ORG parliamentary and policy update/2014-w02

< ORG parliamentary and policy update

This is ORG's Parliamentary Update for the week beginning 06/01/2014

If you are reading this online, you can also subscribe to the email version.

Official Meetings

Jim Killock met with ORG's Board, Advisory Council and staff members this week to discuss strategy. This afternoon he met with privacy groups to discuss mass surveillance.

Peter Bradwell and Javier Ruiz visited the Law Commission, for a roundtable discussion about their consultation about data sharing by the government.

NSA and GCHQ updates

See our full list of the Guardian and Snowden’s revelations.

NSA seeks to develop Quantum computer

Documents provided by Edward Snowden reveal that the NSA are seeking to create a quantum computer which would have the capability to break almost all encryption tools currently in use. The project is titled "Penetrating Hard Targets".

The documents also reveal an additional project called "Owning the Net" that is geared toward using quantum research to break encryption, including the widely used RSA encryption tool (widely used by web browsers to encrypt financial transactions and encrypted e-mails).

The new documents seem to show that the American security agency has not made any more substantial progress than the rest of the scientific community. They seem to have expected to be able to have some of the building blocks of the computer by the end of September. However, an MIT professor of quantum mechanical engineering said of the September success “That’s a great step, but it’s a pretty small step on the road to building a large-scale quantum computer,” Lloyd said.

The Washington Post have published an annotated version of the "Penetrating Hard Targets" project on their website.

Consultations and departments

A full list of open consultations and Parliamentary events can be found on our Events

New ruling on City of London police's domain seizure

Since October, the Police Intellectual Property Crime Unit (PIPCU) has been issuing requests to domain registrars to block certain domain names and redirect them to a 'seized by PIPCU' page. This was done without a court order. Some domain registrars, such as the Public Domain Registry, complied with the request despite this and proceeded to block the pages.

Last month, EasyDNS (a domain registrar), issued a 'Request For Enforcement' to Verisign (company that operates the .com/.net registry) so that pages blocked by other domain registrars including Public Domain Registry can be transferred to their service. EasyDNS argued the other registrars had no grounds on following the domain block requests by PIPCU since there had been no due process. Verisign issued a 'no decision' on the matter.

However, Easy DNS appealed the decision and the National Arbitration Forum (American based arbitration and mediation service) ruled that the Public Domain Registry cannot freeze the transfer of the domain to EasyDNS. The ruling stated :"No court order has been issued which would prohibit the transfer of the domain names at issue from the Registrar of Record to the Gaining Registrar. Therefore, there is nothing in the Transfer Policy which authorizes the Registrar of Record to refuse to transfer the domain names. "


Joint Committee on Human Rights say confiscation measures at ports need more safeguards

The Joint Committee on Human Rights have published a further report on the proposed Anti-social Behaviour, Crime and Policing Bill. The bill contains provisions that will allow border police to confiscate and make copies of a suspect's belongings (including laptops and other electronic materials) at ports and airports.

The Committee responded to the Independent Reviewer's suggestion that a 'subjective suspicion threshold' be used for confiscation and other Schedule 7 powers. Instead they insisted on their point that a 'reasonable suspicion' be the absolute minimum. In their words

"In our view, a subjective suspicion standard does not count as very much of a safeguard at all because it does not provide the basis for any independent scrutiny of the reasonableness of the officer’s suspicion on which the exercise of the power was premised."

The second report can be foundonline in PDF format.

Government Bills

Defamation Act 2013 comes into effect

The Defamation Act came into effect at the start of the New Year. The new regulations are aimed at improving defamation laws in the UK, including targeting 'libel-tourism' and protecting statements made in scientific and academic peer-reviewed publications.

Previously, website operators have been held accountable for anonymous defamatory comments on their websites. However, Section 5 of the new Act, now provides them with a defence.

In brief, the website operators cannot be held accountable if they can prove they didn't write the alleged defamatory statement (subsection 2). However, they can be held accountable if the claimant can prove they could not identify the poster of the statement, had issued a complaint to the operator and the operator failed to respond in accordance with the provisions contained in the regulations(subsection 3).

The Ministry of Justice has published a guidance document on Section 5 and the regulations. The document (which can be accessed online in PDF format) provides information on what should be included in a complaint against a defamatory statement and how website operators should respond to maintain their Section 5 defence.

The new process is said to simplify the instances of defamatory disputes by creating a direct link with the person who posted the comments.

Debates and questions

Question on steps to increase the success rate of prosecutions for online stalking and harassment

Oliver Heald MP asked the Crown Prosecution Service (CPS) how they aim to increase the rate of successful prosecutions against 

online stalking and harassment.

The Solicitor-General, Οliver Heald, responded that the all prosecutors must complete an online e-learning course on cyber-stalking and harassment and that the CPS has published a guidance for the prosecutors in cases involving communications sent via social media.

Question on the number of GCHQ staff dedicated to tackling child abuse

Tom Watson MP asked the Secretary of state for the Home Department how many dedicated staff at GCHQ will be appointed to tackle child-abuse material on peer-to-peer networks and what the budget will be for the new task force and what its general organisation will be like.

The Minister for Security, answered that the issue of peer-to-peer networks will be tackled by a pilot project involving the Internet Watch Foundation and the Child Exploitation and Online Protection Centre (the dedicated wing of the National Crime Agency).

He also said the taskforce in question will work with online industry to tackle child-abuse online. Joanna Shields, CEO of Tech City UK and the UK ambassador for business for digital industries will lead the industry engagement project through the Industry Solutions group.

