GCHQ WILL have the power to hack into the devices of entire towns under the forthcoming Investigatory Powers Bill, according to a recently released Home Office briefing document.
The ‘Operational Case for Bulk Powers' is intended to explain why the security services need such wide-ranging and intrusive powers of surveillance and hacking granted under the so-called Snoopers' Charter.
The document uses a series of examples to make its case, citing terrorism, serious crime, terrorism, paedophiles, terrorism, state-based threats and, of course, terrorism.
The Bill will become law once it passes its third reading in the House of Lords. This is expected to be a formality, despite opposition from the Liberal Democrats' 107 peers.
"The draft Investigatory Powers Bill ... seeks to update the law to reflect technological change, ensuring that these powers - including those relating to sensitive capabilities available to the security and intelligence agencies - are set out transparently and consistently, with robust safeguards and world leading oversight," said the document.
It went on to claim that the analysis of bulk data has played a large part in every major counter-terrorism investigation over the past decade, implying that the security services have deployed these powers regardless of the law.
Indeed, the document claimed that they have been used "in each of the seven terrorist attack plots disrupted since November 2014".
The Home Office also said that such analysis has been used in 90 per cent of the UK's targeted military operations in south Afghanistan, and in identifying 95 per cent of cyber attacks on people and businesses in the UK "discovered by the security and intelligence agencies in the last six months".
It has been used to identify serious criminals "seeking to evade detection online" and "who cannot be pursued by conventional means".
The document makes its case with a series of examples to back up the case for the powers contained in the Bill.
- The bulk interception of communications - intercepting international communications as they travel across networks in the UK. "It is often one of the only ways of obtaining intelligence on threats emanating from overseas, frequently in places where the UK government has a very limited presence"
- Bulk equipment interference (or hacking) - "Equipment interference may be the only option for obtaining crucial intelligence. As with bulk interception this is an overseas collection capability"
- Bulk communications data obtained from service providers - predominantly internet service providers and mobile operators
- Bulk personal datasets - the use of datasets such as travel information or the many various government databases
The document supports the mass, almost indiscriminate, hacking of electronic devices using wide-ranging powers. These would enable security services to, for example, hack into all electronic devices in a particular town, or to target groups of people.
The document cites a group of suspected terrorists congregating at a training camp, whose devices GCHQ have hacked into.
"The security and intelligence agencies ... know that they are planning an attack on Western tourists in a major town in the same country, but not when the attack is planned for," explained the document.
If all the devices go dead or silent at the same time, the security services would conclude that they have been switched off, probably in advance of carrying out an attack.
The document suggested that, under such circumstances, the security services ought to have the power to use "bulk hacking techniques" on all devices in the town "in order to try to identify the new devices that are being used by the group".
Earlier this month, the Metropolitan Police made its case for wide-ranging access to communications metadata, arguing that access to such information often helped to "prove people innocent". µ
Promises that it wasn't used without permission
Data-sniffing malware could snaffle up one password to rule them all
If you can't beat em, sync em
Fixing the old, creating the new