Home
 » ISP News » 
Sponsored Links

Small ISPs Launch Legal Action to Stop GCHQ UK Internet Snooping

Wednesday, Jul 2nd, 2014 (1:28 pm) - Score 690

A group of smaller ISPs from around the world, including GreenNet from the United Kingdom, have lodged a legal complaint against the UK’s intelligence agency – Government Communications Headquarters (GCHQ) – after they were last year caught tapping into at least some of the world’s 10Gbps transatlantic fibre optic cable links and snooping on the related phone and Internet traffic.

Last year’s revelations surrounding operation Tempora (here and here), which allegedly also received support from major telecoms operators like BT (“Remedy“) and Vodafone (“Gerontic“), have since seen plenty of twists and turns, but so far none of ex-NSA employee Edward Snowden‘s leaks appear to have had much of an impact on the snooping activity itself.

Advertisement

However a coalition of smaller ISPs, including GreenNet (UK), RiseUp Networks (USA), Mango Email Service (Zimbabwe), “Jinbonet” – Korean Progressive Network (South Korea), Greenhost (Netherlands), Media Jumpstart Inc. (USA) and the Chaos Computer Club (Germany), have decided to take matters into their own hands by lodging a formal legal complaint with the UK’s Investigatory Powers Tribunal (IPT).

The legal complaint document (Adobe PDF) highlights four key gripes against both GCHQ and the UK Government’s Secretary of State for Foreign and Commonwealth Affairs, William Hague.

The Four Main Legal Issues

1. First, in the course of such an attack, network assets and computers belonging to the internet and communications service provider are altered without the provider’s consent. That is in itself unlawful under the Computer Misuse Act 1990 in the absence of some supervening authorisation. Depending on the nature and extent of the alterations, the attacks may also cause damage amounting to an unlawful interference with the internet and communications service provider’s property contrary to Article 1 of the First Protocol (“A1P1”) to the European Convention on Human Rights (“ECHR”).

2. Second, the surveillance of the internet and communications service provider’s employees is an obvious interference with the rights of those employees under Articles 8 and 10 ECHR, and by extension the provider’s own Article 10 rights. As Der Spiegel reported in relation to a separate attack on Mach, a data clearing company, a computer expert working for the company was heavily targeted: “A complex graph of his digital life depicts the man’s name in red crosshairs and lists his work computers and those he uses privately (‘suspected tablet PC’). His Skype username is listed, as are his Gmail account and his profile on a social networking site. […] In short, GCHQ knew everything about the man’s digital life.”

It is not simply a question of GCHQ confining its interest to employees’ professional lives. They are interested in knowing everything about the staff and administrators of computer networks, so as to be better able to exploit the networks they are charged to protect.

3. Third, the exploitation of network infrastructure enables GCHQ to conduct mass and intrusive surveillance on the customers and users of the internet and communications service providers’ services in contravention of Articles 8 and 10 ECHR. Network exploitation of internet infrastructure enables GCHQ to undertake a range of highly invasive mass surveillance activities, including the application of packet capture (mass scanning of internet communications); the weakening of encryption capabilities; the observation and redirection of internet browsing activities; the censoring or modification of communications en route; and the creation of avenues for targeted infection of users’ devices. Not only does each of these actions involve serious interferences with Article 8 ECHR rights, by creating vulnerabilities and mistrust in internet infrastructure they also chill free expression in contravention of Article 10 ECHR.

4. Fourth, the use by GCHQ of internet and communications service providers’ infrastructure to spy on the providers’ users on such an enormous scale strikes at the heart of the relationship between those users and the provider itself. The fact that the internet and communications service providers are essentially deputised by GCHQ to engage in heavily intrusive surveillance of their own customers threatens to damage or destroy the goodwill in that relationship, itself an interference with the provider’s rights under A1P1.

The complaint then continues on to highlight various examples and laws as supporting evidence for their case, before seeking a declaration that “GCHQ’s intrusion into the computers and network assets of internet and communications service providers, their staff and their users is unlawful“. The ISPs have also requested an order that would require the destruction of any unlawfully obtained material and an injunction to restrain “further unlawful conduct“.

Meanwhile the UK Government continues to claim that its activity is lawful, which appears to be largely down to a clause in the original Regulation of Investigatory Powers Act (RIPA). This allows the government’s home or foreign secretary to approve the activity so long as one end of the snooped communication is abroad (i.e. international traffic).

Advertisement

It remains to be seen whether or not this latest legal complaint will actually make any headway. The IPT, which exists to investigate complaints about the potential conduct of various public bodies, was also established as a result of the enactment of RIPA in 2000.

Mark-Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and .
Search ISP News
Search ISP Listings
Search ISP Reviews

Comments are closed

Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
The Top 15 Category Tags
  1. FTTP (6034)
  2. BT (3642)
  3. Politics (2722)
  4. Business (2442)
  5. Openreach (2407)
  6. Building Digital UK (2331)
  7. Mobile Broadband (2150)
  8. FTTC (2084)
  9. Statistics (1905)
  10. 4G (1822)
  11. Virgin Media (1768)
  12. Ofcom Regulation (1585)
  13. Fibre Optic (1470)
  14. Wireless Internet (1463)
  15. 5G (1411)
Promotion
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact
Mastodon