2017-03-10

Created page with "This is ORG's Policy Update for the week beginning 06/03/2017. If you are reading this online, you can also subscribe to the [https://lists.openrightsgroup.org/listinfo/parli..."

New page

This is ORG's Policy Update for the week beginning 06/03/2017.

If you are reading this online, you can also subscribe to the [https://lists.openrightsgroup.org/listinfo/parliamentary.monitor email version or unsubscribe].

==ORG’s work==

*ORG has been preparing a briefing for the House of Lords before another Report stage sitting to discuss the Digital Economy Bill.

*We launched a campaign to email [[Jo Johnson MP]], the Minister for Universities, Science, Research and Innovation, to fix threats posed by offences for copyright infringement in the Digital Economy Bill. Let's stop copyright trolls threatening ordinary Internet users with 10 years in prison. [https://www.openrightsgroup.org/campaigns/digital-economy-bill-hub/10-years-for-file-sharing-email-the-government Email the Government].

*ORG have been working our submission for the consultation on the Espionage Act. The threat of 14 years in prison for handling classified and secret documents could stop journalists and whistleblowers from exposing corruption and government wrongdoing - especially in the secret services. [https://www.openrightsgroup.org/campaigns/espionage-act/14-years-in-prison-for-journalists-sign-the-petition-1 Sign the petition]!

Planned local group events:

*You seal your letters but send your mails unencrypted? You want to protect your privacy online but don't know how to do it? Join [https://www.meetup.com/ORG-Manchester/events/237374535/ ORG Manchester] on Friday 17 March to learn how to protect your communications and content over the Internet.

*Join [https://www.meetup.com/ORG-Birmingham/events/238055781/?rv=ea1&_af=event&_af_eid=238055781&https=on ORG Birmingham] on Tuesday 21 March to find out more about the Espionage Act and what you can do to stop the Law Commission criminalising journalists and public-interest whistleblowers.

*Let's stop copyright trolls threatening ordinary Internet users with 10 years in prison. [https://www.openrightsgroup.org/campaigns/digital-economy-bill-hub/10-years-for-file-sharing-email-the-government Email the Government].

==Parliament==

===DEBill===

The Digital Economy Bill is due to be debated by Lords in the second and third sittings of the Report stage on 20 and 22 March. These are likely to be the last Report stage sittings since the date for the Third Reading has been announced for 29 March.

====Online copyright infringement====

After we launched an action last week for people to email [[Jo Johnson MP]], the Minister for Universities, Science, Research and Innovation, and to ask to introduce an amendment for offences of copyright infringement, the Intellectual Property Office [https://www.gov.uk/government/news/open-rights-group-campaign issued a statement].

ORG has argued that the offence definition is too broad and is likely to catch small individual infringers that the Government previously stated are not expected to be caught by the offence. The Government have not tabled any amendments to rectify the situation and make it clear who they aim to prosecute.

This could be easily done by entering thresholds of seriousness into the offence. It would also prevent copyright trolls from exploiting vulnerable people by threatening them with 10-year jail sentences.

The Government’s response stated that <blockquote> “The risk of an increase of ‘trolling’ is considered to be low but the government will periodically review and respond to any concerns.[...] It would not be practical for the government to set a specific level of loss or gain at which infringement becomes a criminal offence.” </blockquote>

Jim Killock [https://www.openrightsgroup.org/blog/2017/why-the-ipo-needs-to-change-the-criminal-offence-for-online-copyright-infringement responded to the Government’s statement] and clarified ORG’s position.

====Age verification====

The Government tabled [https://www.publications.parliament.uk/pa/bills/lbill/2016-2017/0102/17102-I(Rev)(c).pdf new amendments] for age verification following their promise to incorporate several recommendations from the Delegated Powers and Regulatory Reform Committee’s report.

The Government plans to introduce three additional Statutory Instruments (guidance) to outline what material should be censored, guidance by the age-verification regulator and guidance by the Secretary of State to the age-verification regulator on how to issue a guidance.

The amendments also introduce two new regulators that will join the British Board of Film Classification. The BBFC will regulate what content gets censored and will be responsible for notifying non-compliant websites. Handing out of financial penalties for non-compliance will be carried out by another unknown regulator.

The process of appeals will also get its own regulator that will be independent from the BBFC. The Government made it clear that they do not want UK courts to be part of the appeals process for blocking of pornographic websites.

The age-verification policy remains a badly thought-through policy even with these changes. Jim Killock explains in more detail what effect they will actually have in a [https://www.openrightsgroup.org/blog/2017/scrap-the-debill-age-verification-and-censorship-before-it-is-too-late blog].

