Posts Tagged ‘Snooper’s Charter’

Read more eu.htm at MelonFarmers.co.uk

The European Court of Justice has passed judgement on several linked cases in Europe requiring that ISP retain extensive records of all phone and internet communications. This includes a challenge by Labour’s Tom Watson. The court wrote in a press release:

european court of justice logoThe Members States may not impose a general obligation to retain data on providers of electronic communications services

EU law precludes a general and indiscriminate retention of traffic data and location data, but it is open to Members States to make provision, as a preventive measure, for targeted retention of that data solely for the purpose of fighting serious crime, provided that such retention is, with respect to the categories of data to be retained, the means of communication affected, the persons concerned and the chosen duration of retention, limited to what is strictly necessary. Access of the national authorities to the retained data must be subject to conditions, including prior review by an independent authority and the data being retained within the EU.

In today’s judgment, the Court’s answer is that EU law precludes national legislation that prescribes general and indiscriminate retention of data.

The Court confirms first that the national measures at issue fall within the scope of the directive. The protection of the confidentiality of electronic communications and related traffic data guaranteed by the directive, applies to the measures taken by all persons other than users, whether by private persons or bodies, or by State bodies.

Next, the Court finds that while that directive enables Member States to restrict the scope of the obligation to ensure the confidentiality of communications and related traffic data, it cannot justify the exception to that obligation, and in particular to the prohibition on storage of data laid down by that directive, becoming the rule.

Further, the Court states that, in accordance with its settled case-law, the protection of the fundamental right to respect for private life requires that derogations from the protection of personal data should apply only in so far as is strictly necessary. The Court applies that case-law to the rules governing the retention of data and those governing access to the retained data.

The Court states that, with respect to retention, the retained data, taken as a whole, is liable to allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained.

The interference by national legislation that provides for the retention of traffic data and location data with that right must therefore be considered to be particularly serious. The fact that the data is retained without the users of electronic communications services being informed of the fact is likely to cause the persons concerned to feel that their private lives are the subject of constant surveillance. Consequently, only the objective of fighting serious crime is capable of justifying such interference.

The Court states that legislation prescribing a general and indiscriminate retention of data does not require there to be any relationship between the data which must be retained and a threat to public security and is not restricted to, inter alia, providing for retention of data pertaining to a particular time period and/or geographical area and/or a group of persons likely to be involved in a serious crime. Such national legislation therefore exceeds the limits of what is strictly necessary and cannot be considered to be justified within a democratic society, as required by the directive, read in the light of the Charter.

The Court makes clear however that the directive does not preclude national legislation from imposing a targeted retention of data for the purpose of fighting serious crime, provided that such retention of data is, with respect to the categories of data to be retained, the means of communication affected, the persons concerned and the retention period adopted, limited to what is strictly necessary. The Court states that any national legislation to that effect must be clear and precise and must provide for sufficient guarantees of the protection of data against risks of misuse. The legislation must indicate in what circumstances and under which conditions a data retention measure may, as a preventive measure, be adopted, thereby ensuring that the scope of that measure is, in practice, actually limited to what is strictly necessary. In particular, such legislation must be based on objective evidence which makes it possible to identify the persons whose data is likely to reveal a link with serious criminal offences, to contribute to fighting serious crime or to preventing a serious risk to public security.

As regards the access of the competent national authorities to the retained data, the Court confirms that the national legislation concerned cannot be limited to requiring that access should be for one of the objectives referred to in the directive, even if that objective is to fight serious crime, but must also lay down the substantive and procedural conditions governing the access of the competent national authorities to the retained data. That legislation must be based on objective criteria in order to define the circumstances and conditions under which the competent national authorities are to be granted access to the data. Access can, as a general rule, be granted, in relation to the objective of fighting crime, only to the data of individuals suspected of planning, committing or having committed a serious crime or of being implicated in one way or another in such a crime. However, in particular situations, where for example vital national security, defence or public security interests are threatened by terrorist activities, access to the data of other persons might also be granted where there is objective evidence from which it can be inferred that that data might, in a specific case, make an effective contribution to combating such activities.

