Category Archives: National security

Submissions to the Law Commission’s consultation on ‘Official Data Protection’: Guardian News and Media

The Law Commission has invited interested parties to write submissions commenting on the proposals outlined in a consultation report on ‘official data protection’. The consultation period closed for submissions on 3 May, although some organisations have been given an extended deadline. (For more detailed background on the Law Commission’s work please see the first post in this series). 

The Information Law and Policy Centre is re-publishing some of the submissions written by stakeholders and interested parties in response to the Law Commission’s consultation report (pdf) to our blog. In due course, we will collate the submissions on a single resource page. If you have written a submission for the consultation you would like (re)-published please contact us

Please note that none of the published submissions reflect the views of the Information Law and Policy Centre which aims to promote and facilitate cross-disciplinary law and policy research, in collaboration with a variety of national and international institutions.

The fourteenth submission in our series is the response submitted by Guardian News and Media. The executive summary outlines that Guardian News and Media is “very concerned that the effect of the measures set out in the consultation paper (‘CP’) would be to make it easier for the government to severely limit the reporting of public interest stories”.

[gview file=”http://infolawcentre.blogs.sas.ac.uk/files/2017/08/GNM-Law-Commission-OSA-Response-FINAL-July-2017-1.pdf”]

(Previous submissions published in this series: Open Rights GroupCFOI and Article 19The Courage FoundationLibertyPublic Concern at WorkThe Institute of Employment RightsTransparency International UKNational Union of Journalists, and English Pen, Reporters Without Borders and Index on Censorship, the Open Government NetworkLorna Woods, Lawrence McNamara and Judith Townend, Global Witness, and the British Computer Society.)

Submissions to the Law Commission’s consultation on ‘Official Data Protection’: British Computer Society

The Law Commission has invited interested parties to write submissions commenting on the proposals outlined in a consultation report on ‘official data protection’. The consultation period closed for submissions on 3 May, although some organisations have been given an extended deadline. (For more detailed background on the Law Commission’s work please see the first post in this series). 

The Information Law and Policy Centre is re-publishing some of the submissions written by stakeholders and interested parties in response to the Law Commission’s consultation report (pdf) to our blog. In due course, we will collate the submissions on a single resource page. If you have written a submission for the consultation you would like (re)-published please contact us

Please note that none of the published submissions reflect the views of the Information Law and Policy Centre which aims to promote and facilitate cross-disciplinary law and policy research, in collaboration with a variety of national and international institutions.

The thirteenth submission in our series is the response submitted by the British Computer Society.

[gview file=”http://infolawcentre.blogs.sas.ac.uk/files/2017/08/BCS-OSA-Final-3-May-2017.pdf”]

(Previous submissions published in this series: Open Rights GroupCFOI and Article 19The Courage FoundationLibertyPublic Concern at WorkThe Institute of Employment RightsTransparency International UKNational Union of Journalists, and English Pen, Reporters Without Borders and Index on Censorship, the Open Government NetworkLorna Woods, Lawrence McNamara and Judith Townend, and Global Witness.)

Creating International Frameworks for Data Protection: New Handbook on Data Protection in Humanitarian Action

In this guest post, Dr Christopher Kuner and Massimo Marelli highlight the publication of the new ICRC/Brussels Privacy Hub handbook on data protection in humanitarian action. Christopher Kuner is professor of law and co-director of the Brussels Privacy Hub, Vrije Universiteit Brussel (VUB) and Massimo Marelli is Head of Data Protection Office at the International Committee of the Red Cross (ICRC). This post first appeared on EJIL: Talk!, the blog of the European Journal of International Law.   

Introduction

The collection and processing of personally-identifiable data is central to the work of both international organisations working in the humanitarian sector (IHOs) and non-governmental organisations (NGOs) in protecting and delivering essential aid to hundreds of millions of vulnerable individuals. With the increased adoption of new technologies in recent years, and the increased complexity of data flows and the growth in the number of stakeholders involved in the processing, there has been an increasing need for data protection guidelines that IHOs and NGOs can apply in their work. This was highlighted first in the 2013 report by Privacy International entitled: “Aiding Surveillance”, and was also recognised by the International Conference of Privacy and Data Protection Commissioners in its Resolution on Privacy and International Humanitarian Action adopted in Amsterdam in 2015 (Amsterdam Resolution).

