The campaign group Privacy International has announced that it plans to take the UK Government all the way to the European Court of Human Rights over the powers of bulk hacking and data collection it has handed to UK intelligence services.
On Friday they lodged the application, which was made along with five other internet and communications providers from around the world. They are the UK-based non-profit GreenNet, Germany’s Chaos Computer Club, Jibonet from South Korea, the US ISP May First, and communications provider Rise Up.
Privacy International are nothing if not a dogged and determined organisation. They first raised this case with the UK’s Investigatory Powers Tribunal back in 2014, but earlier this year, the tribunal ruled that the practice was legal under the UK’s Intelligence Service Act 1994.
So, the next step they are taking is to test whether the practice can be deemed legal under the European Convention on Human Rights. In particularly, they want the court to adjudicate on whether the bulk collection of data and hacking of computers is compatible with Article 8, the right to privacy, and Article 10, the right to freedom of expression.
Commenting on the case, Scarlet Kim, Legal Officer at Privacy International, said that at present the UK Government was able to “hack untold numbers of computers devices or networks abroad without any proper legal framework, oversight or safeguards.” She went on to explain that Privacy International believes this practice is both disproportionate and unlawful.
In particular they raised the issue of the use of “general warrant” authorisation, which they argue does not have enough safeguards built in to avoid possible abuse.
You might at this point be wondering why the various international organisations involved in this case have an interest. Well, that relates to the Investigatory Powers Bill, a new piece of legislation currently making its way through the UK Parliament. Under that, British intelligence agencies will be given the power to hack overseas users in addition to British residents. Needless to say, there are plenty overseas who are not happy with this at all.
This is a different piece of legislation to the one being challenged by Privacy International, and will enshrine this practice into law much more specifically. But that hasn’t deterred Privacy International from pursuing this matter.
Speaking to Motherboard via email, Privacy International General Counsel Caroline Wilson Palow explained that they do not believe this new legislation, should it make it into law in its current form, resolves the legal issues they are raising.
She notes that the European Convention stipulates that mass surveillance should only be used “in the narrowest of circumstances with stringent safeguards.” Both the existing UK laws and the proposed new ones, fail to address this sufficiently according to her.
The European Court of Human Rights has a strong record of defending privacy under the Convention, and the tone of Privacy Internationals statements suggest that they are hopeful that their case could prevail.
And until the UK formally leaves the European Union (a process which will take at least two years) they will be obliged to make changes should the ruling require it.
However, such is the commitment of the UK’s intelligence agencies to these practices, that it seems unlikely they will cease to use them, even if the court rules they should. The appointment of Theresa May, one of the most illiberal Home Secretaries in UK history, as Prime Minister last month will further embolden them.
So for individual British citizens who want to ensure their online activity is private, the best thing to do is take matters into your own hands and sign up for a VPN to ensure all your traffic is encrypted.
Meanwhile, the likes of Privacy International will continue to do their utmost to defend the rights of British people to privacy, and hold the government and its intelligence agencies to account.