ORG policy update/2016-w48

This is ORG's Policy Update for the week beginning 28/11/2016.

If you are reading this online, you can also subscribe to the email version.

ORG's work

ORG has launched a petition against censorship of legal content on erotica and pornography websites. Our petition is a response to the proposal from several MPs to block websites which don't comply with age verification. Blocking websites is a disproportionate, technical response to a social issue. Sign our petition and reject proposals for censorship of legal content in the UK. More than 14,000 people have signed already!
We sent a briefing regarding ISP blocking to MPs prior to the Report stage of the DEBill in the House of Commons. You can find it here.
Jim Killock hosted a Reddit AMA on digital rights in the UK. You can read it here.
We have been working on gathering evidence for a consultation held by the Intellectual Property Office on copyright. More information will follow in the upcoming weeks.

Planned local group events:

Join ORG Cambridge for our monthly meetup on Tuesday 6 December to discuss the current state of digital rights, what we've done in the past month and what we are planning to do in the upcoming month.
ORG Manchester have got their Christmas social with Manchester No2ID planned for Thursday 8 December. This is a social event rather than a formal meeting, although no doubt there will be some talk about the current state of the world!
Join ORG Birmingham on Monday 12th December for their joint Christmas social with NetSquared Midlands for a chance to talk to people who care about digital rights.
Join ORG London for a presentation on data-collection apps on Wednesday 21 December. Academic Jennifer Pybus will be discussing a recent hack day she led, where her students created an app that showed how advertisers collected data.
Join ORG Aberdeen on Thursday 29th December to discuss digital freedoms and explore the use of cryptographic tools. Take a smartphone or laptop and browse the web anonymously, learn about these technologies and chat about the reasons we need them.

Official meetings

Jim Killock had a meeting with Jerry Barnnett from Sex & Censorship regarding age verification and censorship of legal adult material.
Jim Killock attended a meeting with Lord Erroll regarding the DEBill and age verification.

Parliament

DEBill

The DEBill concluded its passage in House of Commons this week and moved to House of Lords for the First Reading. The date for the Second Reading in House of Lords has been set for 13 December.

Full transcript of the Report stage and Third Reading can be found here. Follow this link to see the fate of amendments and new clauses.

Age verification

During the Report stage in House of Commons, MPs discussed the new Government amendment for age verification that would introduce blocking of non-complying websites by ISPs. The amendment was agreed on but John Whittingdale MP, the former Minister who introduced the Bill, said he was not

“persuaded of the necessity of introducing ISP blocking. It represents a considerable infringement of the civil liberties of individuals who want to access material that, as everybody has recognised in this debate, they are perfectly entitled to access. At a time when we are very concerned about the growth of censorship online,[... ]I think that it is a dangerous road to go down.”

Labour debated their amendment that would introduce sex education at schools. Kevin Brennan MP pressed the amendment to a vote. MPs rejected this proposal after Matthew Hancock MP explained that sexual education for online platforms is already included within wider e-safety at all stages in the new computing curriculum.

Alistair Carmichael MP (Liberal Democrat) raised questions of privacy related to collection of data for age verification. Labour proposed an amendment that would offer privacy safeguards; however the amendment was not called for discussion. Just this week, another porn website was hacked. This resulted in hundreds of thousands of people having their personal data sold.

It has been reported that Liberal Democrats will oppose the provisions on ISP website blocking in House of Lords.

Jim Killock writes about implications of age verification on Politics. Jerry Barnett, the author of Porn Panic!, offers his perspective here.

Data Sharing

UK businesses, academics, professional bodies and civil society leaders published a letter expressing concerns about the data sharing part of the Bill. The letter calls for legal and technical safeguards to be embedded in the Bill to ensure citizen’s trust.

IPAct

The Investigatory Powers Bill received Royal Assent became the Investigatory Powers Act on 29 November.

The Home Secretary Amber Rudd MP called the Act “world-leading legislation”. In a way, it is very likely that its impact will be felt abroad. But the likely impact it will have will be on authoritarian regimes being able to justify their intrusive surveillance regimes.

The UK public responded to passing of the Bill in Parliament by launching a petition to repeal the new law. The petition has reached 150,000 signatures on Parliament petition site. This means that the petition will be considered for a debate in Parliament (it only needed 100,000 signatures to be considered).

Jim Killock discusses the petition and what can still happen with the IPAct in a blog for the Huffington Post. You can still sign the petition here.

