The UK government has covertly amended the Computer Misuse Act to grant law enforcement agencies immunity from prosecution for a variety of what would otherwise be illegal activities during surveillance operations.
The amendment was passed on 3 March 2015 and came into law in May. It gives law enforcement and intelligence agencies the ability legally to hack suspects' laptops, smartphones, tablets and various unspecified "digital systems".
The documents give few specifics about how far these powers extend, such as the crimes and operations that will grant officers these powers or whether warrants will be required in each instance.
Privacy International claimed that the government rushed the amendment through without proper debate in a bid to avoid public scrutiny from NGOs, watchdogs, Regulation of Investigatory Powers Act commissioners, the Information Commissioner's Office and industry.
"The underhand and undemocratic manner in which the government is seeking to make lawful GCHQ's hacking operations is disgraceful," said Privacy International deputy director Eric King.
"Hacking is one of the most intrusive surveillance capabilities available to any intelligence agency, and its use and the safeguards surrounding it should be the subject of proper debate.
"Instead, the government is continuing to neither confirm nor deny the existence of a capability it is clear they have, while changing the law under the radar without proper parliamentary debate."
GCHQ had not responded to V3's request for comment on Privacy International's claims at the time of publishing.
However, the government said that the move is a necessary step in the nation's war against cyber crime.
"In the absence of an amendment, the UK (from individuals up to big business) is exposed and law enforcement agencies will not have the necessary powers to intervene early enough in order to prevent potential criminal damage," read the amendments document.
The Home Office denied that any changes had been made to the law, claiming that the powers that exist remain the same.
"There have been no changes made to the Computer Misuse Act 1990 by the Serious Crime Act 2015 that increase or expand the ability of the intelligence agencies to carry out lawful cyber crime investigation," it said.
“It would be inappropriate to comment further while proceedings are ongoing.”
The move follows widespread concerns about the newly elected Conservative government's digital surveillance plans.
The party manifesto listed increasing the surveillance powers of intelligence and law enforcement agencies as a key part of its plans, claiming they are needed for "anti-terrorism purposes".
The plans include reworking the Data Communications Bill, commonly referred to as the Snoopers' Charter, and new legislation forcing businesses to retain key customer data, including online conversations and Facebook and Twitter activity, for 12 months.
EE, O2, Vodafone, Three and Airspan open the bidding
Worried about data privacy? Here are several ways to secure your Facebook account
The ICO is seeking an urgent warrant to investigate a major data breach - everything you need to know as the story continues to unfold