Spies at the U.K.’s intelligence agency are now immune from prosecution related to computer hacking after the British parliament secretly changed a key computer-crimes statute.
The rewriting of the law, which protects the Government Communications Headquarters (GCHQ), took place effectively in secret while the group Privacy International pursued a legal case against GCHQ. Privacy International was notified of the change last week.
How secret was the change? The crucial clause of the Computer Misuse Act that was rewritten to exempt all law enforcement officers from prosecution was misleadingly titled “savings,” despite having wide consequences beyond financial matters.
The specifics of the new law are not yet known.
“It appears no NGOs, Regulators, RIPA Commissioners, the Information Commissioners Office, Industry, or the public were notified or consulted about the proposed legislative changes,” Privacy International said in a statement. “There was no published Privacy Impact Assessment.”
The U.K.’s national police agencies were consulted, but “there was no public debate,” the group continued.
Eric King, Privacy International’s deputy director, said the secret rule change reflected the “underhand[ed] and undemocratic manner in which the government is seeking to make lawful GCHQ’s hacking operations.”
The British government pushed back on the idea that secret changes to the law would affect GCHQ’s operations.
“There have been no changes made to the Computer Misuse Act 1990 by the Serious Crime Act 2015 that increase or expand the ability of the intelligence agencies to carry out lawful cyber crime investigation,” a spokesperson for the U.K.’s Home Office told the Register. “It would be inappropriate to comment further while proceedings are ongoing.”