The UK’s tax office acted in “irrationally” and unlawfully, according to the UK High Court, after it systematically refused to discuss the status of any investigation into a company that allegedly sells state-controlled malware to repressive regimes.
The case was brought by Privacy International, alleging Gamma International, the maker of FinFisher software, had sold and exported spyware to countries with less-than-desirable track records on human rights issues.
The non-governmental organization submitted an evidence dossier to HM Revenue & Customs (HMRC) in November 2012, which the privacy group said in a blog post on Monday that the tax office “refused to provide any information on what if any investigation they were conducting.”
Mr. Justice Green said in his judgment [PDF] that by HMRC’s refusal to answer whether or not it was investigating the British private-sector spyware maker, the tax department had acted in an “inconsistent” way that “reflects a mistaken view of the law.”
In his conclusion, Justice Green said the public was “entitled in law” to know if the evidence dossier had been rejected.
HMRC is now ordered to reconsider Privacy International’s request.
In remarks, Privacy International’s deputy director Eric King said: “For two years we have been asking Government to come clean on what they are doing when it comes to the illegal export of FinFisher and to stand up for victims targeted by surveillance technology made on British soil.”
“Today’s ruling is an important victory, and a step in the right direction to holding Gamma International, and the rest of this secretive industry, to account,” he added.
FinFisher software first came to significant public light after Wikileaks published documents dubbed the “Spy Files” on the private intelligence sector in late 2011. The software can be covertly installed on an array of devices, including phones, tablets, and computers, to exploit desktop and cloud-based services, including Skype and Gmail.
It was reportedly used against Bahrani pro-democracy activists in 2012, among other places, in order to intercept encrypted communications, such as voice-over-IP calls.
In the days following the leaks, the European Commission moved to prevent surveillance tech and software from being sold to despots and dictators.
“Companies should be transparent about the technology they are selling in certain countries,” European Digital Agenda Commissioner Neelie Kroes said at the time.