ORG policy update/2016-w28

This is ORG's Policy Update for the week beginning 11/07/2016.

If you are reading this online, you can also subscribe to the email version.

ORG's work

• ORG, as a member of Don’t Spy On Us, issued a public statement for the Lords this week asking people to sign up. Over 3000 people have signed up to the statement. You can see the statement here.
• We have been working with our partners at EDRi on a net neutrality campaign and contacting our supporters. The public consultation on new net neutrality rules is closing soon. You can take action on the Save the Internet page!
• Last week we organised a talk with Naomi Colvin from Courage Foundation on Lauri Love extradition case. The video from the event can be accessed here.
• ORG is organising the second workshop in our Cybersecurity Risks series. The workshop will take place on 20 July at London Southbank University. You can sign up on our London Meetup page!

Official meetings

• ORG held its advisory council meeting this week to discuss the current political climate, Brexit, IPBill and our future steps.
• Javier Ruiz met with researchers from the University of Johannesburg working on communications surveillance in South Africa.

Parliament

IPBill

The IPBill was debated in Committee in the House of Lords on 11 and 13 July. Generally, the Government showed little flexibility in the debate on submitted amendments and the live broadcast revealed very poor attendance by the Lords. It is still not clear who is leading on the IPBill from the Labour Party.

• First sitting – 11 July

These are some of the points and amendments discussed during the first day of the Committee stage:

-little scrutiny of the draft Codes of Practice

-overarching privacy clause

It has been stressed by Lord Paddick and Baroness Hamwee, as well as other Lib Dem and Labour Lords, that the current overarching privacy clause is not satisfactory. The two peers proposed to include the 10 tests suggested by the Royal United Services Institute (RUSI) in the IPBill to ensure the privacy clause goes beyond proportionality and transparency. They withdrew their amendment.

Lord Keen of Elie published a letter to Lord Rooker, where he explained how the Bill meets the ten test criteria already and has been approved by RUSI.

-offences

A point has been raised that various offences are scattered throughout the Bill causing lack of clarity and transparency. Instead, it was suggested there should be one section grouping all offense from different parts together.

-justice for victims of phone hacking

Lady Hollins, using her own experience of a hacking victim, brought forward several amendments that were renamed ‘Leveson amendments’. These amendments outline how victims of hacking can claim justice. However, the discussion only tackled hacking by press and media, not by authorities. Even though these amendments were widely supported by the peers, it was pointed out by Earl Howe that the purpose of this legislation is not to regulate the press.

-the offence of unlawful interception should also cover private postal services

In the Bill, the offence of unlawful interception covers only public telecommunications systems, private telecommunications systems and public postal services. Lord Paddick demanded the private postal services to be included in the offence too.

-missing statutory public interest defence for voicemail interception

Lord Strasburger introduced amendments that would allow journalists and NGOs to use public interest defence in case of voicemail interception while uncovering information important to the public. His amendments were met with a wave of criticism for providing a blank card to journalists and NGOs due to the lack of existing definition of public interest.

• Second sitting – 13 July

These are some of the points and amendments discussed during the first day of the Committee stage:

-removal of judicial review

Baroness Hamwee proposed to remove the requirement to conduct the judicial review on the grounds of confusion. The Bill does not make it clear whether it merely refers to a process or it is

-weight of the double lock authorisation

Lord Rooker pointed out, in terms of the double lock authorisation, the legal contribution should not be equal to the ministerial contribution. It is the minister who takes final decision.

-applications to intercept and parliamentary privilege

Baroness Jones of Mouselcoomb proposed an amendment to applications to intercept to be made by a judicial commissioner instead of the Secretary of State via the Prime Minister. She specifically highlighted an issue with the Wilson doctrine and parliamentary privilege. The Wilson doctrine only covers targeted interceptions and leaves out incidental interceptions.

This amendment did not receive much support and was withdrawn.

-legal professional privilege

Lord Pannick submitted several probing amendments relating to the legal professional privilege. Their intention was to question whether the authorities should be allowed to listen into proper legal confidential discussions where there is no reason to suspect iniquity.

-encryption

Baroness Hayter submitted an amendment that would make it explicit that a company would be required to remove the electronic protection only where it had the current capacity to do so and that it should not have to engineer it.

This amendment was countered by the amendments submitted by the Earl Howe that would maintain the current legal position in relation to encryption and go no further.

The Committee in the House of Lords will resume on 19 July. Following sittings will take place on 5 and 7 September. The IPBill is expected to reach the Report stage in October.

The Court of Justice of the European Union is supposed to issue its opinion about the Data Retention and Investigatory Powers Act (DRIPA) case brought by Tom Watson MP and David Davis MP next week on 19 July. The judgement should follow three days later. The ruling will likely have impact on the IPBill.

