Sign up to Newsletter

Privacy International and Others v. United Kingdom

Topics
Cross Border Data Access
Direct Access by Government
Government Hacking
Interception of Communications

Our case at the European Court of Human Rights challenging UK intelligence agency conducting hacking operations outside of the UK.

GCHQ Hack slide

European Court of Human Rights

Application No. 46259/16

Status: Open

In August 2016, Privacy International, together with five internet and communications service providers, filed an application to the European Court of Human Rights (ECtHR), challenging GCHQ hacking outside of the UK. Our co-applicants are Chaos Computer Club (Germany), GreenNet (UK), Jinbonet (Korea), May First/People Link (US), and Riseup (US).

Privacy International originally brought a legal complaint to the Investigatory Powers Tribunal (IPT) in May 2014, challenging GCHQ hacking inside and outside of the UK. Seven internet and communications service providers from around the world submitted a similar complaint and the IPT joined the cases. Those providers were Chaos Computer Club (Germany), Greenhost (Netherlands), GreenNet (UK), Jinbonet (Korea), Mango Email Service (Zimbabwe), May First/People Link (US), and Riseup (US).

GCHQ hacking capabilities were revealed by the Snowden disclosures, which documented how GCHQ could, inter alia:

  • activate a device’s microphone or webcam
  • identify the location of a device with high-precision 
  • log keystrokes entered into a device 
  • collect login details and passwords for websites and record Internet browsing histories on a device 
  • hide malware installed on a device 

Our complaint alleged that GCHQ has no clear authority under UK law to conduct hacking operations and that such activities violate the Computer Misuse Act 1990, which criminalises hacking. We further alleged that GCHQ hacking violates Articles 8 and 10 of the European Convention on Human Rights, which respectively protect the right to privacy and the right to freedom of expression.

In February 2016, the IPT held that GCHQ hacking is lawful under UK law and the European Convention on Human Rights. The IPT further held that GCHQ may hack inside and outside of the UK using "thematic warrants." Thematic warrants are general warrants covering an entire class of property, persons or conduct, such as "all mobile phones in London."

Our application to the ECtHR challenges the IPT’s findings. In particular, we argue that GCHQ hacking outside of the UK violate Articles 8 and 10 of the European Convention on Human Rights, which respectively protect the right to privacy and the right to freedom of expression.

News

3rd September 2020

PI’s statement on the ECtHR decision in Privacy International v. UK

18th May 2018

Privacy International's landmark challenge against UK Government hacking will proceed to the Supreme Court

5th August 2016

Press Release: Privacy International And Five Internet And Communications Providers Challenge British Government's Bulk Hacking Abroad Before The European Court Of Human Rights

12th February 2016

We will continue to challenge GCHQ's hacking powers

1st December 2015

Court Documents Reveal Oversight Body Struggling To Control GCHQ Domestic Hacking

15th May 2015

After legal claim filed against GCHQ hacking, UK government rewrite law to permit GCHQ hacking

Reports and Analysis

Long Read

Privacy International's Work on Hacking

Long Read

Whose World Is This? US and UK Government Hacking

Long Read

Investigatory Powers Tribunal Rules GCHQ Hacking Lawful

Long Read

Explaining the Law behind Privacy International's Challenge to GCHQ's Hacking

Long Read

My Device Is Me. GCHQ – Stop Hacking Me.

Legal Files

A. European Court of Human Rights
Attachment Size
Privacy International Application Form (5 Aug. 2016) 5.01 MB
Accompanying Documents to Privacy International Application Form (Part 1) (5 Aug. 2016) 208.68 MB
Accompanying Documents to Privacy International Application Form (Part 2) (5 Aug. 2016) 160.68 MB
Privacy International and Co-Applicants' Observations 477.89 KB
Supplementary Bundle to Privacy International and Co-Applicants' Observations 9.67 MB
B. Investigatory Powers Tribunal
Attachment Size
Investigatory Powers Tribunal Judgment (12 Feb. 2016) 632.15 KB
Government Skeleton Argument (25 Nov. 2015) 560.67 KB
Appendix to Respondents' Skeleton Argument (25 Nov. 2015) 578.18 KB
Privacy International Skeleton Argument (25 Nov. 2015) 514.47 KB
Third Witness Statement of Ciaran Martin (for the Government) (24 Nov. 2015) 163.61 KB
Second Witness Statement of Ciaran Martin (for the Government) (23 Nov. 2015) 338.26 KB
Exhibits to Second Witness Statement of Ciaran Martin (for the Government) (23 Nov. 2015) 2.03 MB
Witness Statement of Ciaran Martin (for the Government) (16 Nov. 2015) 2.51 MB
Government Response to Claimant's Schedule of Public Statements (19 Nov. 2015) 39.22 KB
Government Re-Re-Amended Open Response to Statement of Grounds (13 Nov. 2015) 572.09 KB
Government Open Exhibits to Re-Re-Amended Open Response to Statement of Grounds (13 Nov. 2015) 737.27 KB
Witness Statement of Eric King (for Privacy International) (5 Oct. 2015) 468.23 KB
Expert Report of Ross Anderson (for Privacy International) (30 Sept. 2015) 228.18 KB
Appendix to Expert Report of Ross Anderson (for Privacy International) (30 Sept. 2015) 366.78 KB
Privacy International Amended Statement of Grounds (19 May 2015) 219.48 KB
GreenNet et al. Amended Statement of Grounds (19 May 2015) 260.41 KB
Government Response to Privacy International Agenda for Directions Hearing (13 May 2015) 180.41 KB
Privacy international Agenda for Directions Hearing (13 May 2015) 61.28 KB
Privacy international Reply (1 April 2015) 147.55 KB
Government Response to Statement of Grounds (1 July 2014) 489.22 KB
Privacy International Statement of Grounds (13 May 2014) 8.91 MB