ORG policy update/2016-w34
This is ORG's Policy Update for the week beginning 22/08/2016.
If you are reading this online, you can also subscribe to the email version.
ORG's work
- Javier Ruiz spoke at a conference on Private Sector Engagement in Responding to the Use of the Internet and ICT for Terrorist Purposes in Zurich, Switzerland. The event was organised by the UN Counter-Terrorism Committee Executive Directorate and the ICT for Peace Foundation.
Parliament
IPBill
The Committee on the IPBill is scheduled to resume in the House of Lords on 5 September.
New amendments (1, 2)have been tabled already by Lord Paddick and Baroness Hamwee. The amendments include removing clauses 185 and 186 on bulk personal dataset warrants. They also submitted amendments to make purpose of bulk interception warrants always specified.
The Committee stage in the House of Lords has so far shown strong opposition to the Bill from Liberal Democrats; however not so much from Labour despite Tom Watson MP making a public statement on possibilities of staying “safe without creating a surveillance state”.
A case of misuse of powers dealt with in the IPBill has been reported over the Summer recess that could provide more ground for discussions in September. Reportedly MI5 has been avoiding requirements to seek independent approval for accessing the public's internet, email and phone records.
Independent Review of Bulk Powers
David Anderson finished his Review of Bulk Powers.
The review looked at four subjects:
- bulk interception
- bulk acquisition
- bulk equipment interference
- bulk personal datasets
Anderson made clear at the beginning of the report that the review is not supposed to advise on desirability of the powers or on the safeguards that should be applied to them. The proportionality of bulk powers is to be considered by Parliament.
The conclusions in the review clearly state that there are proven operational cases for three of the four examined areas: bulk interception, acquisition and personal datasets. The bulk equipment interference power is not currently authorised but Anderson sees it as an important capability that shows a distinct operational case in relation to counter-terrorism, counter-proliferation and cyber-defence.
The review also concludes that same results could have been achieved through alternative investigative methods only in some cases and bulk powers are not interchangeable with with other methods.
Only one recommendation for reform was made in the review – the creation of a new Technical Advisory Panel of independent security cleared experts to support the Investigatory Powers Commissioner.
Despite the review giving answers to whether there is an operational case for bulk powers, it failed to look at the wider impacts of mass surveillance. As such, the report only shows one side of the story and the powers should be subjected to further public debate. Javier Ruiz offers more detailed account of the review's shortcomings in a blog.
Written question on reduced visibility of illegal streaming websites
Nigel Adams MP submitted a written question to the Secretary of State for Business, Energy and Industrial Strategy on whether there are potential merits of requiring search engines to change their algorithms to reduce the visibility of illegal streaming websites.
Jo Johnson MP responded that the Minister of State for Energy and Intellectual Property holds regular meeting with the UK's leading search engine providers, who have taken steps to reduce the prominence of copyright infringing websites in their search results. The steps included changes in algorithms an changes to the autocomplete suggestions.
Other national developments
GCHQ challenged by Privacy International
Privacy International together with five internet and communications providers filed a challenge to the European Court of Human Rights (ECtHR) against GCHQ regarding their use of bulk powers abroad.
Their first complaint over UK's bulk hacking powers was filed in 2014 at the Investigatory Powers Tribunal. The court ruled that CGHQ's hacking was legal under the Intelligence Service Act 1994. The current challenge is aiming to determine whether the interpretation of the Intelligence Service Act for bulk hacking powers is compliant with the European Convention on Human Rights.
Bulk hacking powers are likely to be soon authorised in the Investigatory Powers Bill after the terror watchdog, David Anderson David Anderson, published his review last week. The review cautiously endorses the operational case for bulk hacking while admitting that there is no supporting evidence yet for these novel powers
BBC TV license spying
Watching BBC TV shows online will require a TV license from 1 September. In light of these changes, Telegraph reported that the BBC will be able to spy on internet users with a new generation of wifi detection vans. Their claims were based on a report published by the National Audit Office (NAO).
The NAO report claims that the BBC is capable of detecting people watching live programming on a range of non-TV devices.