This need has led to publication of the new Handbook on Data Protection in Humanitarian Action prepared jointly by the Data Protection Office of the International Committee of the Red Cross (ICRC) and the Brussels Privacy Hub, a research institute of the Vrije Universiteit Brussel (VUB) in Brussels. It has been drafted in consultation with stakeholders from the global data protection and international humanitarian communities, including IHOs and humanitarian practitioners, data protection authorities, academics, NGOs, and experts on relevant topics. The drafting committee for the Handbook also included the Swiss Data Protection Authority; the Office of the European Data Protection Supervisor (EDPS); the French-speaking Association of Data Protection Authorities (AFAPDP); the UN High Commissioner for Refugees (UNHCR); the International Organisation for Migration (IOM); and the International Federation of Red Cross and Red Crescent Societies (IFRC).

Content of the Handbook

The Handbook addresses questions of common concern in the application of data protection in international humanitarian action, and is addressed to staff of IHOs and NGOs who are involved in the processing of personal data, particularly those in charge of advising on and applying data protection standards. It is hoped that it may also prove useful to other parties, such as data protection authorities, private companies, and others involved in international humanitarian action. Continue reading

Exploring the challenges of the new transnational cyber policing

hacking imageThe development of the Internet has facilitated global communications, new online spaces for the exchange of goods and information, new currencies and online marketplaces, and unprecedented access to information. These new possibilities in ‘cyberspace’ have been exploited for criminal activity and the rising challenge of various forms of ‘cybercrime’ in recent years has been well-documented.

As part of our cyber security and cybercrime seminar series at the Information Law and Policy Centre (ILPC) for 2017, lead speaker Dr Monique Mann explored the new challenges posed for policing and law enforcement by cybercrime and dissected the legal conundrums and human rights considerations raised by criminal activity which crosses international jurisdictions. The panel was also comprised of expert discussant, Professor Ian Walden (Queen Mary University of London), and was chaired by the ILPC’s Director, Dr Nóra Ni Loideain.

Mann’s current research – alongside her colleagues at the Queensland University of Technology and Deakin University – concerns the ‘legal geographies of digital technologies’. Her talk considered three case studies which formed the basis of broader conclusions in relation to the use of extraterritorial legal powers by states (particularly the United States) and the issues raised by extradition processes which have become prominent in several high profile hacking cases.

The Silk Road

Mann’s talk began with an analysis of the FBI’s investigation into the Silk Road – an illicit online marketplace trading drugs and other illegal items operated through the anonymity afforded by the Tor network. Mann stated that the equivalent of $1.2 billion in the cryptocurrency, Bitcoin, was exchanged by Silk Road users during the site’s operation between 2011 and 2013. She highlighted that the FBI’s investigation and attempts to prosecute the leaders of the site were dependent on a range of extraterritorial legal activities.

First, warrants to investigate the online activities of the suspects were issued only after the FBI had already managed to access information from a server in Iceland. It is not clear from public documents how the FBI gained access to this server. Moreover, the warrants – which were also relevant to individual citizens based outside the United States – were granted on the authority of a single US judge.

Secondly, in order to demonstrate conspiracy under the Continuing Criminal Enterprise Act, the FBI sought to access communications between the chief suspect in the case, Ross William Ulbricht, and co-offenders based in Ireland and Australia. This included an attempt by the FBI to access email content from Microsoft servers based in Ireland using a Mutual Legal Assistance Treaty (MLAT) request. Microsoft fought the request and the most recent ruling on this issue has designated the request as an impermissible extraterritorial search.

Finally, the FBI sought to extradite Irish-based suspect, Gary Davis, to the United States in order to face trial for his involvement in the Silk Road site. Taken together, the FBI’s investigative techniques in relation to the Silk Road site raise significant questions around the processes and outcomes of extraterritorial legal activities.

Extradition

Gary Davis’ case was the catalyst for the team to investigate extradition in greater detail as it is has become a central, if exceptional, feature of transnational justice cooperation. Mann and her colleagues have reviewed a number of high profile cases of citizens facing extradition including Davis, Gary McKinnon and Laurie Love. In the past, extradition has primarily been used as a tool to return a suspected criminal to his or her home country after he or she has fled. In the digital age, however, extradition is increasingly being used in cyber crime cases to extradite suspected criminals to a country they may never have even visited as the nature of transnational online offending means their crime effectively takes place in a different location to where they are physically based.

Courts have three options on being presented with an extradition request from another jurisdiction: accept the request and relocate the offender to face trial in the prosecuting country; deny the request altogether; or shift the prosecution to the ‘source of harm’ – i.e. the offender’s location.

Mann pointed out that in the cases of Gary McKinnon and Laurie Love, extradition requests from the United States have triggered protracted legal cases lasting many years as the defendants have (variously) argued that the extradition request infringes their Article 3, 6 and/or 8 rights under the European Convention of Human Rights. The cases have also hinged on the defendants’ physical and mental well-being, particularly in relation to Autistic Spectrum Disorders (emerging research suggests there is a link between online offending and ASDs).

