call +44 20 7096 1079

Blog


May 08, 2013 | Jim Killock

Snoopers' Charter: dead or just sleeping?

ORG, our supporters, Liberty, Privacy International, No2ID and Big Brother Watch will be celebrating a victory today, with the withdrawal of the Snoopers' Charter from the government's legislative programme.

What's left is a promise to find 'proposals' (PDF, p74) to ask mobile companies to record user data in a similar way to other ISPs. This may still go beyond the basic principle of recording data for business purposes, and allowing lawful access to it when necessary, but is a long way from the original proposals for sweeping trawls for data, plus engines to analyse it.

However, we have not removed the underlying assumption that recording information about everyone's phone and Internet communications is necessary to combat terrorism. As Duncan Campbell in our Digital Surveillance report notes, the recording of communications data is pretty novel, dating to the 1990s. It is not a 'principle' that data must exist and be accessed. Furthermore, there are alternatives to recording everything, particularly, as Caspar Bowden notes, targeted preservation of data concerning suspects.

What will not go away is the fear of politicians of getting surveillance of criminals wrong. They usually prefer to cover their backs, which in this case means surveil everything, just in case. This may be nonsense in practice – police have too much data and cannot use it, as Sam Smith observes.

We also need to ask how and why these policies for extreme forms of mass surveillance keep coming back, with little challenge internally. They frequently look expensive and barely workable – key components such as decryption of data, man in the middle attacks and the use of 'black boxes' to reassemble communications data were dropped; while others were scaled back during discussions with the Joint Committee that examined the proposals last year. Why was legislation proposed by the Home Office, if their understanding of the technologies they would have to deploy was so flaky? And what exactly did they spend £400 million on?

Data retention laws mean that innocent citizens are already having their Internet communications recorded 'just in case' thanks to the Data Retention Directive. This is thankfully under challenge, in Austria and Ireland, and due to be pushed to the European Courts. There is little evidence that data retention is truly useful or necessary. There is plenty to point to it being unlikely to conform with human rights standards.

[Read more]


April 29, 2013 | Jim Killock

Digital Surveillance: how to avoid another Snoopers' Charter

The Home Office often framed the debate over the Snoopers’ Charter in ‘them and us’ terms. But if this really does just come down to picking sides, it is odd that both of the Parliamentary committees tasked with examining the draft Bill – the Joint Committee on the draft Communications Data Bill and the Intelligence and Security Committee – reached such critical conclusions.

digital surveillancd report cover

Following Nick Clegg’s rejection of the Snoopers’ Charter, our new report brings together leading Internet experts, lawyers and campaigners to offer credible, less intrusive alternatives to the Home Office’s Communications Data Bill. The authors make a call for more targeted, more transparent and more accountable surveillance laws and offer a number of useful recommendations for how to achieve this.

In attendance at our launch at 2pm will be Jim Killock, Nick Pickles (Director - Big Brother Watch), Rachel Robinson (Policy Director - Liberty), Angela Patrick (Director of Human Rights Policy - JUSTICE), Duncan Campbell (investigative journalist), Professor Peter Sommer (Visiting Professor - De Montfort University) and Richard Clayton (University of Cambridge). 

Our new report demonstrates that surveillance policy makers have options, many of which are a lot less intrusive than the powers proposed by the Snoopers’ Charter, and that civil society is open to meaningful engagement about surveillance laws in the digital age. It is written for a general audience by leading experts, academics and representatives of a number of civil society groups. The articles in this publication serve as an example of the sort of conversations that would be possible through a proper public debate about what information should be collected and who should have access to it.

