Created page with "This is ORG's Policy Update for the week beginning 20/06/2016. If you are reading this online, you can also subscribe to the [https://lists.openrightsgroup.org/listinfo/parlia..."
New page
This is ORG's Policy Update for the week beginning 20/06/2016.
If you are reading this online, you can also subscribe to the [https://lists.openrightsgroup.org/listinfo/parliamentary.monitor email version].
==ORG's work==
*We have been working on our response to the E-Privacy review consultation that covers mobile data tracking, cookies consent
*This week we put together a brief for Lords before the IPBill will be going into the House of Lords for its Second Reading. ORG has also been working on more amendments for the IPBill.
*We held our first threat modeling workshop, led by Ed Johnson-Williams, for people to understand everyday life threats related to cyber security. There will be more workshops in the future. You can follow our planned events on [http://www.meetup.com/ORG-London/ Meetup].
*ORG has been planning another screening of the Haystack documentary by the [https://www.scenesofreason.com Scenes of Reason] in Birmingham on 4 July. If you are around, you can sign up [http://www.meetup.com/ORG-Birmingham/events/231907279/ here]!
==Official meetings==
*Jim Killock attended a meeting with Ofcom representatives to discuss website blocking aspects of net neutrality.
*Javier Ruiz and Jim Killock attended a meeting at the Cabinet Office regarding data sharing in the UK.
==Parliament==
===IPBill===
The IPBill will be debated in the Lords next Monday 27 June. The [http://www.theregister.co.uk/2016/06/20/liberal_democrats_battle_plan_snoopers_charter_house_lords/ Liberal Democrats are planning a thorough scrutiny] of the [http://researchbriefings.parliament.uk/ResearchBriefing/Summary/LLN-2016-0032 Bill] in the House of Lords. [http://www.parliament.uk/biographies/lords/lord-paddick/4288 Lord Paddick] said <blockquote> “The experience with legislation is that is goes through the House of Commons very quickly and is only considered in detail in the House of Lords.” </blockquote>
The Lords have been receiving briefings from different parties prior to the Second Reading. [https://www.nuj.org.uk/home/ The National Union of Journalists] made their [https://www.nuj.org.uk/documents/nuj-briefing-for-lords-second-reading-on-ip-bill/ briefing] available to public. They point out the Bill still needs to improve the safeguards for whistleblowers and journalistic sources. The Lords also received reports on the [https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/504187/Operational_Case_for_Bulk_Powers.pdf operational case for bulk powers] and [https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/504189/Comparison_of_ICRs_with_Danish_Session_Logging.pdf comparison of internet connection records] in the IPBill and Danish internet session logging legislation.
The final vote on the Bill in the House of Commons (444:69) still left several holes to be patched up. It has been pointed out by the [[Information Commissioner's Office]] in a report on TalkTalk data breach that the [https://techcrunch.com/2016/06/20/uk-surveillance-bill-under-fire-as-data-security-risk/ IPBill is going too far] and will create environment for further data breaches (read more below).
The areas of the IPBill that are expected to be scrutinised by the Lords cover: internet connection records, bulk powers, journalistic protections, equipment interference and authorisation of warrants.
After the referendum, the UK is in a political limbo that will definitely affect the IPBill. It is not clear the Bill can be passed by the end of the year without the national government being properly installed.
https://www.gov.uk/government/publications/investigatory-powers-bill-overarching-documents
===Talk Talk leak report===
The [[Department for Culture, Media and Sport]] [https://www.parliament.uk/business/committees/committees-a-z/commons-select/culture-media-and-sport-committee/inquiries/parliament-2015/cyber-security-15-16/ published a report] on the circumstances around the [https://www.theguardian.com/business/2015/nov/06/nearly-157000-had-data-breached-in-talktalk-cyber-attack TalkTalk data breach] in November 2015. The attack raised concerns that the personal details of over four million customers had been hacked and made public. The reports is assessing the wider implications for telecoms and internet service providers.
