A coalition of ISPs and communication providers from around the world filed a legal complaint against the U.K. Government Communications Headquarters (GCHQ), calling for an end to its alleged attacking and exploitation of network infrastructure to gain access to potentially millions of people's private communications.
The complaint was lodged on Wednesday with the U.K.'s Investigatory Powers Tribunal (IPT), a court that can investigate complaints about any alleged conduct by, or on behalf of, the British intelligence services.
The case was filed by U.S. campaigning organizations Riseup and May First/People Link, as well as by U.K. ISP GreenNet, Dutch hosting service Greenhost, Mango from Zimbabwe, the South-Korean Jinbonet, along with the German Chaos Computer Club and Privacy International who said exploiting network infrastructure to gather information is unlawful.
Their complaint draws on the revelations in a series of articles published by German news magazine Der Spiegel and investigative website The Intercept, based on documents provided by former NSA-contractor Edward Snowden.
Der Spiegel for instance reported in September that GCHQ had targeted the employees of the Belgian telecommunication company Belgacom to gain access to important network infrastructure using a malware attack.
"While the claimants were not directly named in the Snowden documents, the type of surveillance being carried out allows them to challenge the practices in the IPT because they and their users are at threat of being targeted," the organizations said.
Belgacom reported the attacks on its infrastructure to Belgian police. Privacy International spokesman Mike Rispoli could not say whether the company was invited to join the U.K. legal action. Due to the interconnectedness of the Internet, the surveillance described in the articles could be carried out against any ISP or communications provider, he added.
Another report by The Intercept based on documents provided by Snowden showed in March that the U.S. National Security Agency (NSA) has been working on expanding its ability to infect computers with surveillance malware and creating a command-and-control infrastructure capable of managing millions of compromised systems at a time. GCHQ appears to have played an integral role in developing this, according to the publication.
In their lawsuit, the communications providers claim that by allegedly interfering with network assets and computers belonging to the network providers, GCHQ has contravened the U.K. Computer Misuse Act and the European Convention of Human Rights (ECHR), which guarantees the individual's peaceful enjoyment of their possessions, they said.
Furthermore, conducting surveillance of the network providers' employees is in contravention of article 8 of the ECHR which covers the right to respect for private and family life, and article 10, which covers freedom of expression, they said. Surveillance of the network providers' users that is made possible by exploitation of their Internet infrastructure is also in contravention of those articles, the complainants said.
Sign up for CIO Asia eNewsletters.