International Service Providers Sue GCHQ For Potentially Hacking Their Networks

from the could-get-interesting dept

A group of seven smaller international ISPs, many of which tend to be used by activists, are now suing GCHQ via the Investigatory Powers Tribunal, for hacking into their networks. The focus of the lawsuit is on the GCHQ's now infamous hacking of Belgian telco Belgacom, via a quantum insert, to get access to a variety of communications. While those revelations don't name any of the service providers filing suit, they note that "the type of surveillance being carried out allows them to challenge the practices in the IPT because they and their users are at threat of being targeted." The seven service providers are:
Riseup (US), GreenNet (UK), Greenhost (Netherlands), Mango (Zimbabwe), Jinbonet (Korea), May First/People Link (US), and the Chaos Computer Club (Germany), along with Privacy International
There may be a big question as to whether or not any of those organizations really have standing if there's no evidence they were actually targeted by GCHQ, but I don't know enough about how the Investigatory Powers Tribunal works when it comes to the question of who has standing to judge at the outset. Either way, the service providers note that GCHQ's activities violate the European convention on human rights:
First, in the course of such an attack, network assets and computers belonging to the internet and communications service provider are altered without the provider’s consent. That is in itself unlawful under the Computer Misuse Act 1990 in the absence of some supervening authorisation. Depending on the nature and extent of the alterations, the attacks may also cause damage amounting to an unlawful interference with the internet and communications service provider’s property contrary to Article 1 of the First Protocol (“A1P1”) to the European Convention on Human Rights (“ECHR”).

Second, the surveillance of the internet and communications service provider’s employees is an obvious interference with the rights of those employees under Articles 8 and 10 ECHR, and by extension the provider’s own Article 10 rights. As Der Spiegel reported in relation to a separate attack on Mach, a data clearing company, a computer expert working for the company was heavily targeted: “A complex graph of his digital life depicts the man’s name in red crosshairs and lists his work computers and those he uses privately (‘suspected tablet PC’). His Skype username is listed, as are his Gmail account and his profile on a social networking site. […] In short, GCHQ knew everything about the man’s digital life.” It is not simply a question of GCHQ confining its interest to employees’ professional lives. They are interested in knowing everything about the staff and administrators of computer networks, so as to be better able to exploit the networks they are charged to protect.

Third, the exploitation of network infrastructure enables GCHQ to conduct mass and intrusive surveillance on the customers and users of the internet and communications service providers’ services in contravention of Articles 8 and 10 ECHR. Network exploitation of internet infrastructure enables GCHQ to undertake a range of highly invasive mass surveillance activities, including the application of packet capture (mass scanning of internet communications); the weakening of encryption capabilities; the observation and redirection of internet browsing activities; the censoring or modification of communications en route; and the creation of avenues for targeted infection of users’ devices. Not only does each of these actions involve serious interferences with Article 8 ECHR rights, by creating vulnerabilities and mistrust in internet infrastructure they also chill free expression in contravention of Article 10 ECHR.

Fourth, the use by GCHQ of internet and communications service providers’ infrastructure to spy on the providers’ users on such an enormous scale strikes at the heart of the relationship between those users and the provider itself. The fact that the internet and communications service providers are essentially deputised by GCHQ to engage in heavily intrusive surveillance of their own customers threatens to damage or destroy the goodwill in that relationship, itself an interference with the provider’s rights under A1P1.
Certainly a case worth watching if it can get past the standing issue.

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Mason Wheeler (profile), Jul 2nd, 2014 @ 2:11pm

    The Chaos Computer Club? Did I miss something? When did an infamous group of German hackers and cyber-vandals turn into an ISP?

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    kenichi tanaka (profile), Jul 2nd, 2014 @ 2:31pm

    What a bunch of morons. While I'm not a defender of government surveillance, International Service providers are nothing but idiots and morons. Suing GCHQ because of "what might happen" in regards to their spying? You cannot sue someone for something that hasn't happened yet.

    The courts need to dismiss this lawsuit as nothing more than frivolous.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jul 2nd, 2014 @ 2:39pm

    Re:

    I really, REALLY hope you get your ass put on some terror list and your rights stomped on by the government at every opportunity for something banal that nobody in their right mind could see as doing wrong, just to point out in all clarity to you, what a shortsighted moron you are.

    And while were at it, I hope you also get sued for copyright infringement, especially if you haven't done what you are getting sued for, just so that you can have the fun of trying to get your ass out of this situation.

