call +44 20 7096 1079

Blog


November 15, 2013 | Peter Bradwell

Sky's reply to ORG on default internet filters

In July we asked the main ISPs how they planned to implement the default internet filtering being mandated by the Government. Sky have now replied, and here you can read their answers.

Sky are the first Internet Service Provider to send us answers to all of our questions about their default filtering. We are waiting for responses from the others; they all promised us answers. So thanks to Sky for taking the time to go through the questions. High time for the others to finish formatting their replies and send them over!

This week Sky launched this filtering service (called 'Sky Broadband Shield') - one of the first changes since the Government’s summer push to get ISPs to do more to prevent children accessing ‘adult’ material. 

You can read Sky's answers below, which they prefaced with an introduction to their filtering system. Having read through the response, we remain concerned for website operators who may get caught by ISPs filters by mistake. More needs to be done to make sure those running websites can check whether their sites are blocked and can rectify any problem quickly. 

Sky confirm some basics too, for example that one filter setting will apply to all devices in a household, and that the age verification process will only involve using the account holders primary email address (avoiding any more onerous verification checks). Sky also say that they will not log blocking events or monitor or log traffic of users who have not opted in to the filtering.

We are perhaps most concerned about how they will deal with over-blocking, and their process for fixing mistakes. Some comments on what Sky have told us:

URL checks. Of the mobile operators, only O2 give people a URL checker to help people quickly find out if a site is blocked by their filters and what category it falls in to. Sky here imply there will be no such tool available from them. This is a real problem - website operators will want to know how each internet service providers categorise their site and whether they are blocked. They shouldn’t have to rely on reports from customers, and they certainly shouldn’t need to have multiple accounts just to constantly monitor if their sites are blocked. 

In our mobile Internet censorship report we recommended a cross-ISP URL checker tool. That seems like the only way to help website owners stay on top of whether their sites have been incorrectly caught by the filters.

Sky say they will deal with reports of mistakens in a ‘timely manner’. What is timely to a website owner who can’t reach their market or readers will likely differ from what an ISP will consider timely.

Oversight? As Sky say, it doesn’t seem like there is a body who will be monitoring or dealing with disputes or performance. There has been some talk about Ofcom taking on this role but details about how that will work are not clear.

We want more information about how ISPs will make sure website owners can check if their sites are blocked, and how they can quickly and easily get their sites off the block lists.

One of our motivations for asking these questions is that it seems the Government are not doing so. They seem far more interested in easy win headlines than preventing widespread over-blocking by the systems they are mandating.

There needs to be pressure from the government on overblocking, with independent monitoring of performance, to ensure website owners in the UK are not cut off from large sections of their potential market.

Let us know what you think of the Sky's answers, and any questions that come to mind having seen this response. 

 

Sky’s answers to Open Rights Group’s Questions

Sky’s new parental control product will allow customers to filter internet access across all connected devices.  The product is a DNS-based solution which will mean that IP addresses are not returned for hostnames serving content classed as falling within a category or categories that the customer wishes to block access to.  The technology does not rely on inspection of traffic.

To make this solution work, we will of course need to store the level of filtering desired by each customer. We will not keep a record of individual DNS queries during normal operation. The information on the choices customers have made about what content to filter is subject to stringent data protection measures.

In creating this solution, we have undertaken extensive testing and upgrading of our hardware to ensure that traffic is not slowed for both users and non-users of the service.  In fact, as a result of the upgrade, overall speed across the servers has improved.

To ensure that only relevant websites are within these defined categories, we have worked with the technology firm Symantec. They are world-leading experts in online protection and already work with many UK companies, including a number of mobile phone companies.
In the event that a site has been wrongly categorised, we have created processes for easy reporting and speedy resolution.

Twenty questions for ISPs on Internet filtering systems

A. On how the technology works

Under the Internet filtering system set up following discussions with the Government about online safety and child protection:

1. Is any traffic of users who are not opted in to filtering inspected and / or logged?

Answer: No

If so, is it logged in a way that links the traffic to a subscriber?

Answer: n/a

What logging will there be of blocking events? How does this work?

Answer: There will be no logging of blocking events for individual customers.

2. Is filtering applied to all forms of connection offered by the ISP (dialup, ADSL, cable, fast fibre connections etc)?

Answer: Yes, access filtering is applied at the network level regardless of connection.

3. Have you estimated the impact of the through-put of filtering technology on the speed of users' internet access (both for those who are opted in and opted out)?

Answer: Yes, there will be no negative impact to customers' throughput speed.

4. We are concerned about the impact on Internet applications in general as well as web traffic.

Does filtering take place only of HTTP traffic on port 80, or will other traffic be affected?

Answer: Filtering is applied for customers who take the product based on the hostname regardless of the application that is requesting it. There will not be any undesired impact.

