The case began in May 2014, when campaign group Privacy International filed a legal complaint in the Investigatory Powers Tribunal, challenging GCHQ hacking. The group claimed that GCHQ hacking — capabilities revealed by former CIA contractor Edward Snowden - included the ability to activate a device's microphone (known as NOSEY SMURF) or webcam (GUMFISH).
They also said that GCHQ could also identify the location of a device with high-precision (TRACKER SMUF), log keystrokes entered into a device (GROK), collect login details and passwords for websites and record Internet browsing histories on a device (FOGGYBOTTOM) and hide malware installed on a device (PARANOID SMURF).
#InvestigatoryPowers Tribunal hearing challenges #GCHQ over legality of #MassSurveillance:https://t.co/ndfDJqvBNv
— Phil Booth (@EinsteinsAttic) 6 June 2017
Go, @privacyint!
The complaints alleged that GCHQ had no clear authority under UK law to conduct hacking operations and that such activities violated the Computer Misuse Act 1990, which criminalizes hacking. They further alleged that GCHQ hacking was in violation of Articles 8 and 10 of the European Convention on Human Rights, which respectively protect the right to privacy and the right to freedom of expression.
The tribunal held hearings in the case in December 2015, which resulted in a ruling, February 2016, when the Tribunal held that GCHQ hacking is lawful both under UK law and the European Convention on Human Rights.
The tribunal held that GCHQ had authority to hack under UK law pursuant to section 5 of the Intelligence Services Act (ISA) and that the authority permits GCHQ to hack — inside and outside the UK — pursuant to general warrants that can cover an entire class of property, persons or conduct, such as "all mobile phones in Birmingham."
Finally, the Tribunal held that the broad authorization under ISA section 5 was also sufficient to comply with Articles 8 and 10 of the European Convention on Human Rights, which require that the interference with the rights to privacy and freedom of expression be "prescribed by law."
The hearing beginning June 7 is to gain clarification on a number of legal points, determining whether the Agencies' actions were proportionate and whether the regimes were in compliance with EU law.
