ORG policy update/2016-w21

This is ORG's Policy Update for the week beginning 23/05/2016.

If you are reading this online, you can also subscribe to the email version.

ORG's work

  • We are launching a Freedom of Panorama campaign asking members of the public to gather pictures as evidence for the European Commission. Read more here.
  • We've been working on amendments to the IPBill.

Official Meetings

  • Ed Johnson-Williams conducted security training for Open Democracy.
  • Pam Cowburn spoke on BBC Radio Oxford discussing the use of e-receipts.
  • Jim Killock recorded a podcast for IVPN.
  • Javier Ruiz attended a D-CENT event 'Commons technology and the right to a democratic city' in Madrid this week.

Parliament

IPBill – Independent review of bulk powers

The Home Secretary Theresa May MP has agreed to examine operational case for bulk powers in the IPBill in a letter to Andy Burnham MP. The review will be lead by the Independent Reviewer of Terrorism Legislation David Anderson QC over the summer. The decision comes one week after some Tory backbenchers raised concerns about data collection powers being too wide and too many agencies having access to them.

The independent review will be established under David Anderson QC and two other expert reviewers with security clearance. Their report is due to be ready for the committee stage in the House of Lords this summer.

Establishing the review of bulk powers was only one of seven areas in need of significant movement, outlined by Labour in another letter to the Home Secretary. Theresa May MP also addressed the monitoring of legitimate trade union activity in her response to Andy Burnham MP. The Bill will amend the provision related to trade unions and will make sure that the security and intelligence agencies cannot monitor legitimate trade union activity.

Labour previously abstained from voting on the Bill and warned if significant changes are not made to the Bill, they might vote it down. Even though these two concessions are an improvement, there still are outstanding issues with the IPBill. If not resolved, Labour will not give their support to the Bill.

Andy Burnham MP responded to the Home Secretary with another letter expressing his appreciation of the promise to establish an independent review of bulk powers and acknowledgement of the amendment to prevent the monitoring of legitimate trade union activity.

The other areas that Labour say need significant changes are:

  • Privacy clause
  • Internet Connection Records
  • Judicial authorisation and modification of warrants
  • Protection for sensitive professions
  • Health records.
Andy Burnham MP felt extremely positive about this and said:
“That is a major concession—historic, even—and I am certain that it will go a long way to reassuring Opposition Members. There is still a considerable way to go before the Investigatory Powers Bill becomes acceptable, but this letter shows that the Home Secretary is listening, which bodes well for the rest of the Bill’s passage.”

Graham Smith offers an excellent account of differences between content and metadata, a great reading to understand what the new Anderson report will focus on. Jim Killock explains what needs to be done for the review to be 'meaningful'. In particular he highlights the need to assess programmes on a case-by-case basis. He also looked at the other demands and their likelihood of being met.

The date for the Report Stage of the Bill has been announced as 6 June 2016. The Bill will move onto its Third Reading soon after.

Government response to Surveillance Camera Commissioner's review

The Surveillance Camera Commissioner received a response from the Minister of State for Policing, Fire, Criminal Justice and Victims regarding the review into the impact and operation of the Surveillance Camera Code of Practice submitted earlier in April. The strategy laid out how the public will be reassured that surveillance cameras are put in place to protect them rather than to look at them. The strategic plan is meant to be put in place by March 2020.

One of the recommendations introduced by the Surveillance Camera Commissioner Tony Porter suggested that enforcement and sanction powers in the hands of the Surveillance Camera Commissioner office would improve compliance. However, the government response showed a hesitant stance towards the switch of powers from the Information Commissioner because of potential confusion.

Post-legislative scrutiny of Protection of Freedoms Act 2012 is due in 2017 and with it could come a review of enforcement and sanction powers.

National Cyber Security Centre Prospectus

The Cabinet Office published the prospectus outlining the work and goals of the newly established National Cyber Security Centre (NCSC). The NCSC will be launched this October.

The prospectus outlines how the NCSC will perform as a link between industry and government on cyber security issues. Matt Hancock, the Cabinet Office Minister, said
“I want it to become a hub of world-class, user-friendly expertise: a global leader under the steady hand of Ciaran Martin, bridging the gap between the worlds of government and industry.”

Biometrics Commissioner's annual report 2015

The Biometrics Commissioner Alistair MacGregor published a further report to complement the annual report released in March this year. The first part of the report revealed that the number of biometric records kept on the counter-terror database has risen since October 2013.

The second part of the report released this week mainly concentrates on two issues:

  • the retention of biometrics by the police on the grounds of national security – especially wrongful retention of biometric records on the CT databases
  • sufficiency of the remedial, preventative and mitigatory work undertaken by the Metropolitan Police

Other national developments

Three UK running a 24-hour ad-free test

News about one of the UK mobile phone providers going ad-free came after last week's round table on ad-blocking attended by industry members, government and civil society. Three is going to run a 24-hour adblocking trial in June. The company announced their intentions earlier this year when they started working on network-level blocking technology.

