Category Archives: Information Security

AI trust and AI fears: A media debate that could divide society

File 20180109 83547 1gya2pg.jpg?ixlib=rb 1.1

In this guest post, Dr Vyacheslav Polonski, Researcher, University of Oxford examines the key question of trust or fear of AI.

We are at a tipping point of a new digital divide. While some embrace AI, many people will always prefer human experts even when they’re wrong.

Unless you live under a rock, you probably have been inundated with recent news on machine learning and artificial intelligence (AI). With all the recent breakthroughs, it almost seems like AI can already predict the future. Police forces are using it to map when and where crime is likely to occur. Doctors can use it to predict when a patient is most likely to have a heart attack or stroke. Researchers are even trying to give AI imagination so it can plan for unexpected consequences.

Of course, many decisions in our lives require a good forecast, and AI agents are almost always better at forecasting than their human counterparts. Yet for all these technological advances, we still seem to deeply lack confidence in AI predictions. Recent cases show that people don’t like relying on AI and prefer to trust human experts, even if these experts are wrong.

If we want AI to really benefit people, we need to find a way to get people to trust it. To do that, we need to understand why people are so reluctant to trust AI in the first place.

Continue reading

How websites watch your every move and ignore privacy settings

File 20171122 6055 jrvkjw.jpg?ixlib=rb 1.1

In this guest post, Yijun Yu, Senior Lecturer, Department of Computing and Communications, The Open University examines the world’s top websites and their routine tracking of a user’s every keystroke, mouse movement and input into a web form – even if it’s later deleted.

Hundreds of the world’s top websites routinely track a user’s every keystroke, mouse movement and input into a web form – even before it’s submitted or later abandoned, according to the results of a study from researchers at Princeton University.

And there’s a nasty side-effect: personal identifiable data, such as medical information, passwords and credit card details, could be revealed when users surf the web – without them knowing that companies are monitoring their browsing behaviour. It’s a situation that should alarm anyone who cares about their privacy.

The Princeton researchers found it was difficult to redact personally identifiable information from browsing behaviour records – even, in some instances, when users have switched on privacy settings such as Do Not Track.

Continue reading

Submissions to the Law Commission’s consultation on ‘Official Data Protection’: Guardian News and Media

The Law Commission has invited interested parties to write submissions commenting on the proposals outlined in a consultation report on ‘official data protection’. The consultation period closed for submissions on 3 May, although some organisations have been given an extended deadline. (For more detailed background on the Law Commission’s work please see the first post in this series). 

The Information Law and Policy Centre is re-publishing some of the submissions written by stakeholders and interested parties in response to the Law Commission’s consultation report (pdf) to our blog. In due course, we will collate the submissions on a single resource page. If you have written a submission for the consultation you would like (re)-published please contact us

Please note that none of the published submissions reflect the views of the Information Law and Policy Centre which aims to promote and facilitate cross-disciplinary law and policy research, in collaboration with a variety of national and international institutions.

The fourteenth submission in our series is the response submitted by Guardian News and Media. The executive summary outlines that Guardian News and Media is “very concerned that the effect of the measures set out in the consultation paper (‘CP’) would be to make it easier for the government to severely limit the reporting of public interest stories”.

Download (PDF, 912KB)

(Previous submissions published in this series: Open Rights GroupCFOI and Article 19The Courage FoundationLibertyPublic Concern at WorkThe Institute of Employment RightsTransparency International UKNational Union of Journalists, and English Pen, Reporters Without Borders and Index on Censorship, the Open Government NetworkLorna Woods, Lawrence McNamara and Judith Townend, Global Witness, and the British Computer Society.)

Submissions to the Law Commission’s consultation on ‘Official Data Protection’: British Computer Society

The Law Commission has invited interested parties to write submissions commenting on the proposals outlined in a consultation report on ‘official data protection’. The consultation period closed for submissions on 3 May, although some organisations have been given an extended deadline. (For more detailed background on the Law Commission’s work please see the first post in this series). 

The Information Law and Policy Centre is re-publishing some of the submissions written by stakeholders and interested parties in response to the Law Commission’s consultation report (pdf) to our blog. In due course, we will collate the submissions on a single resource page. If you have written a submission for the consultation you would like (re)-published please contact us

Please note that none of the published submissions reflect the views of the Information Law and Policy Centre which aims to promote and facilitate cross-disciplinary law and policy research, in collaboration with a variety of national and international institutions.

