This is ORG's Policy Update for the week beginning 02/05/2016.
If you are reading this online, you can also subscribe to the email version.
We have been pretty busy this week getting ready to amp up the public campaign against the IP Bill but we have kept challenging all attacks on digital rights. This week:
- We are just finishing the last details on the Don’t Spy On Us massive ad campaign against the IP Bill. We will launch it next Tuesday, 10 May.
- Today we launched the Thunderclap campaign to spread the word on social media against the bill. Sign up here.
- Preparing for Hacking blocked.org.uk – we are going to meet to ‘hack’ the future of web blocking and future uses for Blocked. Register here.
- Javier Ruiz, ORG’s Policy Director, discussed the controversial plans for up to 10 years jail term for file-sharing with the Intellectual Property Officer. Read more below.
- ORG has been preparing our response to the consultation on panorama and ancillary copyright. Watch this space for updates.
IP Bill Public Committee Last Sittings
The Public Bill Committee on the Investigatory Powers Bill continued their sittings on 28 April and 3 May.
Thirteenth and Fourteenth Sittings (28 April 2016)
The amendments tabled for these sessions discussed:
- IP Commissioner and other Judicial Commissioners
- Main oversight functions
- Additional functions
Fifteenth and Sixteenth Sittings (3 May 2016)
The amendments tabled for these sessions discussed:
- National Security Notices
- Maintenance of Technical Capability
- Warrants: notification by Judicial Commissioner
More detailed account of the discussed amendments can be found on ORG's blog.
This was the last Public Committee sitting. The IP Bill will now go through Report Stage followed by Third Reading of the Bill in the House of Commons. The dates have not been announced yet.
Updated version of the Bill showing changes made in the Committee is available here.
IP Bill Written evidence – Access Now
Access Now submitted written evidence addressing the Investigatory Powers Bill's impact on human rights.
The evidence relates to:
- International law and Integrity of Communications and Systems
- Data Retention
Point of Order – Caroline Lucas
Caroline Lucas MP asked for advice, in the light of press reports exposing how she and other members of the Green Party have been monitored by a police unit, on the best way to raise the matter so the Home Secretary would make a statement to the House on the methods of surveillance.
John Bercow MP, Speaker of the House of Commons, acknowledged that this is a disturbing matter but advised her to find other ways by which to address her concerns, as he is not aware of the surveillance being related to her activities as a Member of Parliament.
Written Question on Online Abuse
Lord Ahmad of Wimbledon responded that the Home Office has implemented an 'online flag' as part of the police recorded crime data collection to enable police to record cases of online abuse. New fraud and cyber questions have been added to Crime Survey for England and Wales to be able to provide cyber crimes estimates. Major technology firms were engaged to remove 19,000 digital fingerprints of child sexual material and prevent their sharing on their platforms and services.
Written Question on Driverless Cars
Anna Soubry MP responded that
“Government believes connected and autonomous vehicles should be “secure by design” and handle data appropriately. We are working closely with industry to achieve these aims as part of a wider programme of activity to ensure that the significant opportunities of these technologies can be realised safely and securely.”
Written Question on Unmanned Air Vehicles
Robert Goodwill MP responded that drone operators with a potential to collect personal data must comply with the Data Protection Act 1998. The requirements are regulated by the Information Commissioner's Office (ICO) and they provide clear guidance to operators.
Other National Developments
Google AI Accessing NHS Patient Data
One of the Google acquired companies, DeepMind, has been given access of up to 1.6 million patient records from Royal Free NHS Trust hospitals. The exposed data-sharing agreement between Google and NHS Trust gives DeepMind access to information about people with HIV, details of drug overdoses and abortions, and access to patient data from the last five years.
DeepMind has been using the data to build an app Streams to facilitate monitoring of patients with kidney disease. The tool is supposed to serve doctors and nurses. However, since there is no specific dataset for people with kidney conditions, Google has been obtaining all of the data. The data includes daily hospital activity – location and status of patients, visitors and visit times, pathology and radiology test results, and historical data from critical care and accident and emergency departments. According to the document, additionally to the Stream app this data is being used to develop a platform – Patient Rescue for analytics services to NHS hospital trusts.
Data running through the platform will facilitate creation of other tools enabling real-time analysis to support diagnostic decisions. It will allow for a comparison of patient's information with millions of other patients and prediction of early stages of a disease not showing any symptoms yet.
The situation is particularly worrisome because Google is already one of the most powerful companies in the world and now Is getting control over health analytics. Also the agreement allows for data of all patients to be passed on, not only those who would benefit from having their data given to DeepMind. According to the World Medical Association's (WMA) Declaration of Helsinky,
“Participation by individuals capable of giving informed consent as subjects in medical research must be voluntary. Although it may be appropriate to consult family members or community leaders, no individual capable of giving informed consent may be enrolled in a research study unless he or she freely agrees.”
