ORG policy update/2017-w07

This is ORG's Policy Update for the week beginning 13/02/2017.

If you are reading this online, you can also subscribe to the email version.

ORG’s work

ORG launched a petition against the Espionage Act. The threat of 14 years in prison for handling classified and secret documents could stop journalists and whistleblowers from exposing corruption and government wrongdoing - especially in the secret services. Sign the petition!

Planned local group events:

Do you know how children's data in school is handled? Join ORG Bristol on 20 February to find out more and what you can do to get involved to #BoycottSchoolCensus and refuse, retract and resist this data collection.
Join ORG Birmingham on 22 February to look at how police are covertly using devices to indiscriminately intercept and hack up to 500 phones every minute.
ORG Aberdeen is organising a Cryptonoise meeting on 23 February. Learn how you protect your rights in a digital world. You do not need to be a tech wizard to attend.
Join ORG Manchester on 1 March to find out how children's data from schools, as well as new laws on student data, and all other administrative datasets, might be affected by the Digital Economy Bill.
Explore the issues surrounding data protection, surveillance and internet identity at the Still immersive theatre piece on 1 March in Brighton.

Parliament

DEBill

The Digital Economy Bill went through the Committee in the House of Lords last week and is due to enter the Report stage on 22 February.

The list of amendments submitted so far for the Report stage can be found here. The debate last week showed that the Government was not prepared to discuss amendments at the Committee stage and they promised to address numerous concerns at the Report stage. The Government is also supposed to respond to the report by the Delegated Powers and Regulatory Reform Committee before the next stage starts.

Letters from the Government

Lord Ashton and Lord Keen offered to write to the Lords attending the Committee regarding several specific questions.

They addressed a question from Baroness Hamwee regarding the use of “personal information” in the Bill being inconsistent with the Data Protection Act (DPA).

Part 5 of the Bill on data sharing refers to the use of “personal information” by public authorities. According to the DEBill, personal information shared between government departments should be subject to the DPA. However, the DPA only offers protection for “personal data”. The two definitions differ and personal information has a wider scope than personal data.

Lords Ashton and Keen explained in their letter that they still apply the data protection framework from the DPA for personal information in the DEBill and this will be specified in the codes of practice. The Government made it clear in the Committee sitting that they don’t consider it necessary to make the codes of practice statutory and enforceable.

If the protection framework for personal information is only spelled out in the codes of practice, which are not enforceable, it is unclear how the Government expects to protect personal information and prevent it being misused.

A blog by Sarah Gold offers an industry perspective on the Government's data sharing plans.

The Lords are likely to discuss privacy issues regarding age verification and data sharing and website blocking at the Report stage. These issues were highlighted before but no satisfactory answers were given by the Government. The issue of online copyright infringement and the disproportionate scope of the offence has not been discussed by Lords.

Question on cybercrime

Lyn Brown MP asked the Secretary of State for the Home Department, what proportion of online fraud and other forms of cybercrime was reported to the police in the past three years.

Brandon Lewis MP responded that the Home Office does not hold the requested information. The Home Office holds information from the National Fraud Intelligence Bureau on the number of recorded fraud offences in England and Wales but they do not have information available on committed online fraud offences.

Question on protection of data at schools

John Mann MP asked the Secretary of State for Education, what steps the Department is taking to make sure that commercial organisations which sell access to school websites and teachers’ emails do so securely and responsibly.

Nick Gibb MP responded that the Department provides advice to help schools understand their obligations under the Data Protection Act 1998.

Question on data protection and Brexit

Tom Watson MP asked the Secretary of State for Culture, Media and Sport, what discussions they’ve had with representatives from the digital industries on data protection regulations in regards to Brexit.

Matthew Hancock MP responded that there have been widespread and ongoing discussions with the digital industry on data protection.

Question on copyright and Brexit

Nigel Adams MP asked the Secretary of State for Culture, Media and Sport, whether the UK will be able to protect territoriality of copyright after the UK leaves the European Union.

Matthew Hancock MP responded that the UK will be taking an active part in copyright negotiations in the digital single market while remaining in the EU. After Brexit, the UK will continue to be a member of the Berne Convention and other copyright treaties which recognise the territoriality of copyright.

Other national developments

Consultation on leaks of secret government data and an “Espionage Act”

The Law Commission published a consultation paper advising the Government how to update the current law about espionage (Official Secrets Act) and state secrets. According to the consultation, the new Espionage Act would increase penalties for espionage and broaden the definition of who could commit espionage.

Journalists handling secret materials from whistleblowers could be prosecuted under the Act whether or not they had engaged in ‘espionage’, and on the basis of the risk that an individual possessing the documents poses to the state, i.e.that they could be passed on, rather than have been, to a foreign power. Such broad definition would have highly detrimental effects on investigative journalism and public-interest whistleblowing where classified information is implicated.

All journalists involved in handling and exposing documents obtained by Edward Snowden could be prosecuted under the proposed Act and possibly face 14 years in prison. The current sentence under the Official Secrets Act is two years.

The consultation was commissioned by the Government because they believe the current secrecy legislation is outdated in the digital age. Their particular concern is that electronic documents can be leaked in bulk, which poses new security risks.

However, creating disincentives for UK journalists to handle the data could produce perverse incentives, for instance for data to be handed to less reputable organisations abroad, who are harder to prosecute.The consultation document explicitly rejects a public interest defence for whistleblowers. Instead it proposes that concerns should be directed through an ombudsman.

The current law assumes that people who are to be prosecuted have caused damage or are passing information to foreign powers.

In their consultation report, the Law Commission listed several NGO’s and media companies, ORG among others, who were consulted on their proposals.

