View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 26, 2014

Privacy group wants more GCHQ oversight post-Regin

Suspicions that the British intelligence agency built the virus leads to calls for legal clarity.

By Jimmy Nicholls

Privacy International (PI) is calling for greater oversight on GCHQ following suspicions that they were behind the Regin malware.

Comments from various security firms reported by the Guardian claimed that only the UK, US and Israel were capable of delivering such sophisticated malware, but PI has said the legal position on government hacking is unclear.

Eric King, deputy director at PI, said: "Although we know more than ever before about the capabilities of British and American security services to conduct network exploitation and attacks, we still don’t know on what legal authority GCHQ and the NSA purport to act.

"There is no clear legal framework in either country that sanctions and regulates the deployment of these kinds of intrusive tools."

King argued that government malware deployment would only be covered under an "extraordinarily broad interpretation" of the Regulation of Investigatory Powers Act (RIPA), the bill which covers government snooping.

He added that under the terms of the Computer Misuse Act, if GCHQ impairs the operation of a computer within England and Wales to steal data or gain unauthorised access it would be "prima facie unlawful".

Another bill, the Intelligence Services Act, also grants powers to the Secretary of State to authorise interference with property or wiretapping via warrant, a broad power King described as "simply not sufficient to legally justify the use of highly advanced invasive surveillance techniques".

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

A previous ruling by the European Court of Human Rights on a case involving German citizen Gabriele Weber set out the need for clarity in the laws around snooping, owing to the lack of potential scrutiny that can be applied against intelligence services.

"There are no authorising powers in the UK sanctioning the deployment of malware like Regin that meet the Weber standards for authorisation, nor are there the safeguards in statute," King said.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.