The difficulties and legal complexities of these extradition cases, as well as a concern for the human rights of those involved, led the researchers to question whether it would not be better to shift the legal forum to the source – i.e. to the defendant’s home country.

Attendees at the ILPC seminar, however, highlighted that there are significant obstacles both in terms of cost and willingness to share evidence. It was argued, for example, that the UK was probably not willing to finance McKinnon’s trial here, nor would the US be interested in sharing sensitive information relating to the 73,000 US government computers – including NASA and military facilities – that McKinnon had hacked from his home computer.

Bulk Hacking and Child Exploitation Material

The final feature of extraterritorial law enforcement that Mann highlighted was the use of bulk hacking. These ‘watering hole’ or ‘honeypot’ operations have involved the FBI taking over an illegal website, moving it to a government server, continuing to operate the site, and then using it as a base to hack unsuspecting users.

In the Playpen example which Mann cited, the US government infected more than 8,000 computers in over 120 countries with a single warrant making it the largest known extraterritorial hacking operation. The investigation into Playpen – a site for the exchange of child exploitation material – has sparked 124 cases involving 17 defendants. One of the central legal questions here has been whether such activities constitute a “search” of the site’s users or whether they constitute online tracking.

Defendants have also attempted to argue that the US government has engaged in outrageous conduct in continuing to operate the Playpen website pointing out that during 2 weeks of operation the US government will have distributed 22,000 images of child exploitation material. Although the court in the case argued that the US government did not create the crimes committed, Mann nevertheless raised the question as to whether the ends do justify these means.

Implications and Issues

For Mann, the Silk Road, extradition and bulk hacking case studies focus attention on the role of the United States in the transnational jurisdictional sphere. How far has policing in the context of cybercrime become ‘Americanised’ and at the behest of US agendas (such as the war on drugs)? And what does US law enforcement activity mean for understandings of ‘ownership’ of the internet?

Addressing these points, the panel’s discussant, Professor Ian Walden, a leading expert in information and communications law, stated that the United States’ access to investigative and legal resources will continue to mean it is ‘an important player’ in the prosecution of transnational cybercrime. He also argued that greater efforts at resolving legal conflict and a focus on international cooperation will be required as crime increasingly traverses international boundaries and as jurisdictional claims of countries concurrently expands.

Walden was hopeful that international cooperation could be improved through international aid to raise standards of criminal and procedural law, and he acknowledged that in particularly serious cyber crime offences, such as child exploitation material, there is some harmonisation.

He was not convinced, however, that in the near future there would be any advance in international agreements on cooperation beyond the Council of Europe’s 2001 Convention on Cybercrime. Differing national agendas and legal standards, he said, also create difficulties for international cooperation and legal harmonisation. Walden noted that Kenyan parliamentarians, for example, regard the main ‘cybercrime’ issue as the use of Facebook to accuse them of corruption – an issue which is of little concern in other parts of the world; while in Nigeria, cybercrimes can lead to the death penalty – a sanction that would be unacceptable to many other legal jurisdictions and not a solid foundation for cooperation.

In conclusion, the panel observed that British and European law has also so far held up and blocked the extraditions of Gary McKinnon and Laurie Love to the United States in the ‘interests of justice’. As a consequence of these and similar obstacles to transnational cooperation, it is likely that jurisdictional clashes in these transnational cybercrime cases will become more commonplace – particularly if the scope for cybercrime increases with the ongoing spread of the internet and new communication technologies.

And perhaps, paradoxically, it might be the case that out of these clashes, new methods, techniques and agreements on transnational policing and law enforcement will have to emerge.

Daniel Bennett, Research Assistant, Information Law and Policy Centre

Submissions to the Law Commission’s consultation on ‘Official Data Protection’: Global Witness

The Law Commission has invited interested parties to write submissions commenting on the proposals outlined in a consultation report on ‘official data protection’. The consultation period closed for submissions on 3 May, although some organisations have been given an extended deadline. (For more detailed background on the Law Commission’s work please see the first post in this series). 

The Information Law and Policy Centre is re-publishing some of the submissions written by stakeholders and interested parties in response to the Law Commission’s consultation report (pdf) to our blog. In due course, we will collate the submissions on a single resource page. If you have written a submission for the consultation you would like (re)-published please contact us

Please note that none of the published submissions reflect the views of the Information Law and Policy Centre which aims to promote and facilitate cross-disciplinary law and policy research, in collaboration with a variety of national and international institutions.

The twelfth submission in our series is the response submitted by Global Witness.

