The Earl of Northesk (Conservative) Peer. AKA David Carnegie. He is a strong campaigner for civil liberty, privacy, peoples rights and workable computer laws. He is a member of the All Party Internet Group.

Issues

Computer Misuse Act

He has campaigned tirelessly to improve the Computer Misuse Act 1990 putting forward the Computer Misuse (Amendment) Bill^[1] in May 2002, a Private Member's Bill to amend the CMA to ban Denial-of-service attacks; but like most Private Members' Bills, it failed</ref>.

The government has instead attempted to fix some of the problems with amendments in the Police and Justice Bill 2006. During the Lords Committee stage he successfully fixed a clause that made Denial-of-service attacks illegal. He reassured experts by introducing the issue of recklessness into the clause. Unfortunately there is separate clause that, as it stands, would make it an offence to release a computer tool "likely to be used" in a computer offence, he proposes removing this paragraph. Without this amendment the clause will criminalise IT and security professionals who make network monitoring tools publicly available or who disclose details of unpatched vulnerabilities. So far, the government has not agreed with him on this point. He is has publicly said he will fight against the clause, calling it "pure idiocy" and "absolute madness".

The Earl of Northesk House of Lords debates. 11 July 2006 Police and Justice Bill

I thank the Minister for that reply and I thank the noble Earl, Lord Erroll, and the noble Baroness, Lady Harris, for their contributions and their support for the amendments. Regrettably, I am none the wiser. The Minister has not clarified the issue for me one iota. My understanding is that at the heart of this lies the legal definition of "likely". It is a sad fact that vast swathes of the IT sector remain, to this day, confused about how the word "likely" will be interpreted by the courts. They simply will not take the risk of falling foul of this provision. I do not mind whether the noble Lord wishes to dismiss that, but that happens to be true.

I have very serious difficulties about how the courts will interpret the Government's intent vis-à-vis "likely". How will the courts measure it, and against which yardstick will they measure it? There is absolutely nothing in the Bill to suggest that they can so do. I will read what the Minister has said extremely carefully, but, on first hearing, it does not clarify matters at all. With certainty, I shall return to this matter on Report. In the mean time, I beg leave to withdraw the amendment.

DNA database

The Earl of Northesk House of Lords debates. 18 July 2006 Privacy: Pervasive Computing

My Lords, does the Minister agree that the issue is as much about ownership of the huge amount of data routinely collected about all of us as it is about privacy? If so, what stance do the Government take on the questionable legality of the Home Office authorising the DNA database to be used by the Forensic Science Service to research whether race and ethnicity can be determined from DNA samples?

Identity cards

He is against the Identity card bill and spoke in support of the LSE report. He proposed many amendments during the debates trying to solve some of the problems with this bill.

The Earl of Northesk said: "The Bill is far less about the introduction of identity cards ... than about the establishment of a centralised and over-arching database containing extensive details about every individual in the land."

Biometric passport

The Earl of Northesk House of Lords debates. 14 November 2005 Prison Estate: Biometrics

My Lords, I am grateful to the Minister for that reply. While acknowledging that the prison estate in Scotland is the responsibility of the Scottish Executive, is it not the case that a fingerprint recognition system was installed at Glenochil high security prison? Is it not also the case that, within short order of it having been installed, inmates had spoofed and circumvented the system and gained access to all parts of the prison—even to the extent, as some prison staff have suggested, of settling old scores?

[1] [2] [3] [4] [5] [6]

E Goverment

The Earl of Northesk Written answers. 10 November 2005 Government Services: Electronic Delivery

What action they propose to take to promote public engagement with government e-services in light of the recently published Eurostat figures indicating that the United Kingdom is at, or near, the bottom in all aspects of interaction with public authorities via the internet.

Computer Malware

The Earl of Northesk Written answers. 6 April 2005 Computer Malware

Given recent research by Symantec indicating that 25.2 per cent of the world's "zombie" computers are located in the United Kingdom, what action they are taking to address this proliferation and its causes.

