Late last year, the UK Parliament passed the Investigatory Powers Act 2016. This law builds on the Regulation of Investigatory Powers Acts and the Data Retention Laws. This law allows the Government to store all our electronic communications traffic, read the content and meta data and co-opt the product and service vendors to help them. I describe this in more detail below.
The Law was written in the aftermath of Court of Justice of the European Union’s (CJEU) ruling in the Schrems vs. Facebook case that the EU’s Data Retention Directive and hence the member state implementations were in contradiction to the EU’s human rights law, the Charter of Fundamental Rights. Parliament had considered aspects of these proposals twice before under the two previous administrations and rejected them.
This article looks at the new Law, criticises it on Human Rights grounds in that it jeopardises the right to privacy, the right to organise, the right to a fair trial and rights to free speech and on IT Security grounds in that the new regulation of encryption products jeopardises access to electronic trust and privacy. It also examines the likely impact of the recent CJEU ruling on the legality of its predecessor law, and in passing, likely conflicts with last year’s passage of the General Data Protection Regulation (GDPR) by the European Union.
Earlier this week, the Court of Justice of the European Union delivered its judgement on the legality of the UK & Swedish data retention and surveillance laws. They confirmed their ruling from 2015 that general monitoring is illegal, that retention must be specific and is only allowed to combat serious crimes, that access to surveillance records must be authorised by independent authorities and that EU data subjects must be have access to legal remediation if their rights to privacy are breached. The Guardian report on it here, the Independent here ,the Register here and even the Daily Mash comments here. The UK’s Investigatory Powers Act also gives the government the right to mandate backdoors in UK operated communications products; these powers may also fall foul of the prohibition on general monitoring and the need for independent review. While the ruling is specific to the UK’s DRIPA law, which has now been replaced by the Investigatory Powers Act, it poses a clear challenge to the legality of the new Law.
Given Dianne Abbott’s appointment as Shadow Home Secretary I feel there is an opportunity to change and challenge Labour’s position of abstention on the Regulatory Powers Bill. There is some urgency to this as today is the last day in which Peers can place amendments to the 3rd Reading.
The arguments in favour of passing the RPB is that the current surveillance laws are inappropriate for today’s technology and the current regulatory regime is insufficiently powerful. The arguments against are that the legalisation of past illegal practice and the authorisation of new powers are a massive breach of the rights to justice and privacy, there is zero proportionality and the proposals are of unknown effectiveness.
The highest levels of international judiciary have been busy over the last week, I report and comment on the Microsoft vs. FBI on linkedin Pulse, in an article called “Citizens Win”. It was quite simple in the end, the law under which the FBI was seeking search warrant powers was not on of the post 911 laws, but an earlier one and the US District Court says that the law grants no power of inspection abroad. The spooks are going to have to apply for an Irish warrant. In Europe however, Tom Watson’s & David Davies’s judicial review on DRIPA have reached the Advocate General. This reported by Tom Watson here, and by Glyn Moody here. Watson writes about the need for strong judicial review of the search warrants, and Moody brings up that mass surveillance can only be used in the fight against serious crime.
The Tory Government, have republished the Snooper’s Charter, 😥 changed some of the words and it has been inching towards the House of Commons via three parliamentary committees of experts, all of whom have criticised the Bill as it stands. The Labour Party plans to abstain on the 2nd reading, and explains why here. The campaigning academic, Paul Bernal, has written a blog, welcoming Andy Burnham’s press release as the most pro-privacy comments made by a Labour Shadow Home Secretary and makes the following comments.
Left Foot Forward publishes an article “Who is the ‘human rights candidate’ for Labour’s leadership?”. This is based on a post on the Labour Campaign for Human Rights, who publish the candidates answers in their own words on their own blog. One of the LCHR’s questions was on Surveillance, and none of them have consulted me ;), but Cooper and Burnham both support the need for judicial authorisation and probable cause. Kendall and Corbyn both support strengthening the legal framework in favour of civil liberties. Kendall states she opposes the privacy breaches inherent in mass surveillance. Corbyn that he thinks mass surveillance is ineffective (and thus not justified?).
The question I wanted to ask,
How do you defend the right to privacy in the internet age, where governments and corporations are so keen to deny it? Will you support reform of the internet and telecommunication search warrants to ensure they are only issued with probable cause justified in front of independent judges?
As the dust settles in Paris after the attack on “Charlie Hebdo”, politics in Britain returns to posturing as normal. Cameron states that the Tory Manifesto for the General Election in May will include promises to increase the legal powers of surveillance by MI5 to cover all communication. Jim Killock of the Open Rights Group writes a considered piece on what this might mean. The end of this road is prohibiting encryption for the use of ordinary law abiding citizens.
The Dark Knight was released in 2008, five years before the Snowden leaks in 2013. It was on UK TV last night, and I have referred to the surveillance machine that Batman built to fight the Joker. There were stories at the time that the US Federal Government were tapping everyone’s cell phones, and my reasons for quoting this piece of fiction is the conversation had between Batman and Lucius Fox on the latter’s discovery of the machine built by Batman. Listen to the dialogue in this you tube short cut.
This session started with an attack on F-Secure, one of the conference sponsors for over-promising on their adverts and then looked at the difference in response to the Snowden leaks between the US, UK and the rest of the EU. In the US, they are beginning to win the right to publish transparency reports even in the light of super-injunctions and while the so called Freedom Bill has hit a road block, US legislators on the whole are responding to the Snowden leaks by re-establishing citizen’s (constitutional) rights. The problem for the rest of the world is that the US Constitution only protects citizens and that excludes a lot of the US Datenkraken’s customers.
I have finally been published on my employer’s web site blog. The article, Conflicting Data Requirements: Privacy versus Transparency looks at the countervailing tendencies by governments legislating for citizen privacy and tax transparency. The article concludes with a series of technical challenges to meet the needs of both political initiatives. The article was syndicated on the Tabb Forum, and you can read that here. The article was originally provoked by a Gartner Press Release which suggests that location and the need for specific jurisdictional compliance will reduce as costs and
Off to the International Anthony Burgess Museum for the Don’t Spy on Us fringe meeting on Privacy. The speakers were Ewan Macaskill of the Guardian, Carley Nyst of Privacy International, Claude Moraes MEP, Jim Killock of the ORG and chaired by Mike Harris of #dontspyonus. The first speaker was Ewan Macaskill who started by saying he’s glad they i.e. the spooks are there, but like me in fact, supposed that they were targeting maybe 5-15% of the population which would be say 400,000 people. What is shocking is the ambition, to spy on everyone who uses the internet. The fact they’re aiming at everyone, including lawyers and doctors is worrying to say the least.