====Data sharing====

Several new [https://www.publications.parliament.uk/pa/bills/lbill/2016-2017/0102/17102-RL.pdf amendments] have been introduced by the Government to include recommendations from the Delegated Powers and Regulatory Affairs Committee.

We welcome Government’s amendments:

*limiting powers of Ministers by narrowing down objectives for data sharing,

*creating a closer link with functions of public authorities,

*limiting definitions of “specified persons” able to share data for public service delivery and fraud and debt purposes,

*making codes of practice statutory,

*removing powers to repeal and amend the Bill without prior scrutiny.

However, there are still some issues in Part 5 on data sharing that should be addressed. These include intrusive powers in Chapter 2 on civil registration data and review of all powers in Part 5.

===Question on data protection===

Louise Haigh [https://www.theyworkforyou.com/wrans/?id=2017-02-23.65357.h&s=%22data+protection%22#g65357.r0 asked] the Secretary of State for Culture, Media and Sport, what information the Department holds on the number of commercial companies that retain individuals’ personal data.

[[Matthew Hancock MP]] responded that the Department does not hold this information. The Information Commissioner’s Office requires data controllers processing personal data to register with them unless they are exempt.

===Question on fines and data protection===

Patricia Gibson [https://www.theyworkforyou.com/wrans/?id=2017-02-21.64780.h&s=privacy#g64780.r0 asked] the Secretary of State for Culture, Media and Sport, on what the Department plans to publish the consultation on legislative proposals on the accountability of named directors of firms responsible for breaches of the Privacy and Electronic Communications Regulations.

[[Matthew Hancock MP]] responded that they intend to issue a consultation during this session of Parliament on making company directors and those in similar positions. The proposed measure would give the Information Commissioner a power to impose Civil Monetary Penalties of up to £500,000 on those in positions of responsibility in all forms of corporate entity.

===Question on images on the police national database===

Lord Scriven

[https://www.theyworkforyou.com/lords/?id=2017-03-02a.945.5&s=%22privacy%22#g946.4 asked] the Government, whether the storage of 19 million facial images uploaded onto the police national database is compliant with data protection regulation.

Baroness Williams responded that the Government acknowledges that there are privacy issues and the custody images review has made recommendations for improvements of the retention regime.

===Question on pupils’ records===

Lord Scriven [https://www.theyworkforyou.com/wrans/?id=2017-02-23.HL5598.h&s=privacy#gHL5598.r0 asked] the Government, when and how former pupils who provided their personal data before 2010 for the purposes of their own education and who are now older than 19 will be informed of the new broader uses of their individual personal data by third parties since 2011. He further inquired whether they are able to withdraw these data.

Lord Nash responded that it is not possible for data subjects to withdraw their data and they will not be informed of the broader uses of their individual personal data by third parties.

===Question on IPAct and electronic surveillance===

Lord Paddick [https://www.theyworkforyou.com/wrans/?id=2017-02-21.HL5529.h&s=Electronic+Surveillance asked] the Government, when they plan to implement the provisions regarding the creation and collection of internet connection records, what guidance and training they have issued to law enforcement agencies to enable them to make use of internet connection records and whether they will publish the latest cost assessment of set-up costs, and annual running costs, for internet connection records.

Baroness Williams responded that the Government are in the process of working with telecommunications operators to implement these provisions. The Government intends to publish codes of practice for public consultation that will then be subject to Parliamentary approval using the affirmative procedure.

The costs of implementing internet connection records were outlined in the impact assessment published during the passage of the Investigatory Powers Act.

===Question on Brexit===

[[Nick Clegg MP]] [https://www.theyworkforyou.com/wrans/?id=2017-02-27.65792.h&s=%28internet+OR+cyber+OR+computer+OR+web+OR+surveillance+OR+copywrite+OR+%22data+sharing%22%29#g65792.q0 asked] the Secretary of State for the Home Department, what contingency plans are in place for a situation in which no deal is reached with the EU on (a) extradition, (b) surveillance and (c) data exchange.

[[Brandon Lewis MP]] responded that the Government is committed to ongoing cooperation with the EU on security and law enforcement. He stated that it is too early to speculate at this stage what future arrangements may look like.

===Question on investigatory powers===

Lord Paddick [https://www.theyworkforyou.com/wrans/?id=2017-02-21.HL5533.h&s=privacy#gHL5533.r0 asked] the Government, when they will publish the membership of the Technical Advisory Panel as provided for by the Investigatory Powers Act 2016; and how many times the Panel has met.

Baroness Williams responded that after the Investigatory Powers Commissioner is appointed, he will establish the Panel.

