HMRC Acted Unlawfully in Hiding Details of Spyware Investigation

HMRC Acted Unlawfully in Hiding Details of Spyware Investigation
HMRC Acted Unlawfully in Hiding Details of Spyware Investigation

Privacy International won a major legal victory on Monday after the Administrative Court ruled that HMRC must reconsider its decision not to disclose any details of an investigation into British spyware company Gamma International.

In a lengthy judgement, Mr Justice Green ruled that the HMRC had taken “an uncompromising stance which on its face is simply inconsistent with the legislation”.
 
Pressure group Privacy International handed over a 186-page dossier of evidence to HMRC back in November 2012, asking the department – as the body responsible for enforcing export regulations – to investigate whether Gamma had illegally exported surveillance tech to countries with records of human rights abuses.
 
The group said the dossier included technical evidence as well as interviews with activists in countries like Bahrain and Ethiopia whose computers had been targeted by the spyware in question – the notorious FinFisher.
 
However, Privacy International, and several of the activists it had interviewed were ultimately left frustrated after HMRC consistently refused to reveal any details of its investigation – or whether a criminal investigation had even been launched.
 
HMRC’s reasons for keeping quiet were that revealing such details would constitute a “breach of confidence actionable in court”.
 
However, Justice Green’s ruling appears to place NGOs like Privacy International on a par with the press. It states that, “the rationale which justifies the provision of information by HMRC to the press applies in large measure to disclosure of information to pressure groups and other NGOs”.
 
FinFisher spyware regularly features in Reporters Without Borders annual Enemies of the Internet reports and was reckoned by Citizen Lab to be present in 36 countries including some of the world’s most repressive regimes.
 
It installs itself on a victim’s PC or mobile device without their knowledge and allows remote monitoring of email, IM, Skype, location data, and even camera and microphone feeds, according to Privacy International.
 
“For two years we have been asking government to come clean on what they are doing when it comes to the illegal export of FinFisher and to stand up for victims targeted by surveillance technology made on British soil,” said Privacy International deputy director, Eric King.
 
“Today’s ruling is an important victory, and a step in the right direction to holding Gamma International, and the rest of this secretive industry, to account.”  

What’s Hot on Infosecurity Magazine?