The UK government has craftily changed the law to allow GCHQ, the UK’s communications spy agency, to hack without fear of legal consequences. The law was amended quietly, and has only come to public attention as a consequence of a legal action by Privacy International, the campaign group.
Activists from Privacy International were notified of the change just hours before the Investigatory Powers Tribunal (IPT) reviewed their complaint about GCHQ hacking. One of Privacy International’s complaints was that GCHQ had infringed the Computer Misuse Act (CMA), but this law has now been amended to exempt the UK’s intelligence services. The CMA criminalizes hacking in the UK.
Privacy International joined forces with seven internet and communications service providers to file a complaint about GCHQ hacking in mid-2014. However, the government quietly instigated its change to the CMA soon after. The amendment to the CMA was included in the Serious Crime Bill 2015, which was introduced on 6th June 2014, passed into law on 3rd March 2015 and become effective on May 3rd.
As Privacy International put it:
The… notes that accompanied the [Serious Crime] Act make no reference to the true impact of the change. It appears no regulators, commissioners responsible for overseeing the intelligence agencies, the Information Commissioner’s Office, industry, NGOs or the public were notified or consulted about the proposed legislative changes. There was no published Privacy Impact Assessment. Only the Ministry of Justice, Crown Prosecution Service, Scotland Office, Northern Ireland Office, GCHQ, Police and National Crime Agency were consulted as stakeholders. There was no public debate.
The Government provided an open response to the claimants’ IPT complaint on 6 February 2015, but was silent on forthcoming passage of the Serious Crime Bill. Indeed, it was not until yesterday, a day before the parties were due in court to determine the legal issues that will be addressed in the case, that the government indicated that amendments to the CMA had been made.
A UK parliamentary committee recently published a tame review of GCHQ’s spying and hacking activities, concluding that there was a need for increased public awareness of what spies do, and why. These legal shenanigans suggest that nobody in authority is taking any practical steps to deliver increased transparency.
You can read Privacy International’s press release here.