This is ORG's Policy Update for the week beginning 10/07/2015
If you are reading this online, you can also subscribe to the email version.
High Court founds DRIPA illegal
DRIPA was passed in an emergency procedure in July 2014, three months after an European Court of Justice's judgment annulled the Data Retention Directive and made a strong case against blanket data retention without very strong safeguards.
Soon after the law was passed, two MPs, David Davis and Tom Watson, alongside civil rights group Liberty, announced that they were challenging the law. Open Rights Group intervened in front of the Court at the beginning of the year and made the point that the European Court of Justice had set out the requirements that domestic law must follow in order to comply with European requirements on the protection of privacy, and that DRIPA did not comply with these requirements.
The Court ruled that section one of Dripa “does not lay down clear and precise rules providing for access to and use of communications data”. As a result, DRIPA should be “disapplied”. However, the Court suspends its order until March 31st, 2016, in order “to give parliament the opportunity to put matters right”. This is the first time MPs have successfully judicially reviewed a government act.
RUSI review of the intelligence capabilities and practices in the UK
The Royal United Services Institute for Defence and Security Studies issued on Tuesday, July 14th, a report reviewing surveillance practices and intelligence capabilities in the UK. It was commissioned by the then deputy Prime Minister Nick Clegg MP in March 2014 as a response to the Snowden revelations.
This report comes only weeks after the reports from the Independent Reviewer of Terrorism Legislation, David Anderson, and the Intelligence and Security Committee. It reaches a lot of similar conclusions, namely that “a new, comprehensive and clearer legal framework is required” given the complexity and opacity of the current legislation. Like the Anderson Report, this review argues that judicial commissioners, rather than Secretaries of State, should have the power to sign warrants.
Despite having been set up to investigate into the Snowden revelations, the panel has found “ no evidence that the British government knowingly acts illegally in intercepting private communications”. However, Heather Brooke wrote in The Guardian that herself and other writers of the report thought they did not have access to enough evidence to make this assumption. Brooke stated that she faced "resistance when pushing for detailed information about what the agencies are actually doing".
Civil rights group have welcomed some conclusions of the report but judged it too tame in its conclusions and recommendations. Eric King, deputy director of Privacy International, stated that “root and branch reform is needed to bring our spy agencies under democratic control”; ORG's Executive Director Jim Killock expressed his regrets that “RUSI has condoned mass surveillance, which now seems to be termed ‘bulk collection’ to disguise the real and disturbing practices of blanket collection”.
IOCOO report on Investigatory powers shows human errors and illegal access to journalists' sources
The Interception of Communications Commissioner's Office published its half-yearly report this week. It sheds light on seventeen serious errors committed by British authorities using investigatory powers. Human errors have led to wrong person being investigated or delayed welfare checks.
The report gives details on two cases in which authorities gained access, without proper judicial approval, to metadata allowing them to identify journalists' sources, despite the Regulation of Investigatory Powers Act safeguards to protect professional secrecy. One of those cases was investigating a source inside the police forces themselves, but it is not clear whether the source was doing something illegal or was a whistleblower.
Passenger Name Record proposal voted in European Parliament's civil liberties committee
The Civil Liberties, Justice & Home Affairs committee of the European Parliament adopted on Wednesday, July 15th, a proposal for the creation of an European Passenger Name Record (PNR). This scheme will collect information from passengers on flights entering or exiting the EU, so that they can be used by Member States or Europol in the prevention, investigation and prosecution of serious criminal or terrorist offences. The proposal faced strong opposition as many MEPs criticised it for being a disproportionate infringement on privacy. It was however passed with 32 votes to 27. Safeguards have been secured, such as a mandatory log and documentation of all activities on the data or strict conditions for the transfer of data to third countries. Sixteen European countries already have similar national law and domestic PNR schemes; the EU has also signed sharing of PNR data with the US, Canada and Australia.
The main point of debate was the length of the storage: even though any information allowing the identification of a passenger would have to be “masked out” after thirty days, it could be accessed and de-anonymised up to five years after its collection. European digital rights group EDRi denounced an ineffective measure that “put[s] innocent people at risk of suspicion”, and questioned the legality of such data retention given the annulment of the Data Retention directive by the European Court of Justice last year.
This vote gives mandate to the Parliament's negotiator to start the trialogue with the other European institutions on this proposal in September.
Chinese Internet security draft law enhances the power of the Cyberspace Administration
A new Internet security law published by the Chinese government this month (here in English) further enhances – or at least, gives greater legal basis to - Chinese authorities' control over Internet in China. The draft law contains provisions allowing state agencies to ask network operators to stop the transmission of “[any] information which release or transmission of is prohibited by laws”. The Bill also allows for the complete shutting down of Internet in a region, in order to “protect national security and social public order”. Such a shutting down was carried for six months in 2009 in the Western province of Xinjiang, but this law gives those kind of operations stronger legal groundings.
The draft law enhances the Cyberspace Administration's status and power. Chaired by the President Xi Jinping himself and set up for the monitoring of online content in 2013, this agency is gradually centralising power over networks. Jennifer Zhang, an Internet researcher at the University of Hong Knog, wrote that "it is unclear whether the Cyberspace Administration will be subject to any form of supervision and oversight”.
ORG Media coverage
See ORG Press Coverage for full details.
- 2015-07-17 – Bit-tech - High Court rules DRIP Act surveillance illegal
- Author: Gareth Halfacree
- Summary: Article mentioning the role of ORG in the fight against DRIPA
- 2015-07-14 – Wired - Surveillance report calls for judicial sign-off on interceptions
- Author: Katie Collins
- Summary: Article quoting Jim Killock on the RUSI report
- 2015-07-14 – The Inquirer - GCHQ oversight needs its eyes testing, finds independent study
- Author: Dave Neal
- Summary: Article quoting Jim Killock on the RUSI report
- 2015-07-13 – Telegraph - Will WhatsApp really be banned in the UK?
- Author: Sophie Curtis
- Summary: One of the numerous articles on the effect that banning encryption would have on services such as whatsapp. Quotes Jim Killock on the matter.