What steps will be taken to avoid interfering with non-HTTP traffic on port 80, for example non-HTTP applications that use this port in order to bypass firewall restrictions?

Answer: n/a see above

5. What impact does the filtering have on end-to-end security measures such as SSL or DNSSEC?

Answer: Our product does not disrupt any end to end traffic security measures currently available such as DNSSEC and SSL in such a way as to introduce a security vulnerability.

6. Can you guarantee that your networks will not be susceptible to mistaken blocking as a result of using specific IP addresses for forwarding filtered traffic, for example as seemed to happen in a case involving Wikipedia?

Answer: Yes, because we are using hostname filtering.

7. Have you made any estimates on the impact of filtering systems on infrastructure upgrades?

Answer: Yes, this was a key consideration when choosing the platform for the product.

B. On setting up the filtering

8. Are users faced with pre-ticked boxes when choosing to activate filtering?

Answer: Yes

What is the impact on customers who do not have access to or who do not use a web browsers on a network such as a home broadband connection that is only used for Smart TV video on demand applications? (ie who will not be presented with a web-based set up screen?)

Answer: New customers would only be presented with an Active Choice if they connect via a web browser.

9. How granular are the available choices? Will a household be able to cater for:

a. Multiple ages or a variety of beliefs?

Answer: This is a network level filter which means that all devices in the household connected to Sky Broadband will have the same level of protection applied, as selected by the Sky account holder.

b. Can specific sites be unblocked by a user?

Answer: Yes

10. Have you done user-testing for your opt-in systems?

Answer: Yes, the experience and levels of protection available meet customers' expectations of simplicity and ease of use.

11. What information about the filtering is available at the point of sign up? Does it include:

a. Detailed information about what types of content are blocked, with examples?

Answer: Detailed information about the type of websites within each category is available during the sign up process and on sky.com.

b. The providers of their filtering tools, if a third party is involved?

Answer: We will publish details of our 3rd party providers when our product is launched later this year (Update: Symantec was named as a provider of site classifications at launch.)

c. Information about the possible problems with and limitations of blocking, with information about how to report problems?

Answer: We will publish a list of FAQs which will include the extent to which web filtering allows users to control the type of content that is available in their property as part of an overall strategy of education and monitoring. We will also publish information about how to report problems with the product.

12. What age-verification processes will be in place? How will this work?

Answer: Sky Broadband is only available to customers aged 18 or over who will provide a primary email address at point of sale. Any changes to filters will be emailed to the primary email address.

13. Is a customer's decision not to activate filtering a one-off decision, or will it have to be periodically repeated?

Answer: Customers will be asked to make an active choice at the point they activate their Sky Broadband service and will not need to repeat this decision, however the customer can later choose to opt in.

C. On managing problems and mistakes

14. When a site is blocked, what information is supplied to the end-user about why and how it has been blocked?

Answer: The customer will see a "Page Blocked" screen which will tell them that the site has been blocked and the category that the website falls under.

15. Are there easy ways to report mistaken blocks, either over-blocking or under-blocking? Are these clear when users encounter a block?

Answer: Yes, the customer can access a form to submit a report which can be found by clicking a button on the "Page Blocked" page or in the "Contact Us" section of sky.com

16. Are there easy ways for people to check if URLs are blocked, and will this include a reporting tool for requesting corrections and reclassifications?

Answer: Customers will be able to report to Sky if they believe that a website has been incorrectly categorised and therefore filtered incorrectly. These requests will be reviewed by Sky and by our 3rd party providers before a decision is made on the categorisation.

17. How will complaints, from both your subscribers and from owners of sites that are blocked, be dealt with?

Answer: We will have processes to review reports of incorrect blocking. Those confirmed as being in the incorrect category will be re-categorised.

a. Are there plans in place to train customer service staff for dealing with these reports? 

Answer: Yes

b. Are there targets for dealing with mistakes in a timely manner, or estimates of how long responding to and correcting mistakes will take? 

Answer: Our processes will ensure that we deal with reports in a timely manner.

c. Will you share error reports and corrections with other ISPs?

Answer: We will share best practice with other ISPs.

18. Have you specified acceptable error rates to suppliers of filtering services? If so, what are they?

Answer: Our decision on the supplier of our filtering service included an assessment of categorisation accuracy.

19. Have you sought legal opinions relating to liability for incorrect blocks, including both false positives and false negatives?

Answer: Yes

Do you have plans to offer compensation for businesses harmed by blocking errors, for example when potential customers are unable to access the site?

Answer: Our processes will ensure that blocking errors will be resolved within a timely basis.

20. Are there or will there be systematic reviews of the effectiveness and quality of filtering, including reporting on problems and complaints? Is there a process for review and improvement? 

Answer: In line with all products we will monitor its effectiveness and review complaints.

Is there or will there be an ombudsman or other oversight body to handle disputes and review performance?  

