Privacy International et al. v. Secretary of State for Foreign & Commonwealth Affairs et al. (UK Government Hacking)

Case No. IPT 14/85/CH

Investigatory Powers Tribunal

On Appeal

In May 2014, Privacy International brought a legal complaint to the Investigatory Powers Tribunal (IPT), challenging GCHQ hacking inside and outside of the UK. Seven internet and communications service providers from around the world submitted a similar complaint and the IPT joined the cases. Those providers were Chaos Computer Club (Germany), Greenhost (Netherlands), GreenNet (UK), Jinbonet (Korea), Mango Email Service (Zimbabwe), May First/People Link (US), and Riseup (US).

GCHQ hacking capabilities were revealed by the Snowden disclosures, which documented how GCHQ could:

  • activate a device’s microphone (NOSEY SMURF) or webcam (GUMFISH)
  • identify the location of a device with high-precision (TRACKER SMURF)
  • log keystrokes entered into a device (GROK)
  • collect login details and passwords for websites and record Internet browsing histories on a device (FOGGYBOTTOM)
  • hide malware installed on a device (PARANOID SMURF)

Our complaint alleged that GCHQ has no clear authority under UK law to conduct hacking operations and that such activities violate the Computer Misuse Act 1990, which criminalises hacking. We further alleged that GCHQ hacking violates Articles 8 and 10 of the European Convention on Human Rights, which respectively protect the right to privacy and the right to freedom of expression.

In February 2016, the IPT held that GCHQ hacking is lawful under UK law and the European Convention on Human Rights. The IPT further held that GCHQ may hack inside and outside of the UK using "thematic warrants." Thematic warrants are general warrants covering an entire class of property, persons or conduct, such as "all mobile phones in London."

In May 2016, Privacy International filed a claim for judicial review in the UK High Court, challenging the part of the IPT's decision sanctioning the Government's use of general warrants to hack. A judicial review is a type of collateral challenge to the lawfulness of a decision by a public body.

In August 2016, we filed an application at the European Court of Human Rights, challenging the IPT's decision with respect to GCHQ's foreign hacking powers. We are joined by five of the internet and communications service providers who litigated the case with us before the IPT.

Legal Documents

Investigatory Powers Tribunal Judgment (12 Feb. 2016)

http://www.privacyinternational.org/sites/default/files/2017-12/Hacking_Judgment.pdf

Government Skeleton Argument (with Appendix) (25 Nov. 2015)

https://www.privacyinternational.org/sites/default/files/Greennet_Privacy_Respondents%27_Skeleton_2015_11_25.pdf

https://www.privacyinternational.org/sites/default/files/Appendix_1_%5Bfiled%5D.pdf

Privacy International Skeleton Argument (25 Nov. 2015)

https://www.privacyinternational.org/sites/default/files/PI_Greennet_Skeleton_FINAL.pdf

Witness Statements (with Exhibits) of Ciaran Martin (for the Government) (16-24 Nov. 2015)

https://www.privacyinternational.org/sites/default/files/CM_Witness_Statement_Signed_2015_11_16.pdf

https://www.privacyinternational.org/sites/default/files/CM_2nd_Witness_Statement_Signed_%5Bserved%5D_%202015_11_23.pdf

https://www.privacyinternational.org/sites/default/files/CM_3rd_Witness_Statement_Signed_2015_11_24.pdf

https://www.privacyinternational.org/sites/default/files/Exhibit_CM2.pdf

Government Response to Privacy International Schedule of Public Statements (19 Nov. 2015)

https://www.privacyinternational.org/sites/default/files/Schedule_Of_Public_Statements_CNE_Final.pdf

Government Re-Re-Amended Open Response to Statement of Grounds (13 Nov. 2015)

https://www.privacyinternational.org/sites/default/files/Re-re-amended_Open_Response_Final_2015_11_13.pdf

Government Disclosure 

    Index of Open Exhibits: https://www.privacyinternational.org/sites/default/files/Table_Of_Exhibits.pdf

    Exhibit 1: https://www.privacyinternational.org/sites/default/files/Exhibit_1.pdf

