British spies will be given sweeping new powers to hack into citizens' smartphones and computers, according to a report in The Times.
The Conservative government is expected to introduce its investigatory powers bill to Parliament in the coming weeks. The bill, if passed, will modernise the law on surveillance and provide a strong legal foundation that will allow spy agencies MI5, MI6, and GCHQ to hack suspects' devices to obtain information and evidence.
British spies have carried out hacks before to obtain information, but arguably on shaky legal territory. Previously, the legality of such approaches was based on the Intelligence Services Act, passed in 1994, which only talks in general terms about "property" and does not mention computers, according to The Times.
The investigatory powers bill, in contrast, will set out a clear legal framework for government surveillance in the digital age. It would mean British spies could exploit software vulnerabilities in an iPhone, say, in order to access otherwise-encrypted messages and track who a suspect communicates with.
Independent reviewer of terrorism legislation David Anderson told The Times that hacking "presents a dizzying array of possibilities to the security and intelligence agencies."
Authorities — both in Britain and the US — have expressed frustration with the rise of strong encryption software in consumer technology products, making it far harder for law enforcement to gather evidence.
After Edward Snowden leaked thousands of documents about US government surveillance, tech companies like Apple and Google have moved to introduce strong encryption into their products that supposedly cannot be decrypted by anyone without the correct key or password — including law enforcement, and the developers themselves.
British Prime Minister David Cameron previously said that "we just want to ensure that terrorists do not have a safe space in which to communicate. That is the challenge, and it is a challenge that will come in front of the House ... The question we must ask ourselves is whether, as technology develops, we are content to leave a safe space—a new means of communication—for terrorists to communicate with each other."
Jim Killock, executive director of British digital rights group Open Rights Group, told Business Insider that "hacking is inherently highly intrusive and dangerous, and has been employed by GCHQ against completely legitimate companies, including Belgacom and Gemalto, with enormous clean up costs being imposed on those businesses."
He added: "Hacking relies on computer insecurities which put us all at risk of other people using the same hacking techniques. While powers to hack may sometimes be justified, this is an area where agencies are subject to nearly no oversight and rely on ministers to decide whether their operations are justified or not."
In a statement, Privacy International deputy director Eric King said: "The Government has been deep in the hacking business for over a decade, yet they have have never had proper legal authority to do so. It is shameful such actions have been allowed to happen for so long. They have granted themselves incredible powers to break into the devices we hold near and dear, the phones and computers that are so integral to our lives. What’s worse is that without any legitimate legal justification, they think they have the authority to target anyone they wish, no matter if they are suspected of a crime so long as they are 'means to an end.'"