The thirteenth submission in our series is the response submitted by the British Computer Society.

Download (PDF, 829KB)

(Previous submissions published in this series: Open Rights GroupCFOI and Article 19The Courage FoundationLibertyPublic Concern at WorkThe Institute of Employment RightsTransparency International UKNational Union of Journalists, and English Pen, Reporters Without Borders and Index on Censorship, the Open Government NetworkLorna Woods, Lawrence McNamara and Judith Townend, and Global Witness.)

Exploring the challenges of the new transnational cyber policing

hacking imageThe development of the Internet has facilitated global communications, new online spaces for the exchange of goods and information, new currencies and online marketplaces, and unprecedented access to information. These new possibilities in ‘cyberspace’ have been exploited for criminal activity and the rising challenge of various forms of ‘cybercrime’ in recent years has been well-documented.

As part of our cyber security and cybercrime seminar series at the Information Law and Policy Centre (ILPC) for 2017, lead speaker Dr Monique Mann explored the new challenges posed for policing and law enforcement by cybercrime and dissected the legal conundrums and human rights considerations raised by criminal activity which crosses international jurisdictions. The panel was also comprised of expert discussant, Professor Ian Walden (Queen Mary University of London), and was chaired by the ILPC’s Director, Dr Nóra Ni Loideain.

Mann’s current research – alongside her colleagues at the Queensland University of Technology and Deakin University – concerns the ‘legal geographies of digital technologies’. Her talk considered three case studies which formed the basis of broader conclusions in relation to the use of extraterritorial legal powers by states (particularly the United States) and the issues raised by extradition processes which have become prominent in several high profile hacking cases.

The Silk Road

Mann’s talk began with an analysis of the FBI’s investigation into the Silk Road – an illicit online marketplace trading drugs and other illegal items operated through the anonymity afforded by the Tor network. Mann stated that the equivalent of $1.2 billion in the cryptocurrency, Bitcoin, was exchanged by Silk Road users during the site’s operation between 2011 and 2013. She highlighted that the FBI’s investigation and attempts to prosecute the leaders of the site were dependent on a range of extraterritorial legal activities.

First, warrants to investigate the online activities of the suspects were issued only after the FBI had already managed to access information from a server in Iceland. It is not clear from public documents how the FBI gained access to this server. Moreover, the warrants – which were also relevant to individual citizens based outside the United States – were granted on the authority of a single US judge.

Secondly, in order to demonstrate conspiracy under the Continuing Criminal Enterprise Act, the FBI sought to access communications between the chief suspect in the case, Ross William Ulbricht, and co-offenders based in Ireland and Australia. This included an attempt by the FBI to access email content from Microsoft servers based in Ireland using a Mutual Legal Assistance Treaty (MLAT) request. Microsoft fought the request and the most recent ruling on this issue has designated the request as an impermissible extraterritorial search.

Finally, the FBI sought to extradite Irish-based suspect, Gary Davis, to the United States in order to face trial for his involvement in the Silk Road site. Taken together, the FBI’s investigative techniques in relation to the Silk Road site raise significant questions around the processes and outcomes of extraterritorial legal activities.

Extradition

Gary Davis’ case was the catalyst for the team to investigate extradition in greater detail as it is has become a central, if exceptional, feature of transnational justice cooperation. Mann and her colleagues have reviewed a number of high profile cases of citizens facing extradition including Davis, Gary McKinnon and Laurie Love. In the past, extradition has primarily been used as a tool to return a suspected criminal to his or her home country after he or she has fled. In the digital age, however, extradition is increasingly being used in cyber crime cases to extradite suspected criminals to a country they may never have even visited as the nature of transnational online offending means their crime effectively takes place in a different location to where they are physically based.

Courts have three options on being presented with an extradition request from another jurisdiction: accept the request and relocate the offender to face trial in the prosecuting country; deny the request altogether; or shift the prosecution to the ‘source of harm’ – i.e. the offender’s location.

Mann pointed out that in the cases of Gary McKinnon and Laurie Love, extradition requests from the United States have triggered protracted legal cases lasting many years as the defendants have (variously) argued that the extradition request infringes their Article 3, 6 and/or 8 rights under the European Convention of Human Rights. The cases have also hinged on the defendants’ physical and mental well-being, particularly in relation to Autistic Spectrum Disorders (emerging research suggests there is a link between online offending and ASDs).