==Other national developments==

===Extended deadline on the Espionage Act===

The Law Commission [https://arstechnica.co.uk/tech-policy/2017/03/espionage-act-secrecy-law-plan-deadline-extended/ extended the deadline] for the public consultation on the new Espionage Act. The consultation will close on 3 May. This is due to large amount of interest.

The Law Commission previously published a [http://www.lawcom.gov.uk/project/protection-of-official-data/#protection-of-official-data consultation paper] advising the Government how to update the current law about espionage (Official Secrets Act) and state secrets. According to the consultation, the new Espionage Act would increase penalties for espionage and broaden the definition of who could commit espionage.

The [https://www.politicshome.com/news/uk/government-and-public-sector/transparency-and-open-data/news/83312/government-rejects-claims consultation was commissioned by the Government] because they believe the current secrecy legislation is outdated in the digital age. Their particular concern is that electronic documents can be leaked in bulk, which poses new security risks.

Journalists handling secret materials from whistleblowers could be prosecuted under the Act whether or not they had engaged in ‘espionage’, and on the basis of the risk that an individual possessing the documents poses to the state, i.e.that they could be passed on, rather than have been, to a foreign power. Such broad definition would have highly detrimental effects on investigative journalism and public-interest whistleblowing where classified information is implicated.

The consultation document explicitly rejects a public interest defence for whistleblowers. Instead it proposes that concerns should be directed through an ombudsman.

ORG launched a petition asking the Law Commission to drop their proposals. Join over 18,000 people and [https://www.openrightsgroup.org/campaigns/espionage-act/14-years-in-prison-for-journalists-sign-the-petition-1 sign the petition]!

===ICO inquiry into misuse of data in politics===

It was [https://www.theguardian.com/technology/2017/mar/04/cambridge-analytics-data-brexit-trump reported the Information Commissioner’s Office launched] an investigation into how voters’ personal data is captured and exploited in political campaigns.

The ICO decided to intervene following the last week’s revelations that a technology company had in a key role in the Leave campaign during the referendum on leaving the European Union.

The ICO spokesperson said <blockquote> ““We are conducting a wide assessment of the data-protection risks arising from the use of data analytics, including for political purposes, and will be contacting a range of organisations. We intend to publicise our findings later this year.”</blockquote>

===Evidence by Julian King to Home Affairs Committee===

https://www.theregister.co.uk/2017/03/03/uk_privacy_shield/

===Drop in advertising on pirate sites===

City of London Police’s Intellectual Property Crime Unit (PIPCU) [https://www.cityoflondon.police.uk/advice-and-support/fraud-and-economic-crime/pipcu/pipcu-news/Pages/Operation-Creative-sees-64-per-cent-drop-in-UK-advertising-.aspx revealed] that in the past 12 months there has been a 64% drop in advertising on illegal sites. Potential revenue of 200 copyright infringing websites is affected.

This action is part of the [https://www.cityoflondon.police.uk/advice-and-support/fraud-and-economic-crime/pipcu/Pages/Operation-creative.aspx Operation Creative] - an initiative to reduce copyright infringement using a variety of tactics. In this case, the initiative makes it harder for websites to generate revenue from advertising. Potential advertisers receive a list of infringing websites and are encouraged to boycott the domains.

==Europe==

===EU Copyright reform===

A leaked report from the rapporteur [http://www.europarl.europa.eu/meps/en/124968/THERESE_COMODINI+CACHIA_home.html Therese Comodini Cachia] on the upcoming copyright reform calls for dropping the plans to give more rights to news websites and music industry.

The [https://euobserver.com/digital/137164 rapporteur suggested] that Article 11, seeking additional rights for news publishers by asking search engines to pay fees for displaying snippets of their articles, should be set aside and instead copyright should be enforced by giving authors and publishers the right to go to court.

Comodini Cachia suggested Article 13, arranging the liability of online intermediaries for user generated content into a shared responsibility of rights holders and service providers, is removed. Instead, the report suggests broadening of the scope of a copyright exception for modern research, including text and data mining. The exception is to be applied to all people, not only scientific research as suggested previously.

The report will be debated for the first time on 22 or 23 March. The rapporteur hopes to find an agreement before the end of the year.

The UK Intellectual Property Office ran an [https://www.gov.uk/government/news/call-for-views-modernising-the-european-copyright-framework informal consultation] asking for views on the Commission's proposals late last year. The results of the consultation have not been published yet.

==International developments==

===Wikileaks - CIA exploiting vulnerabilities===

Wikileaks published documents revealing the US Central Intelligence Agency (CIA) hacking tools. The documents, titled [https://wikileaks.org/ciav7p1/ Vault 7], show that CIA uses [http://searchsecurity.techtarget.com/definition/zero-day-vulnerability zero-day vulnerabilities] in most desktop and mobile operating systems.