Answer: No
 

[Read more] (5 comments)


November 09, 2013 | Jim Killock

Now talking is treachery

Which story will win out? Government and civil liberties advocates are arguing over what the real story is after the Snowden revelations. Is it the Guardian’s irresponsibility and their inability to assess the damage they are allegedly creating; or is it a story about the problems with mass surveillance?

The security services in Parliament claimed that the Guardian’s stories have led directly to discussions among terrorists to improve their information security. Sir Iain Lobban was most explicit, saying:

“we have actually seen chat around specific terrorist groups, including close to home, discussing how to avoid what they now perceive to be vulnerable communications methods or how to select communications which they now perceive not to be exploitable.

“The cumulative effect of the media coverage, the global media coverage, will make the job that we have far, far harder for years to come. There is a complex, there is a fragile mosaic as Andrew has said, of strategic capabilities that allows us to discover, process, investigate and then to take action. That uncovers terrorist cells. It reveals people shipping secrets, expertise or materials to do with chemical, biological and nuclear around the world. It allows us to reveal the identities of those involved in online sexual exploitation of children. Those people are very active users of encryption and of anonymisation tools. That mosaic is in a far, far weaker place than it was five months ago”

Their allies in Parliament, led by MPs Julian Smith and Stephen Phillips, have asked the Guardian to “acknowledge the devastating assessment” made by the intelligence chiefs, while the Home Affairs select committee has called the editor of the Guardian to appear before them in a month to answer these points.

The accusations mostly appear to relate to Operation Bullrun (USA) and Edgehill (UK) – programmes to create weaknesses in encryption tools that can be exploited by the NSA, GCHQ and others who are told or find them.

For Parliamentarians these are complex issues, so I would like to take a moment to spell them out.

  1. The Guardian has not concentrated on specific weakenings of technologies, under Bullrun and Edgehill, but the investment of time and effort.

  2. The Guardian did imply that Skype may be compromised – a tool that many of us use daily; such a weakness could have consequences for all of our personal computer security.

  3. The vulnerabilities are being discussed by private companies worried about the consequences for their own security or security products. Vulnerabilities can be exploited by anyone, not just the NSA or GCHQ.

  4. RSA Security were forced to withdraw a broken encryption method, related to use of random numbers, which had been leaving many commercial VPN products at risk. This has affected major UK companies.

  5. No doubt terrorists will be speculating about their personal security just as everyone else is.

The logic of this debate is that the Guardian sparking a debate about personal computer security—an activity that we and the government invest billions of pounds in—is tantamount to aiding terrorism, as terrorists will improve their security too.

The unspoken position of GCHQ is that they have a right to compel companies to give them ways to break into their software and all the installations and uses of them – not by targeting individual suspects, but in a blanket way.

This places everyone at risk. That is a question which deserves a public debate, but it also allows the security chiefs to make the argument that revelations the Guardian has made are ‘endangering national security’ as people try to identify what GCHQ have done, and fix it. From this perspective, when Google encrypt across UK private cables to stop GCHQ breaking in without permission, this will also be an attack on national security, as secret collection capacity diminishes. When RSA fixed their broken technology they will have made parts of the Internet ‘go dark’ and thus aided terrorism.

The problem of course is not the Guardian, but the decision to compel companies to work in a non-transparent, ubiquitous manner, sacrificing general security for the convenience of the security agencies. That to many people will represent the essence of an agency acting without effective supervision.

Some MPs will accept assertions that terrorists have benefited from the Guardian’s revelations, and fail to challenge the notion of pervasive intelligence gathering. By accepting GCHQ's demand to have access to the ‘whole haystack’ of Internet traffic, MPs agree that anything that reduces pervasiveness must of course endanger national security capability. That makes any discussion of national security methods, or improvements to personal security, a form of treachery.

The way out of this logic is to accept that individuals and companies have a right to data security. Once you remember that, then it is obvious that GCHQ’s methods need to fit back in with our normal, everyday objective of trying to minimise our online risks. That may mean that the secret services’ work may sometimes be harder, but it also means that everyone will be a lot more secure from common criminality.

[Read more] (6 comments)


November 07, 2013 | Peter Bradwell

Intelligence & Security Committee fails to convince

Today saw the first public questioning of the heads of the UK's secret services by the Intelligence and Security Committee. For anyone looking for incisive probing about the Snowden revelations, it was a disappointing hour and a half.

In the Westminster Hall debate (see ORG's summary of the debate in a previous blog) on oversight of surveillance last week Sir Malcolm Rifkind, chair of the Intelligence and Security Committee, invited people to judge the Committee's effectiveness on the basis of the work they do in the coming months: 

"Given our willingness to have our first public hearing with the intelligence chiefs next week in front of the cameras, plus other public sessions, as well as the new powers we are already exercising, I ask right hon. and hon. Members to test whether we use such powers properly."

