Created page with "This is ORG's Policy Update for the week beginning 06/02/2017. If you are reading this online, you can also subscribe to the [https://lists.openrightsgroup.org/listinfo/parli..."

New page

This is ORG's Policy Update for the week beginning 06/02/2017.

If you are reading this online, you can also subscribe to the [https://lists.openrightsgroup.org/listinfo/parliamentary.monitor email version].

==ORG’s work==

*ORG launched a new campaign for (spoof) recruitment for millions of posts of Internet porn classifiers. Check out the [https://www.newgovernmentjobs.co.uk/how-it-works job description] and [https://www.newgovernmentjobs.co.uk/who-should-apply person specification]. We even put together some [https://www.newgovernmentjobs.co.uk/interview-tips interview tips] for our applicants.

*ORG have launched a petition to prevent President Trump from using the data collected by the UK intelligence agencies to strip away basic liberties. Don’t let Trump get his hands on our data, [https://www.openrightsgroup.org/campaigns/trump/stop-trump-getting-our-data sign our petition now]!

Planned local group events:

*Join [https://www.meetup.com/ORG-Birmingham/events/237163748/ ORG Birmingham] on 22 February to look at how police are covertly using devices to indiscriminately intercept and hack up to 500 phones every minute.

*ORG Aberdeen is organising a [https://www.meetup.com/ORG-Aberdeen/events/237286837/ Cryptonoise] meeting on 23 February. Learn how you protect your rights in a digital world. You do not need to be a tech wizard to attend.

*Explore the issues surrounding data protection, surveillance and internet identity at the [http://theoldmarket.com/shows/still/ Still immersive theatre piece] on 1-2 March in Brighton.

==Official meetings==

*Jim Killock participated in a panel discussion on surveillance and the Investigatory Powers Act at the [https://uk.lush.com/tag/lushsummit-2017 Lush Summit 2017].



The Committee stage of the Digital Economy Bill continued this week with two more sittings. Lords discussed issues related to data sharing and BBC. The DEBill will go through the Report stage on 22 February.

====Data sharing====

The Committee debated data sharing powers in the DEBill on 6 February. The full transcripts of the sitting can be accessed here: [https://hansard.parliament.uk/lords/2017-02-06/debates/C19ED4AD-A46C-42F8-8162-D5B421F7CD8B/DigitalEconomyBill 1], [https://hansard.parliament.uk/lords/2017-02-06/debates/1233BC9A-AA77-423F-B263-FE551F9B9A2A/DigitalEconomyBill 2], [https://hansard.parliament.uk/lords/2017-02-06/debates/A615B47A-7186-4518-BA56-DC2D834F3ED9/DigitalEconomyBill 3].

Labour and Lib Dem Lords submitted numerous amendments calling for improved privacy safeguards and legally binding codes of practice.

Lord Collins (Labour) tabled an amendment that would limit what public authorities have access to people’s data. The amendment also required additional approval for non-approved uses of people’s data.

The Government wasn’t on board with the improved privacy safeguards. Lord Keen responded that the Bill will need to adhere to the [[Data Protection Act 1998]] and also the General data Protection Regulation when it comes into force in May 2018. For these reason, the Government doesn’t think privacy safeguards are necessary on the face of the Bill.

Amendments proposed to make codes of practice for Part 5 on Data Sharing a statutory piece of legislation didn’t get more support. Lord Keen rejected the proposal for codes of practice to comply with procedures for the secure handling of information. In the current wording of the Bill, codes of practice merely have regard to procedures for the secure handling of information. The Government considers such wording a satisfactory level of obligation for a code of practice.

A recent research highlighted another issue with data sharing. The data sharing provisions in the DEBill might be incompatible with the General Data Protection Regulation that the Government is planning to adopt fully. The GDPR promises to give people more control over their data, whereas DEBill does the exact opposite. The [http://www.ukauthority.com/news/6819/legislation-prospects-hamper-plans-for-data-sharing research shows how difficult] it will be for officials to implement both legislations in the public sector.


You can find the last week’s transcripts of the age-verification discussion here: [https://hansard.parliament.uk/lords/2017-02-02/debates/B7776F4D-0C4D-4E5E-B69E-226853036A96/DigitalEconomyBill 1], [https://hansard.parliament.uk/lords/2017-02-02/debates/D2C2419A-449B-4388-993A-149517F9CD2E/DigitalEconomyBill 2]

One of the ORG’s latest [https://www.openrightsgroup.org/blog/2017/government-says-privacy-safeguards-are-not-necessary-in-digital-economy-bill blog posts] gives more detail on the issues of appeals for ISP website blocking and privacy safeguards.

