ORG policy update/2016-w37

This is ORG's Policy Update for the week beginning 12/09/2016.

If you are reading this online, you can also subscribe to the email version.

ORG's work

  • ORG launched a campaign this week asking supporters to reach out to their MPs about the Digital Economy Bill. You can still do so here.
  • ORG Birmingham is organising an event on 28 September on effects of the IPBill on press freedom. The event will also launch the Save our Sources petition to protect journalistic sources from state surveillance.

Official meetings

  • Javier Ruiz attended a series of meetings for an open source project in collaboration with Thoughtworks in Barcelona.
  • Javier Ruiz attended a meeting at Microsoft on UK-US data agreements
  • Javier Ruiz attended a workshop on ethical guidelines for the emotion-capture sector by Digital Catapult Centre.

Parliament

IPBill

The Investigatory Powers Bill finished its passage through the Committee stage in the House of Lords this week. The last sitting took place on 12 September.

The last day in the Committee was short with Lords debating amendments on the definition of national security, and review and potential sunset clause for the Bill.

The changes made to the Bill during the Committee are shown here.

The Bill will be further scrutinised in the House of Lords on 11 October when the Report stage starts.

Digital Economy Bill

The Digital Economy Bill went through its Second Reading in the House of Commons on 13 September.

The Bill is supposed to regulate a number of issues: access to digital service, digital infrastructure, online pornography, intellectual property, digital government, data sharing, public sector debt and fraud, and regulation of Ofcom.

ORG has serious concerns over three areas of the bill:

1. Ten year sentences for Online copyright infringement We previously submitted our response to the government's consultation regarding the penalties for online copyright. The majority of respondents objected to the new ten year sentence on the basis of being disproportionate.

The Bill in its current form contains a vague concept of creating a “risk of loss” to copyright holders. Our concern is that this provision could be used to target ordinary Internet users even though they should be exempt.

2. Age verification for online pornography From the little we know about how compulsory age verification for online pornography will be carried out, there are highly likely to be serious privacy concerns. Commercial pornographic websites may collect the exact identity details of their users and benefit from the new commercial opportunities.

Collection of the data creates risks of data breaches ('Ashley Madison' style) revealing personal sexual preferences. Additionally, amateur and smaller commercial websites will be burdened the by the costs of age verification posed on them.

The proposal to make payment providers responsible for enforcement will not be efficient; under 18s will still be able to access pornography on the Internet.

3. Data sharing We have been involved in the government process of open policy making on data sharing and we presented our concerns in a consultation response. These include bulk sharing of civil registration data, lack of strict safeguards on the face of the Bill and limited benefits from sharing the data on people's debt across government departments.

More information on other discussions in the debate can be found in an article by Heather Burns.

The Committee stage of the Digital Economy Bill (#DEBill) will start on 11 October.

Written question on information of breaches of security

Chi Onwurah MP submitted a written question the Secretary of State for Work and Pensions, asking about their policy on informing benefit claimants of breaches of security within the Department that would result in compromising the data.

Caroline Nokes MP responded that in the event of a security breach, the Department would notify any affected persons as soon as they are identified.

Written question on pornography

Philip Davies MP submitted a written question asking the Secretary of State for the Home Department, how many people have been arrested and charges on suspicion of allegedly disclosing private sexual photographs or films with intent to cause distress. Davies also requested the information on sex of the offenders.

Brandon Lewis MP, Minister of State for Policing and Fire Services, responded clarifying that the Home Office does not hold the information. Davies was advised that the Ministry of Justice Court Proceeding Database holds information on defendants against criminal offences in England and Wales.

Written question on data sharing

Justin Tomlinson MP submitted a written question to the Cabinet Office, asking what steps are being taken to improve data sharing across government departments and between government departments and local authorities.

Ben Gummer MP responded that the Cabinet Office held a consultation on data sharing with public authorities, academics, civil society and privacy groups. A number of provisions has been included in the Digital Economy Bill to enable government to share data more effectively. The government also established a Centre of Excellence for Information Sharing.

Other national developments

Report by the National Audit Office on the UK digital security

The National Audit Office released a report on the government's unsatisfactory approach to digital security.

The report reveals that government staff dealing with data security responsibilities lacks knowledge of who to contact for guidance on data security. The Cabinet Office, currently pushing for more data sharing across government in the Digital Economy Bill, was criticised for not setting up appropriate channels to tackle the guidance on digital security.

Furthermore, the report highlighted that security requirements for encryption are too problematic and costly for the majority of local authorities. Overall, the reporting of security breaches within government departments shows many disparities. The reports recommends developing a new approach to address all the troubling issues found within digital security.

GCHQ offering protection to businesses against hackers

GCHQ announced their plans to ask ISPs filter DNS requests with the aim of blocking users from accessing domains carrying malware.

Even though the proposal is still only in its infancy, there are clear and serious privacy, access, and security concerns. The same technology could be used to block access to all sorts of other websites. The proposal also relies on DNS requests remaining unencrypted - as they are now. Efforts such as [DNSSEC] to improve the security of DNS requests would stop this sort of DNS filtering working.

