call +44 20 7096 1079

Blog


November 18, 2013 | Jim Killock

Child abuse image policies risk looking like cynical manipulation

Today’s announcement from the government that they have ‘persuaded’ search engines to restrict search term results ‘associated’ with child abuse images may seem like common sense: after all, who can possibly object to measures that reduce the availability of such material? However, many child protection experts are questioning how useful this measure is.

claire-perry-cc-by-policyexchange.jpgThe government have promoted this as a victory, commanding today’s headlines. If David Cameron and his advisor Claire Perry are hyping a policy they know is of marginal importance, many people will be forced to conclude that the announcement is a cynical manipulation of parents’ fears in order to appear to be taking action.

Their argument is that a small number of potential child abusers first experience child abuse images through online search. They believe that this acts as a ‘gateway drug’ to further experimentation. They claim to have seen evidence of this, and have to our knowledge produced none. Perhaps they are right, perhaps not. But other figures, such as Jim Gamble, former head of the Child Exploitation and Online Protection Centre (CEOP) says on ITV’s website:

The way to deter offenders from raping, abusing, photographing, sharing or seeking out images of child abuse is to line child abusers up, in the dock of a court room. One of the main problems is that people can see that is not happening.

That is why public frustration often results in online vigilantes like Letzgo hunting enticing paedophiles to meet offline or actions by charities like Terre des Hommes who raised awareness of the problem by luring thousands of suspect sex offenders from their online nests to engage a virtual child.

This is where the government must pause, look at themselves in the moral mirror they hold up to others so often, and ask whether they are doing enough?

And before ministers hide behind the wall of recession and austerity consider this. Less than £1.5 million a year would pay for 12 regional child protection experts, supported by twelve training coordinators.

A police officer specialising in child abuse told PC Pro that the announcement is hype:

"I simply do not see people using Google, etc to search for child abuse," the source said. "It's too risky for them."

"We need more staff," the source added. "We have a nine-month backlog - that's not fair to victims."

A simple look at the numbers suggests that it may well be funding of CEOP and police that is causing a reduction in prosecutions. According to the Guardian:

The detailed statistics from the solicitor-general, Oliver Heald, show the number of child sexual abuse cases being referred to the Crown Prosecution Service by police forces across England and Wales has fallen by 28% from a peak of 13,018 in 2010-11 to 9,381 in 2012-13. This is the lowest level for more than five years and comes over a period when the number of such cases reported to the police has risen steadily to a record high of 18,915 in 2012-13.

We could also ask if funding for social services is adequate, or whether government is endangering lives very directly by failing to provide proper support.

Cameron and Perry learnt earlier this year that if they accuse companies like Google, Yahoo and Microsoft of aiding paedophiles, those companies are bound to take action. This spring, Google promised £1 million to the Internet Watch Foundation after Cameron accused Google of not doing enough. A few months later, Maria Miller asked how much ISPs could promise to give towards a broader education programme. In the speech Cameron gave in July, Cameron demanded further action from search engines, demanding “depraved” terms be removed completely.

What Cameron and Perry have learnt is that Internet companies are susceptible to pressure, and will take action when threatened. It doesn’t matter if the companies are at fault, or can only make a limited difference, but when accused of aiding paedophilia, they are certain to take action to limit the reputational damage.

The least that politicians need to do is to make sure we know that they are dealing with real problems, rather than chimeras. We don’t know, as we’ve seen no evidence, whether Google and Microsoft really will be able to make a difference by limiting search, or whether the actions are cosmetic. It’s worth remembering that Google and Microsoft have always removed search results, such as URLs or images, that are reported to them.

Politicians must do what they can, where they are directly responsible. If they claim to want to deal with paedophilia, then they should be prepared to announce funding to CEOP so that criminals are investigated and locked up: something Google and Microsoft simply can’t do.

In the absence of evidence and new financial commitments to law enforcement, Cameron and Perry risk looking like they are prepared to cynically manipulate the emotions of genuinely worried parents, purely in order to generate headlines. Victims should be worried that they may only be interesting while they provide easy media hits. Internet companies, too, will learn that they will be the targets of future shake downs by politicians who identify subjects of moral outrage.

None of this feels like good democratic governance. If this is the kind of politics some of our MPs think we want, then we should be prepared to call them out.

