British Court Rules Against Intelligence Agencies's Bulk Hacking

The High Court in London has ruled that British security and intelligence services can no longer rely on ‘general warrants’ to authorise the hacking of large numbers of computers and phones belonging to UK citizens.

Bulk hacking has been exploited by the UK’s intelligence services to access electronic devices represent an illegal intrusion into the private lives of millions of people, the High Court has been told. The use of bulk surveillance by the intelligence and security services first came to the public attention after the Snowden revelations of 2014, prompting a rearguard effort by the government to shore up the status quo in which officials argued that it would be lawful in principle to use a single warrant to hack every device in a UK city.   

The government relied on the issuing of “general warrants” under section 5 of the Intelligence Services Act 1994 to do so.
The Court referred to cases dating back to the 18th century, which demonstrate the common law’s insistence that the Government cannot search private premises without lawful authority even in the context of national security. Because general warrants are by definition not targeted (and could therefore apply to hundreds, thousands or even millions of people) they violate individuals’ right not to not have their property searched without lawful authority, and are therefore illegal. 

As the Court emphasised: “The aversion to general warrants is one of the basic principles on which the law of the United Kingdom is founded. As such, it may not be overridden by statute unless the wording of the statute makes clear that Parliament intended to do so.”

Privacy International legal director, Caroline Wilson Palow, argued the ruling brought legal precedent into the modern age, where searching “property” could mean remotely spying on users’ digital lives. “General warrants are no more permissible today than they were in the 18th century. The government had been getting away with using them for too long. We welcome the High Court's affirmation of these fundamental constitutional principles,” she said.  "Today's victory rightly brings 250 years of legal precedent into the modern age. General warrants are no more permissible today than they were in the 18th century. The government had been getting away with using them for too long. We welcome the High Court's affirmation of these fundamental constitutional principles." 

However, some government hacking powers are now governed by a newer law, the controversial Snooper’s Charter, or Investigatory Powers Act. There are also various legal challenges underway to this legislation. In October last year,  the Court of Justice of the European Union (CJEU) ruled that bulk collection and retention of citizens’ data must be brought into line with EU privacy law, even in cases of national security.

The UK has a vested interest in rowing back from its position on bulk surveillance, as it seeks an “adequacy decision” from the EU on data handling that is vital to seamless cross-border data flows in the new post-Brexit era.

Privacy International:        Infosecurity Magazine:        Guardian:      Computing:        Computer Weekly:  

You Might Also Read: 

The Impact Of Brexit On British Cyber Security:

 

« Solving Mr. Biden’s Wicked Cyber Problem
Amazon, Apple & Google Cancel Parler »

Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

WEBINAR: How To Build A Security Observability Strategy In AWS

WEBINAR: How To Build A Security Observability Strategy In AWS

Thursday, Apr 22, 2021 - Join this webinar to learn how to build a security observability strategy in AWS, covering cloud-native monitoring sources, guardrails, and automation capabilities.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Hudson Institute

Hudson Institute

The Hudson Institue is an independent policy research organization. Cybersecurity is covered within the National Security topic area.

App-Ray

App-Ray

App-Ray provides fully automated security analysis of mobile applications to find security issues, privacy breaches and data leaking potentials.

BigWeb Technologies

BigWeb Technologies

BigWeb Technologies is dedicated to provide its clients with ICT related services including Infrastructure Solutions, Consultancy and Security.

Telkomtelstra

Telkomtelstra

Telkomtelstra is a provider of managed network, cloud and security solutions.

United Biometrics

United Biometrics

United Biometrics is an anonymous and real-time authentication platform designed to stop the fraud for mobile payments, e-Commerce and applications.

Corsa Security

Corsa Security

Corsa Security is leading the transformation of network security with a private cloud approach that helps scale network security services with unwavering performance and flexibility.

Absio

Absio

Absio provides the technology you need to build data security directly into your software by default, and the design and development services you need to make it happen.

Synergy Infosec

Synergy Infosec

Synergy Infosec offer companies a combination of intelligent tools that identify their security vulnerabilities and eliminate them for good.