Further, the Court considers that it is essential that access to retained data should, except in cases of urgency, be subject to prior review carried out by either a court or an independent body. In addition, the competent national authorities to whom access to retained data has been granted must notify the persons concerned of that fact.

Given the quantity of retained data, the sensitivity of that data and the risk of unlawful access to it, the national legislation must make provision for that data to be retained within the EU and for the irreversible destruction of the data at the end of the retention period.

The view of the authorities

david andersonDavid Anderson, the Independent Reviewer of Terrorism Legislation gives a lucid response outlining the government’s case for mass surveillance. However the official justification is easily summarised as it clearly assists in the detection of serious crime. He simply does not mention that the government having justified grabbing the data on grounds of serious crime detection, will share it willy nilly with all sorts of government departments for their own convenience, way beyond the reasons set out in the official justification.

And when the authorities talk about their fight against ‘serious’ crime, recent governments have been updating legislation to redefine practically all crimes as ‘serious’ crimes. Eg possessing a single spliff may in practice be a trivial crime, but the law on possession has a high maximum sentence that qualifies it as a ‘serious’ crime. It does not become trivial until it goes to court and the a trivia punishment has been handed down. So using mass snooping data would be easily justified to track down trivial drug users.

See  article from terrorismlegislationreviewer.independent.gov.uk

The Open Rights Group comments

See  article from openrightsgroup.org

open rights group 2016 logoThe judgment relates to a case brought by Deputy Leader of the Labour Party, Tom Watson MP, over intrusive data retention powers. The ruling says that:

  • – Blanket data retention is not permissible
  • – Access to data must be authorised by an independent body
  • – Only data belonging to people who are suspected of serious crimes can be accessed
  • – Individuals need to be notified if their data is accessed.

At present, none of these conditions are met by UK law.

Open Rights Group intervened in the case together with Privacy International, arguing that the Data Retention and Investigatory Powers Act (DRIPA), rushed through parliament in 2014, was incompatible with EU law. While the Judgment will no longer affect DRIPA, which expires at the end of 2016, it has major implications for the Investigatory Powers Act.

Executive Director Jim Killock said:

The CJEU has sent a clear message to the UK Government: blanket surveillance of our communications is intrusive and unacceptable in a democracy.

The Government knew this judgment was coming but Theresa May was determined to push through her snoopers’ charter regardless. The Government must act quickly to re-write the IPA or be prepared to go to court again.

Data retention powers in the Investigatory Powers Act will come into effect on 30 Dec 2016. These mean that ISPs and mobile phone providers can be obliged to keep data about our communications, including a record of the websites we visit and the apps we use. This data can be accessed by the police but also a wide range of organisations like the Food Standards Agency, the Health and Safety Executive and the Department of Health.

Advertisements
Read more gcnews.htm at MelonFarmers.co.uk

arms of the british governmentjpg logoAmong the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the UK government to undermine encryption and demand surveillance backdoors.As the bill was passing through Parliament, several organizations noted their alarm at section 217 which obliged ISPs, telcos and other communications providers to let the government know in advance of any new products and services being deployed and allow the government to demand technical changes to software and systems.

Communications Service Providers (CSP) subject to a technical capacity notice must notify the Government of new products and services in advance of their launch, in order to allow consideration of whether it is necessary and proportionate to require the CSP to provide a technical capability on the new service.

As per the final wording of the law, comms providers on the receiving end of a technical capacity notice will be obliged to do various things on demand for government snoops — such as disclosing details of any system upgrades and removing electronic protection on encrypted communications.

