MITLA calls for a debate on the use of spyware tools
MITLA takes note of the recent revelations in the local media regarding the interest shown by the Malta Secret Service to procure the services of Italian web security firm Hacking Team who supply tools to infect personal computers and smartphones and eventually take control of devices as well as any data they contain.
From the outset one has to point out that the utilisation of such controversial tools falls foul of the Computer Misuse provisions contained in our Criminal Code as it is carried out without authorisation of the person controlling such computer. Such activity has to be reconciled however with the text of the Security Service Act and whether such law allows or enables the Security Service to utilise such intrusive tools which challenge our fundamental principles of privacy.
Technology has developed at light speed during the past 18 years, that is, the last time our Security Service Act was amended and one has to seriously question whether the current version of the law caters for such technological developments.
Whilst the Security Service Act mainly deals with how warrants and authorisations enabling certain actions by the Security Service are issued, one cannot but note that the law mainly deals with interception of communications. Clearly, spyware tools do not merely allow for the interception of communication data, but, through the injection of malicious code in the computers of the targets themselves, can effectively take full control of such devices remotely and enable access to all data contained therein.
It is questionable, whether the intention of the legislator in 1996 was also to justify the utilisation of such tools which go beyond mere interception of communication data.
In this light, MITLA further notes, the developments and controversies surrounding the use of such tools by security services throughout the world. The Snowden revelations have shed light on the large scale use of mass surveillance techniques by various states.
Only in May, the UK has amended criminal code provisions in order to exempt GCHQ from prosecution in hacking cases.
Against this backdrop, Malta should consider a mature and technical debate about the use of such technologies in order to assess whether the interests of the State are being carefully balanced with the fundamental rights of the citizens including the right to privacy. Whilst appreciating that such discussion will not be an easy one and that no quick answers exist, MITLA recommends that such debate is initiated without any further delay in the interest of all. Last year’s legislative proposals for the codification of digital rights into our laws have to be promoted on the legislators’ agenda so that this debate can start. MITLA believes that such drafts provide the necessary building blocks upon which such discussions can take place.
Technology constantly challenges the law and the legislator has to also ensure that our laws keep up with such technologies. Systematic data access, as opposed to interception of communications, requires detailed, clear and unambiguous legal frameworks in order to ensure legitimacy, transparency, necessity – and most importantly full respect to our fundamental human rights.