The report has 10 final recommendations:

  1. Hold an overarching review, potentially through a Royal Commission, to properly study surveillance in the digital age.
  2. Judicial oversight of requests for intrusive communications data, in particular for all traffic data requests.
  3. Choose ‘data preservation’ rather than blanket data retention. Include quick response and emergency processes, and means to intelligently and accountably identify targets.
  4. Create a unified Surveillance Commissioner capable of carrying out a strong, independent audit with “multi-skilled investigators including human rights and computer experts.”
  5. Reject vague proposals, such as those in the draft Communications Data Bill, for automated, pervasive analytics tools designed to trawl through and across datasets.
  6. Provide stringent penalties for misuse of either powers or data. 
  7. Individuals should be notified by default of a decision authorising the request for their communications data.
  8. Lift the ban on the use of intercept evidence in court.
  9. Invest in law enforcement’s capacity to use and analyse the data already available to them.
  10. Use the International Principles on Communications Surveillance and Human Rights developed by Privacy International and other groups as a template for future laws.

In chapter one, Duncan Campbell sets out the history of the tension between state surveillance and efforts to protect individuals’ privacy. He explains why the draft Communications Data Bill is “the latest chapter in the history of British state surveillance.” He also tells the parallel story of efforts to keep surveillance powers in check, including the 1972 Royal Commission on Privacy which “set out 10 principles of data protection that later underpinned data protection statutes in Europe and the UK.”

In chapter two Angela Patrick, Director of Human Rights Policy at JUSTICE, gives an overview of the current settlement between the law, surveillance and the protection of privacy. She looks at how the draft Communications Data Bill could exacerbate problems with existing surveillance law, for example relating to oversight and complexity. She highlights that the overriding difference between the draft CDB and the existing law is the move “away from the presumption that for limited purposes, the State may access data already retained or reasonably obtainable by service providers...Instead, it creates a statutory basis for the generation, collection and retention of data about us all.”

In chapter three, Richard Clayton outlines in detail key surveillance technologies, showing what information about us is available and how the technology to gather and access it works. He outlines how the ‘filter’ – a key part of the CDB proposals – will work. By correlating information from multiple sources, he explains how the filter can answer complex queries. For example, he suggests that “the source of an embarrassing leak could be identified by cross-correlating records to pick out exactly who in Whitehall sent out an email whose reception by a journalist triggered an immediate call to the relevant newspaper editor.”

Peter Sommer, in chapter four, argues that while surveillance law “is about balancing competing objectives”, a number factors inhibit “sensible and balanced discussion”. They include the pace of technological change, the demands of the law enforcement community, the level of technical and legal expertise required to understand how best to respond, and the fear of getting it wrong.

Chapter five features contributions from a range of experts setting out how more privacy-friendly surveillance policy could work.

For example, Caspar Bowden suggests how ‘data preservation’ policies could work to limit whose data is collected. Sam Smith from Privacy International argues that more could be done to help law enforcement make better use of what information is already available. Rachel Robinson from Liberty recommends lifting the ban on the use of intercept evidence in court, and Peter Sommer calls for a Royal Commission into surveillance laws in the digital age.

In our conclusion we draw together these contributions and make some recommendations for future surveillance policy making.

Read more

[Read more]


April 26, 2013 | Claudia Mateus

Digital Surveillance video

Richard Clayton, Peter Sommer and Duncan Campbell, some of the authors of our new Digital Surveillance report, give us a preview of their contributions by explaining their thoughts about surveillance law.

The Digital Surveillance report - to be launched at a public event on Monday - gives a history of surveillance policy, looks at the current state of the law, examines why technology poses a problem and offers alternative, more targeted and more accountable approaches.

The report demonstrates that surveillance policy makers have options that are significantly less intrusive than the powers proposed in the Snoopers' Charter. It is written for a general audience by leading experts, academics and representatives of a number of civil society groups, with a series of concrete recommendations for policy makers.

[Read more] (1 comments)


April 25, 2013 | Peter Bradwell

Naked Citizens campaign launch

Today we visited Facebook in London, launching a new campaign for a strong Data Protection Regulation.