He was rather making a rod for his own back here. Today's public hearing - rather predictably - did not inspire confidence in the Committee's ability to scrutinise and hold to account the security services they are charged with overseeing.

The questions were very broad, with little follow up. Significant questions about the law and technology were dealt with in a few moments. Sir Iain Lobban was even congratulated by the chair for a fairly dubious - and laboured - analogy involving hay and needles. We didn't see anything like some of the recent grandstanding Committee moments, such as the CMS Committee's grilling of the Murdochs or when Margaret Hodge's Public Accounts Committee held allegedly tax avoiding companies' feet to the flames.

The Committee failed to ask challenging questions or press in depth on the primary issues of law and policy raised by the Snowden revelations. For instance, they didn't press on who decided mass data trawling did not need an explicit parliamentary vote. Or, how do they square data trawls with human rights judgements showing such harvests are going too far?  Why is undermining internet security acceptable?  Why is it fine to break into potentially millions of accounts at Google and Yahoo! when there are legal routes to the same data?

By concentrating on generalities the ISC failed to bite, which is extremely worrying - a key argument is that the UK's oversight regime, that they are part of, is one of the world's most strict.

At the very least the hour and a half session left viewers with the impression that the Committee needs reforming. There are plenty of ideas about how to do this. Whether it is having an member of the opposition as chair or, as Jamie Bartlett suggested today, putting members of the public or civil society groups on the Committee.

[Read more] (1 comments)


November 07, 2013 | Ruth Coustick-Deal

Donate to stop surveillance

ORG has launched a new campaign to fund next year's fight against Internet surveillance.

Right now we're asking for new supporters to help us grow so we can take on what may be the biggest threat to liberty of this generation.

You can help by joining ORG now

ORG have to work very fast to challenge the silence of the press and politicians.

There have been clusters of stories released by the Guardian showing that the UK's intelligence agency GCHQ routinely collects everybody's online data.

We've learnt that they can do this without specific warrants and with little oversight. We've heard that they share that intelligence with foreign security agencies, and they enable foreign agencies to snoop on us.

But, the Government have stifled the discussion by defending their own bad practices and attacking and questioning the free press.

To make this an election issue that everyone's talking about, we need to change tactics.

This is why we are asking for you to take this opportunity to join ORG. If you have any concerns about the erosion of your civil liberties online, ORG is best placed to fight for real change. We've already joined Big Brother Watch and English PEN to launch a European legal challenge against the UK Government in Strasbourg, but there's so much more to do.

So what do we want to achieve?

There are a number of projects that we we'd love to do to, but we need your support to make them possible.

-Bring computer security specialist Bruce Schneier to the UK to share his expertise with Parliament and help educate MPs

-Keep surveillance on the front pages and generate new stories to make sure everyone's talking about the surveillance scandal

-Produce a report into the impacts of PRISM and Tempora on UK businesses

-Support cryptoparties around the country to educate people about keeping their online activity private

-Run an MP Lobby Day to mass petition parliament for change

-Persuade other campaign groups that defending privacy should be part of their mission

You can help!

 

[Read more] (1 comments)


November 06, 2013 | Ruth Coustick-Deal

Friend Sign-up Scheme Tips

If you're a supporter of Open Rights Group, can you help boost our strength to fight the biggest battle against surveillance yet?

The surveillance debate is at a critical moment and you can help.

I'm an ORG supporter badge long

As part of our drive to hit our significant goal of 2000 supporters – and to let us do a whole host of work defending privacy over the next years, we'd like you to help us recruit new supporters to fight alongside us. By explaining how important the current surveillance debate and the leaks are, we hope your friends will want to join up to ORG to help fight intrusive and over-reaching snooping.

Who can I ask to join?

The best way to help us increase our membership and get your sign-up rewards is to find a friend who you know should be a member of ORG. Maybe a friend who:

  • Voices fears about all the data companies like Facebook know about them

  • Is worried about Government surveillance

  • Has been sharing links on their Twitter account about the Snowden revelations

  • Is interested in preserving freedom of speech for minority groups

  • Is passionate about social justice and human rights work.

What are the key reasons to join ORG?

ORG are a small organisation. We’ve achieved a great deal with the resources that we have, but without expanding our staff and our funding we won’t be able to expand our remit and achieve all of the above.

If you're struggling to seal the deal and convince someone to become an ORG supporter, maybe these 3 points will help make up their mind.

1. Surveillance threatens both the right to a private life and the right to freedom of speech. This is fight is the biggest threat we've seen and ORG is the best equipped to fight it.

2. ORG have made real change on copyright, parody, open source, open data, privacy, free speech, e-voting and DRM. Joining ORG doesn't just help turn back the tide on surveillance culture, it's a long-term investment in your rights online.