International Developments

Report finds major technology companies compliant with standards on privacy and freedom of expression

The Global Network Initiative (GNI) has published the first report of its kind looking into the compliance of companies with the GNI's principles. It found that Google, Microsoft, and Yahoo are compliant and are looking to improve their performance over time.

GNI is an international multi-stakeholder NGO that works with civil society and companies to uphold and advance freedom of expression and privacy. Their principles have been developed as a guideline for companies to protect those freedoms. This report assesses the compliance of companies with those principles.

The report looked at how the companies dealt with government requests for information on internet users, but was not able to assess the response to US national security requests (due to legal restrictions).

They examined aspects that were "salient risks to freedom of expression and privacy—search, email, and photo and video sharing services", however were not able to "determine whether the companies have acted appropriately with respect to each of the many thousands of requests received each year from governments."

The report has been published online in PDF format.

European Union

European inquiry into mass surveillance deems the activity illegal

The European Committee on Civil Liberties, Justice and Home Affairs (otherwise known as LIBE) delivered the first draft report of their inquiry into mass surveillance on Thursday. The report will be voted on at a later date and currently has no legal force.

The report stated that while mass surveillance is defended under the pretext of national security "it can never in itself be a justification for untargeted, secret and sometimes even illegal mass surveillance programmes; expresses concerns, therefore, regarding the legality, necessity and proportionality of these programmes". It also condemns the UK government's handling of the mass surveillance reporting, citing the detention of David Miranda and the request to destroy material. In their words it "constitutes an interference with the right of freedom of expression as recognised by Article 10 of the ECHR and Article 11 of the EU Charter".

It also questions the motives behind the programme, citing political and economic espionage:

"Considers it very doubtful that data collection of such magnitude is only guided by the fight against terrorism, as it involves the collection of all possible data of all citizens; points therefore to the possible existence of other power motives such as political and economic espionage"

Another point raised was that it was likely similar programmes to Tempora existed in Germany and France, but on smaller scales. They thus call on the European Commission to produce an EU-wide strategy on internet governance.

The full report can be found online.

European officials say proposed payment services lack appropriate safeguards

A new set of rule changes for the Payment Services Directive has been deemed by some European officials as having inadequate security standards. The Directive is a set of rules that regulate how payment services and payment service providers facilitate transactions.

At a roundtable discussion on the proposed laws, Giovanni Butarelli, the assistant European Data Protection Supervisor (EDPS), said "Frankly speaking let me say that everything that is needed [to protect the consumer] is missing [from the proposal] on data protection".

As mobile payments are expected to rise in the next few years, the ability to authorise transactions will be extended to a large number of third-parties that will have the ability to access customer banks to facilitate payments. Mr Butarelli added that one of the key concerns with the proposed rules was a rise in “the increasingly significant amount of personal details processed by stakeholders, including names, personal data, bank numbers, contacts and so on.”.

The European Central Bank launched a public consultation back in November into the security of mobile payments ending on January 31, due to the increasing use of online wallets and mobile facilitated transactions.

European Parliament Committee vote to accept pre-recorded video testimony from Edward Snowden

Following on from the announcement that the Committee on Civil Liberties, Justice and Home Affairs would hear evidence from Edward Snowden in their ongoing inquiry into PRISM and Tempora, the European Parliament has voted to accept a pre-recorded video testimony from him.

Law and Legal Cases

Pakistan based human rights group sues UK government over Tempora

A Pakistani human rights group, B4A (Bytes for all), has filed a complaint to the UK government over their mass surveillance programme. The organisation is taking the case to the Investigatory Powers Tribunal and is seeking to get a declaration from the court stating that Tempora and similar programmes are illegal and to issue a prohibition for future practice.

The suit, in addition to the familiar arguments on violation of privacy ( Article 8) and freedom of expression ( Article 10), also cites that the UK government has been in violation of Article 14 (prohibition of discrimination) of the ECHR: "Tempora and similar programmes disproportionately effect those who are not UK citizens. Non-UK citizens are much more likely to have their communications intercepted. Yet these differences in treatment are not justifiable or lawful."

Since most of their communications are carried out using a virtual private network based in the UK, they state that their communications have most probably been intercepted and are most likely to be intercepted because of the organisation's origin.

You can view the complaint online via Privacy International.

Political Parties

Liberal Democrats to introduce motion on judicial oversight of state surveillance

The Liberal Democrats will introduce a motion at their spring conference that will call on the creation of a policy to ring down mass surveillance. The Guardian reports that they will propose the creation of a government "commission of experts" that will examine the effectiveness of security services legislation, the system of parliamentary accountability, the judicial oversight of state surveillance and facilitating the release of numerous data associated to the surveillance programme.

The motion is supported by the party's president, Tim Farron and Julian Huppert. The commission would be independent of business and security services and is thought to be modelled from the American privacy and civil liberties oversight board.

It will also call for an annual release of government transparency reports that will include "annual number of user data requests made by law enforcement, the intelligence agencies, and other authorities, broken down by requesting authority, success rates, types of data requested and category of crime or event being investigated"; information the Interception of Communications Commissioner and Intelligence Services Commissioner do not currently provide.

ORG Media coverage

See ORG Press Coverage for full details.

2014-01-03 - Vice Motherboard - Britain's "Porn Filters" Want to Stop Kids Becoming Hackers
Author: Victoria Turk
Summary: Jim Killock quoted
2014-01-03 - TorrentFreak - UK ‘Porn Filter’ Blocks Legitimate File-Sharing Services (And TorrentFreak)
Author: Ernesto
Summary: Jim Killock quoted

ORG contact details

Staff page