UK: MAKING REMOTE ACCESS TO COMPUTERS "LAWFUL"
15 May 2015
"GCHQ staff, intelligence officers and police have been given immunity from prosecution for hacking into computers, laptops and mobile phones under legislative changes that were never fully debated by parliament, a tribunal has been told.
The unnoticed re-writing of a key clause of the Computer Misuse Act has exempted law enforcement officials from the prohibition on breaking into other people’s laptops, databases, mobile phones or digital systems. It came into force in March. The new clause 10, entitled somewhat misleadingly “Savings”, is designed to prevent officers from committing a crime when they remotely access computers of suspected criminals.
Changes to the Computer Misuse Act were introduced by the Serious Crime Act 2015 which received royal assent on 3 March 2015. No reference to the true impact of the changes was made in the parliamentary explanatory notes that accompanied the bill, according to Privacy International."
See the article:
Intelligence officers given immunity from hacking laws, tribunal told - Legislative changes exempting law enforcement officers from ban on breaking into people’s digital devices were never debated by parliament, tribunal hears (Guardian, link)
The
Serious Crimes Act 2015 (pdf) contains the following amendment to the Computer Misuse Act:
"the person does any unauthorised act in relation to a computer" [emphasis added: Section 41] As long as it is "authorised" its lawful.
See:
After legal claim filed against GCHQ hacking, UK government rewrite law to permit GCHQ hacking (PI, link):
"In its legal filings, sent to Privacy International only the day before the hearing began, the Government notified claimants that the Computer Misuse Act was rewritten on 3 March 2015 to exempt the intelligence services from provisions making hacking illegal.
The explaintory notes that accompanied the act [Computer Misuse Act] make no reference to the true impact of the change. It appears no regulators, commissioners responsible for overseeing the intelligence agencies, the Information Commissioner's Office, industry, NGOs or the public were notified or consulted about the proposed legislative changes. There was no published Privacy Impact Assessment. Only the Ministry of Justice, Crown Prosecution Service, Scotland Office, Northern Ireland Office, GCHQ, Police and National Crime Agency were consulted as stakeholders. There was no public debate.That legislation, deemed the Serious Crime Bill 2015, passed into law on 3 March 2015 and become effective on 3 May 2015."
Today, 15 May 2015, the Home Office issued two amended Codes of Practice:
-
Acquisition and Disclosure of Communications Data Code of Practice (pdf)
-
Retention of Communications Data Code of Practice (pdf)