The difficulties and legal complexities of these extradition cases, as well as a concern for the human rights of those involved, led the researchers to question whether it would not be better to shift the legal forum to the source – i.e. to the defendant’s home country.

Attendees at the ILPC seminar, however, highlighted that there are significant obstacles both in terms of cost and willingness to share evidence. It was argued, for example, that the UK was probably not willing to finance McKinnon’s trial here, nor would the US be interested in sharing sensitive information relating to the 73,000 US government computers – including NASA and military facilities – that McKinnon had hacked from his home computer.

Bulk Hacking and Child Exploitation Material

The final feature of extraterritorial law enforcement that Mann highlighted was the use of bulk hacking. These ‘watering hole’ or ‘honeypot’ operations have involved the FBI taking over an illegal website, moving it to a government server, continuing to operate the site, and then using it as a base to hack unsuspecting users.

In the Playpen example which Mann cited, the US government infected more than 8,000 computers in over 120 countries with a single warrant making it the largest known extraterritorial hacking operation. The investigation into Playpen – a site for the exchange of child exploitation material – has sparked 124 cases involving 17 defendants. One of the central legal questions here has been whether such activities constitute a “search” of the site’s users or whether they constitute online tracking.

Defendants have also attempted to argue that the US government has engaged in outrageous conduct in continuing to operate the Playpen website pointing out that during 2 weeks of operation the US government will have distributed 22,000 images of child exploitation material. Although the court in the case argued that the US government did not create the crimes committed, Mann nevertheless raised the question as to whether the ends do justify these means.

Implications and Issues

For Mann, the Silk Road, extradition and bulk hacking case studies focus attention on the role of the United States in the transnational jurisdictional sphere. How far has policing in the context of cybercrime become ‘Americanised’ and at the behest of US agendas (such as the war on drugs)? And what does US law enforcement activity mean for understandings of ‘ownership’ of the internet?

Addressing these points, the panel’s discussant, Professor Ian Walden, a leading expert in information and communications law, stated that the United States’ access to investigative and legal resources will continue to mean it is ‘an important player’ in the prosecution of transnational cybercrime. He also argued that greater efforts at resolving legal conflict and a focus on international cooperation will be required as crime increasingly traverses international boundaries and as jurisdictional claims of countries concurrently expands.

Walden was hopeful that international cooperation could be improved through international aid to raise standards of criminal and procedural law, and he acknowledged that in particularly serious cyber crime offences, such as child exploitation material, there is some harmonisation.

He was not convinced, however, that in the near future there would be any advance in international agreements on cooperation beyond the Council of Europe’s 2001 Convention on Cybercrime. Differing national agendas and legal standards, he said, also create difficulties for international cooperation and legal harmonisation. Walden noted that Kenyan parliamentarians, for example, regard the main ‘cybercrime’ issue as the use of Facebook to accuse them of corruption – an issue which is of little concern in other parts of the world; while in Nigeria, cybercrimes can lead to the death penalty – a sanction that would be unacceptable to many other legal jurisdictions and not a solid foundation for cooperation.

In conclusion, the panel observed that British and European law has also so far held up and blocked the extraditions of Gary McKinnon and Laurie Love to the United States in the ‘interests of justice’. As a consequence of these and similar obstacles to transnational cooperation, it is likely that jurisdictional clashes in these transnational cybercrime cases will become more commonplace – particularly if the scope for cybercrime increases with the ongoing spread of the internet and new communication technologies.

And perhaps, paradoxically, it might be the case that out of these clashes, new methods, techniques and agreements on transnational policing and law enforcement will have to emerge.

Daniel Bennett, Research Assistant, Information Law and Policy Centre

Submissions to the Law Commission’s consultation on ‘Official Data Protection’: Global Witness

The Law Commission has invited interested parties to write submissions commenting on the proposals outlined in a consultation report on ‘official data protection’. The consultation period closed for submissions on 3 May, although some organisations have been given an extended deadline. (For more detailed background on the Law Commission’s work please see the first post in this series). 

