroad since at least 2013.

In parallel, the government is trying to enshrine these surveillance powers in law, under the Investigatory Powers bill, which is currently in its final stages of parliamentary approval. The bill was a major piece of legislation proposed by current prime minister Theresa May, while she was home secretary. The bill provides for surveillance agencies to hack a ”major town” in order to collect data in bulk to identify, say, a terrorist cell that was known to use a specific piece of software, according to a Home Office document outlining how the law would work.

The government has said it seeks appropriate safeguards, such as requiring approvals from the secretary of state and a judicial commissioner, in approving bulk-hacking warrants for overseas targets. The warrants must also be justified on national security grounds, or the prevention of serious crime, the Home Office has said.

The world’s biggest tech companies have opposed the proposed law on the grounds that it would allow the British government to reach into computers and networks overseas. A ruling by the European court could be grounds to challenge the bill if it were passed into law, a Privacy International spokesperson said.