ORG parliamentary and policy update/2014-w11
< ORG parliamentary and policy updateThis is ORG's Parliamentary Update for the week beginning 4/11/2013
If you are reading this online, you can also subscribe to the email version.
Official Meetings
Jim Killock met with Shami Chakrabarti from Liberty to discuss the Don't Spy on Us campaign. On Tuesday he attended Gartner's Business Intelligence & Analytics Summit to speak about Big Data and privacy. On Friday, he participated in a round table discussion hosted by Liberal Democrat MPs to discuss blocking extremist content online.
Javier Ruiz met with the Centre for European Democracy for a brief discussion on ORG's ongoing legal battle Privacy not Prism and attended a seminar in Amsterdam on privacy and open access data.
NSA and GCHQ updates
See our full list of the Guardian and Snowden’s revelations.
NSA developing systems to infect millions of computers with malware
New documents reveal that the NSA has been developing strong capabilities to infect people's computers with malware, thus granting them access to the user's computer. The documents also reveal that the agency posed as false Facebook login pages to infect users computers.
These are the findings of the latest publication:
- Before they can extract information from implants (malware installed in computers), they must infect the target computer or network. This is usually done by sending spam emails with infected links.
- In a presentation dated from 2009, plans are discussed to develop capabilities to such an extent, as to rule out the need for human operators to run the systems. Documents say "Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture)."
- The agency began expanding their hacking operations in 2004, where they had 100-150 targets. It has since spread to thousands within the following 6-8 years.
- Technology is used to seek out terror suspects and individuals suspected of extremism
- They also target systems administrators (working for foreign phone or ISPs), gaining access to any communications processed by the company, also including "government official that happens to be using the network some admin takes care of."
You can view a more detailed reporting of the findings on The Intercept
NSA releases statement denying impersonation of social media websites
The NSA has released a statement stating that allegations they have "infected millions of computers around the world with malware, and that NSA is impersonating US social media or other websites, are inaccurate".
The statement comes after CEO of Facebook, Mark Zuckerberg, called President Obama to express his frustration over the allegations.
Consultations and departments
A full list of open consultations and Parliamentary events can be found on our Events
Department for Business, Innovation & Skills release guidance document for business safety
The Department for Business, Innovation and Skills have released a report providing guidance to business on cyber safety.
You can view the full report on the government website.
Government Bills
Intellectual Property bill entering House of Lords
The Intellectual Property Bill has completed all stages in the House of Commons and is now entering the House of Lords for a debate on the bill's amendments.
For all updates on the bill you can visit the parliament website or alternatively get further updates from our blog and following parliamentary updates.
Debates, questions and speeches
New Minister for Organised Crime gives speech on combating cyber crime
The new Minister for Modern Slavery and Organised Crime, Karen Bradley MP, delivered a speech on e-crime and cyber security.
In her speech she highlighted some of the work being done by the government to combat cyber crime, which is still viewed as a 'tier one' threat to national security.
Some interesting points of the speech were:
- Cyber-enabled card-not-present fraud cost around £140 million in 2012, while cyber-enabled banking fraud was calculated at around £40million.
- Through the National Cyber Security Strategy, £860 million over five years was dedicated to cyber capabilities projects.
- UK national computer emergency response team (or CERT UK) is going to be launched within the next few weeks. It will be the country's first emergency response team for national cyber incident management.
- Since the launch of the National Cyber Security Programme, the number of cyber incident reports has risen to over 30% from September 2012 to September 2013.
- A 'cyber hygiene standard', written in cooperation with industry, will soon be released.
You can visit the government website for a full transcript of the speech.
International Developments
Tim Berners-Lee makes calls for international internet bill of rights
On the 25th anniversary of the World Wide Web, Tim Berner-Lee has made calls for an international charter to protect and enshrine the internet.
His efforts are combined with a campaign titled, 'The Web We Want', a campaign which aims to ensure a digital bill of rights in each country.
He said "Unless we have an open, neutral internet we can rely on without worrying about what's happening at the back door, we can't have open government, good democracy, good healthcare, connected communities and diversity of culture (...) Our rights are being infringed more and more on every side, and the danger is that we get used to it".
European Union
European vote on draft data protection regulations
On Wednesday the European Parliament voted in favour of the draft Data Protection Regulation. In order to become law, the regulation needs to be approved by the Council of the European Union (also known as the Council of Ministers).
Here are some of the provisions the regulations entail:
- The new regulations will apply to the processing of European citizen's data, regardless of where it is processed.
- Fines for not complying with regulations can be up to €100 million or up to 5% of a company's annual turnover.
- The regulation harmonises EU data protection law, meaning that EU citizens can complain about the violation of their privacy to their local data protection regulator, regardless of where in the EU the violations are taking place.
- People have to consent to having their data processed
- People have the right to get their personal data from whoever is holding it
- People have the right to have their personal data erased, including data passed onto third parties
You can view a report of the Regulation's amendments as voted, on the European Parliament's website. Or see Gigaom for a summary of the proceedings.
European Parliament condemns US and UK mass surveillance and votes to end data sharing agreement with US
During the same time as the data protection vote, the European Parliament also voted on a final report by the Committee on Civil Liberties, Justice and Home Affairs completed their inquiry into PRISM and Tempora.
The resolution stressed:
- To withhold from the Transatlantic Trade and Investment Partnership (TTIP) agreement unless it includes provisions that uphold fundamental European rights
- To immediately suspend the Safe Harbor agreement (protection standards for non EU companies to transfer EU citizen's personal data) and to create a new agreement with adequate solutions.
- Put the Terrorist Finance Tracking Programme on hold until the US can clarify allegations that their authorities have access to European citizen's banking data.
- The creation of a European whistle-blower protection with an emphasis on the "complexity of whistle blowing in the field of intelligence"
Commercial Stakeholders
YouTube gives special moderation rights to British security officials
YouTube has granted British security officials special permissions to flag large.
The flagging abilities are aimed at 'extremist' content and is the latest measure to battle extremism. The minister for Security, James Brokenshire MP said they need to deal with material "that may not be illegal, but certainly is unsavoury and may not be the sort of material that people would want to see or receive".
It should be noted that the government already has the ability to request the removal of illegal content and Google (which owns YouTube) doesn't permit 'extremist' content either.
You can view our relevant wiki page for more information on blocking of extremist material.
However, Google has responded to say they have not given any further permissions to security officials, other than the ability to flag multiple videos at a time. More information on this should be available shortly.
ORG Media coverage
See ORG Press Coverage for full details.
- 2014-03-12 - BBC News 24
- Author: N/A
- Summary: Television appearance by Jim Killock to discuss Tim Berners-Lee's proposed Magna Carta
- 2014-03-12 - Sky
- Author: N/A
- Summary: Television appearance by Jim Killock to discuss the same topic as above