[Read more] (2 comments)


November 15, 2013 | Peter Bradwell

Sky's reply to ORG on default internet filters

In July we asked the main ISPs how they planned to implement the default internet filtering being mandated by the Government. Sky have now replied, and here you can read their answers.

Sky are the first Internet Service Provider to send us answers to all of our questions about their default filtering. We are waiting for responses from the others; they all promised us answers. So thanks to Sky for taking the time to go through the questions. High time for the others to finish formatting their replies and send them over!

This week Sky launched this filtering service (called 'Sky Broadband Shield') - one of the first changes since the Government’s summer push to get ISPs to do more to prevent children accessing ‘adult’ material. 

You can read Sky's answers below, which they prefaced with an introduction to their filtering system. Having read through the response, we remain concerned for website operators who may get caught by ISPs filters by mistake. More needs to be done to make sure those running websites can check whether their sites are blocked and can rectify any problem quickly. 

Sky confirm some basics too, for example that one filter setting will apply to all devices in a household, and that the age verification process will only involve using the account holders primary email address (avoiding any more onerous verification checks). Sky also say that they will not log blocking events or monitor or log traffic of users who have not opted in to the filtering.

We are perhaps most concerned about how they will deal with over-blocking, and their process for fixing mistakes. Some comments on what Sky have told us:

URL checks. Of the mobile operators, only O2 give people a URL checker to help people quickly find out if a site is blocked by their filters and what category it falls in to. Sky here imply there will be no such tool available from them. This is a real problem - website operators will want to know how each internet service providers categorise their site and whether they are blocked. They shouldn’t have to rely on reports from customers, and they certainly shouldn’t need to have multiple accounts just to constantly monitor if their sites are blocked. 

In our mobile Internet censorship report we recommended a cross-ISP URL checker tool. That seems like the only way to help website owners stay on top of whether their sites have been incorrectly caught by the filters.

Sky say they will deal with reports of mistakens in a ‘timely manner’. What is timely to a website owner who can’t reach their market or readers will likely differ from what an ISP will consider timely.

Oversight? As Sky say, it doesn’t seem like there is a body who will be monitoring or dealing with disputes or performance. There has been some talk about Ofcom taking on this role but details about how that will work are not clear.

We want more information about how ISPs will make sure website owners can check if their sites are blocked, and how they can quickly and easily get their sites off the block lists.

One of our motivations for asking these questions is that it seems the Government are not doing so. They seem far more interested in easy win headlines than preventing widespread over-blocking by the systems they are mandating.

There needs to be pressure from the government on overblocking, with independent monitoring of performance, to ensure website owners in the UK are not cut off from large sections of their potential market.

Let us know what you think of the Sky's answers, and any questions that come to mind having seen this response. 

 

Sky’s answers to Open Rights Group’s Questions

Sky’s new parental control product will allow customers to filter internet access across all connected devices.  The product is a DNS-based solution which will mean that IP addresses are not returned for hostnames serving content classed as falling within a category or categories that the customer wishes to block access to.  The technology does not rely on inspection of traffic.

To make this solution work, we will of course need to store the level of filtering desired by each customer. We will not keep a record of individual DNS queries during normal operation. The information on the choices customers have made about what content to filter is subject to stringent data protection measures.

In creating this solution, we have undertaken extensive testing and upgrading of our hardware to ensure that traffic is not slowed for both users and non-users of the service.  In fact, as a result of the upgrade, overall speed across the servers has improved.

To ensure that only relevant websites are within these defined categories, we have worked with the technology firm Symantec. They are world-leading experts in online protection and already work with many UK companies, including a number of mobile phone companies.
In the event that a site has been wrongly categorised, we have created processes for easy reporting and speedy resolution.

Twenty questions for ISPs on Internet filtering systems

A. On how the technology works

Under the Internet filtering system set up following discussions with the Government about online safety and child protection:

1. Is any traffic of users who are not opted in to filtering inspected and / or logged?

Answer: No

If so, is it logged in a way that links the traffic to a subscriber?

Answer: n/a

What logging will there be of blocking events? How does this work?

Answer: There will be no logging of blocking events for individual customers.

2. Is filtering applied to all forms of connection offered by the ISP (dialup, ADSL, cable, fast fibre connections etc)?

Answer: Yes, access filtering is applied at the network level regardless of connection.

