ORG policy update/2016-w23
This is ORG's Policy Update for the week beginning 06/06/2016.
If you are reading this online, you can also subscribe to the email version.
ORG's work
- We were preparing for screenings of The Haystack documentary and Q&A's in London, Manchester and Bristol on Wednesday and Thursday. If you missed out, make sure you join our Meetup groups to know about events we are planning. There are more to come!
- ORG launched a new video featuring a public toilet illustrating what effects the new IPBill will have. You can still share the video and email your MP to contact the Home Office about the IPBill.
- ORG is still gathering evidence for the Freedom of Panorama campaign. We are collecting images that would be infringing on copyright if a new copyright proposal gets through the European Commission and Parliament. You can contribute with your pictures by tagging them on Flickr or Instagram as SaveFoP.
Official meetings
- Jim Killock attended an all party parliamentary group on data analytics at the Employer's Network for Equality and Inclusion on Tuesday.
- Jim Killock attended a briefing at Google on data privacy.
IPBill
The IPBill has finished its passage in the House of Commons on Tuesday with a final vote approving it by 444 to 69. Labour, in unison with the Conservatives, voted for the Bill to pass after the government allowed for some concessions (that Labour considers to be major) in the Bill. SNP, Lib Dem and Green MPs voted against. This map shows how each MP voted on the IPBill.
Transcripts of proceedings from the Report stage and Third Reading can be found here: Day 1 – 6 June, Day 2 – 7 June.
The result of the vote is hardly unexpected; nonetheless, the Labour opposition leaves something to be desired. During the Report stage, Labour managed to secure protections for trade unionists, got a promise of bulk powers review and finally managed to get a privacy clause on the face of the Bill. Earlier, both Andy Burnham MP and Keir Starmer said Labour would need more from the government before they could fully support the Bill. They appear to have settled with some concessions rather than to fight for all of them.
The Bill has seen over a thousand amendments submitted, vast majority by the SNP. Nearly the same amount was not voted on nor accepted. Some of the amendments that were rejected included protections for whistleblowers, notification of individuals of interception warrant existence, narrowing the scope of thematic warrants and requirement for reasonable suspicion of serious crime for an interception warrant to be issued.
The current version of the Bill can be found here.
The Bill has moved to the House of Lords on 8 June and will have its Second reading on 27 June. More amendments are expected to be passed while the bill is in the upper chamber due to no party majority in the House. Also it remains to be seen how the European Court of Justice will rule in the Davis and Watson case. The ruling could have an impact on data retention and “Filter”.
Public awareness and reporting on the IPBill
A research commissioned by Liberty on public's opinion of the Bill shows that 90% of those surveyed oppose the Government accessing their communications data or online activity if they are not suspected of or have committed a crime. Furthermore, 72% claimed not to have knowledge of what the Bill contains.
These figures reflect poor reporting by the mainstream media in the UK on the IPBill. It has been emphasised several times this week that BBC failed at covering the progress of the Bill. BBC has had a long relationship with intelligence services. The Corporation is known to have its hiring and firing of employees controlled by MI5. Recently, the BBC failed to report on Snowden leaks back in 2013 and appears to avoid anti-surveillance altogether. On the other hand, they seem to be more comfortable with making the public more appeased with intelligence agencies and surveillance.
Independent review of Bulk Powers
The Home Office published Terms of Reference for the independent review of the operational case for bulk powers announced by Theresa May MP earlier this month. The review was one of the seven areas of concerns Labour demanded to be changed before they would support the IPBill. The revision of the bulk powers included in the Bill is supposed to determine necessity and proportionality of such powers.
The review will concentrate on the operational case in four areas:
- Bulk Interception
- Bulk Equipment Interference
- Bulk Acquisition (Communications Data)
- Bulk Personal Datasets
The review will be undertaken by David Anderson QC and his three chosen independent reviewers with security clearance. They will report to the Prime Minister on the findings in time for the findings to be considered by the Lords Committee. The report might not be made available publicly due to possible prejudicing of the Security and Intelligence Agencies (MI5, MI6 and GCHQ) discharging their statutory functions. The Prime Minister will make the final decision on its publication.
Appointed independent reviewers
David Anderson QC announced his choice of specialists to help with the Review this week.