Read more UK Parliament Watch at MelonFarmers.co.uk

House of Commons logo MPs have voted in the final Commons stage of the Investigatory Powers Bill. They voted in favour of the bill by 444 to 69.Some MPs – particularly Joanna Cherry, David Davis, Alistair Carmichael and Stephen McPartland – did a great job in putting the Government under pressure. SNP, Lib Dem and Green MPs voted against.

The Bill will now be debated in the House of Lords

The Open Rights Group have highlighted the Filter as the nastiest part of the bill which unifies website history and communication records into a single searchable database. The group explains:

The bill is very long and complex, and hundreds of amendments have been proposed. However, the Request Filter in particular is receiving far too little attention . With a huge range of issues to deal with, the Request Filter has been absent from the discussions from the front benches, despite being the one of two completely new developments in the Bill. As the IPB enters report stage we need to ensure that the Filter gets the attention it deserves from MPs.

The Request Filter is described by the Home Office as a safeguard designed to reduce the collateral intrusion produced in searching for small, specific information in a large dataset. In reality, the Request Filter would allow automated complex searches across the retained data from all telecommunications operators.

This has the potential for population profiling, composite fishing trips and the unaccountable generation of new insights. It is bulk data surveillance without the bulk label, and without any judicial authorisation at all. The Food Standards Agency will be able to self-authorise itself to cross reference your internet history with your mobile phone location and landline phone calls–and search and compare millions of other people’s records too.

Queries can be made across datasets. Location data – which pub you were in – can be compared with who you phoned, or which websites you visit. All with great convenience, through automated search. The searches will be increasingly focused on events, such as a website visited , or place people have gathered, rather than the suspects. This is the reverse of the position today, which requires the police to focus on suspects, and work outwards. In the future, with the Filter, any query can examine the data of thousands of innocent persons – to check that they don’t fit the police’s search criteria.

The idea of passive retained records, that lie unexamined until someone comes to the attention of the authorities, will lie dead. The data becomes an actively checked resource, allowing everyone’s potential guilt to be assessed as needed.

The Filter creates convenience for law enforcement queries, and pushes practice towards the use of intrusive capabilities. It lowers the practical level on which they are employed. Techniques that today would be used only in the most serious crimes, because they require thought and care, tomorrow may be employed in run of the mill criminal activity, public order, or even food standards, as the bill stands.

The Filter was at the centre of debates when the original Snooper’s Charter was first introduced in 2012. Parliament described the Request Filter at the time as essentially a federated database of all UK citizens’ communications data .

This dystopian surveillance tool should be stopped, and next week MPs will have the chance to do it. There are several amendments presented by the Lib-Dem MP Alistair Carmichael that aim to remove the filter.

Another MP, the Conservative Stephen McPartland , who was part of the Science and Technology Committee and understands the implications of the Filter, has tabled a series of amendments with measures designed to constrain the power. These include restricting the Filter to exceptional circumstances, putting it under the control of the Judicial Commissioner as other bulk powers, and bringing it into the statute book as formal Regulations – so it is subjected to the normal transparency and processes of judicial review.

It is important that all those amendments get debated. We want the complete removal of the filter. McPartland’s amendments describe the minimum requirements even a proponent should be seeking, but more importantly give MPs an opportunity to be told what the filter is, what it is capable of, and why the government plans so little oversight for it.

The nature of the Filter must be discussed to expose the Orwellian doublespeak characterisation by the Home Office of this surveillance tools as a safeguard to improve privacy.

Read more US Censorship News at MelonFarmers.co.uk

FBI logo The latest surveillance battle gripping the technology industry is focused on a rewrite of US surveillance law that would mean the justice department would be able to access a citizen’s web browsing history, location data and some email records without approval from a judge using a so-called national security letters (NSLs).The FBI contends that such data is covered implicitly under current statute, which was written years ago and only explicitly covers data normally associated with telephone records.

Director James Comey now is lobbying Congress to extend the current definition to include internet data.

Technology companies including Google, Facebook and Yahoo have sent a letter warning Congress that they would oppose any efforts to rewrite law in the FBI’s favor.