3. Have you estimated the impact of the through-put of filtering technology on the speed of users' internet access (both for those who are opted in and opted out)?

Answer: Yes, there will be no negative impact to customers' throughput speed.

4. We are concerned about the impact on Internet applications in general as well as web traffic.

Does filtering take place only of HTTP traffic on port 80, or will other traffic be affected?

Answer: Filtering is applied for customers who take the product based on the hostname regardless of the application that is requesting it. There will not be any undesired impact.

What steps will be taken to avoid interfering with non-HTTP traffic on port 80, for example non-HTTP applications that use this port in order to bypass firewall restrictions?

Answer: n/a see above

5. What impact does the filtering have on end-to-end security measures such as SSL or DNSSEC?

Answer: Our product does not disrupt any end to end traffic security measures currently available such as DNSSEC and SSL in such a way as to introduce a security vulnerability.

6. Can you guarantee that your networks will not be susceptible to mistaken blocking as a result of using specific IP addresses for forwarding filtered traffic, for example as seemed to happen in a case involving Wikipedia?

Answer: Yes, because we are using hostname filtering.

7. Have you made any estimates on the impact of filtering systems on infrastructure upgrades?

Answer: Yes, this was a key consideration when choosing the platform for the product.

B. On setting up the filtering

8. Are users faced with pre-ticked boxes when choosing to activate filtering?

Answer: Yes

What is the impact on customers who do not have access to or who do not use a web browsers on a network such as a home broadband connection that is only used for Smart TV video on demand applications? (ie who will not be presented with a web-based set up screen?)

Answer: New customers would only be presented with an Active Choice if they connect via a web browser.

9. How granular are the available choices? Will a household be able to cater for:

a. Multiple ages or a variety of beliefs?

Answer: This is a network level filter which means that all devices in the household connected to Sky Broadband will have the same level of protection applied, as selected by the Sky account holder.

b. Can specific sites be unblocked by a user?

Answer: Yes

10. Have you done user-testing for your opt-in systems?

Answer: Yes, the experience and levels of protection available meet customers' expectations of simplicity and ease of use.

11. What information about the filtering is available at the point of sign up? Does it include:

a. Detailed information about what types of content are blocked, with examples?

Answer: Detailed information about the type of websites within each category is available during the sign up process and on sky.com.

b. The providers of their filtering tools, if a third party is involved?

Answer: We will publish details of our 3rd party providers when our product is launched later this year (Update: Symantec was named as a provider of site classifications at launch.)

c. Information about the possible problems with and limitations of blocking, with information about how to report problems?

Answer: We will publish a list of FAQs which will include the extent to which web filtering allows users to control the type of content that is available in their property as part of an overall strategy of education and monitoring. We will also publish information about how to report problems with the product.

12. What age-verification processes will be in place? How will this work?

Answer: Sky Broadband is only available to customers aged 18 or over who will provide a primary email address at point of sale. Any changes to filters will be emailed to the primary email address.

13. Is a customer's decision not to activate filtering a one-off decision, or will it have to be periodically repeated?

Answer: Customers will be asked to make an active choice at the point they activate their Sky Broadband service and will not need to repeat this decision, however the customer can later choose to opt in.

C. On managing problems and mistakes

14. When a site is blocked, what information is supplied to the end-user about why and how it has been blocked?

Answer: The customer will see a "Page Blocked" screen which will tell them that the site has been blocked and the category that the website falls under.

15. Are there easy ways to report mistaken blocks, either over-blocking or under-blocking? Are these clear when users encounter a block?

Answer: Yes, the customer can access a form to submit a report which can be found by clicking a button on the "Page Blocked" page or in the "Contact Us" section of sky.com

16. Are there easy ways for people to check if URLs are blocked, and will this include a reporting tool for requesting corrections and reclassifications?

Answer: Customers will be able to report to Sky if they believe that a website has been incorrectly categorised and therefore filtered incorrectly. These requests will be reviewed by Sky and by our 3rd party providers before a decision is made on the categorisation.

17. How will complaints, from both your subscribers and from owners of sites that are blocked, be dealt with?

Answer: We will have processes to review reports of incorrect blocking. Those confirmed as being in the incorrect category will be re-categorised.

a. Are there plans in place to train customer service staff for dealing with these reports? 