Patients are legally entitled to have an option to opt out. It can be done by contacting the information governance lead/data protection officer at the Royal Free at the address:
Data protection officer
Royal Free London NHS Foundation Trust Royal Free Hospital Pond Street London, NW3 2QG
While making a request, patients should make it clear that they wish for no information about themselves to be passed on to Google and for any already uploaded information to be completely deleted. This is only rough guidance. There is no official public information on how to opt out.
IPO Made Up Research on 10-Year Jail Sentence
After announcing two weeks ago that jail sentences for online copyright infringement will increase from two to ten years, the Intellectual Property Office informed The Register that the research they based their decision on was not an actual research. The response to a freedom of information request states that
“The term "unpublished research" in the context of this report was meant to refer to inferences and conclusions drawn following the IPO’s internal policy formulation and development. […] Such information was derived from our analysis of the evidence and opinion provided to us by a wide spectrum of interested parties, over the consultation period.”
According to the official statements referring to the report Penalty Fair?, the rationale behind the 10-year sentence was harmonisation with physical infringement which is at 10 years at the moment. However, the report concluded that increasing the jail sentence for online infringement was the wrong approach and instead more substantial financial penalties should be available to address online infringement. By misinterpreting the reports recommendations, the IPO admits that the research the jail sentence is backed by, is its own internal conclusions.
Greenpeace Netherlands leaked the draft text of the US-EU free trade agreement, the Trans-Atlantic Trade and Investment Partnership (TTIP), revealing the US demands in more detail. The document confirms previously articulated concerns around the Investment-State Dispute Settlement mechanism and regulatory cooperation.
There are a number of issues regarding telecommunications, data and encryption. The EDRi analysis points out that the agreement would give excessive powers to telecom regulators.
“Regulators would have the power to ignore democratically agreed laws if it decided, entirely at its own discretion, that the enforcement was not needed to “prevent unreasonable or discriminatory practices” or, to protect consumers, for example.”
The confidentiality of electronic communications would be affected under the provision stating that even though EU and US have to ensure the confidentiality, they should do it “without restricting trade services”. The question remains whether data protection provision would constitute a trade restriction.
However, text on most of digital rights issues has not been tabled yet. One of the reasons is the missing Privacy Shield agreement that would set out a framework for the TTIP. The State of Play part of leaked documents revealed that
“the US remains unwilling to table, at this stage, concrete proposals on more sensitive offensive interests that have been expressed by some of its right holders or that are explicitly referred to in its TPA (for instance on patents, on technical protection measures and digital rights management or on enforcement).”
The US suggested that the Intellectual Property Rights chapter should not be a standard Trans-Pacific Partnership type text.
The documents show that many areas of discussion are not close enough to reach an agreement. It would not be an unlikely development if the negotiations fail due to the leaks.
Official Publication of the GDPR
The European Parliament has published the General Data Protection Regulation in the Official Journal of the European Union, meaning it will become law on 25 May 2016 and will come into effect two years later. For now, companies have not received any guidance on how to implement the law in practice. The Article 29 Data Protection Working Party announced they will publish their first set of guidance on the regulation only in September.
The European Commission released a statement announcing their agreement with the Council on the EU-wide rules to make the websites and mobile apps of public sector bodies more accessible, particularly to those with disabilities. Andrus Ansip, Vice-President for the Digital Single Market, said:
"Internet access should be a reality for everyone. Leaving millions of Europeans behind is not an option. Tonight's agreement is an important step towards a Digital Single Market, which is about removing barriers so that all Europeans can get the best from the digital world."
The Directive will refer to the standards to make websites and mobile apps more accessible will require their regular reporting and monitoring. The text still needs to be formally approved by the European Parliament and the Council.
WhatsApp Temporarily Shuts Down in Brazil
WhatsApp service suspended in Brazil following a court order requiring all mobile phone providers to block WhatsApp for 72 hours. The order was issued regarding an ongoing drug case. The order was lifted on an appeal after less than 24 hours.
WhatsApp is one of the most popular communications platforms in Brazils. During the ban, they were still able to use the app on Wifi or through VPN. WhatsApp has been handed subpoenas to cooperate in drug cases before. However their end-to-end encryption does not allow for information to be disclosed because there is no actual information stored.
The court order follows the trend of governments making tech companies disclose encrypted information. There is a bill currently passing through parliament in Brazil that would make shutting down services legal.
ORG Media Coverage
See ORG Press Coverage for full details.
- 2016-04-28- The Guardian- UK nominees for judge at European court of human rights revealed
- Author: Owen Bowcott
- Summary: ORG mention in relation to a ECtHR nominee previously defending ORG cases.
- 2016-05-05- ZD Net-UK gov't admits pulling 10-year file-sharing jail term out of thin air
- Author: Charlie Osborne
- Summary: ORG mention in relation to responses sent to the sentence consultation.