This expansion of the NSL statute has been characterized by some government officials as merely fixing a ‘typo’ in the law, the companies wrote:

In reality, however, it would dramatically expand the ability of the FBI to get sensitive information about users’ online activities without court oversight.

Read more UK Government Watch at MelonFarmers.co.uk

the haystack video The Haystack is a new documentary , released today by Scenes of Reason , bringing together leading lights for and against the UK’s Investigatory Powers Bill. This unprecedented piece of legislation, which is now under parliamentary scrutiny, seeks to affirm and expand the surveillance remit of UK security services and other departments, including new powers for the police to access internet connection records — a database of the public’s online activity over the previous 12 months.

The film provides an excellent roundup of arguments on both sides of the tortuous surveillance debate, including Conservative MP Johnny Mercer echoing the well-worn refrain, if you have nothing to hide, you have nothing to fear. Jim Killock of the Open Rights Group , speaking at the film’s launch, quipped that Mr Mercer might feel a bit different if it were the left-wing government of Jeremy Corbyn and John McDonnell wielding these powers. Indeed, as far-right parties attract support around Europe and the world, the likelihood increases of tremendous state surveillance becoming the plaything of ever more abusive regimes.

The immense capabilities contained within the bill are unpalatable in the hands of any authority — they are all too easily harnessed to undermine perfectly reasonable political opposition and judicial work. By way of example, the film outlines one such case where the current UK government improperly gained access to privileged details of a court case against it. In this light, the bill seems an intolerable threat to democracy and free expression.

Voices of concern from the security community , such as Sir David Omand, ex-GCHQ chief, explain that precautions against terrorism require more spying. Others reject this, noting that security services have failed to act on intelligence when they do have it — spending enormous sums on digital surveillance only reduces their efficacy in the realm of traditional detective work. Moreover, those costs, to be borne by government and industry, are excessive at a time of cuts to other public services designed to protect us from more conventional enemies, such as disease.

The debate is winding — this film helps straighten things out.

Watch the whole documentary here .

Read more UK Government Watch at MelonFarmers.co.uk

See  article from  bbc.co.uk

home affairs committeeThe government’s Communications Data Bill will effectively create a giant centralised database of everyone in the UK’s web activities, MPs and peers have heard.

The bill would force telecoms companies to store details of internet use and communications for a year and also to implement a query interface so that the data can be used as if it were part of a massive centralised database.

Home Secretary Theresa May claimed that the data will not be held on a single government database. But security experts told the cross-party committee examining the bill it would operate in a similar way.

The communications bill was published in draft form earlier this year and is being examined in detail by a committee of MPs and peers before it begins its passage into law.

Civil liberties groups giving evidence to the committee suggested the query system could be used to mount fishing expeditions rather than targeted surveillance – something the Home Office has explicitly claimed will not happen.

Nick Pickles, director of Big Brother Watch, said:

The filtering provisions are so broadly worded and so poorly drafted that it could allow mining of all the data collected, without any requirement for personal information, which is the very definition of a fishing trip.

Internet freedom campaigner Jim Killock, of the Open Rights Group, said officials would be able to build up a complex map of individuals’ communications by examining records of their mobile phone, their normal phone, their work email, their Facebook account and so on.

The campaigners called on the committee to recommend scrapping the data communications bill, rather than making suggestions to improve it as they have been tasked to do by the government. ‘Lack of trust’

…Read the full article

Read more Petitions and Campaigns at MelonFarmers.co.uk

See petition from secure.38degrees.org.uk

38 Degrees logoDear David Cameron,

Respect our privacy. Stop the internet and phone snooping plan.

Don’t spy on our e-mail, phone and internet use Keep your election promise to reverse the rise of the surveillance state This is Britain, not China or Iran. We don’t want the government spying on our every move.

…Sign the petition . 175000 signatures so far.