ORG policy update/2016-w16

This is ORG's Policy Update for the week beginning 18/04/2016.

If you are reading this online, you can also subscribe to the email version.

ORG’s Work

  • ORG launched an action for gathering people's views on data sharing.

Official Meetings

  • Don't Spy On Us coalition held a meeting with private companies' representatives.

IP Bill Public Committee Sittings in Parliament

The Public Bill Committee on the Investigatory Powers Bill continued their sittings on 14th, 19th and 21st of April 2016.


Fifth & Sixth sittings (14 April 2016)

The amendments discussed covered areas of:

Extraterritoriality

The issue of extraterritoriality was raised mostly in relation to foreign businesses operating in the UK and their necessity to comply with the requirements to retain data. Keir Starmer and Joanna Cherry both raised the issue, emphasizing that mutual legal assistance treaties (MLAT) would function better in this case than a legal regulation. Labour and the SNP referred to the Sheinwald Review published in June 2015. The review found that companies were often being asked to solve problems that should be the purview of governments, and which could only be solved through international diplomacy and treaty reform. The Labour and SNP stance was opposed by the Conservative John Hayes who called it “crazy” not to compel companies abroad. The vote on extraterritoriality amendments did not pass.

Public interest defence for whistleblowers

Both Keir Starmer and Joanna Cherry brought forward amendments that would enable whistleblowers to claim their actions were justifiably in the public interest. Joanna Cherry said that the provisions

“that criminalise the disclosure of information relating to the use of interception powers risk shutting down a vital route of ensuring accountability for the use of surveillance powers unless there is the defence of disclosure in the public interest.”

Her concerns were not shared by John Hayes who stated that

“providing a public interest defence of the kind that she discussed is unnecessary in light of the exceptions already in the Bill. In my view, it might even encourage feckless or unlawful disclosures.”

The vote on the amendments was not supported by the Conservatives.

Admissibility of intercept evidence

The draft bill at the moment does not allow for admissibility of intercept evidence in court cases. Joanna Cherry opposed inclusion of the amendment that would exclude admissibility of intercept evidence. The amendments were voted in despite her reservations.

Internet Connection Records (ICRs)

Joanna Cherry raised that it “is unacceptable that the Government are attempting […] to extend their policy of blanket data retention.” Keir Starmer noted that they do not wish to vote down the amendments on the ICRs but would like to raise more attention to them. He described the ICRs as a reading list, not just unrelated pieces of data, echoing examples made by Graham Smith in his blog post.

Seventh & Eighth sittings (19 April 2016)

The amendments revolved around:

Data Retention

Joanna Cherry put forward her amendment regarding the third party data. (Note: Third party data are defined in the code of practice as data that a communications service provider is able to see “in relation to applications or services running over their network…but does not process that communications data in any way to route the communication across the network”.)

The amendment seeks to exclude third party data being retained by telecommunications providers on the face of the Bill. Third party data is extensively defined in the Code of Practice, however not in the actual Bill. The third party data was the main piece of policy to the 2012 Communications Data Bill in Joint Committee. Under the IP Bill they were put in a secondary legislation. The amendment was not agreed on.

Use of a single point of contact (SPoC)

Keir Starmer made a point in connection with SPoC to put in an amendment that would put more stress on conduct in line with privacy protection. The amendment is jointly supported by the SNP. Keir Starmer said:

“Such an amendment is necessary because there is a lack of an overarching privacy provision that can be read into each of these clauses. When a designated senior officer is being advised, it would be prudent and sensible for them to be advised not only about costs and resources, but about privacy and integrity, which are critical to the operation of the Bill.”

John Hayes, however, sees no need for the amendment reinforcing privacy clause as “privacy is woven through the Bill. For the sake of emphasis, I say again that the protection of privacy and personal data must be a key consideration in gauging proportionality.”