Parliament may be forced to relegislate several measures in the Act, particularly data retention that was brought forward in a challenge by Tom Watson at the CJEU. Judgment for this case will be given on 21 December.

Question on Yahoo

Jim McMahon asked the Secretary of State for Culture, Media and Sport, whether the Department's cyber security department investigated the recent hacking of Yahoo and whether they will make reporting for breaches of that type mandatory.

Matthew Hancock MP responded giving general information about the National Cyber Security Strategy. Hancock said that a full investigation into the Yahoo breach is being conducted in the US, UK and Ireland. He added that the Government is working with the ICO on how to best implement changes to be made to breach reporting under the forthcoming General Data Protection Regulation.

Question on children's online safety

Tulip Siddiq asked the Secretary of State for Education, whether they plan to update the guidance to early years providers on online safety for children and what steps they have taken to make sure that parents with children under the age of five receive guidance on keeping them safe online.

Caroline Dinenage MP responded that early years providers must follow Keeping Children Safe in Education (KCSIE) statutory guidance. The guidance contains information for schools and colleges on teaching safeguarding and the use of appropriate filtering and monitoring.

Dinneage added that the Government also published a guide for parents and carers of children using social media. The guide provides practical tips for safety and privacy features on apps and platforms.

Question on cyber fraud

Amanda Solloway asked the Secretary of State for Home Department, what steps were taken to reduce the incidence of cyber fraud and they will advise the public on how to protect themselves against such fraud.

Ben Wallace MP responded that the Government launched the Joint Fraud Taskforce in February. The Taskforce launched a nationwide fraud prevention campaign 'Take 5' advising people to take five minutes to think about what they are being asked to do. Additionally, there is the Government's campaign Cyber Aware aiming to help small businesses and individuals to protect themselves.

Wallace said that the Home Office also invested in a new reporting system and in better dissemination of information for victims.

Question on cybercrime

Jim Shannon MP asked the Attorney General, if he will make sure that the prosecution of cybercrime is given priority by the Crown Prosecution Service.

Robert Buckland MP responded that the CPS published a new strategy statement and legal guidance on cybercrime to align its prosecution policy with the aims of the National Cyber Security Strategy and the Serious Organised Crime Strategy.

Other national developments

ICO government affairs team

The Information Commissioner's Office revealed their plans to set up a parliamentary and government affairs team. They aim to increase their influence on the formulation of relevant laws and regulations.

The management structure of the ICO will include two deputy commissioners – one focusing on policy and the other on operations, a deputy chief executive office and a new chief technology officer.

The new department will review how public authorities respond to Freedom of Information requests. Furthermore, it will ensure that authorities follow guidance on the implementation of the General Data Protection Regulation.

ISPs to send piracy alerts

In early 2017, UK ISP customers will be sent email notifications about their connection allegedly being used to pirate copyrighted content. The alerts are part of a broad UK anti-piracy effort.

The copyright alert program will monitor the illegal file-sharing habits of UK citizens with a strong focus on repeat infringers. The alert emails will be of educational nature and will not threaten recipients with punishment. They will detail pirated files and offer information how this can be avoided in the future. The ISP customer will be pointed to other, legal, ways of obtaining copyrighted content.

This scheme is only targeting peer-to-peer file-sharing. Accessing pirated content via peer-to-peer websites is on decline; new data shows that the videos are accessed through pirate streaming sites.

It remains to be seen how successful the new initiative will be.

Europe

Patent Court

The Government issued a statement that confirmed they will proceed with preparation to ratify the United Patent Court Agreement that is necessary to set up the Unitary Patent and Unified Patent Court.

The Court will make it easier for businesses to protect their patent rights across Europe with a single patent. The UPC is not an EU institution but rather an international patent court that will see UK judges appointed .

Despite it being an international court, the UPC will apply European Union law and will recognise its primacy. Decisions made by the European Court of Justice (CJEU) will also be binding on the Court.

After UK ratifies the UPCA, CJEU decisions regarding unitary patents will become binding for the UK. The UPC will have their headquarters in Paris with a specialised office dealing with pharmaceuticals and life sciences based in London.

The decision to ratify the Agreement came as a surprise, taking into consideration the plans to leave the EU and UK refusing to accept the supremacy of the CJEU. With the UPC offices in London, it will make potential pulling out from the unitary patent system problematic.