The new BBC's abilities to detect online watching raised questions about surveillance of internet users. However, the Corporation insisted they would not be able to spy on other Internet usage. The whole technology behind the detection of online program watching remains blurry. The BBC issued a statement saying
“While we don’t discuss the details of how detection works for obvious reasons, it is wrong to suggest that our technology involves capturing data from private Wi-Fi networks.”
Jo Cavan leaving IOCCO
The head of IOCCO, Jo Cavan, will be taking on a new job at GCHQ's National Technical Assistance Centre (NTAC). NTAC manages the delivery of intercepted communications to the nine agencies which may apply for them in the UK.
NTAC does not apply for the interception warrants but it manages the delivery of material that the warrants have been issued to cover. Cavan has been praised for increasing the levels of transparency within the intelligence agencies and law enforcement. She is expected to continue in the same direction while working at NTAC.
IOCCO has started the recruitment process to replace Cavan but has not offered any specifications on dates of appointing the new head of the Office.
Surveillance Commissioners appointments
In June 2016 the then Prime Minister David Cameron MP approved the appointment and reappointment of Surveillance Commissioners and Assistant Surveillance Commissioners. All Commissioners are appointed for a term of 3 years.
Surveillance Commissioners are Lord Bonomy, Sir John Saunders, Sir John Sheil and Lord Bracadale. The reappointed Assistant Surveillance Commissioners are His Honour Norman Jones and Sir David Clarke.
Phones in prison
The new measures introduced in the Serious Crime Act will give powers to prison governors to remotely cut off the phones used in jails by inmates. They will be able to avoid physically finding illegally-held mobiles or use expensive mobile phone blocking technology.
Prisons will be able to apply to the courts for a Telecommunications Restriction Order (TRO) once they identified a number. They will rely on a collaboration with mobile networks who will be instructed to blacklist the phone remotely.
The new powers will be overseen by the Investigatory Powers Commissioner who will assess the effectiveness of TROs.
Europe
Leaked Impact Assessment on the copyright reform
Statewatch leaked a draft version of the Impact Assesment report of the copyright reform. The report raised concerns over publishers' rights.
The ancillary copyright for was criticised previously when Spain and Germany essentially attempted to introduce levy for short snippets of news made available by news aggregators and web search engines. The ancillary copyright is due to be harmonised across the EU states and it appears that the Impact Assessment took guidance from the publishers' consultation submissions.
Andrus Ansip, Vice President for the Digital Single Market, stated just several days prior to the leak that the European Commission does not intend to tax hyperlinks. However the leaked draft clearly states that they will introduce ancillary copyright for news publishers.
The introduction of ancillary copyright as outlined in the Impact Assessment would have negative consequences for educators, cultural heritage instituions, Internet users and creators.
Internet access to be a legal right
EU universal services rules will legally broadband internet access. The new rule will make national governments responsible for guaranteed internet access instead of private telecom companies. The proposal is scheduled to be published in September.
National governments will be expected under the new law to secure rural areas and provide them with cheap internet access. The law should also make changes to building copper broadband networks. The proposal should secure spreading of fiber glass broadband infrastructure.
Appointment of the new UK Commissioner
The president of the European Commission, Jean-Claude Juncker announced his intentions to nominate Sir Julian King for he UK's Commissioner. If his appointment is approved by the European Parliament, he will serve as Commissioner for Security Union.
King is the former UK ambassador to France and Ireland. He replaces Jonathan Hill who resigned as Financial Services Commissioner after the Brexit referendum vote.
The Security Union is a newly-created institution that is supposed to respond to the threat posed by radicalisation and by foreign fighters returning from Syria. King will work under the guidance of Commission First Vice-President Frans Timmermans.
OTT services to be included in E-privacy Directive
The European Commission published the preliminary findings of the public consultation on the review of the E-Privacy Directive. More than three quarters of citizens and civil society organisations responding to the consultation believe the law should cover over-the-top service providers (WhatsApp, Gmail, Messenger and Skype). At the moment the directive only applies to telco companies; however it is due to be updated to be made compatible with the General Data Protection Regulation (GDPR).
