British Court Rules Against Intelligence Agencies's Bulk Hacking

Uploaded on 2021-01-13 in TECHNOLOGY--Hackers, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

The High Court in London has ruled that British security and intelligence services can no longer rely on ‘general warrants’ to authorise the hacking of large numbers of computers and phones belonging to UK citizens.

Bulk hacking has been exploited by the UK’s intelligence services to access electronic devices represent an illegal intrusion into the private lives of millions of people, the High Court has been told. The use of bulk surveillance by the intelligence and security services first came to the public attention after the Snowden revelations of 2014, prompting a rearguard effort by the government to shore up the status quo in which officials argued that it would be lawful in principle to use a single warrant to hack every device in a UK city.   

The government relied on the issuing of “general warrants” under section 5 of the Intelligence Services Act 1994 to do so.
The Court referred to cases dating back to the 18th century, which demonstrate the common law’s insistence that the Government cannot search private premises without lawful authority even in the context of national security. Because general warrants are by definition not targeted (and could therefore apply to hundreds, thousands or even millions of people) they violate individuals’ right not to not have their property searched without lawful authority, and are therefore illegal. 

As the Court emphasised: “The aversion to general warrants is one of the basic principles on which the law of the United Kingdom is founded. As such, it may not be overridden by statute unless the wording of the statute makes clear that Parliament intended to do so.”

Privacy International legal director, Caroline Wilson Palow, argued the ruling brought legal precedent into the modern age, where searching “property” could mean remotely spying on users’ digital lives. “General warrants are no more permissible today than they were in the 18th century. The government had been getting away with using them for too long. We welcome the High Court's affirmation of these fundamental constitutional principles,” she said.  "Today's victory rightly brings 250 years of legal precedent into the modern age. General warrants are no more permissible today than they were in the 18th century. The government had been getting away with using them for too long. We welcome the High Court's affirmation of these fundamental constitutional principles." 

However, some government hacking powers are now governed by a newer law, the controversial Snooper’s Charter, or Investigatory Powers Act. There are also various legal challenges underway to this legislation. In October last year,  the Court of Justice of the European Union (CJEU) ruled that bulk collection and retention of citizens’ data must be brought into line with EU privacy law, even in cases of national security.

The UK has a vested interest in rowing back from its position on bulk surveillance, as it seeks an “adequacy decision” from the EU on data handling that is vital to seamless cross-border data flows in the new post-Brexit era.

Privacy International:        Infosecurity Magazine:        Guardian:      Computing:        Computer Weekly:  

You Might Also Read: 

The Impact Of Brexit On British Cyber Security:

 

« Solving Mr. Biden’s Wicked Cyber Problem
Amazon, Apple & Google Cancel Parler »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Logicalis

Logicalis

Logicalis are a leading provider of global IT solutions and managed services.

Dark Reading

Dark Reading

Dark Reading is the most trusted online community for security professionals.

FIDO Alliance

FIDO Alliance

FIDO Alliance is a non-profit organization formed to address the lack of interoperability among strong authentication devices.

KE-CIRT/CC

KE-CIRT/CC

KE-CIRT/CC is the national Computer Incident Response Team for Kenya.

Bericon Forensics

Bericon Forensics

Bericon is one of the longest established forensic science consultancies in the UK. Activities include computer and mobile phone forensics.

Cyber Exchange

Cyber Exchange

Cyber Exchange provides a focal point for UK organisations connected with, or with an interest in, cyber security to connect, engage and collaborate.

SentryBay

SentryBay

SentryBay is a real-time data security company developing technology for PC, mobile, the cloud and IoT.

ReconaSense

ReconaSense

ReconaSense helps protect people, assets, buildings and cities with its next-gen access control and converged physical security intelligence platform.

NSA Career Development Programs

NSA Career Development Programs

NSA offers entry-level programs to help employees enhance their skills, improve their understanding of a specific discipline and even cross-train into a new career field.

Vumetric Cybersecurity

Vumetric Cybersecurity

Vumetric is an ISO9001 certified company offering penetration testing, IT security audits and specialized cybersecurity services.

Oak9

Oak9

The oak9 platform analyzes infrastructure as code (IaC) and builds security into cloud native applications so they are secure and compliant by design.

Visory

Visory

Great businesses depend on great technology. We make sure our clients go to market with enterprise-level technology and world-class security for their data and infrastructure.

Logically.ai

Logically.ai

Logically combines artificial intelligence with expert analysts to tackle harmful and manipulative content at speed and scale.

Guardey

Guardey

Guardey protects thousands of SME's environments. Whether your team works at the office, at home, at the customer or remotely. We protect your business. We do this in an accessible and affordable way.

Lab 1

Lab 1

Lab 1 turns criminal data breaches and attacks into insights. Get alerts of data breaches or ransomware attack incidents as they happen.

Millennium Corporation

Millennium Corporation

For nearly two decades, Millennium Corporation has been operating on the leading edge of cybersecurity.