The report specifically [http://www.publications.parliament.uk/pa/cm201617/cmselect/cmcumeds/148/14811.htm paid attention to the IPBill] and its potential impact on any future data breaches. The Information Commissioner's Office warned, during their oral evidence session, that the Bill could be a source of vulnerabilities leading to more personal data breaches. The Bill will enable storing huge pools of personal data that could cause a “haystack of potential problems”. In regards to the IPBill, the report states that <blockquote> “The vulnerability of additional pooled data is an important concern that needs to be addressed urgently by the Government. Part of the response could be to require enhanced security requirements and background checks for those with access to large pools of personal data. Data controllers should seek to control and limit access to such pooled data.” </blockquote>
The Department is still awaiting a statement from the [[ICO]] following their investigations into the TalkTalk breach but recommendations made in the report include:
*increase consumer awareness of online and telephone scams
*the lack of attention to threats and vulnerabilities should be punished by escalating fines regulated by the [[ICO]]
*major companies likely to be subjected to cyber attacks should have a specific person responsible for cyber security who will be fully accountable and sanctioned in case of a threat
*means of getting compensation for consumers who have been the victim of a data breach should be made easier
*the [[ICO]] should introduce an incentive structure that inhibits delays in reporting a breaches
==Other national developments==
===National Digital Conference===
The Minister for Cabinet Office [[Matthew Hancock MP]] introduced the digital transformation of government to the audience of the [http://www.nd16.co.uk 11th National Digital Conference].
Hancock introduced the [https://www.gov.uk/government/speeches/national-digital-conference-2016-building-the-nations-digital-dna Government's approach to digital transformation]. Their approach can be summed up into these three points:
*start small then scale up
*treat tech as the means rather than the end
*treat data as a public service in its own right rather than an afterthought
The initiative is trying to increase the numbers of tech-savvy professionals working across government by giving opportunity to 100 graduates involved in Digital and Technology Fast Stream. Additionally, they government on improving the skills, tools and vocabulary of more senior civil servants to facilitate the transformation.
The government is planning to improve delivering of public services through digital transformation. As outlined in the Digital Economy Bill, the government departments will increase the level of information they share and hope to effectively reduce fraud and improve the statistics used by departments. This is a part of a government data sharing regulation Open Rights Group has been consulting on.
==Europe==
===Privacy Shield===
The [[European Commission]] announced last week the Privacy Shield agreement would be finalised by this Wednesday. The public has not been presented with the actual deal but reports claim it is still scheduled to be published in early July, when it is meant to be voted on by the Commission.
EU Justice Commissioner [http://ec.europa.eu/commission/2014-2019/jourova_en Vera Jourova] confirmed that the [https://euobserver.com/justice/133941 most controversial issues had been agreed] by both sides. <blockquote> “We reached an accord on more precise listing of cases when bulk collection can occur and a better definition of how our American partners understand the difference between bulk collection which may be justified and mass surveillance without any purpose, which is not tolerable”, </blockquote> she said.
Contrary to the Commissioner's optimism, it has been reported that members of Article 31 Working Group have [http://arstechnica.co.uk/tech-policy/2016/06/privacy-shield-experts-in-dark-planned-eu-us-data-sharing-pact/ not seen the final text] of Privacy Shield. More meetings have been scheduled for 29 June and 4 July. The working groups intends to use the full two weeks they have at their disposal to scrutinise the text of the deal. That could lead to further delays. However, [https://ec.europa.eu/commission/2014-2019/ansip_en Andrus Ansip], Vice President for Digital Single Market, remains hopeful the agreement will be finalised by the end of July. His meeting with the US secretary for commerce Penny Pritzker convinced him that progress is being made.
Even if the Privacy Shield deal passes, it is likely to last only a couple of years. The agreement will still be susceptible to legal challenges similar to the one brought forward by Max Schrems against Facebook which [http://arstechnica.co.uk/tech-policy/2015/10/europes-highest-court-strikes-down-safe-harbour-data-sharing-between-eu-and-us/ shot down the Safe Harbour], the predecessor of Privacy Shield.
===Web content blocking anti-terrorism law===
The [[European Parliament]] was due to [http://arstechnica.co.uk/tech-policy/2016/06/web-content-blocking-plan-eu-anti-terrorism-law-vote-delayed/ vote on a controversial anti-terrorism law] this week that would affect online content blocking. The vote has been postponed with a new date set to 27 June.
