Emboldened by its recent court victory over HMRC, NGO Privacy International has launched a legal bid to stop GCHQ unlawfully snooping on its citizens.
The privacy pressure group on Tuesday formally submitted the request to the Investigatory Powers Tribunal, an independent judicial panel set up to hear complaints about the government and secret services.
It alleges that GCHQ broke articles 8 and 10 of the European Convention on Human Rights – in other words the right to privacy and the right to freedom of expression.
Citing “recently disclosed documents” made public by NSA whistleblower Edward Snowden, Privacy International claimed GCHQ did so by developing malware designed to “intrude on individual computers and mobile devices” with the aim of spying on their users.
A program known as “Captivated Audience” was designed to “take over a targeted computer’s microphone and record conversations taking place near the device”, while “Gumfish” covertly exfiltrated pics from PC webcams and “Foggybottom” recorded browsing history and log-in details.
Again citing documents in the public domain, this time made public by The Guardian, the complaint also alleged GCHQ developed a malware suite known as “Warrior Pride” for iOS and Android, featuring programs such as “Nosey Smurf”, for covertly turning on and recording from the device mic.
It continued:
“These forms of invasive surveillance allow intelligence agencies access to the most personal and sensitive information about an individual’s life – their location, age, gender, marital status, finances, health information, ethnicity, sexual orientation, education, family relationships, private communications, and potentially, their most intimate thoughts."
The privacy group called for “a declaration that GCHQ’s“intrusion into computers and mobile devices is unlawful” alongside an injunction “restraining further unlawful conduct” and an order requiring the destruction of any intel gleaned unlawfully.
“In allowing GCHQ to extract a huge amount of information, and to turn an individual’s own devices against them by co-opting the devices as instruments of video and audio surveillance, it is at least as intrusive as searching a person’s house and installing bugs so as to enable continued monitoring,” wrote Privacy International deputy director Eric King.
“In fact, it is more intrusive, because of the amount of information now generated and stored by computers and mobile devices, the speed, ease and surreptitiousness with which surveillance can be conducted, and because it allows the ongoing surveillance to continue wherever the affected person may be.”