Written question on passport photos

Keith Vaz asked the Secretary of State for the Home Department, what is being done to improve cybersecurity and prevent hacking of identification photographs for official documents submitted to HM Passport Office by the public using their own digital devices.

James Brokenshire MP, Minister of State for Security and Immigration, responded clarifying that digital photographs are required to meet the standards set by the International Civil Aviation Organisation. They are checked for compliance through the system and through the manual examination process.

Other national developments

Blockchain welfare trial

The UK Department for Work and Pensions has been testing a trial for welfare payments. The fintech startup GovCoin Systems Ltd. has been providing a more effective and tamper-proof technology for the trial which started in June.

The trial has been supported by Barclays, RWE npower and University College London. This is one of the first instances of using blockchain technology in the public sector.

David Freud (Lord Freud), the Minister for Welfare Reform at the Department for Work and Pensions said:

“Claimants are using an app on their phones through which they are receiving and spending their benefit payments. With their consent, their transactions are being recorded on a distributed ledger to support their financial management.”

There are several concerns about the privacy implications of "putting highly sensitive personal data on a shared ledger "which, by technical design, can never be changed or deleted even if it's inaccurate"."

Europe

Privacy Shield

The Privacy Shield agreement was finalised and has formally been adopted by the European Commission this week. This is not a drill. The data transfer regulation went into effect on 12 July and the US companies can certify their compliance from 1 August.

The US Department of Commerce is supposed to be conducting regular reviews ensuring compliance of US companies. The companies are required to self-certify that they meet higher data protection standards. The US intends to set clear limitations, safeguards and oversights mechanisms to regulate how law enforcement and federal agencies access the data of EU citizens. The US representatives also clarified that bulk data collection will be only carried out under specific preconditions and will be as targeted and focused as possible.

The deal requires setting up an ombudsperson who would be dealing with disputes concerning national security independently from federal security agencies. Individual complaints coming from EU citizens will be first dealt with on a national level through national data protection agencies and then forwarded to the US Department of Commerce or the Federal Trade Commission.

The Justice Commissioner Vera Jourova said that Privacy Shield would be tested and promised they would use the suspension clause if failings are found on the part of the US government or companies. Nonetheless, the updated data transfer regulation has been criticised on the grounds of not being good enough and containing only marginal changes. Green MEP Jan Phillip Albrecht said

“Testing doesn’t mean putting it into force indefinitely, there should be a time limit.”

Tech companies are generally satisfied with Privacy Shield. Some of the biggest tech companies such as Apple, Google and IBM are ready to implement the new framework and meet the compliance challenge.

Net neutrality and 5G

Major telecom companies called on EU net neutrality rules to be loosened in exchange for launching 5G networks in EU countries by 2020.

Telcos, including Nokia, BT and Vodafone, released the coalition's plans in a manifesto detailing how the companies will go about spreading 5G networks and warning against regulation keeping internet open. They intend to create a 5G Action Plan that would demonstrate benefits of using 5G networks in cars, health, public safety and entertainment. The companies are also asking for investment from countries to allow for the infrastructure needed to launch 5G in all EU Member States by 2020.

The manifesto labels open internet as not pragmatic enough to foster innovation.

“The telecom industry warns that current net neutrality guidelines, as put forward by BEREC [the Body of European Regulators], create significant uncertainties around 5G return on investment. Investments are therefore likely to be delayed unless regulators take a positive stance on innovation and stick to it."

Gunther Oettinger, Commissioner for Digital Economy and Society, welcomed the 5G Manifesto from the telcos and will include their input in the 5G Action Plan due to be presented by the European Commission in September.

Oettinger's endorsement of the manifesto has been criticised by digital rights groups. EDRi has criticised the actions of the European Commission saying they have been promoting the anti-net neutrality declaration at least three times on the European Commission's website. The digital rights group considers actions of the European Commission undermining the independence of the Body of European Regulators for Electronic Communications (BEREC) who interpret the EU regulation in places where the law is unclear.

The EU rejected amendments to legislation protecting net neutrality last October. The EU laws specify that telecoms are supposed to treat the internet traffic equally; however there are filled with loopholes. The laws on net neutrality, as they stand at the moment, allow for specialised services (self-driving cars, medical operation, etc.) to use the “fast lanes”.

Following the rejection in the European Parliament, the EU telecoms watchdog, BEREC has been holding a public consultation. The consultation on EU net neutrality rules is closing next week, 18 July. Public supporting the real net neutrality principles can make their voice heard through the Save the Internet campaign.