    Morons like you only learn if they experience all the pain firsthand.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Jul 2nd, 2014 @ 2:51pm

    Re:

    Come now, they are a perfectly respectable group, with a keen interest in human rights.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Jul 2nd, 2014 @ 3:28pm

    Re:

    Just suppose you are this person:

    "As Der Spiegel reported in relation to a separate attack on Mach, a data clearing company, a computer expert working for the company was heavily targeted: “A complex graph of his digital life depicts the man’s name in red crosshairs and lists his work computers and those he uses privately (‘suspected tablet PC’). His Skype username is listed, as are his Gmail account and his profile on a social networking site. […] In short, GCHQ knew everything about the man’s digital life.""

    You might make a better case. But would you sue the intelligence agency that directed the surveillance carried out on you? Or would you feel that might make you, your employer, anyone you know, even more of a target?

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Anonymous Coward, Jul 2nd, 2014 @ 3:31pm

    Ye of exaulted and superior knowledge and position

    Just how do you define standing to sue when discussing a significant wrong that is being done behind most peoples backs.* **


    *Just cause it is secret does not make it right!
    **Just cause it is the 'gobmint' doing it does not make it right!

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Whatever (profile), Jul 2nd, 2014 @ 5:12pm

    Standing will be the first hurdle, and one they are very unlikely to get over. I doubt any of them can show actual personal harm.

    After that, they would have to show that GCHQ actually did the hack, that the hack was done entirely without the knowledge or help of the ISP or any equipment manufacture, and a whole bunch of other details. It's really not a simple case to make.

    As the AC points out as well, do we truly want to be able to sue the government spy agency for doing it's job?

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Jul 2nd, 2014 @ 5:46pm

    no sign of any of the BIG UK ISPs in this. i suppose they are quite happy jogging along, throwing as many bits of customer info as they can at GCHQ or anyone else that wants it!

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    kenichi tanaka (profile), Jul 2nd, 2014 @ 5:50pm

    "Anonymous Coward" acting cowardly, huh? You cannot sue someone for something they have not done yet. The courts will realize the true stupidity of this frivolous lawsuit and dismiss it. Without proof of what the GCHQ has done, ISP cannot sue someone for something they haven't done yet.

    For example, you cannot sue somebody for defaming you in the future because they haven't defamed you in the past or present. Simply filing a lawsuit against somebody for something they haven't done yet will get laughed out of court so fast it would make your head spin.

    For example, you cannot be sued today for downloading the fifth Avengers movie in the future, simply because it hasn't happened yet. For any court to allow anyone to sue another person for conduct that has not even been committed yet would open the floodgates of every judicial system on this planet and it would create massive problems for the courts, no matter what country you are in.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Jul 2nd, 2014 @ 7:54pm

    Re:

    When did an infamous group of German hackers and cyber-vandals turn into an ISP?
    I think this was bad reporting in the original story, based on the other "ISPs" in the list. These groups provide internet services (email etc.), not internet service as "ISP" normally suggests. That said, the CCC does provide internet service during conferences (for a few days each year, the Berliner Congress Centre used to have more bandwidth than Africa).

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    Eldakka (profile), Jul 2nd, 2014 @ 11:03pm

    Re:

    do we truly want to be able to sue the government spy agency for doing it's job?


    When the MEANS it uses to do it's job breach the law and/or constitutional protections, then definitely YES.

    The ends do NOT justify the means.

    The security agencies are not above the law, no matter how much they and the executive wish they are.

    And while legally they are not above the law, the way things seem to be heading it is looking more and more like in practice they are above the law.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    Whatever (profile), Jul 2nd, 2014 @ 11:43pm

    Re: Re:

    When the MEANS it uses to do it's job breach the law and/or constitutional protections, then definitely YES.

    Okay, show me the criminal charges brought against them for breaking the law. Oh, they don't exist.

    You don't consider perhaps that while distasteful, perhaps the security "holes" are there by intention and agreement by at least two parties (government and equipment maker, example) and as such, may be nothing more than a civil case for failure to disclose by the equipment maker?

    It's pretty easy to say "they broke the law", but if they did, where are the criminal (not civil) actions?

    They are not above the law, but "the law" must take action to prosecute them criminally if they have in fact broken the law in a provable fashion. Otherwise, they can stand "over there" with the guys from TPB claiming they aren't doing anything wrong.

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    Ninja (profile), Jul 3rd, 2014 @ 4:09am

    Re: Re: Re:

    There were no criminal charges against the 3rd Reich. They were doing everything within German law.

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    Ninja (profile), Jul 3rd, 2014 @ 4:09am

    Thanks for the list of providers that can be trusted to fight back.

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    Ninja (profile), Jul 3rd, 2014 @ 4:11am

    Re:

    Without proof? Really? Have you been living under a rock?