The Information Law and Policy Centre is re-publishing some of the submissions written by stakeholders and interested parties in response to the Law Commission’s consultation report (pdf) to our blog. In due course, we will collate the submissions on a single resource page. If you have written a submission for the consultation you would like (re)-published please contact us

Please note that none of the published submissions reflect the views of the Information Law and Policy Centre which aims to promote and facilitate cross-disciplinary law and policy research, in collaboration with a variety of national and international institutions.

The twelfth submission in our series is the response submitted by Global Witness.

Download (PDF, 332KB)

(Previous submissions published in this series: Open Rights GroupCFOI and Article 19The Courage FoundationLibertyPublic Concern at WorkThe Institute of Employment RightsTransparency International UKNational Union of Journalists, and English Pen, Reporters Without Borders and Index on Censorship, the Open Government Network, and Lorna Woods, Lawrence McNamara and Judith Townend.)

Any reform to the law on Official Secrets must provide robust protection for public interest disclosures and open justice

Lorna Woods, Lawrence McNamara and Judith Townend – affiliated members of the Information Law and Policy Centre – comment on the Law Commission’s proposals to reform ‘Protection of Official Data’. This blog post accompanies their submission to the Law Commission’s consultation, and is part of our series documenting the submissions.  

With the election now in the past, the wheels of government are beginning to grind again. While most eyes are on Brussels, it is important that the bright lights of Brexit do not draw attention away from other work that is resuming and ongoing. Among it, the Law Commission will continue its project that considers the revision of the laws on Official Secrets, with its final proposals expected later this year.

The initiative to consider existing law on the ‘Protection of Official Data’ – primarily the Official Secrets Acts 1911-1989 – began with the Cabinet Office when it referred the project to the Commission in 2015. A 315-page consultation paper with provisional recommendations was published by the Commission in spring 2017. It will be the Government that will decide how to proceed, and whether to introduce new draft legislation, once the final recommendations are made.  (No reference to Official Data or Official Secrets was made in the Queen’s Speech).

The Law Commission, which came under – perhaps unanticipated – fire from the media and NGOs for the nature of the proposed reform plans and a perceived lack of consultation before the first report was published, has since been engaging with a wider range of groups and individuals through in-person meetings. It has also published a ‘myth-buster’ on Twitter in response to some of the reports, and shared more explanatory material ahead of meetings.

However, this has not assuaged concerns, with strong reservations about the proposals expressed in a range of written industry and third sector written submissions, a number of which are available online.

We are among those who have met with the Law Commission since publication of its report, and in our written submission we focus on aspects of the consultation that relate to freedom of expression and the public interest: the public interest defence; the Independent Statutory Commissioner model; and access to court proceedings. We also address the related issue of the conduct of trials.

In important respects our position on these issues is often substantially at odds with the Law Commission’s provisional views. In summary:

  • We reject the Commission’s view that the difficulties surrounding a public interest defence outweigh its benefits. We recommend that there should be a public interest defence in official secrets offences for all those engaged in journalism in the public interest, including sources;
  • We recommend that any reformed system should not rely solely on an independent Statutory Commissioner (as the Commission suggests). It should instead adopt the Canadian model of an Independent Commissioner in addition to a public interest defence for official secrets offences;
  • We agree that the Commission’s proposed test of necessity for closing public access to proceedings is an improvement on the current law, but we argue that the proposed change alone falls short of what is required to adhere to the rule of law;
  • We disagree with the Commission’s tentative suggestion that the availability of closed material procedures in civil cases, now permitted under the Justice and Security Act 2013, should prompt a wider review of the ways that fair trial rights and safeguarding of secrets is balanced in criminal cases. On the contrary, there is no good reason at this point in time to embark on a wider review of criminal process and national security issues.

Our full submission can be read at this link.

As a research exercise, independent from the official consultation, the Information Law and Policy Centre at the Institute of Advanced Legal Studies is continuing to publish submissions on this topic: if you or your organisation would like to share yours in this way, please contact Dr Daniel Bennett at daniel.bennett@sas.ac.uk.

Professor Lorna Woods is professor in law, University of Essex; Dr Lawrence McNamara is a reader in law, University of York and senior research fellow at the Bingham Centre for the Rule of Law; and Dr Judith Townend, is a lecturer in media and information law at the University of Sussex.