Internet Fraud

The Earl of Northesk Written answers. 1 March 2005 Internet Fraud

In light of the appearance of the worm VBSun-A and other fraudulent activities on the Internet, what action they are taking against online fraudsters seeking to exploit the tsunami disaster.

Personal Information Databases

The Earl of Northesk Written answers. 23 February 2005 Government Departments: Personal Information Databases

Further to the Written Answer by the Baroness Ashton of Upholland on 4 February (WA 72), which databases that hold personal information on individual citizens are currently maintained by:

(a) the Home Office;

(b) the Department for Work and Pensions;

(c) the Department for Education and Skills;

(d) the Department for Environment, Food and Rural Affairs;

(e) the Office of the Deputy Prime Minister;

(f) the Cabinet Office; and

(g) the Inland Revenue.

Software Patents

He asked questions about the directive. [7]

Spyware

The Earl of Northesk Written answers. 10 January 2005 Spyware

Given that an estimated 67 per cent of all computers contain some form of spyware, and given the uses to which spyware can be put to facilitate identity theft and online fraud, what legislative sanctions exist to protect computers and their users from such programs.

Phishing

Interested

RIP Act Part III

Very interested.

Earl Northesk supported six amendments to the Bill that where tabled by the Foundation for Information Policy Research (FIPR). Earl Northesk said "To my mind that is an inadequate fig leaf to justify the broad and imprecise scope of the data retention measures before us today. What cannot be disputed is that the power already exists."

The Earl of Northesk said 30 March 2001

"We have become inured to the oft-repeated mantra that the government are aiming to make the UK the best and safest place in the world for e-commerce. That is all good and well. But measures such as IR35 and the Regulation of Investigatory Powers Act work against the grain of that ambition. Far from promoting or facilitating the development of e-commerce in the UK, they act as constraints and disincentives. So it is with the Bill which, in terms, reveals a scant understanding of the way in which the Internet works."

"the Bill sanctions mass domestic surveillance....measures such as this are without parallel anywhere outside, of all places, Zimbabwe." [8]

Phorm

The Earl of Northesk hs a detailed knowledge of the Phorm issue and has shown keen interest in it.

Audio of Earl of Northeskvtalking about Phorm

Written question Phorm 20 May 2008

Whether any official or Minister in the Home Office has offered written or oral advice to any executive of the company Phorm as to the legality of their targeted advertising software product; if so, what was the advice; in what circumstances was it given; and what was the justification for giving it.

Written question Phorm 21 April 2008

Whether they are taking any action on the targeted advertising service offered by Phorm in the light of the questions about its legality under the Data Protection and Regulation of Investigatory Powers Acts.

Children's Digital Rights

Interested

RFID

The Earl of Northesk Written answers. 16 December 2003 Radio Frequency Identification Tags

Whether they consider that the use of radio frequency identification tags on consumer goods represents risk to civil liberty and privacy; and, if so, whether they have any plans to initiate an inquiry into such use.

[9]

Electronic Voting

Interested

Written question E-voting 26 June 2007

What plans they have, in light of the recent report from the Open Rights Group on the May 2007 elections in England and Scotland, for continued e-voting in United Kingdom elections.

Written question Electoral Modernisation Pilots 19 December 2002

What was the structure of the team conducting recent e-voting trails commissioned by the Department of the Environment, Transport and the Regions; and whether there are any proposals to change that structure in light of the gateway review of the trials.

Written question Electoral Modernisation Pilot Programme 17 December 2002

Whether the recent e-voting trials commissioned by the Department of the Environment, Transport and the Regions were subject to the gateway review procedure; and, if so, what was the outcome of the review.

Written question Electoral Modernisation Pilot Programme 17 December 2002

Whether they will place in the Library of the House copies of the reports commissioned by the Department of the Environment, Transport and the Regions on recent e-voting trials.