More than 80 percent of responses representing consumer rights agreed it would be beneficial to have specific privacy rules for the electronic communications sector to ensure the confidentiality of electronic communications. Similar proportion of responses also said these rules should cover OTT services.
Public authorities and industry were more satisfied with the E-Privacy Directive reaching its objectives. However the OTT service providers are contending the rule application to their end-to-end encryption messaging services. They argue that the E-Privacy Directive would eventually weaken privacy provisions since member states would be able to overrule them in the interests of national security. The status of encryption under the revised law is not clear at the moment.
The Commission is expected to present the proposals for the new E-Privacy Directive by the end of the year.
France to launch a European initiative to tackle use of encryption in terrorism
France's interior minister Bernard Cazaneuve revealed his intentions to start an international initiative to deal with messaging apps that use encryption. The initiative is supposed to tackle the use of encryption technology by terrorists.
France is hoping to work with Germany to launch a European initiative that is supposed to become a global one. The purpose of the initiative, however, goes against recommendations from several other bodies. France's digital affairs deputy minister Axelle Lemaire rejected an amendment to a new Law for the Digital Republic calling for tech companies to provide backdoors to encrypted systems. The European Data Protection Supervisor, Giovanni Buttarelli, also recommended to allow the use of end-to-end encryption to protect electronic communications.
International developments
Pakistan's new cyber law
Pakistan's National Assembly approved a new cybercrime law. Digital rights activists raised serious concerns about the law putting innocent citizens in jail or fining them for criticising the authorities or government.
The government claims that the law is supposed to be used to crackdown on spamming, online stalking and cyber terrorism.
The bill also tackles instances of offending Islam, promoting vulgarity and damaging reputation by imposing new restrictions in these areas.
The law introduced another new crime “against dignity of a natural person”. The cybercrime bill makes it an offence to intentionally distribute false information through any information system (including social media) that harms the reputation or privacy of a natural person.
Another cause for concern is the reach of the law.
“It shall also apply to any act committed outside Pakistan by any person if the act constitutes an offence under this Act and affects a person, property, information system, or data located in Pakistan.”
The Pakistani opposition party challenged the law in Lahore's High Court on the grounds of being in conflict with the basic human rights. They argued the law could be used to target political dissidents and opposition.
ORG media coverage
See ORG Press Coverage for full details.
- 2016-07-29-The Guardian-Email slip-up exposes Kelvin Mackenzie hijab slur complainant details
- Author: Kevin Rawlinson & Chris Johnston
- Summary: Jim Killock quoted on negative consequences that accidental disclosure of personal information could have on people making complaints to the Independent Press Standards Organisation.
- 2016-08-08- IB Times-The NSA zero-day stockpile may only contain 'dozens' of vulnerabilities, researcher claims
- Author: Jason Murdock
- Summary: ORG's report on GCHQ and UK Mass Surveillance quoted in the article.
- 2016-08-11-The Register-Head of UK oversight body to join GCHQ 'tech help desk'*
- Author: Alexander J Martin
- Summary: Javier Ruiz quoted on the positive impact of Jo Cavan at IOCCO.
- 2016-08-16-The Washington Post-Online voting could be really convenient. But it's still probably a terrible idea.
- Author: Andre Peterson
- Summary: ORG mentioned in connection to the evaluation of Estonia's 2013 online voting system.
- 2016-08-17-Sputnik News-Enormous Threats to Human Rights Over UK Bulk Surveillance – Campaigners
- Summary: Javier Ruiz quoted on bulk collection powers reaching too far.
- 2016-08-19-Open democracy-Care.data is dead - long live care.data?
- Author: Phil Booth
- Summary: ORG quoted on the Digital Economy Bill creating data sharing powers to enable poorly outline policies.
- 2016-08-19-The Inquirer-Spy agencies' love of bulk data set has merit, so Snoopers' Charter is fair
- Author: Dan Worth
- Summary: ORG quoted on the Review of Bulk Powers by David Anderson representing only one side of the story.
- 2016-08-22-Computer Weekly-Mixed reaction to Anderson review of bulk surveillance powers
- Author: Warwick Ashford
- Summary: ORG quoted on the Review of Bulk Powers by David Anderson representing only one side of the story.