Answer: Yes

b. Are there targets for dealing with mistakes in a timely manner, or estimates of how long responding to and correcting mistakes will take? 

Answer: Our processes will ensure that we deal with reports in a timely manner.

c. Will you share error reports and corrections with other ISPs?

Answer: We will share best practice with other ISPs.

18. Have you specified acceptable error rates to suppliers of filtering services? If so, what are they?

Answer: Our decision on the supplier of our filtering service included an assessment of categorisation accuracy.

19. Have you sought legal opinions relating to liability for incorrect blocks, including both false positives and false negatives?

Answer: Yes

Do you have plans to offer compensation for businesses harmed by blocking errors, for example when potential customers are unable to access the site?

Answer: Our processes will ensure that blocking errors will be resolved within a timely basis.

20. Are there or will there be systematic reviews of the effectiveness and quality of filtering, including reporting on problems and complaints? Is there a process for review and improvement? 

Answer: In line with all products we will monitor its effectiveness and review complaints.

Is there or will there be an ombudsman or other oversight body to handle disputes and review performance?  

Answer: No
 

[Read more] (5 comments)


November 09, 2013 | Jim Killock

Now talking is treachery

Which story will win out? Government and civil liberties advocates are arguing over what the real story is after the Snowden revelations. Is it the Guardian’s irresponsibility and their inability to assess the damage they are allegedly creating; or is it a story about the problems with mass surveillance?

The security services in Parliament claimed that the Guardian’s stories have led directly to discussions among terrorists to improve their information security. Sir Iain Lobban was most explicit, saying:

“we have actually seen chat around specific terrorist groups, including close to home, discussing how to avoid what they now perceive to be vulnerable communications methods or how to select communications which they now perceive not to be exploitable.

“The cumulative effect of the media coverage, the global media coverage, will make the job that we have far, far harder for years to come. There is a complex, there is a fragile mosaic as Andrew has said, of strategic capabilities that allows us to discover, process, investigate and then to take action. That uncovers terrorist cells. It reveals people shipping secrets, expertise or materials to do with chemical, biological and nuclear around the world. It allows us to reveal the identities of those involved in online sexual exploitation of children. Those people are very active users of encryption and of anonymisation tools. That mosaic is in a far, far weaker place than it was five months ago”

Their allies in Parliament, led by MPs Julian Smith and Stephen Phillips, have asked the Guardian to “acknowledge the devastating assessment” made by the intelligence chiefs, while the Home Affairs select committee has called the editor of the Guardian to appear before them in a month to answer these points.

The accusations mostly appear to relate to Operation Bullrun (USA) and Edgehill (UK) – programmes to create weaknesses in encryption tools that can be exploited by the NSA, GCHQ and others who are told or find them.

For Parliamentarians these are complex issues, so I would like to take a moment to spell them out.

  1. The Guardian has not concentrated on specific weakenings of technologies, under Bullrun and Edgehill, but the investment of time and effort.

  2. The Guardian did imply that Skype may be compromised – a tool that many of us use daily; such a weakness could have consequences for all of our personal computer security.

  3. The vulnerabilities are being discussed by private companies worried about the consequences for their own security or security products. Vulnerabilities can be exploited by anyone, not just the NSA or GCHQ.

  4. RSA Security were forced to withdraw a broken encryption method, related to use of random numbers, which had been leaving many commercial VPN products at risk. This has affected major UK companies.

  5. No doubt terrorists will be speculating about their personal security just as everyone else is.

The logic of this debate is that the Guardian sparking a debate about personal computer security—an activity that we and the government invest billions of pounds in—is tantamount to aiding terrorism, as terrorists will improve their security too.

The unspoken position of GCHQ is that they have a right to compel companies to give them ways to break into their software and all the installations and uses of them – not by targeting individual suspects, but in a blanket way.

This places everyone at risk. That is a question which deserves a public debate, but it also allows the security chiefs to make the argument that revelations the Guardian has made are ‘endangering national security’ as people try to identify what GCHQ have done, and fix it. From this perspective, when Google encrypt across UK private cables to stop GCHQ breaking in without permission, this will also be an attack on national security, as secret collection capacity diminishes. When RSA fixed their broken technology they will have made parts of the Internet ‘go dark’ and thus aided terrorism.

