Government Hacking

Covert manipulation of and interferences with peoples' devices and software creates significant surveillance capabilities.

 

Privacy International is fighting back against hacking powers increasingly used by governments around the world for surveillance.

What Is The Problem

As a form of government surveillance, hacking presents unique and grave threats to our privacy and security. It has the potential to be far more intrusive than any other surveillance technique, permitting the government to remotely and surreptitiously access our personal devices and all the intimate information they store. It also permits the government to conduct novel forms of real-time surveillance, by covertly turning on a device's microphone, camera, or GPS-based locator technology, or by capturing continuous screenshots or seeing anything input into and output from the device. Hacking allows governments to manipulate data on our devices, by deleting, corrupting or planting data; recovering data that has been deleted; or adding or editing code to alter or add capabilities, all while erasing any trace of the intrusion. Government hacking targets are not confined to devices, but can extend also to communications networks and their underlying infrastructure.

At the same time, government hacking has the potential to undermine the security of targeted devices, networks or infrastructure, and potentially even the internet as a whole. Computer systems are complex and, almost with certainty, contain vulnerabilities that third parties can exploit to compromise their security. Government hacking often depends on exploiting vulnerabilities in systems to facilitate a surveillance objective. Government hacking may also involve manipulating people to interfere with their own systems. These techniques prey on user trust, the loss of which can undermine the security of systems and the internet.

A growing number of governments around the world are embracing hacking to facilitate their surveillance activities. But many deploy this capability in secret and without a clear basis in law. In the instances where governments seek to place such powers on statutory footing, they are doing so without the safeguards and oversight necessary to minimise the privacy and security implications of hacking.

What Is The Solution

Privacy International is addressing government hacking for surveillance in the following ways.

First, we are bringing greater transparency to government use of hacking as a form of surveillance. In many places around the world, the public is increasingly in the dark about government deployment of novel surveillance capabilities and technologies. This secrecy has extended also to government use of hacking as a form of surveillance. We are pushing governments for disclosure, through litigation challenging government hacking, Freedom of Information requests, and by pressuring oversight bodies and political representatives for information.

Second, we are raising awareness about the privacy and security risks of government hacking for surveillance. Because the risks are novel, critical and technically complex, there is an urgent need to educate diverse groups, from the general public to expert communities. We are publishing videos, explainers and analyses to explain these risks from a human rights and technical perspective. We are also developing a set of recommendations, which articulate how the international human rights framework and security considerations should apply to government hacking.

Finally, we are working to restrain government hacking as a form of surveillance. The privacy and security risks posed by government hacking leave open the question of whether hacking as a form of surveillance can ever comply with international human rights law. Where governments nevertheless adopt these powers, we seek to constrain them in light of applicable international human rights law and by highlighting their security implications. We are directly challenging government hacking in court, one of the first cases of its kind in the world. We also intervene in cases addressing government hacking. We conduct legislative and policy advocacy, analysing legal regimes authorising government hacking against the safeguards and oversight measures in our recommendations.