Written question Electronic Voting 1 November 2002

Whether they agree with the assessment of Rebecca Mercuri, assistant professor of Computer Sciences at Bryn Mawr College in Pennsylvania, that e-voting gives far greater scope for electoral fraud than existing polling methods; and what are the implications of this for their policy towards e-voting.

Data Retention

House of Lords debate Anti-terrorism, Crime and Security Bill 4 December 2001

The Bill is drafted in such a way as to compel the retention of data by private as well as public networks. The Minister confirmed that point in an earlier debate. Thus it applies to a massive sub-set of computing uses. The noble Lord, Lord Phillips, mentioned peer-to-peer or P2P which is already a well-established medium for data transfer and exchange over the Internet.

Many—or maybe few—will be aware of the legal action conducted in America against Napster by the recording industry. Whatever the outcome, P2P, whether represented by Napster derivatives or successors such as the systems engineered by the recording industry—I believe that one was announced today—is becoming a benchmark for data transfer of content over the web.

In terms, therefore, the Bill potentially requires private computers, perhaps even down to the level of the individual user, to log arbitrary data. If it applies at that level and users are required to log traffic and report usage upon government request, not only will it be an unwarranted intrusion upon the individual but it could also severely impair research and development of a number of P2P software applications.

There are those who believe that P2P and its variants are the future of e-commerce. For example, Andrew Grove, former chairman of Intel Corporation, observed:

Web computing defined the second half of the '90s; peer-to-peer computing will be a significant paradigm"—

wonderful word—

Xof the first half of this decade".

How does that square with the Government's commitment to e-commerce?

Amendments Nos. 177E, 177F and 177G are quite technical but no less important for that. Amendment No. 177E seeks to ensure that data generated temporarily during the course of computing operations, which has no separate business use, are not inadvertently caught by the scope of the Bill. I believe that the Minister has already given assurances on the point, so if he chooses not to reply to that amendment I shall probably be satisfied. Amendments Nos. 177F and 177G echo the concerns raised in respect of Amendments Nos. 175 and 176. I have in mind—I may be wrong—that our debates on RIP provoked assurances that the provisions of that Act did not extend to private telecoms networks. Perhaps the Minister can confirm that one way or the other.

I move to Amendment No. 177G. The particular focus of our debates on RIP was whether its provisions extended to providers of private telecoms networks. This amendment also seeks to address that problem.

Open Source

Written question NHS: Software Contract 2 December 2004

Whether open source software solutions for public sector information technology projects, as endorsed by the Office of Government Commerce, were considered as an alternative to the recently announced nine-year contract with Microsoft for software for the National Health Service.

Written question NHS: Software Contract 2 December 2004

What will be the licensing costs of the recently announced nine-year contract with Microsoft for software for the National Health Service contract; and how these would compare, had an open source solution been adopted.

Links

• The Earl of Northesk on TheyWorkForYou
• Voting Record - The Earl of Northesk
• Earl of Northesk on Wikipedia

Press

2006-07-19 - ZDNet - Home Office 'wrong' over criminalisation of IT pros

Author: Tom Espiner

Summary: Last week, the Earl of Northesk failed in an attempt to get part b of the amendment deleted. The Home Office has been blasted by lawyers over its claims that changes to the Computer Misuse Act (CMA) will not affect legitimate users.

2006-07-14 - ZDNet - Peer loses cybercrime fight

Author: Tom Espiner

Summary: Lord Northesk's attempt to prevent IT pros and the police from being criminalised by the updated Computer Misuse Act has failed. The Earl of Northesk's attempt to introduce amendments to the Computer Misuse Act 1990 (CMA) through the Police and Justice Bill 2006 did not pass committee stage discussions on Wednesday.

2006-05-20 - ZDNet - Lord battles government over cybercrime laws

Author: Tom Espiner

Summary: Lord Northesk is seeking to amend the Computer Misuse Act (CMA) 1990 to give the police and judiciary greater "legal clarity" when dealing with computer crime. Northesk has proposed amendments to the government's own amendments.