The problem of course is not the Guardian, but the decision to compel companies to work in a non-transparent, ubiquitous manner, sacrificing general security for the convenience of the security agencies. That to many people will represent the essence of an agency acting without effective supervision.

Some MPs will accept assertions that terrorists have benefited from the Guardian’s revelations, and fail to challenge the notion of pervasive intelligence gathering. By accepting GCHQ's demand to have access to the ‘whole haystack’ of Internet traffic, MPs agree that anything that reduces pervasiveness must of course endanger national security capability. That makes any discussion of national security methods, or improvements to personal security, a form of treachery.

The way out of this logic is to accept that individuals and companies have a right to data security. Once you remember that, then it is obvious that GCHQ’s methods need to fit back in with our normal, everyday objective of trying to minimise our online risks. That may mean that the secret services’ work may sometimes be harder, but it also means that everyone will be a lot more secure from common criminality.

[Read more] (6 comments)


November 07, 2013 | Peter Bradwell

Intelligence & Security Committee fails to convince

Today saw the first public questioning of the heads of the UK's secret services by the Intelligence and Security Committee. For anyone looking for incisive probing about the Snowden revelations, it was a disappointing hour and a half.

In the Westminster Hall debate (see ORG's summary of the debate in a previous blog) on oversight of surveillance last week Sir Malcolm Rifkind, chair of the Intelligence and Security Committee, invited people to judge the Committee's effectiveness on the basis of the work they do in the coming months: 

"Given our willingness to have our first public hearing with the intelligence chiefs next week in front of the cameras, plus other public sessions, as well as the new powers we are already exercising, I ask right hon. and hon. Members to test whether we use such powers properly."

He was rather making a rod for his own back here. Today's public hearing - rather predictably - did not inspire confidence in the Committee's ability to scrutinise and hold to account the security services they are charged with overseeing.

The questions were very broad, with little follow up. Significant questions about the law and technology were dealt with in a few moments. Sir Iain Lobban was even congratulated by the chair for a fairly dubious - and laboured - analogy involving hay and needles. We didn't see anything like some of the recent grandstanding Committee moments, such as the CMS Committee's grilling of the Murdochs or when Margaret Hodge's Public Accounts Committee held allegedly tax avoiding companies' feet to the flames.

The Committee failed to ask challenging questions or press in depth on the primary issues of law and policy raised by the Snowden revelations. For instance, they didn't press on who decided mass data trawling did not need an explicit parliamentary vote. Or, how do they square data trawls with human rights judgements showing such harvests are going too far?  Why is undermining internet security acceptable?  Why is it fine to break into potentially millions of accounts at Google and Yahoo! when there are legal routes to the same data?

By concentrating on generalities the ISC failed to bite, which is extremely worrying - a key argument is that the UK's oversight regime, that they are part of, is one of the world's most strict.

At the very least the hour and a half session left viewers with the impression that the Committee needs reforming. There are plenty of ideas about how to do this. Whether it is having an member of the opposition as chair or, as Jamie Bartlett suggested today, putting members of the public or civil society groups on the Committee.

[Read more] (1 comments)


November 07, 2013 | Ruth Coustick-Deal

Donate to stop surveillance

ORG has launched a new campaign to fund next year's fight against Internet surveillance.

Right now we're asking for new supporters to help us grow so we can take on what may be the biggest threat to liberty of this generation.

You can help by joining ORG now

ORG have to work very fast to challenge the silence of the press and politicians.

There have been clusters of stories released by the Guardian showing that the UK's intelligence agency GCHQ routinely collects everybody's online data.

We've learnt that they can do this without specific warrants and with little oversight. We've heard that they share that intelligence with foreign security agencies, and they enable foreign agencies to snoop on us.

But, the Government have stifled the discussion by defending their own bad practices and attacking and questioning the free press.

To make this an election issue that everyone's talking about, we need to change tactics.

This is why we are asking for you to take this opportunity to join ORG. If you have any concerns about the erosion of your civil liberties online, ORG is best placed to fight for real change. We've already joined Big Brother Watch and English PEN to launch a European legal challenge against the UK Government in Strasbourg, but there's so much more to do.

So what do we want to achieve?

There are a number of projects that we we'd love to do to, but we need your support to make them possible.

