ORG policy update/2016-w40

This is ORG's Policy Update for the week beginning 03/10/2016.

If you are reading this online, you can also subscribe to the email version.

ORG's work

  • ORG has been putting together evidence for the Committee stage of the Digital Economy Bill. The evidence will be presented on 11 October. Watch this space.
  • We have been making the finishing touches to ORG's 10th anniversary book. The book will look into digital rights in the next decade and should be available soon.
  • ORG Aberdeen is organising a Cryptonoise meeting on 27 October. Learn how you can protect yourself online.
  • ORG Cambridge is organising their monthly meet up on 1 November to discuss the current state of digital rights, what they've done in the past month and what they are planning to do in the upcoming month.
  • Tom Chiverton (Local Organiser for ORG Manchester) will be doing a talk at the Festival of Social Science on how technology can be used in communities and activism. The event will take place on 11 November in Manchester. You can find out morehere.
  • Rob Lewis has recently become the new Local Organiser for ORG Cardiff! Rob is a journalist, author and a political activist. He is also studying for a law degree, with a personal focus on Article 8 of the ECHR, the failure of English common law to develop to a tortious invasion of privacy, and the effect of mass surveillance on human rights and civil society. Find out more about ORG Cardiff here.

Official meetings

  • Myles Jackman attended Adult Provider Network- Age verification meeting introducing several new ways to implement age verifcation.
  • Jim Killock attended a meeting at NSPCC regarding the provisions for age verification for websites containing online pornography in the Digital Economy Bill.



The IPBill passed through the Committee stage in the House of Lords and is due to be discussed in the Report stage on 11 October.

The changes made to the Bill in the Committee can be found here.

Codes of Practice for national security notices, interception of communications, security and intelligence agencies' retention and use of bulk personal datasets, equipment interference, communications data and bulk acquisition have been published this week.

Earl Howe submitted several amendments on behalf of the Government. The amendments provide additional safeguards for legal professional privilege and create new clauses to protect journalistic sources.

The Third Reading of the Bill will follow on 25 October.

Digital Economy Bill

The Digital Economy Bill (DEBill) went through the Second Reading in Parliament last week. The Bill is introduced to regulate access to digital service, digital infrastructure, online pornography, intellectual property, digital government, data sharing, public sector debt and fraud and Ofcom.

Here is ORG's briefing to the House of Commons.

More on the insider’s perspective on online age verification by Pandora Blake can be found here.

The DEBill will be discussed next in the Public Bill Committee on 11 October when ORG will be giving oral evidence. The Committee is now receiving written evidence. The deadline for submission of written evidence is 27 October.

More information on the process of submitting evidence can be found here.

Report of the Intelligence Services Commissioner for 2015

The Intelligence Services Commissioner, Sir Mark Waller, published his annual report. The Commissioners oversees issuing of warrants and authorisations, and use and retention of bulk personal datasets.

The report concludes that

“authorisations and warrants are only granted on the basis of a proper case being made for necessity and a proper consideration of proportionality all set out in detailed submissions.”

The Commissioner emphasised that there is no evidence of deliberate disregard of the requirements to obtain proper authorisation. He ascribed the found errors to the size of the organisations under his oversight and pressure to act at speed.

Regarding the use of bulk personal datasets by the agencies, the Commissioner said he is satisfied with the systems in place. According to his report, no datasets are acquired or retained where it is not necessary and proportionate to do so.

Other national developments

TalkTalk fined for data leaks

The Information Commissioner's Office (ICO) issued TalkTalk with a record fine of £400,000 for failing to maintain necessary levels of security. The lack of security caused a cyber attacker to access data of 157,000 customers without any major difficulties.

The ICO conducted an in-depth investigation and found that the attack on the company in October 2015 could have been prevented by taking basic steps to protect customers' information.

The attacker gained access to names, addresses, dates of birth, phone numbers, email addresses and bank account details. Elizabeth Denham, the new Information Commissioner said:

“Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.”

This is the largest amount any company has been fined for losing customer data. However, when the fine sum is broken down TalkTalk ends up paying £2.50 for each person affected by the leak.

International developments

Yahoo email scanning

Yahoo, reportedly, built a secret custom software program to scan all of its customers' incoming emails for specific information. The company complied with a classified US government directive.

It is not clear from the report what data was handed over. The compliance with the directive could be essentially interpreted as compliance with digital equivalent of a general warrant. General warrants are forbidden by the Fourth Amendment.

This appears to be the only known case of an American Internet company complying with the secret directive. Microsoft and Google both declined receive any requests to comply.

ORG media coverage

See ORG Press Coverage for full details.

2016-10-04-Just Security- The UK Snooper’s Charter and the Anderson Report on Bulk Powers
Author: Shaheed Fatima
Summary: ORG quoted on the Anderson's Review of Bulk Powers being only one side of the story.
2016-10-06- IT Pro-Yahoo email scandal could derail Safe Harbour replacement
Author: Jane McCallion
Summary: Jim Killock quoted on the necessity of transparency about how companies are working with law enforcement and security agencies.

ORG Contact Details

Staff page