ORG was contacted regarding the consultation, however not consulted in a meaningful manner. Jim Killock said

“This is a full-frontal attack, recommending criminalising even examining secret services’ material. The intention is to stop the public from ever knowing that any secret agency has ever broken the law.

The Law Commission is calling for relevant public views on their published proposals to be submitted by 3 April.

ORG launched a petition asking the Law Commission to drop their proposals. Join over 6000 people and sign the petition!

National Cyber Security Centre launch

The National Cyber Security Centre was officially opened by the Queen on 14 February.

The NCSC moved from the GCHQ’s headquarters in Cheltenham to Victoria in London. The Centre has been operating since October 2016.

ORG and other privacy groups remain concerned that the UK’s cyber security organisation is being run by GCHQ, which has the potential to create serious conflicts of interest. GCHQ relies on security vulnerabilities in order to hack into targets' equipment.

Intrusive surveys at schools in Scotland

Primary and secondary pupils in Scotland’s schools are being quizzed about their wellbeing. “Wellbeing surveys” have been distributed to children as part of the SNP Government's Realigning Children's Services programme.

The surveys included questions about children’s living conditions, their parents' relationship, parents’ drinking habits, the consumption of fast food and drugs.

Parents also received a survey asking them about how many times their children visited their GP and A&E or how often they used a babysitter.

The surveys are anonymous, however, they will be linked to individual identity numbers and shared across the public sector. It was reported that children are presented with surveys as a compulsory activity and parents don’t fully understand that they can opt out within ten days.

Excessive data sharing was the reason why the Named Person scheme was stopped by the Supreme Court in Scotland previously. The school survey has a similar agenda since both initiatives were developed under the Get It Right for Every Child approach. The data collected poses a risk for misuse of children’s personal data. Their answers are tied to their unique identification numbers for most of the research and will only be anonymised at late stages of the research cycle.

Europe

EU Directive on combating terrorism

The European Parliament voted in favour of the Directive on combating terrorism. The Directive is supposed to prevent terrorist attacks by criminalising preparatory acts such as training and travel abroad for terrorist purposes.

However, the Directive uses ambiguous wording that is likely to create risks for the rule of law, the right to privacy and freedom of opinion and expression. The new legislation criminalises "glorifying terrorism" but fails to define what it means. Several other definitions are lacking throughout the Directive. Without concrete language, this Directive will enable accidental imposition of excessive punishment and censorship.

EU protection for whistleblowers

The European Parliament voted for a resolution on an “effective and comprehensive European whistleblower protection programme” this week.

MEPs took on the European Commission for failing to deliver any legislative proposals to deliver minimum level of protection for whistleblowers protecting EU budget from fraud. The non-binding resolution was supported by more than 600 MEPs.

The resolution is asking for whistleblower protection mechanisms to be put in place for companies, public bodies and non-profit organisations. MEPs supported setting up an independent EU body to advise whistleblowers on the right channels to disclose their information. The independent EU body would have national offices in the member states.

Whilst setting up the independent body, MEPs want to administer hotlines, websites and contact points for whistleblowers to use if they have information relating to the EU’s financial interests.

ORG media coverage

See ORG Press Coverage for full details.

2017-02-08-New Scientist-Age verification for online porn will be a security disaster: Author: Sally Adee; Summary: Jim Killock quoted on the age verification issues for porn websites in the DEBill.
2017-02-09-The Inquirer-Digital Economy Bill: Open Rights Group lets off a warning over 10-year copyright crimes: Author: Dave Neal; Summary: ORG quoted on concerns for copyright trolls misusing DEBill provisions for blackmail of vulnerable people.
2017-02-10-The Register-Planned Espionage Act could jail journos and whistleblowers as spies: Author: Duncan Campbell; Summary: Jim Killock quoted on whistleblowing being vital to society in relation to the revised Espionage Act.
2017-02-11-Telegraph-Journalists who obtain leaked official material could be sent to prison under new proposals: Author: Lisa Kjellsson, Robert Mendick; Summary: Jim Killock quoted on whistleblowing being vital to society in relation to the revised Espionage Act.
2017-02-12-The Guardian-Government advisers accused of 'full-frontal attack' on whistleblowers: Author: Rob Evans, Ian Cobain, Nicola Slawson; Summary: Jim Killock quoted on the Espionage Act being a full frontal attack on whistleblowers.
2017-02-13-Daily Mail-Journalists and whistleblowers face 14 years in prison for exposing leaked official secrets: Threat to impose same penalties as those convicted of spying for foreign countries-: Author: Vanessa Allen; Summary: Jim Killock quoted on whistleblowing being vital to society in relation to the revised Espionage Act.
2017-02-13-The Guardian-No 10 denies plans would curb freedom of journalists and whistleblowers: Author: Rowena Mason; Summary: ORG mentioned in relation to the listed NGOs that were consulted on the revision of the Espionage Act.
2017-02-13-The Verge-UK considers new punishments for whistleblowers and journalists to deter the next Snowden: Author: James Vincent; Summary: Jim Killock quoted on whistleblowing being vital to society in relation to the revised Espionage Act.
2017-02-14-Tech Dirt-After Passing Worst Surveillance Law In A Democracy, UK Now Proposes Worst Anti-Whistleblowing Law: Author: Glynn Moody; Summary: ORG mentioned in relation to the Espionage Act and IPAct being the most extreme surveillance law passed in a democracy.
2017-02-16-World IP Review-UK copyright bill could make people ‘vulnerable to blackmail’: Summary: ORG quoted on concerns for copyright trolls misusing DEBill provisions for blackmail of vulnerable people.

ORG Contact Details

Staff page