-Bring computer security specialist Bruce Schneier to the UK to share his expertise with Parliament and help educate MPs

-Keep surveillance on the front pages and generate new stories to make sure everyone's talking about the surveillance scandal

-Produce a report into the impacts of PRISM and Tempora on UK businesses

-Support cryptoparties around the country to educate people about keeping their online activity private

-Run an MP Lobby Day to mass petition parliament for change

-Persuade other campaign groups that defending privacy should be part of their mission

You can help!

 

[Read more] (1 comments)


November 06, 2013 | Ruth Coustick-Deal

Friend Sign-up Scheme Tips

If you're a supporter of Open Rights Group, can you help boost our strength to fight the biggest battle against surveillance yet?

The surveillance debate is at a critical moment and you can help.

I'm an ORG supporter badge long

As part of our drive to hit our significant goal of 2000 supporters – and to let us do a whole host of work defending privacy over the next years, we'd like you to help us recruit new supporters to fight alongside us. By explaining how important the current surveillance debate and the leaks are, we hope your friends will want to join up to ORG to help fight intrusive and over-reaching snooping.

Who can I ask to join?

The best way to help us increase our membership and get your sign-up rewards is to find a friend who you know should be a member of ORG. Maybe a friend who:

  • Voices fears about all the data companies like Facebook know about them

  • Is worried about Government surveillance

  • Has been sharing links on their Twitter account about the Snowden revelations

  • Is interested in preserving freedom of speech for minority groups

  • Is passionate about social justice and human rights work.

What are the key reasons to join ORG?

ORG are a small organisation. We’ve achieved a great deal with the resources that we have, but without expanding our staff and our funding we won’t be able to expand our remit and achieve all of the above.

If you're struggling to seal the deal and convince someone to become an ORG supporter, maybe these 3 points will help make up their mind.

1. Surveillance threatens both the right to a private life and the right to freedom of speech. This is fight is the biggest threat we've seen and ORG is the best equipped to fight it.

2. ORG have made real change on copyright, parody, open source, open data, privacy, free speech, e-voting and DRM. Joining ORG doesn't just help turn back the tide on surveillance culture, it's a long-term investment in your rights online.

3. Being a supporter gives you lots of benefits, like discounted tickets to all our events, a free gift in our welcome pack and chances to influence our policy and the digital debate for years to come.

What's actually happening?

This summer we learned that the UK's intelligence agency GCHQ routinely collects everybody's online data. They can do this without specific warrants, with little oversight, and there has been little debate about the scope of their power.

Tempora

Tempora is a UK GCHQ (Government Communications Headquarters) programme that stores all data flowing through UK fibre optic cables so that it can be analysed by GCHQ staff. The Tempora programme allows for collection of what sites people visit, search terms used and social media posts.

PRISM

PRISM refers to a US NSA (National Security Agency) operation begun in 2007 to collect private information belonging to users of major US internet companies such as Microsoft, Google, and Yahoo. The leaks by Snowden suggest that the NSA has direct access to the servers of these companies.

There's also a handy guide on the Verge which helps explain what's going on and what all these other acronyms floating around mean.

Why does surveillance matter to everyone?

The quiet state of surveillance silences everyone. Confidentially is a serious matter. People who are under surveilllance are afraid to speak or act openly. If someone thinks their movements are being recorded, they might not want to:

-book into a women's shelter

-carry out their investigative journalism

-talk about their sexuality openly on a private forum

-plan a demonstration.

The surveillance revelations are incredibly serious and have a chilling effect.

It's not just our security services who have access to this data, it's agencies and private contracters across the world.

With that many people watching and recording it is inevitable that we will start to censor ourselves, clarifying, altering and avoiding controvosy - and freedom of speech is lost.

What can ORG do, when the threats seems so big?

We have alread launched a legal challenge alongside English PEN and Big Brother Watch to take the Government to Strasbourg on human rights grounds. We have responded to President Obama's review board of the NSA and we have been speaking to the media constantly to raise awareness privacy rights.

Privacy not Prism banner

We also took on and defeated the Snoopers' Charter, a proposal for mass surveillance legislation, after a 2-year campaign, co-ordinating with a huge group of civil liberties organisations.

We have the knowledge and skills to take this challenge on, but there are some big tasks we need to be able to take on to win.