    Exhibit 2: https://www.privacyinternational.org/sites/default/files/Exhibit_2.pdf

    Exhibit 3: https://www.privacyinternational.org/sites/default/files/Exhibit_3.pdf

    Exhibit 4: https://www.privacyinternational.org/sites/default/files/Exhibit_4.pdf

    Exhibit 5: https://www.privacyinternational.org/sites/default/files/Exhibit_5.pdf

Witness Statement of Eric King (for Privacy International) (5 Oct. 2015)

https://www.privacyinternational.org/sites/default/files/Witness_Statement_Of_Eric_King.pdf

Expert Report (with Appendix) of Prof. Ross Anderson (for Privacy International) (30 Sept. 2015)

https://www.privacyinternational.org/sites/default/files/Anderson_IPT_Expert_Report_2015_Final.pdf

https://www.privacyinternational.org/sites/default/files/Anderson_Appendix.pdf

GreenNet et al. Amended Statement of Grounds (19 May 2015)

https://www.privacyinternational.org/sites/default/files/Greennet_Amended_Grounds%20filed_2015_05_19.pdf

Privacy International Amended Statement of Grounds (19 May 2015)

https://www.privacyinternational.org/sites/default/files/Privacy_Amended_Grounds_filed_2015_05_19.pdf

Government Response to Privacy International Agenda for Directions Hearing (13 May 2015)

https://www.privacyinternational.org/sites/default/files/Government%20Further%20Submissions%2014%20May%202015_0.pdf

Government Note for Directions Hearing (13 May 2015)

https://www.privacyinternational.org/sites/default/files/Government%20Further%20Submissions%2014%20May%202015_0.pdf

Privacy International Agenda for Directions Hearing (13 May 2015)

https://www.privacyinternational.org/sites/default/files/Claimants%27%20Agenda%20for%20Directions%20Hearing%2013%20May%202015_0.pdf

Privacy International Reply (1 April 2015)

https://www.privacyinternational.org/sites/default/files/Claimants%27%20Reply%201%20April%202015_0.pdf

Government Response to Statement of Grounds (1 July 2014)

https://www.privacyinternational.org/sites/default/files/Government%20Open%20Response%206%20Feb%202015_2.pdf

Privacy International Statement of Grounds (13 May 2014)

https://www.privacyinternational.org/sites/default/files/PI%20Hacking%20Case%20Grounds.pdf

Analysis

Press statement: We will continue to challenge GCHQ’s hacking powers (12 Feb. 2016)

https://www.privacyinternational.org/node/730

Investigatory Powers Tribunal rules GCHQ hacking lawful (12 Feb. 2016)

https://www.privacyinternational.org/node/729 

Court Documents reveal oversight body struggling to control GCHQ domestic hacking (1 Dec. 2015)

https://www.privacyinternational.org/node/681 

After legal claim filed against GCHQ hacking, UK government rewrite law to permit GCHQ hacking (15 May 2015)

https://www.privacyinternational.org/node/584

UK government claims power for broad, suspicion less hacking of computers and phones (18 March 2015)

https://www.privacyinternational.org/node/545

My device is me. GCHQ - stop hacking me (13 June 2014)

https://www.privacyinternational.org/node/394 

Privacy International challenges GCHQ's unlawful hacking of computers, mobile phones (13 May 2014)

https://www.privacyinternational.org/node/471

Explaining the law behind Privacy International’s challenge to GCHQ’s hacking (13 May 2014)

https://www.privacyinternational.org/node/445

Explainers

Whose World Is This?: US and UK Government Hacking (7 July 2016)

https://www.justsecurity.org/31876/world-this-uk-government-hacking/

Privacy International's Work on Hacking (10 Feb. 2016)

https://medium.com/privacy-international/privacy-internationals-work-on-hacking-153a0565e1ce

Reports and Features

Privacy International and Open Rights Group's Submission in Response to the Consultation on the Draft Equipment Interference Code of Practice (Mar. 2015)

https://www.documentcloud.org/documents/3458412-PI-and-ORG-Submission-Draft-Equipment.html

Attachment Size
Hacking_Judgment.pdf 632.15 KB