    For example, you cannot be sued today for downloading the fifth Avengers movie in the future, simply because it hasn't happened yet.

    On the contrary. If a Governmental body is abusing its power you don't have to wait till the abuse reaches you to question their behavior in the courts.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    sciamiko (profile), Jul 3rd, 2014 @ 4:48am

    ISDS?

    Could this be a case where ISDS could actually be useful? Surely the investors have a case against the states of the UK and USA because they are interfering with their business without due reason.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Whatever (profile), Jul 3rd, 2014 @ 5:44am

    Re: Re: Re: Re:

    Only two posts to get to the Nazis? Rushing to a conclusion?

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    Whatever (profile), Jul 3rd, 2014 @ 5:47am

    Re: Re:

    If a Governmental body is abusing its power you don't have to wait till the abuse reaches you to question their behavior in the courts.

    Not right at all. You need some example, some specific case, some specific action - and you generally have to be party to it. Making vague "we think they are looking over our shoulders and might have seen something" claims doesn't stand up in court at all. Otherwise, I could say that I think you have been spying on me, that you might have seen something I wrote, so I can sue you for "one meeeeeellion dollars" (apply pinkie finger here).

    Oh, that last part is for guys like Rick Falkvinge who don't seem to understand that you can share culture without sending the whole movie to someone.

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    Ninja (profile), Jul 3rd, 2014 @ 6:18am

    Re: Re: Re: Re: Re:

    Actually no. You've been showing your ignorance for a few articles now. The Apartheid was law but it doesn't make it right. Several things were laws on the Nazi Germany but it did not make them right. On the other hand, the same Nazi Germany had awesome laws against animal cruelty/abuse so there is that. The animal abuse laws were ok and should be followed but the rest wasn't. Just because it's the law it doesn't make it automatically right.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    Ninja (profile), Jul 3rd, 2014 @ 6:22am

    Re: Re: Re:

    Not right at all. You need some example, some specific case, some specific action

    Yes but even if that action does not affect you you can question it in the courts. See EFF, ACLU etc.

    Making vague "we think they are looking over our shoulders and might have seen something" claims doesn't stand up in court at all.

    They are not claims, there's factual evidence backing up those "claims".

    Oh, that last part is for guys like Rick Falkvinge who don't seem to understand that you can share culture without sending the whole movie to someone.

    As always, you miss the entire point. Like the 6 second clips. Those are not the entire movie/match/whatever and they are still taken down. Pirating a full work is just the extreme example. And even then it is right when the copyright holders (notice I'm not talking about the creators) do not make that content available for purchase or the price is at extortion levels.

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    Eldakka (profile), Jul 3rd, 2014 @ 6:51pm

    Re: Re: Re:

    Umm, that is sorta the WHOLE POINT of the suit, to determine if what they are doing in this case is legal or not.

    Under the way the law/legal systems work in (nominally) free societies, ANYTHING you do IS legal unless/until a law against it is passed and/or the activity is challenged in court to get a ruling on it.

    Therefore what GCHQ is doing is, nominally, legal, until it is ruled as illegal. And the way to test if it is illegal is to take it to court and get a ruling. Which is what is being attempted here. If the courts agree that it is legal, then there will be no repurcussions on GCHQ. If, however, the court declares it illegal, then there will (or may be, assuming its not all swept under the rug/pardoned) repurcussions on GCHQ.

    And relying on the government, the instigators, hell, the cheerleaders and enablers of this activity, to be the ones to bring it up before the courts in criminal proceedings is not just naive, its f*cking stupid. It's the attitute of someone who believes the phrase "I'm from the government, I'm here to help you." You may care to abdicate yourself from your civil duty of always questioning the government's actions and motivations, of being coddled and accepting the government can do no wrong, but others don't.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Jul 3rd, 2014 @ 7:53pm

    Re: Re: Re:

    Maybe they have an IP address?

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Pragmatic, Jul 4th, 2014 @ 9:13am

    Re: ISDS?

    Corporations are ultimately behind the surveillance because they're making money from it by providing the equipment, etc. Isn't Senator Spystein's husband cleaning up over it?

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    GEMont, Jul 6th, 2014 @ 4:12pm

    Re: Re: Re: Re:

    You should probably pay close attention to all of Whatever's posts, as it appears s/he is using the same "legal" loopholes in his/her "defense" arguments as the Federal agency's are using to defend their various illicit surveillance actions.

    Rather telling actually. He/She might make a fair crystal ball for future excuses of federal shenanigans.

    Turn the shill into something useful. :)

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Techdirt Reading List
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.