HMRC is the subject of court action by Privacy International.
The privacy organisation has filed for judicial review after the tax collector refused to reveal the state of an investigation into Gamma International. Privacy International claims the company has been exporting sophisticated surveillance technology, which has been used to spy on dissidents in Bahrain and elsewhere.
It said the FinFisher software had been linked to use in more than two dozen countries, including Bahrain, Egypt, Ethiopia, Turkmenistan and Vietnam.
Now the group has gone after HMRC, which it claims has “categorically refused to provide any details regarding any investigation into Gamma’s export practices”, arguing it is statutorily barred from releasing information to victims or complainants.
It said it denied that it has any obligation to be transparent about any activities relating to the potentially illegal exports of British surveillance technology by Gamma International.
Privacy International, however, believes that the HMRC is acting unlawfully, either because it misconstrued the law to justify its evasive practices, or because it issued a blanket refusal without considering the facts of the case at hand.
“Furthermore, in rejecting Privacy International’s requests for information, HMRC was not only in contravention of the law, it also failed to recognise well-established principles regarding the rights of victims of crime,” the organisation said in a statement.
Eric King, head of research at Privacy International, said in the wrong hands surveillance technologies could have “devastating effects”, and the public, especially victims targeted by this surveillance, had a right to know what the UK government is doing about it.
“HMRC’s refusal to provide information to the pro-democracy activists who have been targeted is shameful. In order for the public to have full confidence and faith that these issues will be addressed, we’re asking the court to force HM Revenue & Customs to come clean,” he said.
FinFisher products work by covertly installing software onto a target’s computers and mobile phone without their knowledge, usually by tricking the user into thinking they are opening an attachment or downloading fake updates from seemingly legitimate sources like Apple or Adobe.
Once the user installs the software, victims’ computers and mobile devices can be taken over, the cameras and microphones remotely switched on, emails, instant messengers and voice calls (including Skype) monitored, and locations tracked. Investigations have revealed that such technology has been used in monitoring and tracking victims who are subsequently subjected to torturous interrogations.
In November, Privacy International provided a 186-page dossier of evidence against Gamma International to HMRC, the body responsible for enforcing export regulations, regarding this potentially criminal breach of the export control regime.
Having received no response, Privacy International wrote again on 21st December 2012 on behalf of Dr Ala-A Shehabi, a British born Bahraini pro-democracy activist whose computer had been targeted by the Bahrain authorities using technology exported by Gamma International.
HMRC finally responded on 9 January 2013 stating that by reason of the Commissioner of Revenue and Customs Act 2005 (“CRCA 2005”) s 18 it had no power to “disclose any information held by HMRC in connection with its functions” and thus “will be unable to keep you or other third parties informed about the progress of any investigation”.