3. Being a supporter gives you lots of benefits, like discounted tickets to all our events, a free gift in our welcome pack and chances to influence our policy and the digital debate for years to come.

What's actually happening?

This summer we learned that the UK's intelligence agency GCHQ routinely collects everybody's online data. They can do this without specific warrants, with little oversight, and there has been little debate about the scope of their power.

Tempora

Tempora is a UK GCHQ (Government Communications Headquarters) programme that stores all data flowing through UK fibre optic cables so that it can be analysed by GCHQ staff. The Tempora programme allows for collection of what sites people visit, search terms used and social media posts.

PRISM

PRISM refers to a US NSA (National Security Agency) operation begun in 2007 to collect private information belonging to users of major US internet companies such as Microsoft, Google, and Yahoo. The leaks by Snowden suggest that the NSA has direct access to the servers of these companies.

There's also a handy guide on the Verge which helps explain what's going on and what all these other acronyms floating around mean.

Why does surveillance matter to everyone?

The quiet state of surveillance silences everyone. Confidentially is a serious matter. People who are under surveilllance are afraid to speak or act openly. If someone thinks their movements are being recorded, they might not want to:

-book into a women's shelter

-carry out their investigative journalism

-talk about their sexuality openly on a private forum

-plan a demonstration.

The surveillance revelations are incredibly serious and have a chilling effect.

It's not just our security services who have access to this data, it's agencies and private contracters across the world.

With that many people watching and recording it is inevitable that we will start to censor ourselves, clarifying, altering and avoiding controvosy - and freedom of speech is lost.

What can ORG do, when the threats seems so big?

We have alread launched a legal challenge alongside English PEN and Big Brother Watch to take the Government to Strasbourg on human rights grounds. We have responded to President Obama's review board of the NSA and we have been speaking to the media constantly to raise awareness privacy rights.

Privacy not Prism banner

We also took on and defeated the Snoopers' Charter, a proposal for mass surveillance legislation, after a 2-year campaign, co-ordinating with a huge group of civil liberties organisations.

We have the knowledge and skills to take this challenge on, but there are some big tasks we need to be able to take on to win.

ORG wants to be able to:

-Bring Bruce Schneier to the UK to share his expertise with Parliament, give evidence to the Intelligence and Security Committee inquiry.

-Produce a report into the impacts of PRISM and Tempora on UK businesses

-Bring the issue back to page one of the papers, having the time to do more media work.

-Organise and assist cryptoparties around the country and educate people about privacy

-Run an MP Lobby Day to mass petition parliament for change

-Persuade other campaign groups that defending privacy should be part of their mission.

We're relying on ORG supporters like you to spread the word so we can meet this challenge that Edward Snowden's given us.

If they have any questions about what we do, we're happy to take the time to chat on phone or email. Anyone can join up here.

 

[Read more]


November 01, 2013 | Alexandra Stefanou

Summary of Westminster Hall surveillance debate

Yesterday saw Parliament’s first substantial debate on mass surveillance. Here, we summarise what the MPs said.

ORG Advisory Council members MPs Tom Watson and Julian Huppert as well as Conservative MP Dominic Raab called for a discussion on 'oversight of intelligence and security services', which took place in Westminster Hall. 

This debate finally provided a platform for all aspects of the debate in Britain to be discussed. You can read a transcript of the debate on Hansard, or you can watch a video of the session. The most relevant issues were:

  1. The Intelligence and Security Committee’s ability and suitability to provide oversight of the intelligence agencies
  2. The legality of RIPA and Tempora 
  3. Consensus on whether mass surveillance is occurring

1. The Intelligence and Security Committee (ISC) is the independent body charged with the oversight of the powers of the intelligence agencies. It was the committee’s ability and suitability to scrutinise the intelligence agencies’ extensive powers that caused one of the main divides in the chamber.

On one side were those who believe the ISC does not have the capacity for the oversight required because it is under-resourced. David Winnick expressed concern over the committee’s accountability and John McDonnell mentioned that there is a potential for conflicts of interest (as members of the ISC may have previously been involved with the work of the security services, for example former Foreign Secretary Malcolm Rifkind). 

On the other side (including the chair, members of the ISC and the Minister of Security) were those who believed the committee is perfectly equipped to perform the necessary oversight. Malcolm Rifkind, the chair of the ISC, explained that recent reforms have already implemented some of the changes suggested. 

A noteworthy exchange was between George Howarth (ISC member) and Tom Watson. In his statement, Mr Howarth made the assurance that the ISC had already looked into the legality of PRISM and Tempora and issued a relevant statement in July. Tom Watson then asked “was July the first time that the Committee had examined Prism, and was that after the Guardian revelations?” Followed by laughter across the room, Mr Howarth then explained that the examination came after the publications and that he was unable to disclose details of their examination. 