The [https://www.theguardian.com/technology/2017/mar/08/wikileaks-vault-7-cia-documents-hacked-what-you-need-to-know files describe CIA plans] and descriptions of malware and other tools that could be used to hack into technology platforms. The documents show exchanges of tools and information between the CIA, the National Security Agency and other US federal intelligence agencies, as well as intelligence services of Australia, Canada, New Zealand and the GCHQ in the UK.

However vulnerabilities can also be discovered and exploited by criminals and other countries’ intelligence agencies. This raises several questions about the GCHQ’s conduct.

Ed Johnson-Williams outlines these in a [https://www.openrightsgroup.org/blog/2017/cia-and-gchq-hacking-will-they-clear-up-their-own-mess blog]:

*How does the Government ensure that GCHQ’s process for deciding whether to exploit or report a vulnerability is adequate? Are they creating unnecessary risks for organisations and individuals?

*How do oversight bodies check that GCHQ’s policies for assessing the risk of keeping an active vulnerability secret are sufficiently robust?

*Did any hacking operations reduce the security and privacy of an individual/organisation with respect to other actors?

*Is the authorisation process sufficient to avoid future problems?

*How will the UK government and agencies work to clean up the mess created by their decision not to report these vulnerabilities to the vendors?

Governments should be regulating the way their intelligence agencies hoard and use vulnerabilities that affect devices owned by millions of ordinary people.

The leak of documents sparked discussions about safety of encrypted messaging services such as Whatsapp and Signal. You can read more about the implications for the messaging apps in another [https://www.openrightsgroup.org/blog/2017/yes-the-cia-can-hack-phones-but-signal-and-whatsapp-are-still-safe-for-nearly-everyone blog] by Ed Johnson-Williams.

==ORG media coverage==

;2017-03-03-IP Watch-[http://www.ip-watch.org/2017/03/03/switzerland-next-line-gamble-net-blocking/

http://therealnews.com/t2/index.php?option=com_content&task=view&id=31&Itemid=74&jumival=18474 Switzerland Next In Line To Gamble With Net Blocking]

:Author: Monika Ermert

:Summary:

;2017-03-03-The Real News-[http://therealnews.com/t2/index.php?option=com_content&task=view&id=31&Itemid=74&jumival=18474 New UK Secrecy Laws Include Harsh Sentences For Journalists Working With Whistleblowers]

:Author: Kim Brown

:Summary:

;2017-03-03-Nat Law Review-[http://www.natlawreview.com/article/uk-search-engines-and-rightsholders-join-forces-to-combat-online-piracy UK Search Engines And Rightsholders Join Forces To Combat Online Piracy]

;2017-03-05-The Guardian-[https://www.theguardian.com/technology/2017/mar/05/political-rebels-whatsapp-encryption-technology-mps-security Why political rebels love WhatsApp]

;2017-03-06-Torrent Freak-[https://torrentfreak.com/uk-govt-refuses-to-back-down-over-criminalization-of-file-sharers-170306/ UK Govt Refuses to Back Down Over Criminalization of File-Sharers]

;2017-03-06-IP Pro the Internet-[http://www.worldipreview.com/news/ukipo-responds-to-open-rights-group-criticism-of-copyright-bill-13646 ORG and UKIPO clash over 10-year sentences]

:Author:Barney Dixon

:Summary:

;2017-03-07-World IP Review-[http://ipprotheinternet.com/ipprotheinternetnews/copyrightarticle.php?article_id=5346#.WL6EGxica-p UKIPO responds to Open Rights Group criticism of copyright bill]

:Summary:

http://www.computerweekly.com/news/450414569/Open-Rights-Group-calls-for-control-of-spies-use-of-zero-days

==ORG Contact Details==

''See [[ORG Press Coverage]] for full details.''

[https://www.openrightsgroup.org/people/staff Staff page]

* [https://www.openrightsgroup.org/people/staff#jim Jim Killock, Executive Director]

* [https://www.openrightsgroup.org/people/staff#javier Javier Ruiz, Policy]

* [https://www.openrightsgroup.org/people/staff#ed Ed Johnson-Williams, Campaigns]

* [https://www.openrightsgroup.org/people/staff#pam Pam Cowburn, Communications]

* [https://www.openrightsgroup.org/people/staff#lee Lee Maguire, Tech]

* [https://www.openrightsgroup.org/people/staff#myles Myles Jackman, Legal Director]

* [https://www.openrightsgroup.org/people/staff#charlie Charlie Tunmore, Supporter Officer]

* Slavka Bielikova, Policy Officer

[[Category: Policy updates]]

Show more