The three specialists are a security-cleared barrister, technical expert and a person with expertise in covert investigations:
- Cathryn McGahey is leading counsel to the Review. She is a barrister specialising in national security work, immigration law and public inquiries. She was junior counsel to the Bloody Sunday Inquiry from 2000 to 2010 and is currently co-counsel to the Independent Jersey Care Inquiry. McGahey has worked extensively both for and against government departments. She is skilled in interrogating evidence based on intelligence from the Agencies. She became a QC in 2016.
- Dr Robert L Nowill is technical adviser to the Review. (as he was previously to AQOT). He was the Director for Cyber and Assurance at BT until 2013. Before 2005, he was the Director of Technology & Engineering at GCHQ, having held a number of other technical and operational roles there previously. Nowill is a Chartered Engineer and Chartered IT Professional, a Fellow of the IET and of the BCS, and a Founder Fellow of the Institute of Information Security Professionals. He brings to the Review an understanding of the processes involved in the exercise of the powers under review, and will have the opportunity to test the technical assertions made to us by the Agencies.
- Gordon Meldrum QPM is investigatory adviser to the Review. He is one of the UK’s most experienced former chief police officers in the field of organised crime operations, having spent 30 years leading investigations in Scotland and in London. He brings to the Review particular expertise in the use of intelligence (including from the security and intelligence agencies) for the investigation of serious crime in the UK and internationally.
The appointment of Dr Robert L Nowill has been criticised due to his involvement with the GCHQ over five years in his career. It has been pointed out that his position might be biased when reviewing investigatory powers to be attributed to the agency.
Other Parliamentary business
Online Privacy Protection Bill
The Online Privacy Protection Bill has started its passage in the House of Lords. It has been sponsored by Lord Paddick (Lib Dem). The Bill is supposed to amend the Data Protection Act 1998 to make provision about the transparency of privacy notices. The First Reading was held on 7 June and the Bill is due to have its Second Reading date announced soon. This is a private members' bill and as such is unlikely to become a law.
Online Safety Bill
The Online Sate Bill has been brought in front of the House of Lords on 6 June for its First Reading. It has been sponsored by Baroness Howe of Idlicote (crossbench).The Bill makes provision about online safety and targets internet service providers and mobile phone operators. According to the Bill, these actors would be required to provide an internet service that would exclude adult-only content and to provide online safety information. The Bill also aims to educate parents on how to protect their children from various threats online. This Bill introduces provision on regulation of harmful content through on-demand services and licensing of pornographic services.
The date for the Bill’s Second Reading is due to be announced. This is a private members' bill and as such is unlikely to become a law.
Other national developments
Home Office grand database
It has been reported the Home Office has been working on implementing plans to create a centralised database. The project was described as a replatforming of the department's IT infrastructure.
Currently the data on the population is stored in various databases throughout the department. By connecting the databases it will become easier for the Home Office to follow individuals' records across all directorates.
The UK Home Office is commissioning private companies to help them build platforms suitable for unifying the databases. Among other initiatives, they aim to create interactive applications for border force and police officers to use while on the road.
The main concern stemming from the Home Office initiative is for the lack of accountability and oversight of their plans to create one grand database. The plans have not been scrutinised by Parliament, nor announced to the public.
UK may be overblocking online content
The Council of Europe published a report on blocking, filtering and take-down of illegal internet content warning regulation in the UK could be flagging content that is not necessarily harmful.
The report highlights that online content in the UK is mostly self-regulated by internet service providers policies - Community Standards or Acceptable Terms of Use. The watchdog said
“The threshold for the kind of material which may be subjected to removal is therefore much lower than that which might otherwise be prescribed by law. Being conducted by private entities with no particular obligation to respect fundamental human rights, there is less accountability associated with such than would be the case if it was carried out by public authorities, or prescribed by legislative rules.”
Provisions in different regulations and legislation appear to be more concerned with protection of ISPs from liability rather than freedom of expression. The report was particularly critical of the Internet Watch Foundation who were set up to police online child abuse material. The organisation lacks transparency in disclosing their blacklist and notices to website owners when they appear on the blacklist.
Countering the findings in the report, Christopher Yvon, UK permanent representative to the Council of Europe, said that the UK
“has a strong independent media and a democratic political system which combine to ensure that there are no government restrictions on access to the Internet.”
He continued by saying the government would like to find ways to incentivise industry even more, so they would take more responsibility for the content appearing on their networks.
Lack of scrutiny of MI5 data collection
Privacy International published letters from 2004 revealing the Interception of Communications Commissioner's Office (IOCCO) let MI5 to avoid regular scrutiny of its bulk collection. PI released the letters as part of the evidence obtained by them in the course of legal action against the government.