International developments

Microsoft wins against the US government

Microsoft won a case against the US government trying to compel them to hand over data held on a server in Ireland from an email account in a drug case.

In 2013, authorities obtained a Stored Communications Act (SCA) warrant signed by a judge as a part of a drug investigation and served it upon Microsoft. Microsoft refused to comply and they were charged with contempt, which they consequently challenged.

The US 2nd Circuit Court of Appeals ruled this week that the lower court's ruling does not apply outside the United States. The Stored Communications Act allows domestically-held data to be handed over to the US government. However, the data in this case has been held on servers in Ireland and the US government does not have jurisdiction.

The government can appeal the ruling or use the Mutual Legal Assistance Treaty process to contact Irish authorities to serve the warrant locally.

ORG backed the Microsoft’s side from the beginning of the case and signed up to an amicus curiae brief. Myles Jackman, ORG legal director, said

“We urge the UK Government to take note as the Investigatory Powers Bill will also attempt to create powers compelling overseas companies to do the UK's bidding. We need to establish a firm principle that companies abide by domestic law where they operate, rather than being answerable to every government across the globe that makes demands of them. The established route for requests for data by law enforcement agencies should be through treaties.”

ORG media coverage

See ORG Press Coverage for full details.

2016-07-08-Business Insider-Google DeepMind has a new head of security

Author: Sam Shead

Summary: ORG mentioned in relation to Ben Laurie, one of ORG’s directors, who became the new head of security for Google DeepMind.

2016-07-10-Herald Scotland-Agenda: Nik Williams of Scottish PEN calls for delay to IP Bill

Author: Nik Williams

Summary: ORG mentioned in relation to the call to pause the IPBill proceedings to give the Bill enough attention.

2016-07-10-Telecom Paper-ORG responds to UK Digital Economy Bill

Summary: ORG mentioned in relation to the response to the Digital Economy Bill.

2016-07-11-BBC News-Telecoms companies unite to sign 5G manifesto

Summary: Jim Killock quoted on blackmail practices of telecoms to weaken net neutrality.

2016-07-11-Tech Dirt-As UK Piracy Falls To Record Lows, Government Still Wants To Put Pirates In Jail For 10 Years

Author: Mike Masnick

Summary: ORG quoted on being promised by the IPO that 10-year jail sentences will not be targeting ordinary users.

2016-07-12-Th Inquirer-Theresa May becoming PM is a major blow for privacy

Author: Dave Neal

Summary: Jim Killock quoted on Theresa May having no positive impact on digital rights as Home Secretary.

2016-07-12-Business Insider-Theresa May becoming Prime Minister is bad news for privacy campaigners

Author: Sam Shead

Summary: Jim Killock quoted on Theresa May being the author of the most extreme surveillance laws in a modern democracy.

2016-07-12-The Independent-Theresa May could launch huge attack on privacy and internet surveillance protections as prime minister, campaigners warn

Author: Andrew Griffin

Summary: Jim Killock quoted on the implications of Brexit for data protection law.

2016-07-12-Express-You could get 10 YEARS in prison for pirating illegal songs, movies - Bill to beef-up law

Author: Aaron Brown

Summary: ORG quoted on age verification for porn sites bringing difficulties for privacy and free expression.

2016-07-12-Gizmodo-All Your Internet Are Belong to Theresa May and the IP Bill

Author: James O Malley

Summary: ORG mentioned in relation to working with Tom Watson.

2016-07-13-Computer Weekly-Investigatory Powers Bill: rushed through under cover of Brexit

Author: Tirath Bansal

Summary: ORG mentioned in relation to the call to pause the IPBill proceedings to give the Bill enough attention.

2016-07-13-Buzzfeed-Civil Liberties Groups Are Anxious About Theresa May

Author:James Ball

Summary: Jim Killock quoted on Theresa May potentially pushing for moving away from EU legal standards and ignoring EU data protection laws.

2016-07-14-Ars Technica-PM’s new Brexit chief is currently suing government over spying tactics

Author: Glyn Moody

Summary: Jim Killock quoted on the appointment of David Davis as a secretary for Brexit will not have impact on the DRIPA case at the European Court of Justice.

2016-07-14-BBC News-Major win for Microsoft in 'free for all' data case

Author: Dave Lee

Summary: Myles Jackman quoted on the US Court’s decision upholding the right to individual privacy.

ORG Contact Details

Staff page

• Jim Killock, Executive Director
• Javier Ruiz, Policy
• Ed Johnson-Williams, Campaigns
• Pam Cowburn, Communications
• Lee Maguire, Tech
• Myles Jackman, Legal Director
• Margarida Silva, Supporter Officer