Earlier today, Privacy International, working off of information acquired in the wake of the Snowden Affair, filed a 21-page legal challenge against the governmental agency tasked with monitoring terrorists and others. The suit is calling for an end to practices that extend well beyond simple eavesdropping. Warrior Pride, Gumfish, Dreamy Smurf, Foggybottom, and Captivedaudience are examples of malware that the agency created in order to hijack users computers including webcams and microphones. The group is calling for a legal moratorium on their use.
Use of malware
The details of the programs are said to allow the agency access to “the profile information supplied by a user in registering a device [such as] … his location, age, gender, marital status, income, ethnicity, sexual orientation, education, and family”.
While that may sound bad in its own right, Privacy International believes that the logging of key strokes and “the covert and unauthorised photography or recording of the user and those around him” is tantamount to “entering someone’s house, searching through his filing cabinets, diaries and correspondence, and planting devices to permit constant surveillance in future, and, if mobile devices are involved, obtaining historical information including every location he had visited in the past year”.
The brief also points out that those targeted are also left open to penetrations of their computers by others “such as credit card fraudsters, thereby risking the user’s personal data more broadly”, Privacy International argues. “It is the modern equivalent of breaking in to a residence, and leaving the locks broken or damaged afterwards.”
GCHQ denial of wrongdoing
In a very British response a spokesperson for the GCHQ stated, “It is a longstanding policy that we do not comment on intelligence matters.” The group believes that it acted in accordance with existing law adding, “Furthermore, all of GCHQ‘s work is carried out in accordance with a strict legal and policy framework that ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners, and the parliamentary intelligence and security committee. All our operational processes rigorously support this position.”
While that may be the party line, Privacy International believes that the GCHQ itself questioned the legality of its operations citing a leaked internal document that read, “continued GCHQ involvement may be in jeopardy due to British legal/policy restrictions”.
This is not the first, nor will it be the last time that a complaint has been lodged in the semi-secret IPT court that monitors the work of the GCHQ, MI5, MI6 and other groups following the release of documents by Edward Snowden.