ORG wants to be able to:

-Bring Bruce Schneier to the UK to share his expertise with Parliament, give evidence to the Intelligence and Security Committee inquiry.

-Produce a report into the impacts of PRISM and Tempora on UK businesses

-Bring the issue back to page one of the papers, having the time to do more media work.

-Organise and assist cryptoparties around the country and educate people about privacy

-Run an MP Lobby Day to mass petition parliament for change

-Persuade other campaign groups that defending privacy should be part of their mission.

We're relying on ORG supporters like you to spread the word so we can meet this challenge that Edward Snowden's given us.

If they have any questions about what we do, we're happy to take the time to chat on phone or email. Anyone can join up here.

 

[Read more]


November 01, 2013 | Alexandra Stefanou

Summary of Westminster Hall surveillance debate

Yesterday saw Parliament’s first substantial debate on mass surveillance. Here, we summarise what the MPs said.

ORG Advisory Council members MPs Tom Watson and Julian Huppert as well as Conservative MP Dominic Raab called for a discussion on 'oversight of intelligence and security services', which took place in Westminster Hall. 

This debate finally provided a platform for all aspects of the debate in Britain to be discussed. You can read a transcript of the debate on Hansard, or you can watch a video of the session. The most relevant issues were:

  1. The Intelligence and Security Committee’s ability and suitability to provide oversight of the intelligence agencies
  2. The legality of RIPA and Tempora 
  3. Consensus on whether mass surveillance is occurring

1. The Intelligence and Security Committee (ISC) is the independent body charged with the oversight of the powers of the intelligence agencies. It was the committee’s ability and suitability to scrutinise the intelligence agencies’ extensive powers that caused one of the main divides in the chamber.

On one side were those who believe the ISC does not have the capacity for the oversight required because it is under-resourced. David Winnick expressed concern over the committee’s accountability and John McDonnell mentioned that there is a potential for conflicts of interest (as members of the ISC may have previously been involved with the work of the security services, for example former Foreign Secretary Malcolm Rifkind). 

On the other side (including the chair, members of the ISC and the Minister of Security) were those who believed the committee is perfectly equipped to perform the necessary oversight. Malcolm Rifkind, the chair of the ISC, explained that recent reforms have already implemented some of the changes suggested. 

A noteworthy exchange was between George Howarth (ISC member) and Tom Watson. In his statement, Mr Howarth made the assurance that the ISC had already looked into the legality of PRISM and Tempora and issued a relevant statement in July. Tom Watson then asked “was July the first time that the Committee had examined Prism, and was that after the Guardian revelations?” Followed by laughter across the room, Mr Howarth then explained that the examination came after the publications and that he was unable to disclose details of their examination. 

Eluded toward the end of the debate by Malcolm Rifkind and the Minister for Security James Brokenshire, was that much of the detail of the oversight should be withheld from the public.  In fact, when asked by Mr Meacher why the ISC did not know about the Tempora programme when it was launched, Malcom Rifkind responded that there is actually no way of knowing if the Committee knew about it prior to the Guardian publications; “We are given classified information, and the whole point of an independent Committee having access to top secret information, whatever that is, is that we do not announce what such information is”. 

This is the fundamental difference between the two sides. Tom Watson made clear to the Minister that the discussion on oversight was about scrutiny and ensuring that proper safeguards are in place when implementing new technology that is not covered by existing legislation. The Minister’s answer to this was simply, that the intelligence agencies always operate under strict policy frameworks and within the law. The problem with these responses is that they offer absolutely no answers to concerns over the reliability of the ISC as expressed by David Winnick in his statement to the debate. It seems as though we are meant to accept the law isn’t broken, just because the law exists.

Within this discussion also lies the question over what information the public is entitled to know. If not for the sake of scrutiny, should people not know if their information is being collected and stored under privacy rights granted to them in a democracy? Julian Huppert referenced this right to privacy multiple times in his opening statement.

 

2. On the question of legality, the house was roughly split between two groups. Those who believe the ISC was operating within British law (Ben Wallace and Hazel Blears both specified that Tempora complies with British law, making no reference to international agreements). This team of MPs seemed to be satisfied with the assurance that the intelligence agencies wouldn’t do anything illegal.  