This afternoon Open Rights Group headed over to Facebook's offices in Covent Garden, London. We delivered a new report about the Data Protection Regulation. We were there to launch a campaign to make sure this proposed law strengthens our privacy rights.

ORG at Facebook launching Naked Citizens campaign

(More pictures are up on our Flickr site.)

The Data Protection Regulation was proposed by the European Commission last year and is currently being discussed by Members of the European Parliament (MEPs). It could give us more control over what happens to our personal information and make sure those that use it are help to account.

But a number of the changes that MEPs are currently discussing could instead strip us of our privacy rights. Many of these stem from an unprecedented lobbying effort by big US tech companies, the US Government and the advertising industry.

NakedCitizens.eu is a response to this, put together by a coalition of privacy groups from across the EU including ORG, Privacy International, EDRi and Bits of Freedom. 

Our report, put together by privacy experts from this coalition, features new analysis of proposed amendments to the Regulation and reveals how many of these threaten to critically undermine the privacy of EU consumers and citizens. 

Together, the amendments are an effort to strip EU citizens 'naked' by making it almost impossible for them to control who sees their personal information and how it is used.

Instead of empowering users to take control of their information, we may end up with a Regulation that would allow businesses, institutions or organisations to collect and share personal information in opaque, unaccountable ways.

Visit the website NakedCitizens.eu and write to your MEP. Ask them to make sure we get stronger privacy rights and more control over how our personal information is used. Don't let corporations strip us of our privacy rights!

[Read more] (1 comments)


April 25, 2013 | Jim Killock

Fatal Blow to the Snoopers' Charter?

Nick Clegg this morning announced on London's LBC radio that “What people dub the Snoopers' Charter, that's not going to happen”. He went on to say that mass snooping on citizens was “not either necessarily workable nor proportionate”. Your persistent campaigning has paid off and it looks like many of the proposals in the Communications Data Bill should be dropped from whatever emerges in the Queen's Speech.

 

We hope it is an end to the latest tranch of mass surveillance, however we are not going to let anything else slip in in a new form as it is clear the Home Office and the Conservatives still wish to see a watered down version of the Communications Data Bill appear.

If new proposals appear we'll be looking to check:

  1. That the request filter and data trawling engine is dropped
  2. That the data ISPs and CSPs are compelled to collect will be minimal
  3. That there is no easy way for the Government to compel new data sets to be created

We'll be keeping a close eye on the Queen's Speech to see if anything tries to be pushed through and we will not drop our close scrutiny.

This is a massive victory for Open Rights Group and our allies, and a great day to be an ORG supporter! Thank you for all your help in writing to MPs, challenging the Home Office and keeping the pressure on, making the campaign to stop the Snoopers' Charter a success.

We hope to see you at ORGCon!

[Read more] (5 comments)


April 15, 2013 | Ruth Coustick-Deal

ORGConNorth: Reporting back from Manchester's digital rights conference

Our first ORGConNorth was a great success! Here's a round up of all the panels and unconference topics.

ORG Con North logoAround 70 people attended ORGConNorth at the Friends Meeting House on Saturday April 13th,  It was a really lively event – the first of many more local conferences we hope.

ORGConNorth had a great range of speakers who provided a lot of thoughtful commentary and we would like to thank them all once again for giving up their time, and joining us on the day! You can see the full list of speakers here and take a look at the programme on the event page.

So what happened?

The day began with a great keynote from John Buckman, chair of EFF, entitled 'Britain, under the thumb of...' which set the framework for the day and is available for download here.

The post-keynote first half of the day covered ORG's four big topics of the moment in a series of panel debates: Copyright reform, freedom of speech, online surveillance and data protection.

 
Our session on copyright looked at why there has been such a tension between copyright and the Internet, and what we might do about it. Jez Collins noted the history of music sharing, Loz Kaye talked about access to culture and educational resources, and Robin Gower set out why data from trading funds, such as the Met Office or Ordnance Survey, should be released as open data.
 
