MI5 and MI6 may hackPCs in terror probes

The Government has acknowledged MI5 and MI6 may be hacking computers and phones in Northern Ireland and the Republic as part of their largely successful fight against dissident republicanism: for every one of 20 bomb attacks during 2014, MI5 and the PSNI are believed to have stopped three or four others coming to fruition.

A new report by the Independent Reviewer of Terrorism Legislation also alludes to how the dark web may now be an important tool for dissidents - of both the Irish and Chinese variety - and elsewhere acknowledges various statutory authorities may be intercepting or seizing citizens’ communications data using several legal mechanisms outside the Regulation of Investigatory Powers Act (RIPA) 2000, which was supposed to regulate these practices.

In ‘A Question of Trust’ David Anderson QC points out that: “Northern Ireland’s progress towards a post-conflict society is unfortunately far from complete. A real terrorist threat persists in parts of Northern Ireland.”

This was manifest in three security-related deaths, 71 shooting incidents, 44 bombing incidents, 49 casualties from paramilitary-style assaults, 230 arrests under the Terrorism Acts, and 37 charges in the year to February 2015.

“Of the 20 dissident republican attacks during 2014, most were unsuccessful. But the Director General of MI5 has said that ‘for every one of those attacks we and our colleagues in the police have stopped three or four others coming to fruition.’

“My own regular visits to Northern Ireland, where I am briefed in detail by police and security services, give me no cause to doubt that assessment.”

Mr Anderson reports how the Government admitted for the first time in February that the security services are actually allowed to hack phones and computer equipment as part of their investigations into dissident republican activity.

Under RIPA various authorities can and have been openly paying mobile phone companies millions for people’s communications data but the use of hacking is a new revelation.

“Deserving of mention here is CNE (Computer network exploitation or hacking, in common parlance), which may be carried out in order to access stored communications, amongst other things, under Intelligence Services Act (ISA) 1994 ss5 and 7.

“ISA 1994 s5 gives the Secretary of State the power to issue warrants authorising MI5, MI6 and GCHQ to interfere with property in quite general terms. “The interference must be proportionate to its objective and the material obtained must be used in carrying out those agencies’ functions.

“CNE was avowed for the first time by the Government, in February 2015, by the publication of the Draft Equipment Interference Code.“This makes clear that Equipment may include, but is not limited to, ‘computers, servers, routers, laptops, mobile phones and other devices.’

“It supplements the existing Covert Surveillance and Property Interference Code.

“MI6 and GCHQ may both obtain authorisation, pursuant to ISA 1994 s5, to carry out equipment interference, such as hacking, in pursuit of their statutory functions, except where the property is in the British Islands and the purpose is the prevention or detection of serious crime.

“MI5 may also obtain s5 warrants in pursuit of its statutory functions, although where the function is to act in support of law enforcement and the

property is in the British Islands, the warrant may only be authorised in order to secure the prevention or detection of what amounts to a serious crime.

“MI5 may further undertake activity under ISA 1994 s5 in support of MI6 or GCHQ.

“ISA 1994 s7 (which has been referred to as the ‘James Bond clause’) provides a power for the Foreign Secretary to authorise GCHQ or MI6 to carry out acts outside the British Islands that might otherwise be criminal offences or give rise to civil liability.

“GCHQ had five s7 class-based authorisations in 2014, removing liability for activities including those associated with certain types of intelligence gathering and interference with computers, mobile phones and other types of electronic equipment.

“MI6 had eight class-based authorisations, removing liability for activities such as the identification and use of CHIS (Covert Human Intelligence Sources) directed surveillance and interference with and receipt of property and documents, and may seek further ministerial authorisations in respect of specific operations.”

Mr Anderson also suggests dissidents may be making use of the dark web.

“The Tor Project claims that c.98.5 per cent of traffic on the Tor Network is from users accessing the open web. It may thus be a valuable tool for anonymous activism, dissident activity, victims of digital abuse such as cyber stalking and even covert online surveillance by law enforcement authorities.”

He later adds: “More controversial, and potentially sinister, are the Tor Hidden Services [THS] websites (some 40,000 in 2013, identified by .onion addresses), accessible only via the Tor network.

“Research is difficult, but it is clear that some at least of these websites host criminal markets (most famously Silk Road) and indecent images of children.”

Mr Anderson also highlights how there are loads of less well-known legal routes allowing for the interception and seizure of communications data outside the overarching RIPA 2000.

These include the Wireless Telegraphy Act 2006, Police and Criminal Evidence Act 1984, Terrorism Act 2000, Telecommunications Act 1984, the Business Protection from Misleading Marketing Regulations 2008, the Companies Act 1985, the Consumer Credit Acts 1974 and 1985, the Consumer Protection Act 1987, the consumer Protection from Unfair Trading Regulations 2008, the Copyright Design and Patents Act 1974 and 1988 and the Enterprise Act 2002.