Warrants

Keir Starmer put forward an amendment that requires that an examination warrant is required for the examination of all data, removing the exception of equipment data and the broad category of ‘not private information’ which is collected under bulk warrants. During the discussion, Labour took a stand that they will not support the IP Bill until independent review of operational case is in place.

Ninth & Tenth Sittings

Bulk powers

The latest Committee sittings went through amendments targeting bulk powers. First, Keir Starmer said that the whole issue of specification of bulk powers needs an independent review. Joanna Cherry build on this further and called for the entirety of the IP Bill bulk powers removed. She made a case for the use of targeted powers instead. She explains the stance of the SNP:

“In our view, it is important not to pre-empt the terms of court judgments in cases currently considering bulk powers, as they will have a significant impact on the lawfulness of the approach set out in the Bill, which at present must, at the very least, be open to question.”

The Committee got into an extensive discussion of the evidence given and submitted by David Anderson QC on scrutiny of bulk powers. Joanna Cherry admitted that according to his scrutiny of bulk powers, David Anderson would not call for the review or the removal of the whole section.

“He has reached the conclusion that some bulk powers are necessary, but the passage in his report that […] basically starts with a phrase along the lines of “GCHQ has assured me”. […] David Anderson acknowledges the efficacy of the powers and has been privy to certain information as he has a high security clearance. Not all of us can be privy to that information. I am suggesting that there should be an independent evidence base for the bulk powers. That would involve independent assessors with high security clearance undertaking forensic examination of the necessity and effectiveness of the bulk programmes.”

The discussion got to another heated point between Joanna Cherry and John Hayes regarding the controversy around Charles Farr, ex-director general of the Office for Security and Counter-Terrorism. He previously claimed in a statement that

“the indiscriminate interception of UK residents’ Facebook and Google communications would be permitted under law because they are defined as ‘external communications’.”

John Hayes, however, sees a substantial distinction between

“the position under the Regulation of Investigatory Powers Act 2000 and the definition of overseas-related warrants relating to bulk powers in the Bill. To quote what Charles Farr, with whom I worked at the Home Office, said about one does not really relate to the other.”

Next week

The Public Committee will resume their sittings next week – 26 April and 28 April. The Committee is scheduled to conclude on 5 May. To submit written evidence, see the guidelines here. An oral evidence session regarding human rights will be held on 27 April with Professor Iain Cameron, Faculty of Law, University of Uppsala and Professor Martin Scheinin, International Law and Human Rights, European University Institute.

Other Parliamentary issues

Question on Cyberbullying

Robert Buckland, the Secretary General, answered questions on Internet trolling and online abuse specific to the case of young people. He said that the Director of Public Prosecutions has met several social media providers, and the Crown Prosecution Service will continue to work with them on measures to improve the reporting and prosecution of such abuse. Secretary General explained that the Department for Education and the third sector actors are implementing the combined approach of alerting young people to the dangers and empowering them to make complaints.


Question on Health & IPBill

Roger Godsiff MP asked the Secretary of State for Health, what discussions he has had with professional bodies on the provisions in the Investigatory Powers Bill relating to bulk personal datasets.

George Freeman MP, the Parliamentary Under-Secretary of State for Health, said that the Department has not conducted any particular engagement on these provisions. “The Government has had over 60 meetings and briefings with industry representatives, academics, civil liberties groups, and charities and victims groups since the draft Bill was published in November.”

Written Question on Artificial Intelligence

Adam Afriyie MP asked the Secretary for Business, Innovation and Skills what steps he is taking to support research into machine learning.

Jo Johnson MP, the Minister of State for Universities and Science, responded that the Department for Business, Innovation and Skills supports the Research Councils out of which Hartree Centre uses high performance computing combined with big data analytics, cognitive computing and visualisation techniques to collaborate with industry and research partners. The government recently invested £113 million at Hartree in a cognitive and data centric computing centre that managed to generate investment from IBM and other hi-tech industry.