 
The panel on Data Protection focused on the corporate lobbying to water down new European legislation. We looked at the key issues at stake, including the right to control your data through stronger consent, data 'portability' and the right to delete your data. ORG is heavily involved in a joint campaign to ensure the European Parliament sides with citizens in the forthcoming votes. (We've produced a short briefing on the Regulation.)
 
In the Snooper's Charter talk, James Baker from No2ID gave an impassioned summary of the history of Internet snooping and data retention. Jamie Bartlett from Demos outlines the view that accepts a capability gap does exist, and tried to explain why the Home Office and others are motivated to try these policies.
 
I sat in on the panel on the right to be offensive which discussed freedom of speech issues. Ben Zevenbergen, the panel chair, took its subject matter to heart with the questions quickly moving to the floor for an open discussion. It covered whether Twitter, Facebook and other online platforms are now so much part of public infrastructure that perhaps they should they be nationalised (like trains!), also whether deleting agressive comments is a form of censorship - and the thin line between offensive speech and harassment.

In the afternoon we broke up into unconference sessions where some great debates were led by attendees. In my group at least we all could have talked forever and it was good to keep the discussion going in the pub afterwards! Here's a summary of the unconference discussions:

  • MedConfidential - Phil Booth presented on the MedConfidential campaign and how changes in the NHS threaten the fundamental basis of medical confidentiality. Without medical confidentiality people will hold back important information from their doctors creating health harms.

  • The FISA Amendment Act - Caspar Bowden put in a brief presentation on the the provisions of FISAA (the Foreign Intelligence Amendments Act) - see http://euobserver.com/justice/118857 He talked about how it allows US intelligence the legal ability to snoop on any data in the cloud handled by US companies relating to foreign citizens. Caspar is trying to place amendments into the Data Protection Regulation which would force US companies to place EU data under some protection from this.

  • Bursting the Bubble - led by Pirate Party UK's Campaigns Officer Andy Halsall this group talked about how both the Pirate Party and ORG need to expand the discussion to show how digital issues relate to everyone. Although the group agreed that ORG 'punches above its weight' there is a digital bubble we remain within. ORG Supporter Miljenko Williams wrote a further review of the discussion which you can read on his blog.

  • Password Security – Sam Hogarth led a group discussion on the best methods for password security, sharing tips and knowledge, tools and techniques to keep your data safe after recent scandals like the LinkedIn password loss.

  • Opinionated Software – This group talked about common concerns about software selling people short - for example when terms & conditions are ammended and curtailed after purchase. They compared public vs private providers and open vs closed software, concluding in a call for a standard or badge that ORG could perhaps provide to mark software that met requirements such as fair use, good T&Cs and so on.

  • Freedom of Information Requests - This workshop looked at how to do Freedom of Information requests. They also discussed the current threats to the FOI Act, which are very real despite some good moves towards better 'Open Data' policies. The coalition is considering allowing public bodies to group requests by the same organisations for cost calculations, for example. This could devastate local press and advocacy groups. They are also rejecting calls to expand FOI to private providers of public services.

Want more?

If you missed out on ORGConNorth or want a re-cap there are lots of other ways you can go over the material:

You can pick up the tweets of the day at the Eventify page or see the pictures on the ORG Flickrpages. Videos will be up very soon so watch this space!

Brian Pellot wrote a review of ORGConNorth on Index on Censorship's blog.

If you have written a blog or report on ORGConNorth we would like to link to it here, so let us know.

If you have any feedback you would like to give such as: Where should the next ORGConNorth take place? What talks / sessions should we have included? Please email events@openrightsgroup.org

See you at the next ORGCon! 

[Read more]


April 08, 2013 | Claudia Mateus

Data Protection Regulation Debate

By the summer, Europe will have decided on some of the most far-reaching and controversial privacy legislation in the world, that is the Data Protection Regulation. ORG have invited some experienced personalities to give us a professional opinion about the most controversial issues around the draft.

