GCHQ Asked Court To Let It Infringe On Anti-Virus Copyrights... For National Security

from the nothing-is-intact dept

National security apparently means "securing" the nation at the expense of citizens' security. New Snowden documents published by The Intercept show massive amounts of dicking around in the coding of popular anti-virus software by the NSA and GCHQ. The list of antivirus products not affected would be much, much shorter than a list of those that have been.



“Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE [Computer Network Exploitation] capability and SRE is essential in order to be able to exploit such software and to prevent detection of our activities,” the warrant renewal request said. “Examination of Kaspersky and other such products continues.” The warrant renewal request also states that GCHQ reverse engineers anti-virus programs to assess their fitness for use by government agencies.

GCHQ’s success as an intelligence agency is founded on technical knowledge and creativity. In particular this may involve modifying commercially available software to enable interception, decryption and other related tasks, or “reverse engineering” software (this means to convert it from machine readable code into the original format, which is then comprehensible to a person). These actions, and others necessary to understand how the software works, may represent an infringement of copyright. The interference may also be contrary to, or inconsistent with, the provisions of any licensing agreement between GCHQ and the owners of the rights in the software.

There is a risk that in the unlikely event of a challenge by the copyright owner or licensor, the Courts would, in the absence of a legal authorisation, hold that such activity was unlawful and amounted to a copyright infringement or breach of contract. The purpose of this warrant is to provide authorisation for all continuing activities which involve interference with copyright or licensed software, but which cannot be said to fall within any other specific authorisation held by GCHQ and which are done without the permission of the owner.

GCHQ obtained a warrant for reverse engineering under a section of British intelligence law that does not explicitly authorize — and had apparently never been used to authorize — the sort of copyright infringement GCHQ believed was necessary to conduct such activity.



The spy agency instead relied on the Intelligence Services Commissioner to let it use a law pertaining only to property and “wireless telegraphy,” a law that had never been applied to intellectual property, according to GCHQ’s own warrant renewal application. Eric King, deputy director of U.K. surveillance watchdog Privacy International said, after being shown documents related to the warrant, “The secret reinterpretation of powers, in entirely novel ways, that have not been tested in adversarial court processes, is everything that is wrong with how GCHQ is using their legal powers.”

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Much of what listed here involves the NSA and GCHQ monitoring threats reported to these antivirus makers (by intercepting email messages, naturally), obviously in hopes of finding something temporarily exploitable. But in other cases, the efforts went much, much deeper. The GCHQ obtained a warrant to reverse engineer Kapersky products because it felt the company's software was "obstructing" its hacking attempts.Not only did the GCHQ seek permission to tear apart a legitimate security product for its own ends, but it also asked for an exception to UK copyright law in order to do so.Recognizing this could potentially cause a problem if its efforts were discovered, GCHQ explicitly asked that it be granted permission to engage in copyright infringement in the name of national security.In other words, GCHQ doesn't have specific authorization to violate copyrights or licensing agreements, but for this particular effort, the warrant would act as a blanket permission slip to engage in this illegal activity. And, in doing so, it stretched an intelligence law to cover its violation of intellectual property laws On top of that, the type of warrant it obtained was only to be used for foreign surveillance, but supporting documentation notes GCHQ would also be performing its reverse engineering to support "police operations" and the domestically-focused National Technical Assistance Centre.When it comes to national security efforts, laws just don't apply, it would appear. The NSA and GCHQ's efforts are completely indistinguishable from those of cybercriminals. While these agencies may have "good" on their side -- at least in terms of not wishing specific harm to non-targets -- the end result is the same: a less secure computing world.

Filed Under: anti-virus, copyright, gchq, infringement, national security, reverse engineering

Companies: kaspersky