Ministerial Statement – Cyber Security Report

Matthew Hancock MP, the Minister for the Cabinet Office and Paymaster General, made a written statement on the Final Annual Report on the 2011-2016 UK Cyber Security Strategy. “The report summarises progress during 2015/16 against the Strategy’s objectives, reviews the impact of the Programme since it was established, and looks ahead to the new 2016 National Cyber Security Strategy and Programme.” The Government will publish a new National Cyber Security Strategy this year and plans to spend £1.9 billion over the next five years on cyber security.

Other National Developments

Ten Year Jail Term for Copyright Infringement

The government published its conclusions after a consultation into criminal sanctions for online copyright infringement offences. The sentence lengths will need to be confirmed by Parliament at a later stage but for now, the government is asking for a ten year maximum sentence. The report states that

"These offences are currently punishable by a maximum of two years' imprisonment. By comparison, the maximum custodial sentence for infringement in respect of physical goods is 10 years."

The consultation raised serious concerns over the ten year maximum sentence grouping copyright infringement offences alongside serious offences such as rape, firearms offences and child cruelty. Baroness Neville-Rolfe said they are addressing concerns about the scope of the offence. This issue has been repeatedly raised by the Open Rights Group in the consultation. Jim Killock said:

"We note that the minister has committed to narrowing the scope of the offence. We need to see that it relates to genuinely commercial infringements. In particular the test of prejudicially affecting the copyright holder needs to go, and a test for actual knowledge needs to be present."

Baroness Neville-Rolfe said, regarding these concerns, that there are safeguards already in place limiting the risk of a low level infringer being subjected to a high penalty. The government will introduce the offence provisions to Parliament at the “earliest available legislative opportunity.”

Bulk Personal Data Collection Since 1990s by UK Spy Agencies

Privacy International published previously confidential documents revealing the extent of surveillance by UK intelligence agencies . They obtained the files as part of an ongoing legal case challenging the scope of intelligence agencies' collection of private data. The documents show that GCHQ, MI5, and MI6 on a regular basis collected personal data from potentially thousands of public and private organisations.

The nature of the data covers private medical records (including biometrics), correspondence with doctors or lawyers, signed petitions, financial data, and commercial activities. The collection of bulk data is allowed under the Section 94 of The Telecommunications Act 1984. This piece of legislation was never intended to cover intrusion in a digital age and its use in the current situation is disproportionate. The use of the Section 94 was only admitted by Theresa May MP in November 2015 while announcing the IP Bill for the first time.

Millie Graham Wood of Privacy International said that “the agencies themselves admit that the majority of data collected relates to individuals who are not a threat to national security or suspected of a crime. This highly sensitive information about us is vulnerable to attack from hackers, foreign governments, and criminals.”

Content of some documents offers guidance for spies on their behaviour. They cover a “self-search” for data on themselves, searches on other members of staff, neighbours, friends, acquaintances, family members and public figures. The different guidance codes delineate to the actual scope of data access the agencies have. The Home Office, Foreign and Commonwealth Office, GCHQ, and secret intelligence services stated in their response ordered by the Investigatory Powers Tribunal that the majority of the data they retained was on individuals who were “unlikely to be of intelligence interest”.

Privacy International received the documents in response to an upcoming legal challenge at the Investigatory Powers Tribunal. The tribunal will take place in July with the PI challenging government's statement that bulk collection and retention of data is lawful, necessary and proportionate. The same issue has been repeatedly discussed in the IP Bill readings in the House of Commons as well as in the Public Committee sittings currently going on.

Europe

EU-US Privacy Shield

The Article 29 Data Protection Working Party released its draft opinion of the new Privacy Shield replacing Safe Harbour agreement not fit for purpose of data transfers between the EU and the US. The Safe Harbour was invalidated by the Court of Justice of the European Union (CJEU) on the grounds of violating fundamental rights.