Eluded toward the end of the debate by Malcolm Rifkind and the Minister for Security James Brokenshire, was that much of the detail of the oversight should be withheld from the public.  In fact, when asked by Mr Meacher why the ISC did not know about the Tempora programme when it was launched, Malcom Rifkind responded that there is actually no way of knowing if the Committee knew about it prior to the Guardian publications; “We are given classified information, and the whole point of an independent Committee having access to top secret information, whatever that is, is that we do not announce what such information is”. 

This is the fundamental difference between the two sides. Tom Watson made clear to the Minister that the discussion on oversight was about scrutiny and ensuring that proper safeguards are in place when implementing new technology that is not covered by existing legislation. The Minister’s answer to this was simply, that the intelligence agencies always operate under strict policy frameworks and within the law. The problem with these responses is that they offer absolutely no answers to concerns over the reliability of the ISC as expressed by David Winnick in his statement to the debate. It seems as though we are meant to accept the law isn’t broken, just because the law exists.

Within this discussion also lies the question over what information the public is entitled to know. If not for the sake of scrutiny, should people not know if their information is being collected and stored under privacy rights granted to them in a democracy? Julian Huppert referenced this right to privacy multiple times in his opening statement.

 

2. On the question of legality, the house was roughly split between two groups. Those who believe the ISC was operating within British law (Ben Wallace and Hazel Blears both specified that Tempora complies with British law, making no reference to international agreements). This team of MPs seemed to be satisfied with the assurance that the intelligence agencies wouldn’t do anything illegal.  

Then was the group including Julian Huppert, Dominic Raab, John McDonnell and Tom Watson that called for an investigation into whether there had been a breach of law. In addition, Tom Watson and Dominic Raab called for a review of the legislation if mass surveillance was legal. Mr Watson said “If the Minister is telling us that the law permits such fundamental abuse of liberty, the law is wrong and must be changed.”

The Regulation for Investigatory Powers Act (RIPA) was referenced by both parties to support their respective arguments. According to the MPs that supported the legality of mass surveillance, the security agencies were operating in accordance with RIPA. According to the MPs that questioned mass surveillance’s legality, RIPA is extremely complicated and vague. Michael Meacher said that instead of curtailing surveillance activities, the Act facilitated them. He also said:

“RIPA is so poorly drafted—one almost wonders whether that was deliberate—and is open to such broad interpretation that it allows Government agencies such as GCHQ to do whatever they like.”

 

3. There were also MPs who didn’t believe mass surveillance is taking place. The very peculiar argument formulated sounded like this: 

First, for the sake of national security it is necessary for intelligence agencies to maintain an edge (as phrased by James Brokenshire) by having access to all this information. As Martin Horwood phrased it “if we are to find needles in a haystack, we need to allow people to look at the haystack”.

Julian Lewis then added “The question is whether we then have access to the irrelevant parts of the haystack, or legally supervised targeted access to those needles in the haystack, which can be detected as a result of modern technology. This is all about the mass collection, mass storage and interrogation of mass data so collected and stored.” 

The response to this was that intelligence agencies should continue with their surveillance and investigation, but not collect everyone’s information. As Julian Huppert said in the current situation “we are all suspects whose personal histories can be foraged through if ever there is interest in us later.”

However, the answer to this, from Malcolm Rifkind, was that in fact mass surveillance isn’t taking place at all because no human being looks at the vast majority of the information collected. 

Martin Horwood also said: “A lot is said, and a lot of allegations are made, about mass surveillance, but if it was really taking place, it would—apart from being wildly impractical—be straightforwardly illegal.” This seems to miss the point, as the precise purpose of the discussion is to find whether the mass surveillance operations are legal.

On the whole, the debate was quite useful in formulating the arguments and providing a basis for further discussion. The essential differences were that one group of MPs had the blind faith that the intelligence agencies were operating under law. This faith seemed to stem from official statements that say intelligence services always operate according to the law.

The other group of MPs were not satisfied with these statements and wanted a more stringent investigation.

To see how these arguments develop, be sure to follow the ISC’s open evidence session with the heads of intelligence agencies, next Thursday 7th November.

[Read more] (2 comments)


October 25, 2013 | Peter Bradwell

Ask your MP to join the surveillance debate

There's a debate in Parliament next Thursday about mass surveillance. We'd like you to ask your MP to take part.

The MPs Tom Watson, Julian Huppert and Dominic Raab have secured a 'Westminster Hall' debate in Parliament next Thursday, on 'oversight of intelligence and security services.'

Intelligence agencies have significant powers to collect and analyse private information. It is Parliaments' responsibility to ensure these are necessary, proportionate and that they are not abused.

We now know from Edward Snowden's leaks that GCHQ has developed a range of alarming mass surveillance programmes, for example the tapping of undersea fibre-optic cables under the codename 'Tempora'. From the information published so far, it seems clear that surveillance law is unfit for the digital age and that significant reforms are needed.

