Legalised hacking in the UK now allows a third party to take control remotely of a phone’s camera or microphone and record video and conversations taking place, the Guardian’s Alan Travis reported this week. What’s the point of Apple trying to encrypt its iPhones if the spooks can switch them on remotely and monitor what we are doing?
Until recently, the security services have gone to great lengths not to disclose their operational capabilities. If the bad guys know how their communications can be monitored, they’ll look for other ways of exchanging information.
So it’s something of a surprise to see how open the agencies have now become. Ciaran Martin, director of cybersecurity at GCHQ, gave evidence recently to the investigatory powers tribunal about what’s now called “equipment interference”. If the new investigatory powers bill becomes law, warrants permitting interference with equipment will be issued by a secretary of state and approved by a judicial commissioner. Under clause 88, this would include “observing or listening to a person’s communications or other activities”.
In evidence to the tribunal, Martin explained that equipment interference might involve installing an implant into a laptop or mobile, perhaps by persuading a user to click on a link.
A simple implant would transmit information over the internet. But others “might monitor the activity of the user of the target device or take control of the computer”. This presumably includes switching on a device’s camera and microphone, even when it’s not being used to make calls. Martin accepted that such operations could be “highly intrusive”. But so is someone hiding a camera in your bedroom, which will not require prior judicial authorisation.