This is ORG's Parliamentary Update for the week beginning 13/01/2014
If you are reading this online, you can also subscribe to the email version.
Jim Killock and Peter Bradwell met with the British Board of Film Classification to discuss how they are now involved in mobile Internet filtering. A summary of our meeting, with details of how people can complain about overblocking, is on our blog.
Jim Killock also attended a meeting in Parliament to discuss filtering, sexual health and LGBT issues related to over-blocking. You can find the notes of the meeting online.
NSA and GCHQ updates
NSA extracts bulk, untargeted data from mobile phones worldwide
A joint investigation between the Guardian and Channel 4 news in the documents provided by Edward Snowden, have shown that the NSA have been collecting information of millions of text messages. Programme 'Dishfire' has the ability to information on location, financial transactions and contacts. British counterpart GCHQ uses the information log to search through the metadata from UK numbers.
A memo by GCHQ comments on the effects of the programme collecting data from cellphones that have not been designated as 'targets': “This makes it particularly useful for the development of new targets, since it is possible to examine the content of messages sent months or even years before the target was known to be of interest.”
President Obama announces new NSA reforms
Following on from the publication of the White House surveillance report, the American president has announced a series of reforms to the NSA and the collection of phone records. The reforms called for an end to the collection of bulk phone data by the NSA, but not an end to the programme itself. Instead, he has asked the attorney general and the director of the NSA to come up with recommendations for a new entity that will hold the data. He added that the agency would now require approval from a secret surveillance court in order to search through it.
In response to the stories reporting the surveillance of foreign leaders, he said "The leaders of our close friends and allies deserve to know that if I want to learn what they think about an issue, I will pick up the phone and call them, rather than turning to surveillance”.
He also prompted Congress to create an independent panel of advocates that can provide a voice in front of the Foreign Intelligence Surveillance Court (which currently can only be petitioned by the government).
The President did not however address allegations of the surveillance programmes weakening encryption or outline what additional safeguards will protect foreigners.
You can view a transcript of his speech online.
NSA implanted probing software in 100,000 computers worldwide
New documents show that through a programme called 'Quantum', the NSA has implanted software in around 100,000 computers worldwide which allows them to access the systems without internet connection. The technology has been in use since 2008 and has to be placed manually in target computers either through USB cards or tiny circuit boards. How it works is the transceivers that have been placed in the computer connect to a remote 'field station' (in this case a small briefcase-sized station with a laptop) through a covert radio frequency. The 'field station' can then relay the information back to an NSA remote operations centre.
The most regular targets have been the Chinese army, but also include Russian military networks, European trade unions and partner countries in the fight against the war on terror, like Saudi Arabia.
There has been no evidence of the technology's use in America and a spokesperson for the agency denied that it was being used for the benefit of industry "We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line."
Consultations and departments
A full list of open consultations and Parliamentary events can be found on our Events
Ofcom report finds 85% of parents use a range of methods to protect their children online
Following a request from the Department for Culture, Media and Sport, Ofcom have published their report on "Internet safety measures: Strategies of parental protection for children online". The report conducted research into how parents of children aged 5-15 approach internet safety.
Some of the reports finding were:
- 7% of parents have looked for or received information about internet safety from the media and 6% from ISPs.
- 85% of parents who's children use the internet at home, use a combination of the following techniques to protect their children: talking to their children about staying safe online, using technical tools (such as filters) and supervision rules. Out of the remaining 15%, 9% of them talk to their children about online safety, but less frequently than monthly. Therefore, 6% of parents have not spoken to their children about online safety, used any technical tools or have any supervision rules.
- Around one in five (18%) know how to disable online filters or controls, but considerably fewer (6%) have done this in the past year
- The most commonly installed parental filter (used by 20%) was the one provided by ISPs
Debates and questions
Debate on the anniversary of the internet
Martha Lane Fox, led a debate on the celebration of the 25th anniversary of the world wide web in the House of Lords. In her speech she made reference to the significant contributions of the internet to industry and on the lack of a significant debate regarding mass surveillance.