It has not been announced by when the proposal should be finalised.

Jim Killock explains in more detail why the GCHQ's dual mandate will inevitably end up creating conflict.

Europe

EU Copyright Reform

The European Commission presented their actual plan for the long-awaited copyright reform. The proposals, however, seem to accommodate most of the demands from non-digital industries dependent on copyright.

One of the most shocking proposals is that of “ancillary copyright”. There were efforts in Germany and Spain previously to introduce a charge for snippets of articles owned by publishers used in search engine results. Publishers in Germany demanded to stop the new rule because of drops in their site traffic. In Spain, Google News stopped their service completely. Yet, the European Commission is going ahead with the Spanish model of ancillary copyright.

The Commission also failed to introduce a harmonised exception for freedom of panorama. Despite people's response to the consultation (including ORG's response), there has been no mention of any changes to the law that could make sharing pictures of landmarks across EU infringement of copyright.

As introduced, the proposals focus on compelling intermediaries (YouTube) to prevent works that infringe copyright from appearing on their service. That will require websites policing their content through filters that are likely to lead to a greater number of incorrect takedowns (including parody or public domain material).

Something positive that came out from the announcement is a new copyright exception allowing cultural heritage institutions to preserve works digitally. Additionally, research organisations acting in the public interest will be able to use text and data mining technologies (TDM) to analyse large datasets. This exception does not apply to businesses and potential startups will not be able to take advantage of TDM.

Overall, these proposals can hardly be considered fulfilling what they set out to do – to deliver copyright rules fit for the digital age. Most of the changes and “improvements” are giving advantage to the traditional publishers and neglect the online world.

Read ORG's press release for more.

Schrems' privacy action against Facebook

The second privacy lawsuit by Max Schrems against Facebook has been referred to the European Court of Justice (CJEU). CJEU will decide on the allowed scope of the suit. It might even strike it down completely.

Schrems is to represent 25,000 Facebook users from across the EU after he struck down the Safe Harbour agreement. The above-mentioned users assigned their rights to Schrems in a class action under Austrian Law.

Facebook argues that the Austrian Courts have no jurisdiction and therefore the class action should not be admissible. The Court can potentially allow Schrems to represent any Facebook user outside of the US and Canada (they belong to a different jurisdiction), that signed their rights over to him. On the other hand, the CJEU is capable of limiting the scope too.

Advocate General' opinion on EU-Canada PNR agreement

Advocate General Paolo Mengozzi issued his opinion regarding the EU-Canada agreement on the transfer of passenger named record data. The statement says the agreement cannot be passed in its current form.

Mengozzi's opinion is that the draft agreement goes beyond the “strictly necessary” in order to achieve public security. As such, the agreement is not compatible with the EU Charter of Fundamental Rights.

The deal with Canada was signed in 2014 but the European Parliament asked the European Court of Justice CJEU to rule on its compatibility. The Advocate General based his opinion on rulings in the Schrems challenge of Safe Harbour and Digital Rights Ireland.

The CJEU is not obliged to follow the opinion of Advocate General but it would be very unorthodox for the Court to dismiss it.

Here is a more detailed analysis showing why the PNR agreement is incompatible with the Charter of Fundamental Rights.

New UK EU Commissioner on encryption backdoors

Julian King, the new EU Security Commissioner, was being questioned by MEPs earlier this week before his official appointment. King was answering questions on border control, data protection, encryption, passenger name records, surveillance, and cybercrime.

Most of the questions were answered in a truly diplomatic manner without direct answers; however regarding the encryption backdoors, King said they would likely weaken the online ecosystem as a whole.

The full recording of the questioning is available here.

ORG media coverage

See ORG Press Coverage for full details.

2016-09-12-Inverse-You Could Go to Jail for 10 Years in Britain if You Illegally Download
Author: Mike Brown
Summary: ORG quoted on the ten-year jail sentence for online copyright infringement being disproportionate.
2016-09-13-Register-End all the 'up to' broadband speed bull. Release proper data – LGA
Author: Kat Hall
Summary: ORG quoted on compulsory age verification posing serious privacy concerns.
2016-09-14-Telecom Paper-ORG criticises parts of Digital Economy Bill
Summary: ORG quoted on compulsory age verification posing serious privacy concerns.
2016-09-14-Daily Mail-Senior official says UK exploring national internet filter
Author: Associated Press
Summary: ORG quoted on risks of the Cyber Security Centre and GCHQ tampering with commercial datasets.
2016-09-14-Forbes-U.K. Spooks Want To Block More Websites: What Could Possibly Go Wrong?
Author: Emma Woolacott
Summary: ORG quoted on DNS blocking causing blocking of one-fifth of all websites.
2016-09-15-Tech Crunch-EU digital copyright reform proposals slammed as regressive
Author: Natasha Lomas
Summary: ORG quoted on the European Commission ignoring consultation responses to the copyright reform.
2016-09-15-Advanced Television-EC copyright reforms: Industry reaction
Author: Colin Mann
Summary: Jim Killock quoted on the European Commission failing to harmonise copyright law.

ORG Contact Details

Staff page