Cross-border portability

The Legal Affairs Committee (JURI) of the European Parliament voted in favour of new rules that will allow EU citizens to use their online subscription services for music, games, films or sport events while abroad in other EU countries.

The new regulation is part of the wider strategy on Digital Single Market. Online copyrighted material is currently restricted on a territorial and exclusive licensing basis. These provisions will demand a proof of permanent address from EU citizens when subscribing to an online content service. In return, they will be able to access the content wherever they are in the EU.

People’s permanent residence will also be verified by randomly checking people’s IP addresses. The proposal promises guarantees for users’ privacy - it excludes geo-location tracking and ensures protection of personal data.

The Committee’s rapporteur for the new regulation, Jean-Marie Cavada, was also granted a mandate to enter into negotiations with the Council of Ministers to reach a compromise on the proposed legislation.

Data protection in Germany

The German interior ministry has drafted a law that will diminish the powers of the government’s data protection commissioners.

The law will have a particular effect on data stored with lawyers and doctors and will prevent commissioners from following up on citizens’ complaints of their data being leaked. The proposed legislation would make companies exempt from disclosing what personal data they collect if doing so would threaten the purpose of their business. Additionally, the draft would not allow people to know what personal data is being collected about them if the release could endanger public safety and wellbeing of the country.

The German union for data protection criticised the draft legislation arguing that prioritising security and business secrets violates the fundamental constitutional right to data protection.

International developments

US judges to issue warrants for computers out of their jusrisdiction

US judges will be able to sign warrants that let authorities hack into computers outside their jurisdiction. In addition, they can issue a warrant for multiple computers and would not need to know who the targeted computer owner is.

The new rule came into effect on 1 December a Federal Rule 41 of Criminal Procedure was amended and signed by the US Supreme Court in April. Senator Ron Wyden criticised the amendment not being voted on by the Congress. However, the Senate did not hold a floor vote on the amendment that could have stop or delay Rule 41.

The Electronic Frontier Foundation objected to the Rule. They argued that this measure would not require a warrant to say whose computer authorities are searching. The Rule seems to relate to bulk hacking rather than targeted hacking.

ORG media coverage

See ORG Press Coverage for full details.

2016-11-28-Wired-Snooper's Charter could be repealed after petition forces it back to the House of Commons: Author: Matt Burgess; Summary: Jim Killock quoted on the petition to repeal the IPAct.
2016-11-28-BBC-'Snoopers' charter' petition hits signatures target: Author: Zoe Kleinman; Summary: Jim Killock quoted on the IPAct needing to address issues of data retention and security
2016-11-29-Guardian-'Snooper's charter' bill becomes law, extending UK state surveillance: Author: Alan Travis; Summary: Jim Killock quoted on the IPAct being the most extreme surveillance law ever passed in a democracy.
216-11-29-USA Today-UK security services get broad online surveillance powers: Author: Elizabeth Weise; Summary: Pam Cowburn quoted on the IPAct being a result of Edward Snowden revelations.
2016-11-29-Daily Mail-UK bill requiring firms to store Web histories becomes law: Summary: Jim Killock quoted on the IPAct being the most extreme surveillance law ever passed in a democracy.
2016-11-29-The Register-Investigatory Powers Act signed into UK law by Queen: Author: Alexander J Martin; Summary: Jim Killock quoted on the IPAct being the most extreme surveillance law ever passed in a democracy.
2016-11-30-BBC-Web archive plans Trump-proof Canada back-up: Summary: Jim Killock quoted on it being a sensible move to relocate the Internet Archive to Canada given the US surveillance powers.
2016-11-29-Forbes-UK Porn Database Approved By MPs: Author: Emma Woollacott; Summary: Jim Killock quoted on the Government’s plans for data sharing.
2016-11-29-Huffington Post-Digital Economy Bill Critics Stopping Children Being Protected From Online Porn: Author: Javed Khan; Summary: ORG mentioned in relation to legally available pornography.
2016-11-29-The Canary-A horrifying law just passed in the UK, and it’s turned us into a world-leading arsehole: Author: Carlyn Harvey; Summary: Jim Killock quoted on the IPAct being the most extreme surveillance law ever passed in a democracy.
2016-11-29-Gizmodo-Now the Government Can Choose What Porn You Watch: Author: Gary Cutlack; Summary: Jim Killock quoted on implications for free speech if age verification is to be passed in its current form.

ORG Contact Details

Staff page