Part 1

In the first part of the podcast, the discussion focus in two of the most controversial issues around the draft: the definition of personal data and consent.

In order of appearance: Anna Fielder (consumer rights advocate), Nick Stringer (director of Regulatory Affairs of the Internet Advertising Bureau), Jan Philipp Albrecht (Group of the Greens Member of European Parliament), Jeffrey Chester (the executive director of the Center for Digital Democracy) and Axel Voss (Group of the European People's Party Member of European Parliament).

 

Follow this link to go to the podcast and download it.

Music:
Bored on Your Backside by Trifonic
cc-nc-sampling+

 

Part 2

In the second part of the podcast, the debate goes through the proposal's balance between the different interests implied in the legislation and the massive lobbying campaign that the issue has arised.

In order of appearance: Nick Stringer (director of Regulatory Affairs of the Internet Advertising Bureau), Jan Philipp Albrecht (Group of the Greens Member of European Parliament), Jeffrey Chester (the executive director of the Center for Digital Democracy), Axel Voss (Group of the European People's Party Member of European Parliament) and Anna Fielder (consumer rights advocate).

Follow this link to go to the podcast and download it.

Music:
Bored on Your Backside by Trifonic
cc-nc-sampling+

Jan Philipp Albrecht's photography: by Fritz Schumann

[Read more]


March 27, 2013 | Jim Killock

Lords mistaken in their calls for Ofcom Internet regulation

The Lords often make very helpful contributions to legislative debates, but this really isn't one of them. There are huge amounts of regulation constraining Internet providers, from eCommerce to copyright, that cover the necessary ground already.

These are the key paragraphs:

204.  Ofcom should investigate the option of non-broadcast providers of TV-like services, such as Netflix and the content providers mentioned in Box 1, being invited to comply with an appropriate set of standards (the Broadcasting Code suitably amended for their environment) in return for some form of public recognition or kitemark. (Para 53)

211.  We urge the Government to ensure that cooperation on the regulation of converging media content, such as the category of TV and TV-like material, is included as part of the discussions between the EU and the US about the establishment of a free trade agreement. (Para 94)

221.  Specifically, Ofcom should be required, in dialogue with UK citizens and key industry players, to establish and publish on a regular basis the UK public's expectations of major digital intermediaries such as ISPs and other digital gateways, specifically with regard to protecting UK audiences and their families when accessing content through digital intermediaries' services, covering for example:

  • ·  The scope of their responsibilities (given they are not always in direct control of the content to which they provide access);
  • ·  Appropriate processes for receiving complaints and subsequent redress;
  • ·  Any specific measures, such as access controls, content classification systems, or other actions which the UK public might expect them to take in protecting children from harmful material. (Para 141)

In other words, the Lords' Communications Committee are looking for ‘voluntary’ participation in Ofcom's content regulation, (para 204) but these kinds of voluntary arrangement are rarely truly voluntary. Usually the government threatens legislation if the required ‘volunteering’ doesn't take place.

This makes these kinds of ‘voluntary’ arrangement particularly un-transparent and open to abuse. The Communications Act discussions, around child safety and copyright enforcement reflect this dynamic. Similar concerns have been raised about parallel EU processes.

The call for Ofcom to co-ordinate child safety policy also seems unfounded, given the work already taking place (para 221).

The call to include 'regulation of converging media content' in the Trans-Atlantic Free Trade Agreement is also very dangerous. Intellectual property laws should be kept out of TAFTA. (para 211) The reasons, following ACTA, are simple: IP laws are complex, need public scrutiny, and their effects on the Internet can be severe. TAFTA should not be a vehicle for pushing the Internet towards a broadcast model, which is what the Lords appear to be inviting.

 

[Read more]


google plusdeliciousdiggfacebookgooglelinkedinstumbleupontwitteremail