Debates about the limits of surveillance and the oversight of intelligence agencies are being held in America and across Europe.

Yet MPs here have seemed reluctant to take the initiative and discuss mass surveillance by UK intelligence services. And so far the Government have only seemed worried about whether newspapers should have told us anything about the surveillance.

It is high time a substantial debate took place in the UK too.

The debate next Thursday will be the first substantial debate in Parliament about the mass surveillance revealed by Edward Snowden. It is an opportunity to kick start our politicians into debating mass surveillance. That will give us a better chance of getting surveillance laws changed so they better respect our privacy.

You can help now.

Please get in touch with your MP and ask them to speak up about this issue. Tell them why it matters, why you'd like them to attend the debate, and why you think they should stand up for your privacy. You can use the following form:

Write to your MP

[Read more] (8 comments)


September 26, 2013 | Peter Bradwell

Culture Committee copyright report one-sided and simplistic

This morning the Culture, Media and Sport Committee published its report into how to support the creative industries. While it is a wide-ranging report, on copyright reform there is plenty to be disappointed about.

Today the Culture, Media and Sport Committee published a report called 'Supporting the creative economy.' (pdf version) Jim and I gave oral evidence to the Committee in January, and submitted written evidence last year.

Overall the Committee's report is a fairly disappointing and unimaginative piece of work. They offer a view of copyright that is too simplistic, one-sided and which effectively tries to reduce the debate to whether you like the creative industries or not. They thus ignore the wider impact of new technology on citizens as creators and participants in culture, and on how markets for cultural goods can now function most effectively. 

From our initial look over the report, here's a few of our more specific concerns and thoughts. 

 

Carelessness with privacy concerns

We were surprised to see the Committee dismiss the privacy concerns around targeted advertising, saying:

“The Advertising Association’s evidence goes on to express deep concern about draft EU Data Protection Regulation “which could damage direct marketing, internet advertising, and the UK economy both off and online”. Increasing use is being made of personal data to target online advertising better. While concerns around this have prompted reviews of data protection legislation, we do not think the targeting of appropriate advertising—essential to so many business models — represents the greatest threat to privacy.”

As far as we can tell, the Committee fail to look in any way at how targeted advertising works, how it collects information, or at the rules governing how companies can use and share our personal information. They've taken the opinions of the advertising industry as given. It's one-sided and analysis-light – which help demonstrate more general flaws with the report. 

We do not control when the gadgets and services we use leak information about us. The rules about what companies who get that data can do with it are woefully inadequate. For example, health and fitness apps on our phones or wristbands share all sorts of data about us to companies whose privacy policies can be unclear, and who face some pretty lax regulation. This is one reason so few people trust the businesses we deal with online.

The Data Protection Regulation is currently being discussed in Europe and could help give people control over their data. But there's a very real danger our rights will be ignored, due to intense lobbying from advertising and technology groups. This is despite the revelations over the summer that once data about us is shared, security services have some fairly unaccountable powers to access most if not all of it. 

The Committee appear entirely uninterested in or unaware of these important questions because a trade group for one of the industries affected told them it might damage their interests. This is an unhelpful time to be so cavalier. 

 

ORG's work and the importance of freedom of expression online

We were also surprised and rather delighted to see that the Committee acknowledges our work promoting freedom of expression online. 

As a small, independent organisation we rely on the financial support of concerned individuals. So if you are new to us and worried about Parliament's consistent failure to understand how technology should work for individuals and support our human rights and civil liberties, please consider joining

 

Bashing Hargreaves and copyright reforms

Looking at the copyright reforms kicked off by the Hargreaves Review in 2011, the Committee say:

“Following all the evidence we have received, we think Hargreaves is wrong in the benefits his report claims for his recommended changes to UK copyright law. We regret that the Hargreaves report adopts a significantly low standard in relation to the need for objective evidence in determining copyright policy. We do not consider Professor Hargreaves has adequately assessed the dangers of putting the established system of copyright at risk for no obvious benefit.”

This conclusion is unfair and somewhat inaccurate. First of all, it seems to focus on the Hargreaves report itself, which is to ignore the work that has gone into the implementation of the report's recommendations since, including the reviews and oversight that have gone alongside that work. For instance, the Committee don't mention the BIS Committee Review into this very issue last year, which concluded something very different:

“A considerable amount of high-quality work on policy development has been undertaken in the year since the Hargreaves Review. It will be important to maintain that momentum alongside the more rigorous approach to policy formation that Hargreaves recommended. Conclusions are near to formation in many areas, and the Government should press ahead with measures to implement new policy in those areas as soon as possible. We recommend that the Department act swiftly to bring in legislation to that effect.