Then was the group including Julian Huppert, Dominic Raab, John McDonnell and Tom Watson that called for an investigation into whether there had been a breach of law. In addition, Tom Watson and Dominic Raab called for a review of the legislation if mass surveillance was legal. Mr Watson said “If the Minister is telling us that the law permits such fundamental abuse of liberty, the law is wrong and must be changed.”

The Regulation for Investigatory Powers Act (RIPA) was referenced by both parties to support their respective arguments. According to the MPs that supported the legality of mass surveillance, the security agencies were operating in accordance with RIPA. According to the MPs that questioned mass surveillance’s legality, RIPA is extremely complicated and vague. Michael Meacher said that instead of curtailing surveillance activities, the Act facilitated them. He also said:

“RIPA is so poorly drafted—one almost wonders whether that was deliberate—and is open to such broad interpretation that it allows Government agencies such as GCHQ to do whatever they like.”

 

3. There were also MPs who didn’t believe mass surveillance is taking place. The very peculiar argument formulated sounded like this: 

First, for the sake of national security it is necessary for intelligence agencies to maintain an edge (as phrased by James Brokenshire) by having access to all this information. As Martin Horwood phrased it “if we are to find needles in a haystack, we need to allow people to look at the haystack”.

Julian Lewis then added “The question is whether we then have access to the irrelevant parts of the haystack, or legally supervised targeted access to those needles in the haystack, which can be detected as a result of modern technology. This is all about the mass collection, mass storage and interrogation of mass data so collected and stored.” 

The response to this was that intelligence agencies should continue with their surveillance and investigation, but not collect everyone’s information. As Julian Huppert said in the current situation “we are all suspects whose personal histories can be foraged through if ever there is interest in us later.”

However, the answer to this, from Malcolm Rifkind, was that in fact mass surveillance isn’t taking place at all because no human being looks at the vast majority of the information collected. 

Martin Horwood also said: “A lot is said, and a lot of allegations are made, about mass surveillance, but if it was really taking place, it would—apart from being wildly impractical—be straightforwardly illegal.” This seems to miss the point, as the precise purpose of the discussion is to find whether the mass surveillance operations are legal.

On the whole, the debate was quite useful in formulating the arguments and providing a basis for further discussion. The essential differences were that one group of MPs had the blind faith that the intelligence agencies were operating under law. This faith seemed to stem from official statements that say intelligence services always operate according to the law.

The other group of MPs were not satisfied with these statements and wanted a more stringent investigation.

To see how these arguments develop, be sure to follow the ISC’s open evidence session with the heads of intelligence agencies, next Thursday 7th November.

[Read more] (2 comments)


October 25, 2013 | Peter Bradwell

Ask your MP to join the surveillance debate

There's a debate in Parliament next Thursday about mass surveillance. We'd like you to ask your MP to take part.

The MPs Tom Watson, Julian Huppert and Dominic Raab have secured a 'Westminster Hall' debate in Parliament next Thursday, on 'oversight of intelligence and security services.'

Intelligence agencies have significant powers to collect and analyse private information. It is Parliaments' responsibility to ensure these are necessary, proportionate and that they are not abused.

We now know from Edward Snowden's leaks that GCHQ has developed a range of alarming mass surveillance programmes, for example the tapping of undersea fibre-optic cables under the codename 'Tempora'. From the information published so far, it seems clear that surveillance law is unfit for the digital age and that significant reforms are needed.

Debates about the limits of surveillance and the oversight of intelligence agencies are being held in America and across Europe.

Yet MPs here have seemed reluctant to take the initiative and discuss mass surveillance by UK intelligence services. And so far the Government have only seemed worried about whether newspapers should have told us anything about the surveillance.

It is high time a substantial debate took place in the UK too.

The debate next Thursday will be the first substantial debate in Parliament about the mass surveillance revealed by Edward Snowden. It is an opportunity to kick start our politicians into debating mass surveillance. That will give us a better chance of getting surveillance laws changed so they better respect our privacy.

You can help now.

Please get in touch with your MP and ask them to speak up about this issue. Tell them why it matters, why you'd like them to attend the debate, and why you think they should stand up for your privacy. You can use the following form:

Write to your MP

[Read more] (8 comments)


google plusdeliciousdiggfacebookgooglelinkedinstumbleupontwitteremail