UK spy agency boosts pow­ers to launch mass data hack­ing

Civil lib­erty groups alarmed over ex­panded in­tel­li­gence gath­er­ing

The Observer - - News - Jamie Doward

The UK’s in­tel­li­gence agen­cies are to sig­nif­i­cantly in­crease their use of large-scale data hack­ing af­ter claim­ing that more tar­geted op­er­a­tions are be­ing ren­dered ob­so­lete by tech­nol­ogy.

The move, which has alarmed civil lib­erty groups, will see an ex­pan­sion in what is known as the “bulk equip­ment in­ter­fer­ence (EI) regime” – the process by which GCHQ can tar­get en­tire com­mu­ni­ca­tion net­works over­seas in a bid to iden­tify in­di­vid­u­als who pose a threat to na­tional se­cu­rity.

A let­ter from the se­cu­rity min­is­ter, Ben Wal­lace, to the head of the in­tel­li­gence and se­cu­rity com­mit­tee, Do­minic Grieve, qui­etly filed in the House of Com­mons library last week, states: “Fol­low­ing a re­view of cur­rent op­er­a­tional and tech­ni­cal re­al­i­ties, GCHQ have … de­ter­mined that it will be nec­es­sary to con­duct a higher pro­por­tion of ongoing over­seas fo­cused op­er­a­tional ac­tiv­ity us­ing the bulk EI regime than was orig­i­nally en­vis­aged.”

The ex­pan­sion of EI is likely to prove highly con­tro­ver­sial.

“The bulk equip­ment in­ter­fer­ence power per­mits the UK in­tel­li­gence ser­vices to hack at scale by al­low­ing a sin­gle war­rant to cover en­tire classes of prop­erty, per­sons or con­duct,” ex­plained Scar­let Kim, le­gal of­fi­cer at Pri­vacy In­ter­na­tional, which has taken the gov­ern­ment to court over GCHQ’s hack­ing ac­tiv­i­ties abroad. “It also gives nearly un­fet­tered pow­ers to the in­tel­li­gence ser­vices to de­cide who and when to hack.”

Po­ten­tial tar­gets can be ex­tremely large, Kim sug­gested. “Hack­ing presents unique and grave threats to pri­vacy and se­cu­rity,” she said. “It’s not just di­rected at com­put­ers and phones, but can tar­get com­mu­ni­ca­tions net­works and their un­der­ly­ing in­fra­struc­ture, per­mit­ting sur­veil­lance against whole groups or coun­tries, or across nu­mer­ous ju­ris­dic­tions.”

When the gov­ern­ment was pi­lot­ing the In­ves­ti­ga­tory Pow­ers Act through par­lia­ment two years ago, Lord An­der­son, the gov­ern­ment’s in­de­pen­dent re­viewer of ter­ror­ism leg­is­la­tion, stated in his Re­port of the Bulk Pow­ers Re­view that “Bulk EI [equip­ment in­ter­fer­ence] is likely to be only spar­ingly used”.

How­ever, the in­tel­li­gence ser­vices claim that the wide­spread use of en­cryp­tion means that tar­geted hack­ing ex­er­cises are no longer ef­fec­tive and so more large-scale hacks are be­com­ing nec­es­sary. An­der­son’s re­view noted that the top 40 online ac­tiv­i­ties rel­e­vant to MI5’s in­tel­li­gence op­er­a­tions are now en­crypted.

“This is re­ally alarm­ing to hear be­cause at the time [when the leg­is­la­tion was pass­ing through par­lia­ment] there were re­ally ro­bust as­sur­ances that these would be spar­ingly used,” said Han­nah Couch­man, pol­icy and cam­paigns of­fi­cer at Lib­erty. “Some­thing that was the ex­cep­tion is mov­ing to­wards the norm and that’s deeply prob­lem­atic for us.”

Wal­lace’s let­ter con­cedes that the in­tel­li­gence agen­cies will not be able to de­ter­mine some of the con­se­quences of a bulk hack­ing ex­er­cise, claim­ing: “It is not al­ways pos­si­ble to ad­e­quately fore­see the ex­tent of all in­ter­fer­ences with pri­vacy to a suf­fi­cient de­gree … at the point of is­sue of a war­rant.”

In­stead, the in­ves­ti­ga­tory pow­ers com­mis­sioner will be able to make an as­sess­ment of the war­rant’s im­pact af­ter the hack has taken place. “This is too lit­tle, too late,” said Couch­man, who ques­tioned whether the ex­pan­sion of bulk equip­ment in­ter­fer­ence would see more in­tel­li­gence be­ing traded with other coun­tries, in re­turn for in­for­ma­tion they have gath­ered on UK ci­ti­zens.

“The fact that you have the re­view only af­ter the pri­vacy has been in­fringed upon demon­strates how wor­ry­ing this sit­u­a­tion is,” Couch­man added. “With bulk pow­ers, the state can hoover up and keep enor­mous quan­ti­ties of data about an enor­mously wide range of peo­ple. Bulk equip­ment in­ter­fer­ence pow­ers al­low a broad range of hack­ing ac­tiv­i­ties, in­clud­ing ac­cess­ing com­put­ers and mo­bile phones. Imag­ine what the av­er­age per­son has on their de­vices.”

A gov­ern­ment spokesman said: “Equip­ment in­ter­fer­ence is sub­ject to the world-lead­ing over­sight of the in­ves­ti­ga­tory pow­ers com­mis­sioner and any bulk equip­ment in­ter­fer­ence war­rant must be ap­proved by an in­de­pen­dent ju­di­cial com­mis­sioner be­fore it can be is­sued.”

Alamy

Par­tic­i­pants in fes­tive elf cos­tumes at the start of yes­ter­day’s Great Christ­mas Pud­ding ob­sta­cle race, held in London’s Covent Gar­den to raise money for Can­cer Re­search UK.

Ben Wal­lace, the se­cu­rity min­is­ter, said in­tel­li­gence agen­cies would greatly raise use of ‘equip­ment in­ter­fer­ence’.

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.