The Government doesn’t see how these proposals increase censorship. Jim Killock explains in a [https://www.openrightsgroup.org/blog/2017/just-how-much-censorship-will-the-debill-lead-to blog] the restrictive impact these provisions have on freedom of speech.

====Online copyright infringement====

The Committee had only a brief discussion of the copyright provisions in the Bill. We criticised previously the Government’s approach to defining online copyright infringement offence. The wording in the Bill is too vague and could catch casual file sharers instead of the commercial ones.

Labour proposed to amend this part and use the wording currently used in the Copyright, Designs and Patent Act 1988. Such amendment would not respond appropriately to digital copyright infringement.

Jim Killock explains what needs to be done in this [https://www.openrightsgroup.org/blog/2017/ten-years-jail-for-file-sharers-the-governments-gift-to-copyright-trolls blog].

===Government falls short on cyber security===

The Public Accounts Committee (PAC) released a [https://www.publications.parliament.uk/pa/cm201617/cmselect/cmpubacc/769/769.pdf new report on Protecting Information Across Government]. The report focuses on the role of the Cabinet Office in coordinating dissemination of information and protecting it from unauthorised access or loss.

The [http://www.ukauthority.com/cyber-resilience/entry/6862/mps-say-government-falls-short-on-cyber-security report found] that the government’s efforts to strengthen cyber security are diminished by the Cabinet’s Office failure in recording personal data breaches. It was highlighted in the report that process for departmental personal data breaches are inconsistent and dysfunctional. The situation is particularly bad regarding low level breaches.

The Committee members called on the Cabinet Office to create a detailed plan from improving cyber security by the end of the year. At the moment, the department’s role in protecting information in central government is not clearly defined. The Committee found that the public sector lacks coordination in information protection.

Recommendations by the Committee:

*The Cabinet Office should write to the PAC setting out its findings from a pilot security cluster *Government should establish a clear approach for protecting information across the whole of the public sector.

*The Cabinet Office should ensure there is a robust challenge built into the Government Security Classifications and the Foxhound project for sharing classified information across government.

*The Cabinet Office should regularly assess the cost and performance of government information security initiatives.

*The Cabinet Office should work with the Information Commissioner’s Office on a set of reporting guidelines.

====Scottish NHS in a cyber attack====

It was [https://www.digitalhealth.net/2017/02/scottish-nhs-staff-caught-in-us-cyber-attack/

reported] that data of nearly 300 Scottish NHS staff was leaked in a cyber attack against one of their supplier in the US.

The supplier, Landauer, provides ionising radiation monitoring services across Scotland. They retain personal information of the NHS staff, including their names, radiation dose, dates of birth and national insurance numbers. Patients were not affected by the breach.

It was revealed that the company was aware of the breach in October but only informed the NHS recently. The report of the breach only proves the points raised in the recent Public Account Committee’s report claiming that public sector lacks coordination in information protection and breach reporting.

===Question on electronic warfare===

[[Ian Lavery MP]]

[https://www.theyworkforyou.com/wrans/?id=2017-01-30.62245.h&s=cyber#g62245.r0 asked] the Minister for the Cabinet Office, what steps the Government is taking beyond the Cyber Security Strategy to protect the UK from cyber attacks from abroad.

[[Ben Gummer MP]] responded that a recent success was a launch of the National Cyber Security Centre working to deliver the National Cyber Security Strategy. The Minister did not list any other steps being taken to protect the UK from cyber attacks.

===Question on data protection===

Lord Browne

[https://www.theyworkforyou.com/wrans/?id=2017-01-26.HL5021.h&s=%22data+protection%22#gHL5021.r0 asked] the Government what steps they are taking to help people protect their personal data online.

Lord Ashton responded that the [[Information Commissioner’s Office]] provides guidance to individuals and organisations on the protection of personal data online. Ashton said that the soon to be implemented General Data Protection Regulation will provide additional safeguards for people’s personal information.

==Other national developments==

===NHS forced to share data for immigration purposes===

A [https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/585928/MOU_v3.pdf memorandum of understanding] revealed that the Home Office can require access to some patient’s name, date of birth and address. Such information will make it easier for the Home Office to identify illegal immigrants.

