UK government hit with new complaint about hacking abroad

A group of privacy advocates and internet providers has filed a new challenge to the U.K. government’s use of bulk hacking abroad.

U.K.-based Privacy International and five internet and communications providers aim to “bring the government’s hacking under the rule of law,” they said in a case lodged Friday with the European Court of Human Rights.

Their application challenges the U.K. Investigatory Powers Tribunal’s (IPT’s) February refusal to rule on whether hacking efforts outside the U.K. by the GCHQ British intelligence service comply with the European Convention on Human Rights. That decision was part of a case brought by Privacy International against GCHQ back in 2014, and it effectively meant that the U.K. government could lawfully conduct bulk hacking of computers, mobile devices, and networks located anywhere outside of the UK, the group said.

“The IPT’s decision permits the British government to hack untold numbers of computers devices or networks abroad without any proper legal framework, oversight or safeguards,” Scarlet Kim, legal officer for Privacy International, said in a published statement.

Hacking is “extremely intrusive,” Kim added. “Allowing the British Government to hack, therefore, sanctions an extraordinary expansion of state surveillance capabilities, with alarming consequences for the privacy and security of many people around the world.”

Also participating in the case are Chaos Computer Club of Germany, U.K.-based GreenNet, Jinbonet of South Korea, and U.S.-based May First and RiseUp.

In May, Privacy International filed a separate Judicial Review at the U.K. High Court challenging a separate aspect of the IPT’s decision — namely, that the British government can issue general warrants to hack the electronic devices of broad classes of people, both inside and outside the U.K.

A GCHQ spokesperson declined to comment on ongoing litigation.