Immigration officials have been permitted to hack the phones of refugees and asylum seekers, including rape and torture victims, for the past three years.

The revelation has sparked outrage among civil rights groups and campaigners for rape victims, who said that it was distressing that the British government had rolled out powers that could target some of the most vulnerable individuals in society.

The Home Office confirmed to the Observer that since 2013 immigration officials have been granted the power to “property interference, including interference with equipment”, which can include planting a listening device in a home, car or detention centre, as well as hacking into phones or computers. Critics fear the powers could undermine lawyer-client confidentiality in sensitive immigration and asylum cases.

The power was authorised through an amendment to the Police Act 1997, prompting campaigners to warn that intrusive technological powers are being regulated by outdated legislation.

Alistair Carmichael, the Liberal Democrat home affairs spokesman, said: “For far too long, vague and outdated legislation has been exploited to extend the Home Office’s powers. No parliamentarian would have ever foreseen immigration officers having the powers to hack into our smartphones and computers of potentially quite vulnerable people.”

Silkie Carlo, of the rights group Liberty, said: “The entirely new power of routine communication interception at removal centres is a blatantly discriminatory move.”

Research has found that torture victims have been held in immigration detention centres, and campaigners cite statistics suggesting that up to 70% of women in centres like Yarl’s Wood in Bedfordshire are rape survivors.

People have the right to speak privately and disclose sensitive information about rape, torture and domestic violence Cristal Amiss, Black Women’s Rape Action Project

Cristal Amiss, of the Black Women’s Rape Action Project, said: “These powers are an outrage. People in detention have the right to confidentiality, to speak privately to their lawyer and disclose often very sensitive information such as details of rape, torture, domestic violence and alleged abuse by officials. They have to be able to share private information without their phones being hacked.”

A Home Office briefing document detailing the hacking powers available to immigration officers claims the aim “is to ensure that immigration officers can deploy a full range of investigative techniques to deal effectively with all immigration crime”.

A Home Office official confirmed that “equipment interference” had been used to prevent serious crime, including disrupting the supply of counterfeit travel documents, which could have been used to facilitate the smuggling of illegal migrants. They did not address whether the powers had been used to ascertain the veracity of asylum claims.

“They [immigration officers] may only use the power to investigate and prevent serious crime which relates to an immigration or nationality offence, and have done so since 2013,” said a statement from the immigration minister, James Brokenshire.

The revelation coincides with fresh concern over the latest version of the “snooper’s charter”, which will give the police powers to access everyone’s web browsing histories and hack into phones. The extension of police powers is contained in the investigatory powers bill, designed to provide the world’s first comprehensive legal framework for state surveillance powers. This also dates from the 1997 Police Act, but the Home Office has tried to dampen disquiet by insisting such powers would only be used in “exceptional circumstances”, extending the use of remote computer hacking from the security services to the police – predominantly the National Crime Agency – in cases involving a “threat to life”, missing persons or cases that risk “damage to somebody’s mental health”.

The bill has met severe criticism from three parliamentary committees, and surveillance campaigners are challenging MPs to improve safety and confidentiality measures before it is rushed into law. Carmichael said: “Parliament must be given the time it needs to properly scrutinise and improve it.”

Carlo said: “The bill contains the flimsiest of safeguards and takes state hacking to an unprecedented and dangerous new level. It allows for practically limitless bulk hacking against the devices of individuals, groups or even entire nations.”

Liberty warns that powers to hack millions of devices en masse remain in the bill, despite recommendations from parliament’s intelligence and security committee that they be removed. Elsewhere, the security services will still be able to examine the browsing histories of the entire population, and the communications of MPs, journalists and lawyers open to access by intelligence agencies.