On mass surveillance she said the UK was lagging behind the US in examining the issues around the security agency programmes. She said "we are woefully quiet on the subject of liberty vs. security" and added "Allegations that GCHQ and the NSA worked to undermine encryption should caution anyone who trusts the web with their medical, financial or personal records."
She also spoke of the importance of investing in making more people 'internet-literate'. She said that 11 million people in the UK lacked basic internet skills and 50% of those were of working age. She said filling the gap could potentially be worth £68bn according to charity Go-On.
Another point was that the presence of women in the tech sector was falling and would be at less than 1% in 2040 if trends are not reversed.
Other notable points were from the Archbishop of Derby who mentioned the dangers and downfalls of the internet, Baroness Kidron on the increasing harvesting of data, Lord Birt who spoke about the dangers of not prosecuting crimes online and Lord Puttnam who suggested the introduction of a 1p levy on emails.
Question permitting foreign governments to collect UK citizen data
The minimisation of data refers to the correct practice of data collection as outlined in the Data Protection Act. The practice dictates that data collected should be "adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed." The unminimisation of data then refers to allowing a surplus of data than is necessary.
Question on the level of cyber threats to the UK
A question has been asked on the government assessment of cyber threats on national security. Francis Maude answered that the annual Strategic Defence and Security report has defined cyber threats as tier one.
Vodafone to increase transparency on government customer data warrants
The telecommunications company has announced that it will ask permission from the 25 countries in which they operate to publish the number of wiretapping and customer data requests they receive.
Under current legilsation, namely RIPA, any discussion on the number of warrants is prevented. Virgin is seeking to join US companies in releasing yearly reports on the number of government surveillance requests.The company's privacy head said "We want all of our customers worldwide to feel they are at liberty to communicate with each other as they see fit."
According to the Guardian, they are seeking to publish the customer data warrants along with a list of 'surveillance principles' in June, when they publish their annual sustainability report. Some of the principles say that Vodafone:
- Will not allow access to customer data unless legally obliged to do so
- Will not go beyond what is required under the law
- Will not accept any instruction from an agency foreign to the country in which it is being asked to allow surveillance
- Will challenge requests in law where appropriate
- Will honour international human rights standards as much as possible where these conflict with domestic standards.
France fines Google for not complying with domestic privacy laws
France has issued a €150,000 fine against Google for failing to comply with their domestic privacy laws. The decision comes after their administrative regulatory body (CNIL), found that they do not sufficiently inform its users about how their personal data is processed and for what purposes it is used. They also accused them of not obtaining user consent to install cookies on their users browsers.
Google has since appealed the decision by taking the matter to France's highest administrative court. A spokesman for the company said that they cooperate with CNIL and their privacy data offers a simple and effective use.
These developments follow on from Google's 2012 announcement that they were merging all the privacy policies of their various platforms (such as youtube, gmail, google docs etc.) into one. The announcement prompted the working group of all EU data protection authorities (otherwise known as G29) and six European countries to launch investigations into Google's use of customer data.
The G29 concluded that Google did not comply with the European legal framework and released a list of recommendations that the company has since failed to implement. Other individual investigations are being carried out in Germany and Holland.
Law and Legal Cases
Case against Google approved to proceed in the UK
A group of British nationals have launched a legal challenge against Google for illegally bypassing Safari's privacy settings and installing cookies on their browsers.
On Thursday, a High Court judge said that the case had been approved to be processed in the UK. However, Google said "A case almost identical to this one was dismissed in its entirety three months ago in the US" and maintains the case does not meet the requirements to be held in the UK and that.
Liberal Democrats draft motion to get rid of opt-in porn filter
According to this policy, every household with a new network subscription will have a default internet filter switched on that will automatically filter out websites that fall under the category of 'pornography'. In order to overturn that, the account holder would have to actively opt-out.
Tim Farron said of this policy “Essential sites on sexual health, gender and sexuality, domestic violence and LGBT rights are being blocked by these filters, whilst pornographic content is still available”.
The legislation would call on the preservation of digital rights and stopping any requirements for opt-ins and opt-out filters, controls on legal materials.
ORG Media coverage
See ORG Press Coverage for full details.