Seven ISPs from the US, UK, Germany, South Korea, and Netherlands, have teamed up with Privacy International to file a lawsuit against the British intelligence agency GCHQ, calling for an end to the alleged network infrastructure exploitation.
In the wake of revelations of surveillance programs of NSA and GCHQ by the US whistleblower Edward Snowden, the ISPs claim the network attacks reported in a series of articles in the Intercept, and the Der Spiegel, to “undermine the goodwill the organisations and groups rely on.”
Riseup and May First/People Link (US), GreenNet (UK), Chaos Computer Club (Germany), Jinbonet (Korea), Greenhost (Netherlands) and Mango (Zimbabwe), have filed the complaint at the Investigatory Powers Tribunal, asserting that the agency’s “attacks” on service providers are illegal, destructive and “damage the trust in security and privacy”
According to the lawsuit filed, GCHQ is accused of targeting telecommunications company Belgacom’s employees, with malware infections to gain access through an attack dubbed “Quantum Insert.”
Other allegations on GCHQ include creating Turbine, an automated system to “scale up network implants,” using “man-on-the-side” technique to inject data into existing data streams to infect users, targeting German internet exchange points in collaboration with NSA to spy on internet traffic.
Privacy International Deputy Director Eric King said in a statement that the attacks of GCHQ are done without “clear lawful authority” relying on a “cloak of secrecy.”
He added that the lawsuit against GCHQ is the “first of its kind” and that the revelations by Snowden allow ISPs to stand up and challenge the spy agency for their customers and users.
The ISPs in the lawsuit were not directly named in the leaked documents, but Privacy International in a statement claims that the seven providers and their users are “at threat of being” the targets of these GCHQ surveillance practices.
Privacy International has previously filed 2 lawsuits against the alleged mass surveillance programmes – Prism, Tempora and Upstream, and the deployment of spyware and computer intrusion capabilities by GCHQ, respectively.