Alleged Network Infrastructure attacks

Privacy International and 7 Internet Service Providers v. Secretary of State for the Foreign and Commonwealth Office and Government Communications Headquarters (Case No. IPT/14/120-126/CH)

In July 2014, Privacy International, along with 7 Internet Service Providers (ISP’s) filed a lawsuit in the Investigatory Powers Tribunal (IPT) claiming that alleged attacks on network infrastructure by the GCHQ and the NSA have violated the UK Computer Misuse Act, Article 1 of the First Additional Protocol (A1AP) of the European Convention of Human Rights (ECHR), which “guarantees the individual’s peaceful enjoyment of their possessions”, as well as Articles 8 & 10 of the ECHR.

This is the first time that ISP’s have brought claims against the GCHQ, and although none of the ISP claimants was specifically named in the documents leaked by Snowden, Privacy International contends that “the type of surveillance being carried out allows them to challenge the practices… because they and their users are at threat of being targeted“.  The ISP claimants are GreenNet (UK), Riseup (US), Greenhost (Netherlands), Mango (Zimbabwe), Jinbonet (South Korea), May First/People Link (US) and the Chaos Computer Club (Germany). According to Cedric Knight of GreenNet, “Snowden’s revelations have exposed GCHQ’s view that independent operators like GreenNet are legitimate targets for internet surveillance, so we could be unknowingly used to collect data on our users. We say this is unlawful and utterly unacceptable in a democracy.”

The claimants are seeking:

  1. A declaration that GCHQ’s intrusion into the computers and network assets of internet and communications service providers, their staff and their users is unlawful and contrary to Articles 8 and 10 and A1P1 ECHR;
  2. An order requiring the destruction of any unlawfully obtained material;
  3. An injunction restraining further unlawful conduct.

GCHQ maintains that all its work is conducted “in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate”.

On February 6, 2015, the UK government filed the same Closed and Open Reponses in this case as in the IPT case against illegal hacking.

Leave a Reply