ORG policy update/2015-w21

This is ORG's Policy Update for the week beginning 15/05/2015

If you are reading this online, you can also subscribe to the email version.

Government Bills

GHCQ staff can now lawfully break into electronic systems

It was only discovered last week that modifications to the Computer Misuse Act 1990, enacted by royal assent on the 3rd of March 2015, protected law enforcements officials from prosecution for breaking into electronic systems such as laptops, servers or smartphone, as long as the device belongs to a “suspected criminal”. For this purpose, Government Communications Headquarters' (GHCQ) staff do not require a warrant or a court order. This amendment came into effect while the NGO Privacy International and seven Internet Service Providers are challenging the legality of GHCQ hacking in front of the Investigatory Powers Tribunal. The hearing is due this autumn. In a blog post, Privacy International asserted that this change was made in an “undemocratic manner”, without a proper debate in Parliament. However, Home Office refuted that this change expanded the ability of intelligence agencies.

National Development

"Brexit" referendum could be held in 2016

It was one of David Cameron campaign's promises to hold a referendum on the United Kingdom exiting the European Union before 2017, and it now seems that it could be as soon as 2016, in order to avoid clashing with major German and French elections in 2017. In the meantime, the Prime Minister has already started discussing with European leaders and will meet Angela Merkel, Germany's Chancelor, next month . The Conservative government renegotiation of the UK membership should focus on greater power to national parliaments, independence from the eurozone influence and a tightening conditions of access to benefits for EU migrants.

Several points are yet to be made clear, such as who would vote in this referendum, and how would a government operate if the ministers have different opinions on it. David Cameron is expected to address the referendum in his Queen's Speech, on Tuesday, May 27th.

International Development

Pirate Bay loses original URL, gains six new ones

The Stockholm District Court ruled on Tuesday, May 22nd, that two key domains owned by The Pirate Bay, including the original, will be “confiscated”. A statement posted on that day on the website read “No torrent files are saved at the server. That means no copyrighted and/or illegal material are stored by us. It is therefore not possible to hold the people behind The Pirate Bay responsible for the material that is being spread using the site.” The site also displayed a new logo, where an six-headed hydra came out of a pirate ship, with six different top level domain names written on it. As a matter of fact, the site is now hosted elsewhere, such as .mn for Mongolia.

This shutting down comes only a week after the European Commission's Joint Research Center issued a paper on “Online Copyright Enforcement, Consumer Behavior, and Market Structure”, which analysed the legal shutdown of a German video streaming website and concluded that, although it had a significant impact on piracy levels, this effect was very short-lived. The report also mentioned the adverse effect that it prompted the apparition of several websites taking the place of the original one, thus making the overall piracy market more resistant.

Facebook's under heavy criticism

An open letter to Facebook ,signed by more than sixty civil society organisations, expresses concerns about the launch and expansion of Facebook platform . This project intends to “ give the unconnected majority of the world the power to connect”. It does so thanks to partnership with telecom companies in various countries through zero-rating, a commercial practice in which the telecom companies do not count the data spent on certain websites as part of a user's data cap. In the open letter, the organisations argue that this process is contrary to the principle of Net neutrality, as it creates “walled garden in which the world's poorest people will only be able to access a limited set of [...] websites and services”. They criticise the lack of security brought by the latest update which prohibits technology such as Secure Socket Layer of HTTP Secure. It also takes issue with the nomenclature, the name of the project describing as “internet” what only amounts to a tiny fraction of it.

European Union

Commission presents the Digital Single Market to Parliament against rumour that it wants to weaken encryption

“We need change. And that change is digital.” stated Andrus Ansip, Vice-President of the European Commission in charge of the Digital Single Market (DSM), in a speech delivered to the European Parliament on Tuesday, May 19th. During the plenary session, Kaja Kallas, an Estonian Member of European Parliament, voiced the concern that the DSM could contain a provision to create backdoors into encrypted means of communication. Commissioner Ansip responded that the rumours were unfounded, and stated that the European Commission “never had and doesn't have plans to create backdoors on identification systems”. In the United Kingdom, in January, British Prime Minister David Cameron voiced his wish to introduce backdoors in applications such as WhatsApp or Snapchat allowing government to access encrypted communications.

Coincidentally, on the same day, several major Internet companies, experts and civil society organisations addressed an open letter to President Obama, asking him to “adopt policies that promote rather than undermine the widespread adoption of strong encryption technologies”, following concerns that appeared after the Federal Bureau of Investigation asked Congress to make encryption back doors in mobile devices mandatory.

Belgian Data Protection asserts that Facebook is breaking EU law

According to a report commissioned by the Belgian Data protection authority, Facebook tracks without their consent any internet users that have visited any Facebook pages, even if he is logged off or not a member of Facebook. It does so thanks to cookies and plugins such as “Like” or “Share” present on numerous websites, and can then obtain a precise portrait of a person's online behaviour in order to target advertising The Belgian privacy watchdog has issued an opinion in which it asks Facebook to stop this practice that it deems contrary to European and Belgian law, for Facebook doesn't have the consent of the people it tracks. It recommends that Facebook uses session cookies which expires when the user disconnect and that are not created for internet users not logged into Facebook.

“It’s make or break time”, asserted the president of the Belgian agency, who threatens to sue Facebook if the recommendations are not followed . However, Facebook replied that, even if it will look into the recommendations, it only needs to comply with its “European regulator, the Irish Data Protection Commissioner", given that his European office is in Ireland. The Article 29 Data Protection Working Party, a reunion of European Data protection authorities, has mentioned, without further details, the possibility of an European data protection authority for some times now.

EU members to impose bigger fines for companies breaching “right to be forgotten”

Latvia, head of the European Union's rotating presidency, has drafted a proposal with provisions for stiffer fines for companies breaching the rules specified by the European Court of Justice last May in its famous “right to be forgotten” ruling . European citizens now have the right to ask search engines to de-index results from research including their names if those results are outdated or irrelevant informations. The fine could amount up to 2 percent of a firm's annual worldwide turnover. European Union members' ministers are expected to endorse the text in mid-June. This could help the data protection authorities, and possibly change the attitude of Google, who only complies with the ruling in its European websites, such as, but not in others, such as

ORG Media coverage

See ORG Press Coverage for full details.

2015-05-22 – Ars Technica - How we’re fighting back against the UK surveillance state—and winning
Author: Glyn Moody
Summary: Mentions ORG challenging GHCQ participation in PRISM programme
2015-05-18 – Tech City News - Chair of Tech City UK to Lead on Hacking and Cybersecurity
Author: Kirsty Styles
Summary: Jim Killock quoted on the Snoopers' Charter

ORG contact details

Staff page