169. While we recognise that the Government is undertaking a major reform in a complex area, changes are both necessary and urgent.”

and 

We welcome the Intellectual Property Office’s reassurances that more detailed analysis is on-going and trust that it will pursue that work and act on external criticism of data and methodologies. We also agree that the involvement of the Regulatory Policy Committee as an independent auditor of economic analysis is a sensible policy development.”

The BIS Committee mention the Regulatory Policy Committee (RPC). Their remit is to provide independent advice to Government on the quality of analysis supporting new regulations.  The RPC members include Ian Peters, the Chief Executive of the Institute of Internal Auditors and Jeremy Mayhew, chair of the Audit & Risk Management Committee as a non-party Common Councilman on the City of London Corporation. 

The RPC have reviewed a number of the proposals for exceptions, giving a 'green' status to the copyright exceptions for private copying, parody, archiving and preservation, for disabled people, for text and data analytics, and exceptions for educational use. 'Green' means the Committee “have no significant concerns with the quality of analysis and evidence presented. We make suggestions where we think the IA could be improved to deliver greater clarity or to aid understanding. A Green rating means we judge the IA to be ‘fit for purpose’.”

The work of the RPC, as far as I can spot, is mentioned zero times in the CMS Committee report. 

The reforms proposed by Professor Hargreaves and now being implemented by the Government, which are roundly criticised in this report, are actually modest and long overdue. A number of independent reports have recommended similar steps. That includes the Gowers Review in 2006, which came to strikingly similar conclusions. The recommendations for new copyright exceptions made in that review were never followed up. 

Richard Hooper CBE, who with Ros Lynch ran the recent work looking at the feasibility of a copyright licensing Hub, said in his oral evidence to the Committee that the reforms were reasonable and the Government should get on with implementing them:

What I would say to this Committee is we have had five years of to-ing and fro-ing on the issue, and if this Committee can get the laws sorted out, get it done, then we can start focusing on the really important issues, otherwise a huge amount of energy and time and lobbying is going to be spent on this for the next five years.

I think that the Government has come up with, by and large, very sensible recommendations on orphan works, extended collective licensing, codes of conduct for collecting societies and exceptions.

He repeated such thoughts in a speech to the London Book Fair, in which he said:

We have spent years first with the Gowers Review and then the Hargreaves Review discussing and debating changes to copyright law. The current proposals are broadly sensible, with the exceptions not being too widely drawn."

 

So the new proposals have been repeatedly exposed to consultation and review. They are modest, narrowly drawn and address some clearly defined needs. The Government should ignore this distraction and continue with their implementation.

 

The Digital Economy Act

There is a welcome acknowledgement that the Digital Economy Act suffered from a lack of debate in Parliament and was rushed through.  We also welcome the concerns that the Committee recognises the problems with public wifi, although they offer no solution or recommendations on how to do this.

Here's what they say:

"The delays in implementing the DEA are thus by no means all attributable to the Government: the legal action by BT and TalkTalk certainly contributed. As, perhaps, did the haste with which the presaging Bill was originally rushed through Parliament with relatively little debate in the House of Commons. We acknowledge that the DEA has its limitations; for example it is not applicable to mobile devices and there needs to be greater clarity over the situation of public Wi-Fi. We recognise, too, that effective enforcement of copyright is likely to focus more on targeting illegal activities on a commercial scale—on “following the money.”

It's a shame that the Committee still have faith that the Act is worth pursuing, and it's a shame that the Committee support the possible voluntary arrangements for a new three strikes regime. That is to ignore all the important questions about standards of evidence against alleged infringers, data protection and rights of appeal that led the Digital Economy Act itself into such trouble. 

 

Ignoring what's already being done to provide good evidence

It is also unfortunate that having stated again that objective evidence is important, the Committee fail to mention any of Ofcom's work researching copyright infringement and who those that claim to infringe are. It tells us lots if interesting things, such as those who say they infringe copyright also say they spend the most on legal content. This is despite ORG mentioning the Ofcom research in our oral evidence to the Committee. 

Incidentally this was paid for by the IPO, who the Committee claim are on some anti-copyright crusade. 

Somewhat bizarrely, the Committee call for the IPO to include more research into piracy in its annual report. The recent Ofcom research was their last in a series of reports, which has ended because the money from the IPO has run out. Having praised the effort to produce useful numbers, nobody at the launch event could offer solutions to how the research would continue and where funding would come from. The Committee could have looked at how to encourage and get funding for independent, robust evidence. But they did not do this, or seem aware that Ofcom have been doing such research and that it was funded by the IPO.

The report also fails to mention research into the effectiveness of three-strikes regimes, the most recent of which concluded that there "is little to no evidence that graduated responses are either 'successful' or 'effective'." 

'Robust evidence-based policy' seems to basically have come to mean 'evidence I agree with and which helps support the conclusions I have already arrived at'. 

[Read more] (2 comments)


google plusdeliciousdiggfacebookgooglelinkedinstumbleupontwitteremail