The data is supposed to be [https://theconversation.com/nhs-urged-to-share-data-so-patients-can-be-deported-72380 supplied by the NHS Digital]. They don’t need to give up the data if they assess that the Home Office have not argued their case well enough. However, the partnership becomes more complex if the NHS Digital refuses to provide the data.

In case of a dispute, the Department of Health is supposed to act as an impartial arbiter. It is difficult to grasp how the Department of Health can be considered impartial since, like Home Office, it is a government department.

Initiatives like this one are likely to discourage people from seeking medical help by creating a barrier. In a long run, a risk to the general public is increased.

===Body-worn cameras in UK schools===

Two schools in the UK are conducting [https://www.theguardian.com/education/2017/feb/08/two-uk-schools-trial-use-of-police-style-bodycams-for-teachers trials for teachers wearing cameras] in class. The trial aims to help teachers limit disorder.

Teachers have an option to wear a camera when they feel it is necessary. Cameras are not on constantly. The trial will run for three months and footage from cameras is securely stored on a cloud platform.

The cameras are not surveillance cameras and are supposed to be used only during incidents. Despite these claims, filming pupils can be invasive. The information on how the footage is used is not available at the moment and neither are arrangements for secure storage. This type of intrusive technology can also negatively impact on the teacher-pupil relationship.

==International developments==

===Google might have to hand over emails to FBI===

A US judge [http://www.theverge.com/2017/2/6/14529902/google-emails-abroad-fbi-hand-over-judge

ordered Google to hand over its users’ emails] even though they are stored on servers outside the US. This judgment goes against the precedent set by a similar case involving Microsoft.

In the [https://techcrunch.com/2017/01/24/court-wont-reconsider-doj-argument-in-microsoft-customer-data-case/ Microsoft case], the company didn’t need to hand over emails to FBI in a narcotics case because they were stored on a server in Ireland. The ruling in the Google case, however, said that getting emails from an overseas location does not qualify as seizure because the user’s possessory interest in the information is not interfered with.

Google is planning to appeal the judgment particularly because the judge departed from precedent. The previous judgment found that 1986 Stored Communications Act (used to issue warrants in both cases) was left behind by technology and is in need of a revision to improve privacy protection.

==ORG media coverage==

''See [[ORG Press Coverage]] for full details.''

;2017-02-02-The Missouri Injury Blog-[http://themissouriinjuryblog.com/15977/ai-software-algorithm-can-track-your-every-move-at-work/ AI software algorithm can track your every move at work]

:Author: Samuel Butler

:Summary: Javier Ruiz quoted on employees being given clarity on what information is collected and how it is used by AI software at a workplace.

;2017-02-03-Order Order-[https://order-order.com/tag/open-rights-group/ Government to hire porn watching bureaucrats]

:Summary: ORG quoted about the new campaign for jobs for Internet classifiers.

;2017-02-06-New statesman-[http://www.newstatesman.com/politics/staggers/2017/02/inside-governments-mad-plan-catalog-every-video-internet Inside the government's mad plan to catalog every video on the Internet]

:Author: Myles Jackman

:Summary: Myles Jackman comments on the Government’s plans to introduce age verification and ISP blocking for porn websites.

;2017-02-08-Braodband Genie-[https://www.broadbandgenie.co.uk/blog/20170206-digital-economy-bill-porn-blocking-survey UK porn blocking: Government age verification requirement “could set a dangerous precedent"]

:Summary: Jim Killock interviewed on ISP blocks for porn websites.

==ORG Contact Details==

[https://www.openrightsgroup.org/people/staff Staff page]

* [https://www.openrightsgroup.org/people/staff#jim Jim Killock, Executive Director]

* [https://www.openrightsgroup.org/people/staff#javier Javier Ruiz, Policy]

* [https://www.openrightsgroup.org/people/staff#ed Ed Johnson-Williams, Campaigns]

* [https://www.openrightsgroup.org/people/staff#pam Pam Cowburn, Communications]

* [https://www.openrightsgroup.org/people/staff#lee Lee Maguire, Tech]

* [https://www.openrightsgroup.org/people/staff#myles Myles Jackman, Legal Director]

* [https://www.openrightsgroup.org/people/staff#charlie Charlie Tunmore, Supporter Officer]

* Slavka Bielikova, Policy Officer

[[Category: Policy updates]]

Show more