More details about U.K.intelligenceagency GCHQs use of hacking  aka: computer network interference in euphemisticofficial parlance and the oversight regime governing its hackingactivitieshave emergedviaan ongoing legal challenge filed bycivil liberties group Privacy Internationaland several ISPs, which is continuing toputwitness statements into the public domain.The legal complaint, filed back in July 2014, calls for an end to GCHQs attacking and exploitation of network infrastructure in order to unlawfully gain access to potentially millions of peoples private communications.Earlier this year thelegal actionwasinstrumental in forcing GCHQ to confirm publicly that it engages in hacking. Albeit it subsequently emerged that the U.K. government had quietly ushered through amendments tothe Computer Misuse Act  exemptingthe spy agencyand law enforcement from prosecution, and doing this in the midst of the legal challenge to thesehacking practices.The government is now in the process of reworking U.K.surveillance legislation more generally. TheInvestigatory Powers Bill, introduced to Parliament last month,lists equipment interference as a key provision. The draft legislationalso sanctions the use of so-called bulk equipment interference  i.e.non-targeted hacking that can be applied across multiple end-points, so long as the intelligence agencies are applying the justification that its amatter of national security.With such a wide-ranging power to hack into devices and software en masse set to be explicitly fixedin U.K. law, the historicallack of a strict androbustauthorization and oversight regime governing state agency hacking powersis hugely concerning.The draft Investigatory Powers Bill introduced to Parliament by the Home Office on 4 November 2015 attempts to codify the lax authorisation processes that gave rise to the problems we see in the documents released today, arguesPrivacy International. In particular, the provision permitting Bulk Equipment Interference gives an almost unfettered power to the intelligence services to decide who and when to hack.The organizationpoints towitness statements arising from its challengethat it saysconfirm GCHQ has been using hacking without obtaining individual warrants but ratherusing thematic warrants to authorize its hackingactivities.Whether it is lawful to use broad thematic warrants to justify the hacking of people in the U.K. is one of the subjects of the legal challenge.Privacy International notes that the Commissioner of the intelligence services raised specific concerns about thepracticein a 2014 report on the grounds that such warrantsmight be too broad.This means that GCHQ could get a warrant in the UK to hack the computer of everyone in Birmingham with little meaningful oversight, itadds.It also points to various other detailsemergingfrom witness statements made byGCHQ board member and director general for cyber security, Ciaran Martin including that:Commenting in a statement, Caroline Wilson Palow, General Counsel at Privacy International, said the revelations about how GCHQ has been using hacking powersunderline how importantstrict authorization and oversight regimes are.Eighteen months after we first brought this challenge, GCHQ have come to court today to defend their asserted power to hack computers in the U.K. without individual warrants. The light touch authorisation and oversight regime that GCHQ has been enjoying should never have been permitted. Perhaps it wouldnt have been if Parliament had been notified in the first place that GCHQ was hacking. We hope the tribunal will stand up for our rights and reign in GCHQs unlawful spying, she adds.Earlier this year the Investigatory Powers Tribunal, the oversight court for the U.K.s intelligence agencies, ruled against GCHQ for the first time in its 15-year history, saying it had acted illegally prior to December 2014 by receiving data fromthe NSAs surveillance dragnets.In the summer the IPT again ruled GCHQ had acted illegallyin the past by breaching its own internal policies in the handling of intercepted communications  specifically pertaining to emails from two human rights organizations.