2006-05-25 - ZDNet - Lord vows to fight cybercrime laws

Author: Tom Espiner

Summary: Northesk vowed to fight the bill in the Lords, calling the clause "pure idiocy" and "absolute madness". "I will definitely be seeking to change it," Northesk told ZDNet UK. "The Home Office is in enough trouble already, so the thought of them enacting a law to stop the police doing their job is extraordinary."

2005-11-15 - The Guardian - Yesterday in parliament - Biometric ID

Summary: Ministers were challenged on reports that use of biometric identity systems at Scotland's Glenochil high security prison had unintentionally allowed inmates to "gain access to all parts of the prison". The Tory Earl of Northesk said within "very short order" of a fingerprint recognition device being installed, "inmates had circumvented the system and gained access to all parts of the prison, even to the extent of settling old scores".

2005-11-14 - BBC - Jail biometric glitch 'limited'

Summary: Prison chiefs have dismissed renewed claims that a biometric identity system at a Scottish jail failed so badly it let inmates have a free run. The Earl of Northesk, a Tory, said Glenochil Prison's fingerprint system had let prisoners access all parts of the jail, settling "old scores".

2005-07-15 - The Register - Another pitch to Parliament for Denial of Service law

Summary: The report led to APIG Chairman Derek Wyatt MP’s own Ten Minute Rule Bill of April 2005, although this was not the first attempt to change the Act: in 2002, the Earl of Northesk introduced his own Ten Minute Rule Bill – but like most such bills, it died.

2005-03-10 - The Register - MP pitches Denial of Service law to Parliament

Summary: This is the second attempt to tack a DoS extension onto the Computer Misuse Act. The first was a Private Member's Bill introduced by the Earl of Northesk in 2002; but like most Private Members' Bills, it failed. And Derek Wyatt has no illusions about his Ten Minute Rule bill becoming an Act in the short term.

2004-03-18 - BBC - MPs reassess computer crime laws

Summary: UK legislation aimed at protecting computer users from hackers and spammers is to investigated by an influential group of MPs. "The Computer Misuse Act dates from 1990. Fourteen years on the technological advance and increasing sophistication of the internet has outstripped its capacity to deal with the generality of e-crime adequately," said APIG member The Earl of Northesk.

2003-04-27 - The Guardian - They've got your number

Author: Mike Butcher

Summary: The Earl of Northesk agrees that denial-of-service attacks go unreported because businesses are fearful of revealing how vulnerable their systems are to cracking attacks. 'The Government and the Home Office argue that the Computer Misuse Act would cover a denial-of-service attack, but I disagree, which is why I brought the Bill,' he says.

2001-11-30 - ZDNet - Lords to consider data retention objections

Author: Wendy McAuliffe

Summary: The House of Lords will discuss amendments designed to stop the anti-terror bill turning the UK into a country of 'mass surveillance'. Earl Northesk is supporting six amendments to the Bill that have been tabled by the Foundation for Information Policy Research (FIPR) -- a non-governmental think tank that opposes the retention of communications data for use in minor criminal investigations.

2001-03-30 - The Register - New Bill labels ISPs as publishers

Author: Kieren McCarthy

Summary: A government bill currently in the House of Lords labels ISPs as publishers, in an apparent attempt to bypass their undecided legal status and enforce new tobacco advertising rules. ... The Earl of Northesk said "We have become inured to the oft-repeated mantra that the government are aiming to make the UK the best and safest place in the world for e-commerce. That is all good and well. But measures such as IR35 and the Regulation of Investigatory Powers Act work against the grain of that ambition. Far from promoting or facilitating the development of e-commerce in the UK, they act as constraints and disincentives. So it is with the Bill which, in terms, reveals a scant understanding of the way in which the Internet works."

References