The draft of the directive is proposing to block websites promoting terror attacks. It will give power to member states to use all necessary measures to remove or block access to webpages publicly inciting to commit terrorist attacks. Removing or blocking access to online content is supposed to be a subject to full judicial oversight.
The proposal has been [https://edri.org/terrorism-internet-blocking-ridiculous-amendment-ever/ criticised by the digital rights activists] for lack of its clarity. The law would not require safeguards for proportionality to be mandatory if governments prefer to leave the enforcement of the law to voluntary schemes (arranged by service providers).
The UK digital industry and service providers have a strong record of self-regulation that previously resulted in [https://www.theguardian.com/technology/2014/jul/02/internet-filters-blocking-popular-websites-guido-jezebel over-blocking content] especially in connection to pornography, alcohol and hate speech. The proposal would not improve the current situation. It would reinforce the current state that, according to the [http://arstechnica.co.uk/tech-policy/2016/06/uk-serious-risk-over-blocking-content-online-human-rights-watchdog/ Council of Europe report], favors protecting the ISPs from liability rather than freedom of expression.
===Snowden invited to give evidence on protection of whistleblowers===
The [[European Commission]] has [https://ec.europa.eu/eusurvey/runner/2016AC launched a public consultation] on media pluralism and democracy. The consultation is tackling media freedom, censorship, free speech, hate speech, democracy and fundamental rights. The consultation is running for eight weeks and the deadline is 14 July.
In their call to submit responses, the Committee, among others, [http://arstechnica.co.uk/tech-policy/2016/06/europe-snowden-democracy-media-free-speech-feedback/ invited Edward Snowden] to respond to one of the question. The question aims to collect insights on the best practice for protecting the confidentiality of journalistic sources and whistleblowers.
This issue is being discussed in the UK at the moment in relation to the Investigatory Powers Bill. It has been pointed by the [https://www.nuj.org.uk/home/ National Union of Journalists] and other parties that the Bill [https://www.nuj.org.uk/documents/investigatory-powers-bill-briefing-june-2016/ does not offer sufficient safeguards] for journalistic sources. This consultation offers an opportunity for people to raise concerns about the IPBill.
==International development==
===Backdoors in Russia===
The Russian lower legislative house has [http://www.dailydot.com/politics/encryption-backdoor-russia-fsb/ proposed mandatory backdoors] for encryption in all messaging apps in the country. The proposal will enable the Federal Security Service to obtain special access to all communication within the country.
Such services like WhatsApp, Viber and Telegram are especially being targeted because of encryption of messages going through. The law was already approved by the Russian Committee on Security. The whole proposal is supposed to tackle “brainwashing” of teenagers in closed groups on the internet, according to Russian Senator Yelena Mizulina.
==ORG media coverage==
''See [[ORG Press Coverage]] for full details.''
;2016-06-23-IT Pro-[http://www.itpro.co.uk/public-sector/26781/us-senate-defeats-snoopers-charter-analogue US Senate defeats Snooper's Charter analogue]
:Author: Jane McCallion
:Summary: Jim Killock quoted on the scope of government and intelligence agencies' access to personal data of UK citizens.
==ORG Contact Details==
[http://www.openrightsgroup.org/people/staff Staff page]
* [http://www.openrightsgroup.org/people/staff#jim Jim Killock, Executive Director]
* [http://www.openrightsgroup.org/people/staff#javier Javier Ruiz, Policy]
* [http://www.openrightsgroup.org/people/staff#ed Ed Johnson-Williams, Campaigns]
* [http://www.openrightsgroup.org/people/staff#pam Pam Cowburn, Communications]
* [http://www.openrightsgroup.org/people/staff#lee Lee Maguire, Tech]
*[http://www.openrightsgroup.org/people/staff#myles Myles Jackman, Legal Director]
*[http://www.openrightsgroup.org/people/staff#margarida Margarida Silva, Supporter Officer]
[[Category: Policy updates]]