[gview file=”http://infolawcentre.blogs.sas.ac.uk/files/2017/07/GW-Letter-to-Law-Commission.pdf”]

(Previous submissions published in this series: Open Rights GroupCFOI and Article 19The Courage FoundationLibertyPublic Concern at WorkThe Institute of Employment RightsTransparency International UKNational Union of Journalists, and English Pen, Reporters Without Borders and Index on Censorship, the Open Government Network, and Lorna Woods, Lawrence McNamara and Judith Townend.)

Any reform to the law on Official Secrets must provide robust protection for public interest disclosures and open justice

Lorna Woods, Lawrence McNamara and Judith Townend – affiliated members of the Information Law and Policy Centre – comment on the Law Commission’s proposals to reform ‘Protection of Official Data’. This blog post accompanies their submission to the Law Commission’s consultation, and is part of our series documenting the submissions.  

With the election now in the past, the wheels of government are beginning to grind again. While most eyes are on Brussels, it is important that the bright lights of Brexit do not draw attention away from other work that is resuming and ongoing. Among it, the Law Commission will continue its project that considers the revision of the laws on Official Secrets, with its final proposals expected later this year.

The initiative to consider existing law on the ‘Protection of Official Data’ – primarily the Official Secrets Acts 1911-1989 – began with the Cabinet Office when it referred the project to the Commission in 2015. A 315-page consultation paper with provisional recommendations was published by the Commission in spring 2017. It will be the Government that will decide how to proceed, and whether to introduce new draft legislation, once the final recommendations are made.  (No reference to Official Data or Official Secrets was made in the Queen’s Speech).

The Law Commission, which came under – perhaps unanticipated – fire from the media and NGOs for the nature of the proposed reform plans and a perceived lack of consultation before the first report was published, has since been engaging with a wider range of groups and individuals through in-person meetings. It has also published a ‘myth-buster’ on Twitter in response to some of the reports, and shared more explanatory material ahead of meetings.

However, this has not assuaged concerns, with strong reservations about the proposals expressed in a range of written industry and third sector written submissions, a number of which are available online.

We are among those who have met with the Law Commission since publication of its report, and in our written submission we focus on aspects of the consultation that relate to freedom of expression and the public interest: the public interest defence; the Independent Statutory Commissioner model; and access to court proceedings. We also address the related issue of the conduct of trials.

In important respects our position on these issues is often substantially at odds with the Law Commission’s provisional views. In summary:

  • We reject the Commission’s view that the difficulties surrounding a public interest defence outweigh its benefits. We recommend that there should be a public interest defence in official secrets offences for all those engaged in journalism in the public interest, including sources;
  • We recommend that any reformed system should not rely solely on an independent Statutory Commissioner (as the Commission suggests). It should instead adopt the Canadian model of an Independent Commissioner in addition to a public interest defence for official secrets offences;
  • We agree that the Commission’s proposed test of necessity for closing public access to proceedings is an improvement on the current law, but we argue that the proposed change alone falls short of what is required to adhere to the rule of law;
  • We disagree with the Commission’s tentative suggestion that the availability of closed material procedures in civil cases, now permitted under the Justice and Security Act 2013, should prompt a wider review of the ways that fair trial rights and safeguarding of secrets is balanced in criminal cases. On the contrary, there is no good reason at this point in time to embark on a wider review of criminal process and national security issues.

Our full submission can be read at this link.

As a research exercise, independent from the official consultation, the Information Law and Policy Centre at the Institute of Advanced Legal Studies is continuing to publish submissions on this topic: if you or your organisation would like to share yours in this way, please contact Dr Daniel Bennett at daniel.bennett@sas.ac.uk.

Professor Lorna Woods is professor in law, University of Essex; Dr Lawrence McNamara is a reader in law, University of York and senior research fellow at the Bingham Centre for the Rule of Law; and Dr Judith Townend, is a lecturer in media and information law at the University of Sussex.

They are also affiliated to the Information Law and Policy Centre (ILPC) at the Institute of Advanced Legal Studies. The views expressed by the authors in this report are made in a personal capacity and do not represent the views of the ILPC.

Submissions to the Law Commission’s consultation on ‘Official Data Protection’: The Open Government Network

The Law Commission has invited interested parties to write submissions commenting on the proposals outlined in a consultation report on ‘official data protection’. The consultation period closed for submissions on 3 May, although some organisations have been given an extended deadline. (For more detailed background on the Law Commission’s work please see the first post in this series). 

