Shoreditch ISP takes legal action against GCHQ over mass surveillance
GCHQ in Cheltenham. Photograph: © GCHQ/Crown (Creative Commons)
A Shoreditch Internet service provider, GreenNet, is part of a group of seven international companies taking legal action against government intelligence agency GCHQ.
Internet service providers (ISPs) from the UK, the US, the Netherlands, Germany and Korea are accusing GCHQ of exploiting network infrastructure in order to gain access to private communications.
The claims are being filed with the investigatory powers tribunal (IPT) in the first case of its kind and are backed by UK campaign group Privacy International.
The decision comes after revelations made by whistleblower Edward Snowdon last year revealed the extent of government surveillance in the US and the UK.
GreenNet, a non-for profit ethical ISP, which has worked with human rights and environmental groups from its Silicon Roundabout base in Shoreditch since 1985, decided to take collective action against “illegal and intrusive mass surveillance” by GCHQ.
Mr Knight of GreenNet said: “Snowden’s revelations have exposed GCHQ’s view that independent operators like GreenNet are legitimate targets for internet surveillance, so we could be unknowingly used to collect data on our users. We say this is unlawful and utterly unacceptable in a democracy.”
“I think most people expect security services to do some kind of targeted surveillance of those they perceive as a threat, but what came out last year with Snowdon showed that they were working much more broadly, and targeting systems administrators in telecommunications companies and internet service providers,” he said.
The widespread nature of these attacks became known through a series of articles published by German news magazine Der Spiegel and online publication the Intercept, which detailed alleged illicit activities by GCHQ.
The articles claimed that employees of Belgian telecommunications company, Belgacom, were targeted by GCHQ and infected with malware through a highly developed attack called “Quantum Insert”, in order to gain access to important network infrastructure.
Mr Knight said: “This scheme they have got called Quantum is a way of inserting information into an internet connection so as to take control of hardware. Not all the technical details have come out but it seems that GCHQ regards it as legitimate to basically spy on individual businesses.”
“Larger ISPs tend to have arrangements both with security services and less secretive authorities to collect data on their users, whereas we have no such arrangement. The point is that we could be unknowingly being used to collect that data.”
Mr Knight said that he hoped the tribunal would be made public for the sake of transparency.
Eric King, Deputy Director of Privacy International, said: “These widespread attacks on providers and collectives undermine the trust we all place on the internet and greatly endangers the world’s most powerful tool for democracy and free expression.
“It completely cripples our confidence in the internet economy and threatens the rights of all those who use it. These unlawful activities, run jointly by GCHQ and the NSA, must come to an end immediately.”
A spokesperson for GCHQ said: “We have not received any formal notice of this claim as yet. It is a longstanding policy that we do not comment on intelligence matters.
“Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position.
“The United Kingdom’s interception regime is entirely compatible with the European Convention on Human Rights”.