ISPs take legal action against GCHQ

GCHQ in Cheltenham GCHQ and the NSA's spying work is under legal scrutiny

Related Stories

Seven internet service providers have filed a legal complaint against the UK's intelligence agency GCHQ.

ISPs from the US, UK, Netherlands and South Korea have joined forces with campaigners Privacy International to take the agency to task over alleged attacks on network infrastructure.

It is the first time that GCHQ has faced such action.

The move follows allegations about government snooping made by US whistleblower Edward Snowden.

'Infected with malware'

The ISPs claim that alleged network attacks, outlined in a series of articles in Der Spiegel and the Intercept, were illegal and "undermine the goodwill the organisations rely on".

The allegations that the legal actions are based on include:

  • claims that employees of Belgian telecommunications company Belgacom were targeted by GCHQ and infected with malware to gain access to network infrastructure
  • GCHQ and the US National Security Agency, where Mr Snowden worked, had a range of network exploitation and intrusion capabilities, including a "man-on-the-side" technique that covertly injects data into existing data streams to create connections that will enable the targeted infection of users
  • the intelligence agencies used an automated system, codenamed Turbine, that allowed them to scale up network implants
  • German internet exchange points were targeted, allowing agencies to spy on all internet traffic coming through those nodes

While the ISPs taking the action were not directly named in the leaked Snowden documents, Privacy International claims that "the type of surveillance being carried out allows them to challenge the practices... because they and their users are at threat of being targeted".

Privacy International has previously filed two other cases - the first against alleged mass surveillance programmes Tempora, Prism and Upstream, and the second against the deployment by GCHQ of computer intrusion capabilities and spyware.

'Strict framework'

Eric King, deputy director of Privacy International, said "These widespread attacks on providers and collectives undermine the trust we all place on the internet and greatly endangers the world's most powerful tool for democracy and free expression."

The ISPs involved in the action are UK-based GreenNet, Riseup (US), Greenhost (Netherlands), Mango (Zimbabwe), Jinbonet (South Korea), May First/People Link (US)and the Chaos Computer Club (Germany).

Cedric Knight, of ISP GreenNet, added: "Snowden's revelations have exposed GCHQ's view that independent operators like GreenNet are legitimate targets for internet surveillance, so we could be unknowingly used to collect data on our users. We say this is unlawful and utterly unacceptable in a democracy."

GCHQ maintains that all its work is conducted "in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate".

More on This Story

Related Stories

More Technology stories

RSS

Features & Analysis

BBC Future

(Google)

Inside Google’s secret drone lab

The computing giant’s future fliers Read more...

Programmes

  • Art installationClick Watch

    How one artist is using computer code to turn internet radio into a unique piece of music

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.