Privacy International and Others v. United Kingdom
Our case at the European Court of Human Rights challenging UK intelligence agency conducting hacking operations outside of the UK.
European Court of Human Rights
Application No. 46259/16
Status: Open
In August 2016, Privacy International, together with five internet and communications service providers, filed an application to the European Court of Human Rights (ECtHR), challenging GCHQ hacking outside of the UK. Our co-applicants are Chaos Computer Club (Germany), GreenNet (UK), Jinbonet (Korea), May First/People Link (US), and Riseup (US).
Privacy International originally brought a legal complaint to the Investigatory Powers Tribunal (IPT) in May 2014, challenging GCHQ hacking inside and outside of the UK. Seven internet and communications service providers from around the world submitted a similar complaint and the IPT joined the cases. Those providers were Chaos Computer Club (Germany), Greenhost (Netherlands), GreenNet (UK), Jinbonet (Korea), Mango Email Service (Zimbabwe), May First/People Link (US), and Riseup (US).
GCHQ hacking capabilities were revealed by the Snowden disclosures, which documented how GCHQ could, inter alia:
- activate a device’s microphone or webcam
- identify the location of a device with high-precision
- log keystrokes entered into a device
- collect login details and passwords for websites and record Internet browsing histories on a device
- hide malware installed on a device
Our complaint alleged that GCHQ has no clear authority under UK law to conduct hacking operations and that such activities violate the Computer Misuse Act 1990, which criminalises hacking. We further alleged that GCHQ hacking violates Articles 8 and 10 of the European Convention on Human Rights, which respectively protect the right to privacy and the right to freedom of expression.
In February 2016, the IPT held that GCHQ hacking is lawful under UK law and the European Convention on Human Rights. The IPT further held that GCHQ may hack inside and outside of the UK using "thematic warrants." Thematic warrants are general warrants covering an entire class of property, persons or conduct, such as "all mobile phones in London."
Our application to the ECtHR challenges the IPT’s findings. In particular, we argue that GCHQ hacking outside of the UK violate Articles 8 and 10 of the European Convention on Human Rights, which respectively protect the right to privacy and the right to freedom of expression.