They are also affiliated to the Information Law and Policy Centre (ILPC) at the Institute of Advanced Legal Studies. The views expressed by the authors in this report are made in a personal capacity and do not represent the views of the ILPC.

Submissions to the Law Commission’s consultation on ‘Official Data Protection’: Lorna Woods, Lawrence McNamara and Judith Townend

The Law Commission has invited interested parties to write submissions commenting on the proposals outlined in a consultation report on ‘official data protection’. The consultation period closed for submissions on 3 May, although some organisations have been given an extended deadline. (For more detailed background on the Law Commission’s work please see the first post in this series). 

The Information Law and Policy Centre is re-publishing some of the submissions written by stakeholders and interested parties in response to the Law Commission’s consultation report (pdf) to our blog. In due course, we will collate the submissions on a single resource page. If you have written a submission for the consultation you would like (re)-published please contact us

Please note that none of the published submissions reflect the views of the Information Law and Policy Centre which aims to promote and facilitate cross-disciplinary law and policy research, in collaboration with a variety of national and international institutions.

The eleventh submission in our series is the response submitted by Professor Lorna Woods (professor in law, University of Essex); Dr Lawrence McNamara (reader in law, University of York and senior research fellow at the Bingham Centre for the Rule of Law); and Dr Judith Townend, (lecturer in media and information law at the University of Sussex). They are all affiliated members of the Information Law and Policy Centre. The views expressed by the authors in this report are made in a personal capacity and do not represent the views of the ILPC. Their submission was accompanied by a blog post

(Previous submissions published in this series: Open Rights Group, CFOI and Article 19, The Courage FoundationLibertyPublic Concern at WorkThe Institute of Employment RightsTransparency International UKNational Union of Journalists, and English Pen, Reporters Without Borders and Index on Censorship, and the Open Government Network.)

Download (PDF, 718KB)

Submissions to the Law Commission’s consultation on ‘Official Data Protection’: The Open Government Network

The Law Commission has invited interested parties to write submissions commenting on the proposals outlined in a consultation report on ‘official data protection’. The consultation period closed for submissions on 3 May, although some organisations have been given an extended deadline. (For more detailed background on the Law Commission’s work please see the first post in this series). 

The Information Law and Policy Centre is re-publishing some of the submissions written by stakeholders and interested parties in response to the Law Commission’s consultation report (pdf) to our blog. In due course, we will collate the submissions on a single resource page. If you have written a submission for the consultation you would like (re)-published please contact us

Please note that none of the published submissions reflect the views of the Information Law and Policy Centre which aims to promote and facilitate cross-disciplinary law and policy research, in collaboration with a variety of national and international institutions.

The tenth submission in our series is the response submitted by Involve on behalf of the Open Government Network.    

(Previous submissions published in this series: Open Rights Group, CFOI and Article 19, The Courage FoundationLibertyPublic Concern at WorkThe Institute of Employment RightsTransparency International UKNational Union of Journalists, and English Pen, Reporters Without Borders and Index on Censorship)

Download (PDF, 501KB)

Submissions to the Law Commission’s consultation on ‘Official Data Protection’: English Pen, Reporters Without Borders and Index on Censorship

The Law Commission has invited interested parties to write submissions commenting on the proposals outlined in a consultation report on ‘official data protection’. The consultation period closed for submissions on 3 May, although some organisations have been given an extended deadline. (For more detailed background on the Law Commission’s work please see the first post in this series). 

The Information Law and Policy Centre is re-publishing some of the submissions written by stakeholders and interested parties in response to the Law Commission’s consultation report (pdf) to our blog. In due course, we will collate the submissions on a single resource page. If you have written a submission for the consultation you would like (re)-published please contact us

Please note that none of the published submissions reflect the views of the Information Law and Policy Centre which aims to promote and facilitate cross-disciplinary law and policy research, in collaboration with a variety of national and international institutions.

The ninth submission in our series is the joint response submitted by English Pen, Reporters Without Borders and Index on Censorship. Their joint submission was accompanied by a press release calling for the inclusion of a ‘public interest defence’ as part of the reforms.   

(Previous submissions published in this series: Open Rights Group, CFOI and Article 19, The Courage FoundationLibertyPublic Concern at WorkThe Institute of Employment RightsTransparency International UK and the National Union of Journalists.)

Download (PDF, 462KB)