The correspondence occurred between Home Office lawyers, GCHQ and Sir Swinton Thomas (the Interception of Communications Commissioner at that time).
“In May 2004, a Home Office legal adviser wrote to Thomas backing an MI5 proposal that collecting bulk data from communication service providers for its “database project” be authorised under section 94 of the 1984 Telecommunications Act.”
Under the act, no notice is required to be put before parliament on the grounds of national security interest.
Thomas responded by suggesting the use of Regulation of Investigatoey Powers Act 2000 (RIPA) but backed down later when the Home Office objected. RIPA involves more open legal procedures and safeguards and would require monthly consideration of necessity and proportionality issues. GCHQ also asked for the access to communications data for its database to be considered lawful under the Telecommunications Act 1984 rather than RIPA.
The whole case points out holes in the oversight and insufficient transparency and resources. The relationship between interception watchdog and intelligence operations would benefit from more distance.
Europe
Leaked draft on net neutrality shows loopholes
The telecoms watchdog, the Body of European Regulators for Electronic Communications (BEREC) published guidelines that will clarify how the legislation on net neutrality, passed last October, will be enforced. Prior to making the guidelines official, BEREC is holding a public consultation with a deadline on 18 July. Citizens can provide their opinion and expertise to BEREC through SaveTheInternet.eu.
Leaked draft of the guidelines shows several loopholes allowing “zero rating” practices. These practices refer to those apps and services for which internet service providers do not count their use against customers' data caps.
Another loophole in the guidelines allows “specialised services”. Service providers are permitted to prioritise speed of certain services that would not be able to function otherwise. Officially, the guidelines do not support service providers in creating “fast lanes” for services at the expense of other users; however it is at the discretion of internet service providers to set the quality of services that cannot run without prioritised speed.
Even though digital rights activists have been pointing out loopholes in the draft guidelines, they consider the work of BEREC on the net neutrality legislation an improvement. On the other hand, telecom companies see the guidelines as unnecessarily strict, even surpassing the original legislation in their strictness. In their view, these rules will have a negative impact on the plans to introduce 5G networks by 2020.
International developments
US authorities want access to metadata
The US Congress is dealing with two different legislations that would impact the use of metadata by official authorities in a similar way the IPBill will in the UK. Under the legislations, National Security Letters are to include “Electronic Communication Transactional Records” (metadata). The NSLs demand personal information in terrorism and espionage investigations and are routinely issued to banks, ISPs, car dealears, insurance companies etc. The letters do not require judge's approval, nor showing of probable cause.
The Senate Judiciary Committee will be voting on the provisions this week in an amendment to the Electronic Communications Privacy Act Amendments Act of 2015. The amendment would allow fovernemnt to access email and data stored online. If not passed, the expansion of NSL powers can come by a revision of the Intelligence Authorization Act for Fiscal Year 2017.
ORG media coverage
See ORG Press Coverage for full details.
- 2016-06-06- Boing Boing-Britons! The Snoopers Charter is being debated today! Tweet your MP!
- Author: Cory Doctorow
- Summary: ORG mention in relation to a promotional video released earlier this week.
- 2016-06-06-The Inquirer-Snoopers' Charter: MPs start debating liberty and privacy
- Author: Dave Neal
- Summary: Jim Killock quoted on asking people to engage in the campaign. The article discussed a promotional video created by ORG.
- 2016-06-06-Here's why people are so worked up about the 'Snooper's Charter'
- Author: Rob Price
- Summary: ORG quoted on equipment interference being capable of delivering total information about a person.
- 2016-06-07-'Leaked report' reveals mass data fears
- Summary: Pam Cowburn quoted on mass surveillance making society less safe.
- 2016-06-07-The Troubling Metadata Sharing Program That Was Just Revealed in the UK
- Author: Joseph Cox
- Summary: Jim Killock quoted on lack of transparency, safeguards and accountability in MI5 data sharing practices.
- 2016-06-08-Business Insider-SECRET REPORT: UK spies have more data than they know what to do with
- Author: Rob Price
- Summary: Pam Cowburn quoted on mass surveillance making society less safe.
- 2016-06-08- The Inquirer- Snoopers' Charter: MPs vote 444 to 69 to approve a third reading
- Author: Dave Neal
- Summary: Jim Killock quoted on the results of the vote on the IPBill.