British Court Rules Against Intelligence Agencies's Bulk Hacking

The High Court in London has ruled that British security and intelligence services can no longer rely on ‘general warrants’ to authorise the hacking of large numbers of computers and phones belonging to UK citizens.

Bulk hacking has been exploited by the UK’s intelligence services to access electronic devices represent an illegal intrusion into the private lives of millions of people, the High Court has been told. The use of bulk surveillance by the intelligence and security services first came to the public attention after the Snowden revelations of 2014, prompting a rearguard effort by the government to shore up the status quo in which officials argued that it would be lawful in principle to use a single warrant to hack every device in a UK city.   

The government relied on the issuing of “general warrants” under section 5 of the Intelligence Services Act 1994 to do so.
The Court referred to cases dating back to the 18th century, which demonstrate the common law’s insistence that the Government cannot search private premises without lawful authority even in the context of national security. Because general warrants are by definition not targeted (and could therefore apply to hundreds, thousands or even millions of people) they violate individuals’ right not to not have their property searched without lawful authority, and are therefore illegal. 

As the Court emphasised: “The aversion to general warrants is one of the basic principles on which the law of the United Kingdom is founded. As such, it may not be overridden by statute unless the wording of the statute makes clear that Parliament intended to do so.”

Privacy International legal director, Caroline Wilson Palow, argued the ruling brought legal precedent into the modern age, where searching “property” could mean remotely spying on users’ digital lives. “General warrants are no more permissible today than they were in the 18th century. The government had been getting away with using them for too long. We welcome the High Court's affirmation of these fundamental constitutional principles,” she said.  "Today's victory rightly brings 250 years of legal precedent into the modern age. General warrants are no more permissible today than they were in the 18th century. The government had been getting away with using them for too long. We welcome the High Court's affirmation of these fundamental constitutional principles." 

However, some government hacking powers are now governed by a newer law, the controversial Snooper’s Charter, or Investigatory Powers Act. There are also various legal challenges underway to this legislation. In October last year,  the Court of Justice of the European Union (CJEU) ruled that bulk collection and retention of citizens’ data must be brought into line with EU privacy law, even in cases of national security.

The UK has a vested interest in rowing back from its position on bulk surveillance, as it seeks an “adequacy decision” from the EU on data handling that is vital to seamless cross-border data flows in the new post-Brexit era.

Privacy International:        Infosecurity Magazine:        Guardian:      Computing:        Computer Weekly:  

You Might Also Read: 

The Impact Of Brexit On British Cyber Security:

 

« Solving Mr. Biden’s Wicked Cyber Problem
Amazon, Apple & Google Cancel Parler »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MKD-CIRT

MKD-CIRT

MKD-CIRT is the national Computer Incident Response Team for Macedonia.

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA) offer commercial insurance services including Cyber Liability insurance.

ClearDATA

ClearDATA

The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built DevOps automation, compliance and security safeguards, and healthcare expertise.

DefenseStorm

DefenseStorm

DefenseStorm is a Security Data Platform that watches everything on your network and matches it to your policies, providing cybersecurity management that is safe, compliant and cost effective.

Sabasai

Sabasai

Sabasai specialises in all aspects of insider threat management from training and education to building security frameworks and insider threat programs to on-site risk & vulnerability assessments.

IdentityIQ

IdentityIQ

IdentityIQ is a US-based identity theft and credit protection company designed to help users stay on top identity thieves and data breaches.

Bitfury Group

Bitfury Group

Bitfury Group is the largest full-service blockchain technology company in the world.

CyberSec Hub - The Kosciuszko Institute

CyberSec Hub - The Kosciuszko Institute

The goal of CyberSec Hub is to create a centre of excellence for cybersecurity in Krakow, a new European “Cyber-Silicon Valley”.

GoSecure

GoSecure

GoSecure Managed Detection and Response helps all organizations reduce dwell time by preventing breaches before they happen.

Technology Innovation & Startup Centre (TISC)

Technology Innovation & Startup Centre (TISC)

TISC is a startup incubator at the Indian Institute of Technology Jodhpur (IITJ) and we back deep-tech startups.

BitLyft

BitLyft

BitLyft is a managed detection and response provider that is dedicated to delivering unparalleled protection from cyber attacks for organizations of all sizes.

Reaktr.ai

Reaktr.ai

Reaktr.ai is founded on the vision of using AI as a catalyst to propel industries into a future where we redefine what's possible. Fortify your cybersecurity defense with our AI-powered platform.

The Hacking Games

The Hacking Games

The Hacking Games' Mission is to inspire, educate and mobilise a generation of ethical hackers to make the world a safer place.

SyberFort

SyberFort

SyberFort offers a suite of SAAS-based platforms designed to fortify your digital defenses including Threat Intelligence and Brand Protection.

Qi An Xin (QAX)

Qi An Xin (QAX)

QAX is a listed company based in China, and a leader in cybersecurity industry, providing new generation enterprise-level and national-level cybersecurity solutions.

Sansec Technology

Sansec Technology

Sansec Technology is dedicated to the research and development of cryptographic products and solutions for cyber security.