20.5k unique visitors in the last 3 days

Sneaky Change Allows UK Spies to Legally Hack

A legal complaint by Privacy International and seven comms providers may have been derailed by a little-discussed change to the Computer Misuse Act, making it lawful for spies to hack.

The UK government has craftily changed the law to allow GCHQ, the UK’s communications spy agency, to hack without fear of legal consequences. The law was amended quietly, and has only come to public attention as a consequence of a legal action by Privacy International, the campaign group.

Activists from Privacy International were notified of the change just hours before the Investigatory Powers Tribunal (IPT) reviewed their complaint about GCHQ hacking. One of Privacy International’s complaints was that GCHQ had infringed the Computer Misuse Act (CMA), but this law has now been amended to exempt the UK’s intelligence services. The CMA criminalizes hacking in the UK.

Privacy International joined forces with seven internet and communications service providers to file a complaint about GCHQ hacking in mid-2014. However, the government quietly instigated its change to the CMA soon after. The amendment to the CMA was included in the Serious Crime Bill 2015, which was introduced on 6th June 2014, passed into law on 3rd March 2015 and become effective on May 3rd.

As Privacy International put it:

The… notes that accompanied the [Serious Crime] Act make no reference to the true impact of the change. It appears no regulators, commissioners responsible for overseeing the intelligence agencies, the Information Commissioner’s Office, industry, NGOs or the public were notified or consulted about the proposed legislative changes. There was no published Privacy Impact Assessment. Only the Ministry of Justice, Crown Prosecution Service, Scotland Office, Northern Ireland Office, GCHQ, Police and National Crime Agency were consulted as stakeholders. There was no public debate.

The Government provided an open response to the claimants’ IPT complaint on 6 February 2015, but was silent on forthcoming passage of the Serious Crime Bill. Indeed, it was not until yesterday, a day before the parties were due in court to determine the legal issues that will be addressed in the case, that the government indicated that amendments to the CMA had been made.

A UK parliamentary committee recently published a tame review of GCHQ’s spying and hacking activities, concluding that there was a need for increased public awareness of what spies do, and why. These legal shenanigans suggest that nobody in authority is taking any practical steps to deliver increased transparency.

You can read Privacy International’s press release here.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email