The UK Government has quietly changed the Anti-Hacking Laws quietly that exempt GCHQ, police, and other electronic intelligence agencies from criminal prosecution for hacking into computers and mobile phones and carrying out its controversial surveillance practices.
The details of the changes were disclosed at the Investigatory Powers Tribunal, which is currently hearing a challenge to the legality of computer hacking by UK law enforcement and its intelligence agencies.
About a year ago, a coalition of Internet service providers teamed up with Privacy International to take a legal action against GCHQ for its unlawful hacking activities.
However, the Government amended the Computer Misuse Act (CMA) two months ago to give GCHQ and other intelligence agencies more protection through a little-noticed addition to the Serious Crime Bill.
The change was introduced on June 6, just weeks after the complaint was filed by Privacy International that GCHQ had conducted computer hacking to gather intelligence that was unlawful under the CMA.
The bill that would allow GCHQ and other intelligence officers to hack without any criminal liability was passed into law on March 3, 2015 and became effective on 3rd of this month.
Privacy International notified this change in the CMA law only on Thursday. They complained that the legislative change occurred during the case under that very legislation was ongoing. Thus, they should have been informed.
"It appears no regulators, commissioners responsible for overseeing the intelligence agencies, the Information Commissioner's Office, industry, NGOs or the public were notified or consulted about the proposed legislative changes," according to Privacy International. "There was no public debate."
"Instead, the government is continuing to neither confirm nor deny the existence of a capability it is clear they have, while changing the law under the radar, without proper parliamentary debate."
The complaint was filed by the charity Privacy International following the revelations from former NSA contractor Edward Snowden, who revealed the United States and British agencies’ capabilities to carry out global surveillance on a much wider scale.
Snowden also claimed that the National Security Agency (NSA) and its British counterpart GCHQ had the ability to monitor Internet traffic, listen to phone calls and infect Millions of computer and mobile handsets with malicious software.
According to Privacy International, the change made to the Computer Misuse Act "grants UK law enforcement new leeway to potentially conduct cyber attacks within the UK."
However, the Home Office has rejected all the claims made by Privacy International and said there have been no changes made to the CMA that would affect the scope of spy agencies.
"There have been no changes made to the Computer Misuse Act 1990 by the Serious Crime Act 2015 that increase or expand the ability of the intelligence agencies to carry out lawful cyber crime investigation," said the spokesman. "It would be inappropriate to comment further while proceedings are ongoing."