The Information Law and Policy Centre is re-publishing some of the submissions written by stakeholders and interested parties in response to the Law Commission’s consultation report (pdf) to our blog. In due course, we will collate the submissions on a single resource page. If you have written a submission for the consultation you would like (re)-published please contact us

Please note that none of the published submissions reflect the views of the Information Law and Policy Centre which aims to promote and facilitate cross-disciplinary law and policy research, in collaboration with a variety of national and international institutions.

The tenth submission in our series is the response submitted by Involve on behalf of the Open Government Network.    

(Previous submissions published in this series: Open Rights Group, CFOI and Article 19, The Courage FoundationLibertyPublic Concern at WorkThe Institute of Employment RightsTransparency International UKNational Union of Journalists, and English Pen, Reporters Without Borders and Index on Censorship)

[gview file=”http://infolawcentre.blogs.sas.ac.uk/files/2017/06/Response-to-the-consultation-Protecting-Official-Data-On-behalf-of-the-OGN.pdf”]

Submissions to the Law Commission’s consultation on ‘Official Data Protection’: National Union of Journalists (NUJ)

The Law Commission has invited interested parties to write submissions commenting on the proposals outlined in a consultation report on ‘official data protection’. The consultation period closed for submissions on 3 May, although some organisations have been given an extended deadline. (For more detailed background on the Law Commission’s work please see the first post in this series). 

The Information Law and Policy Centre is re-publishing some of the submissions written by stakeholders and interested parties in response to the Law Commission’s consultation report (pdf) to our blog. In due course, we will collate the submissions on a single resource page. If you have written a submission for the consultation you would like (re)-published please contact us

Please note that none of the published submissions reflect the views of the Information Law and Policy Centre which aims to promote and facilitate cross-disciplinary law and policy research, in collaboration with a variety of national and international institutions.

The eighth submission in our series is the response submitted by the National Union of Journalists (NUJ). The NUJ’s submission was accompanied by a press release arguing “that editorial matters relating to national security, official secrets and the public interest are decisions best left to journalists.”

(Previous submissions published in this series: Open Rights Group, CFOI and Article 19, The Courage FoundationLibertyPublic Concern at WorkThe Institute of Employment Rights and Transparency International UK)

[gview file=”http://infolawcentre.blogs.sas.ac.uk/files/2017/06/NUJ-Law-Commission-submission-June-2017.pdf”]

Submissions to the Law Commission’s consultation on ‘Official Data Protection’: Transparency International UK

The Law Commission has invited interested parties to write submissions commenting on the proposals outlined in a consultation report on ‘official data protection’. The consultation period closed for submissions on 3 May, although some organisations have been given an extended deadline. (For more detailed background on the Law Commission’s work please see the first post in this series). 

The Information Law and Policy Centre is re-publishing some of the submissions written by stakeholders and interested parties in response to the Law Commission’s consultation report (pdf) to our blog. In due course, we will collate the submissions on a single resource page. If you have written a submission for the consultation you would like (re)-published please contact us

Please note that none of the published submissions reflect the views of the Information Law and Policy Centre which aims to promote and facilitate cross-disciplinary law and policy research, in collaboration with a variety of national and international institutions.

The seventh submission in our series is the response submitted by Transparency International UK

(Previous submissions published in this series: Open Rights Group, CFOI and Article 19, The Courage FoundationLibertyPublic Concern at Work and The Institute of Employment Rights)

[gview file=”http://infolawcentre.blogs.sas.ac.uk/files/2017/06/Protection-of-official-data-TI-UK-submission.pdf”]

Submissions to the Law Commission’s consultation on ‘Official Data Protection’: The Institute of Employment Rights

The Law Commission has invited interested parties to write submissions commenting on the proposals outlined in a consultation report on ‘official data protection’. The consultation period closed for submissions on 3 May, although some organisations have been given an extended deadline. (For more detailed background on the Law Commission’s work please see the first post in this series). 

The Information Law and Policy Centre is re-publishing some of the submissions written by stakeholders and interested parties in response to the Law Commission’s consultation report (pdf) to our blog. In due course, we will collate the submissions on a single resource page. If you have written a submission for the consultation you would like (re)-published please contact us

Please note that none of the published submissions reflect the views of the Information Law and Policy Centre which aims to promote and facilitate cross-disciplinary law and policy research, in collaboration with a variety of national and international institutions.

The sixth submission in our series is the response submitted by The Institute of Employment Rights. The IER’s submission was written by Catherine Hobby, Senior Lecturer in Law at the University of East London, and was first published here on their website.

(Previous submissions published in this series: Open Rights Group, CFOI and Article 19, The Courage FoundationLiberty and Public Concern at Work)

[gview file=”http://infolawcentre.blogs.sas.ac.uk/files/2017/06/IER-Submission-Protection-of-Official-Data.pdf”]