Three claims their ad-free technology will revolutionise mobile advertising. Its impact is yet to be seen but it is clear already that if the network level adblocking technology is successful, it will have major impact on smaller media owners. In the long run, consumers can fall victims to the ad-free network and will be potentially required to pay for services currently supported by advertising.

Three's reasoning lies within unnecessary charges for increased data usage caused by adverts. They hope to protect customers' privacy by eliminating their exposure to data mining ads. More mobile operators are likely to follow Three's lead. EE mentioned in 2015 that they were discussing possibilities of introducing adblocking on their network.

Three is scheduled to reach out to their customers to ask them to agree to take part in the trial in the week commencing 13 June.

Europe

Privacy Shield update

EU national representatives did not manage to agree on the Privacy-Shield deal earlier this week. They stated that more time is necessary evaluate the implications of the proposal.

The Article 31 group, currently deciding on the deal, should make their decision before the end of June. If the group does not consent, the commission could:

  • drop the proposal,
  • appeal against the results of the vote,
  • submit a revised draft.

The EU national ministers for telecommunications and digital economy signed a letter to the European Commission demanding that data should flow freely within the EU. Their letter is seen as a pressure tool to proceed with the Privacy Shield deal.

The European Data Protection Supervisor (EDPS) Giovanni Buttarelli is due to release his opinion on the Privacy Shield deal next Monday. He said previously he agrees with the Article 29 working group opinion on the deal. It is unlikely his opinion statement will be encouraging to push the proposal on the deal in its current form.

A vast majority of the European Parliament Members approved a resolution on 26 May that said the Privacy Shield proposals need more work. The resolution is not binding but puts more pressure on the Commission. The MEPs were told that the Commission is currently clarifying points, including independence of the new privacy ombudsman in the US State Department and how long EU citizens' data can be stored in the US.

Geo-blocking on audio and visual services

According to the proposals released by the European Commission this week, they aim to make access to online goods and services easier for customers across EU. However, the proposal to ban geo-blocking, as previously announced, is not going to be applied on all online services.

The proposal does not lift the ban on online services providing access to films and music across EU. Copyright providers explained that prices in in each country are different according to the relative purchasing power and customers could be moving to cheaper platforms.

The ban however does not apply to online retailers based in a different place than the customer's home country. For the time being, on-demand streaming services such as Netflix or Amazon Prime will be available only in the country where customer purchased them. Andrus Ansip, Vice President for the Digital Single Market, made clear that the proposal is a compromise. The portability model will be first applied to areas where it is more likely to succeed.
“We will start with tangible goods, services that are consumed locally, like car rental, hotel rooms, and after 2018 it will include data clouds, data warehousing, and hopefully soon we will be able to deal with audiovisual content.”

Proposals on portability will be discussed at another time. This would allow subscribers to access domestic subscription services from other EU countries while travelling.

Europol & ENISA joint statement on data protection

The European Union Agency for Network and Information Security (ENISA) and Europol issued a joint statement on data protection following the debate on encryption, protection of privacy and security.

The statement says,
“Solutions that intentionally weaken technical protection mechanisms to support law enforcement will intrinsically weaken the protection against criminals as well, which makes an easy solution impossible.”
Both organisations call for collecting and sharing best practices to circumvent encryption.
“When circumvention is not possible yet access to encrypted information is imperative for security and justice, then feasible solutions to decryption without weakening the protective mechanisms must be offered, both in legislation and through continuous technical evolution.”

The statement shows that neither of the agencies is overly keen on backdoors to encryption. What they are suggesting is a balance between research and collaboration of EU agencies.

ORG media coverage

See ORG Press Coverage for full details.

2016-05-23-The Drum-7 ways publishers can survive in an ad blocked web
Author: Ronan Shields
Summary: ORG mentioned attending a round table on ad-blocking.
2016-05-23-The Inquirer-Open Rights Group baulks at Queen's new data sharing legislation
Author: Dave Neal
Summary: ORG quoted on the position towards data sharing and the Queen's Speech.
2016-05-24-Open Democracy-Report: Impacts of surveillance on contemporary British activism
Author: Gilbert Ramsay, Adam Ramsay, and Sarah Marsden
Summary: Jim Killock mentioned as inspiration for the report.
2016-05-24-Telecompaper-Waterstones to stop selling e-books
Summary: Jim Killock quoted on the Digital Rights Management dysfunctionality in the Waterstones ebook case.
2016-05-25-The Ferret-Prisoners outwit £1.2m mobile phone blocking technology
Summary: Jim Killock quoted on the necessity for more transparency about how IMSI catchers are used in prisons.

ORG Contact Details

Staff page