The draft opinion has criticised the Privacy Shield proposed by the European Commission over the lack of surveillance protection from the US government for EU citizens' data. In general, the Article 29 Data Protection Working Party welcomed the progress made in the Privacy Shield to increase transparency of transatlantic data transfers; however the Article 29 still did not find the agreement fit for purpose. The issues the European data watchdogs highlighted are related to commerce and national security:

  • Commercial side:

- Inadequate reflection of key EU data protection principles that effectively allow for the reuse of data for very large purposes, with no time limits and broad exceptions to process data without consumers’ consent;

- Weak obligations in terms of onward transfers of data to third countries;

- Extremely complex redress mechanism that undermines consumers’ right to seek redress and legal remedies.

  • National security side:

- Unacceptable possibility to continue carrying out indiscriminate mass surveillance;

- Lack of independence and effective powers of the proposed ombudsperson.

The Working Party's opinion is not legally binding but it has impact on forming the basis for laws and practices of national data regulators. If the draft opinion is not taken into account, it is more likely that the Privacy Shield will be challenged in the higher European courts. In case the CJEU finds that the surveillance conducted by GCHQ is unlawful, it would have a big impact on the national security exceptions included in Privacy Shield. The Article 29 Working Party is hopeful for the Privacy Shield to be passed in June 2016.

Exclusion of Open Source from Tech Standards

Recently the European Commission revealed under the Digital Single Market Strategy their plans to help the European industry, SMEs, researchers and public authorities make most of new technologies. To be able to do that, the Commission is working towards developing new tech standards that would enable easier cooperation across different digital areas. The standards are specified in ICT Standardisation Priorities for the Digital Single Market document. It states that “Open standards ensure [...] interoperability, and foster innovation and low market entry barriers in the Digital Single Market, including for access to media, cultural and educational content. Differing national standards may significantly slow down innovation and put European businesses at a disadvantage vis-à-vis the rest of the world.”

Despite the document being written around open standards, the definition of the term is not explicit in the text. Ars Technica reports that according to the document, the ICT standardisation requires a balances intellectual property rights policy, based on FRAND (fair, reasonable, and non-discriminatory) licensing terms. The FRAND licensing “is incompatible with open source, which will therefore find itself excluded from much of the EU's grand new Digital Single Market strategy. That's hardly a "balanced IPR policy."”

The issue in question is the impossibility of implementing the open source code under the FRAND licensing. “FRAND licensing requires a per-copy payment, but for free software, which can be shared any number of times, there's no way to keep tabs on just how many copies are out there. Even if the per-copy payment is tiny, it's still a licensing requirement that open source code cannot meet.”

Under these circumstances, the Digital Single Market Strategy is unlikely to deliver innovation for small and medium sized businesses as set in its goals.

International Developments

Google Books Fair Use

The US Supreme Court declined to hear a challenge from the Authors' Guild. The authors claim that Google Books infringe on their copyright and cannot be considered under fair use. An earlier decision by the US Circuit Court of Appeals said it is legal to scan books even though you do not own the copyright. The Authors' Guild argued that the search snippets provided by Google are an illegal free substitute for their work and Google Books infringes on their potential revenue. The Supreme Court's decision means that Google Books can continue their activities and will possibly lead to more digitisation projects.

ORG Media Coverage

See ORG Press Coverage for full details.

2016-04-19 - Snooper’s Charter: Unengaged and uninformed Brits sleepwalking into Big Brother surveillance state
Author:
Summary: Jim Killock quoted on raising public awareness of the impact of the Investigatory Powers Bill.
2016-04-19 - Three quarters of Brits unaware of IP Bill, one third don't care
Author: Alex Scroxton
Summary: Jim Killock quoted on raising public awareness of the impact of the Investigatory Powers Bill.
2016-04-19 - Research: Brits uninformed about Snooper's Charter
Author: Ryan Daws
Summary: Jim Killock quoted on raising public awareness of the impact of the Investigatory Powers Bill.
2016-04-19 - UK voters head happily towards surveillance state
Author: Phil Muncaster
Summary: Jim Killock quoted on the Home office failing to provide effective operational cases evidence justifying bulk interception.

ORG Contact Details

Staff page