Privacy International and Open Rights Group's Submission in Response to the Consultation on the Draft Equipment Interference Code of Practice

Advocacy

Post date

20th March 2015

On 20 March 2015, Privacy International and Open Rights Group submitted comments on the UK Government's draft Equipment Interference Code of Practice.

The UK has been hacking for over a decade, yet the release of the draft Code of Practice is the first time the UK intelligence services have sought public authorisation for their activities. Indeed, it is the first time the intelligence services have publicly acknowledged they engage in hacking.

Unfortunately, the draft Code of Practice is too little, too late. The serious concerns raised by government hacking, which include intruding upon privacy in new and extremely invasive ways, undermining the security of the internet, and setting a precedent for other spy agencies around the world, require that the UK intelligence agencies’ hacking operations be closely controlled, if they are permitted at all. Privacy International and Open Rights Group believe that the draft Code of Practice is not the proper way to address government hacking.

While maintaining their objection to the process, Privacy International and Open Rights Group take this opportunity to assist the Secretary of State and Parliament as they consider the draft Code of Practice. First, we describe the technology underlying hacking, and its ability to enable the State to reach into every aspect of an individual's life, while also undermining the security of both any computer targeted and the internet as a whole. Given these concerns, we seriously question whether hacking should ever be deployed by the intelligence services. In the case that hacking is authorised, in the second part of this submission we put forth a set of policies we think any hacking operation must abide by in order to help lessen the intrusion on privacy and security. We then critique the draft Code of Practice, which in its current form grants the intelligence services far too much leeway to hack anyone in the world with minimal authorisation, few safeguards and limited oversight. Both substantively and procedurally, therefore, the draft Code of Practice is deficient.

Attachments

2015.03.20 PI and ORG Submission - Draft Equipment Interference Code.pdf

Learn more

Government Hacking

Location

United Kingdom

Our fight

Contesting Government Data and System Exploitation

What PI is calling for

Hacking Necessary Safeguards

A growing number of governments around the world are embracing hacking to facilitate their surveillance activities. But many deploy this capability in secret and without a clear basis in law.

PI's Response to the UK Government's Investigatory Powers (Amendment) Bill

The UK is once again seeking to expand its surveillance powers. Seven years after the Investigatory Powers Act 2016 became law, the UK Government is now trying to amend it in ways which would further undermine already insufficient bulk surveillance safeguards and introduce a notification regime which could be used to prevent companies from implementing important privacy and security measures. PI is joining other UK civil society organisations in objecting to this problematic Bill.

Report

Operating from the Shadows: Inside NSO Group’s Corporate Structure

In this briefing, PI together with Amnesty International and SOMO seek to aid civil society efforts toward greater oversight, accountability and remedy of corporate structures that have been reported to contribute to government surveillance of individuals, including human rights defenders.

Explainer

Police officer walking into back of phone

How hacking can be used at a protest

A brief guide to how hacking can be used at protests and how you can minimise risks to your data (UK edition).

Long Read

Q&A: PI case - UK High Court judgment on general warrants and government hacking explained

We explain in some detail what our case involving UK intelligence services using general warrants is about.