Category Archives: Surveillance

The Surveillance Triangle: Authorities, Data subjects and Means

Readers of the Information and Law Policy Centre blog may be interested in the following event held by Maastricht University.

The academic conference addresses the question as to how surveillance is perceived from the perspective of three main stakeholders involved in the process of surveillance: surveillance authorities, data subjects and companies. The conference tackles precisely this issue. It brings together the perspective of those stakeholders and provides informative insights of academics from both the EU and the US on how these issues interplay in different contexts.

Programme

9:30-10:00 Registration
10:00-10:30 Keynote speech:
The EU’s approach towards surveillance”, Philippe Renaudière, Data Protection Officer, European Commission
10:30-12:00 Panel I: The perspective of the authorities who exercise surveillance
12:00-13:30 Lunch
13:30-15:00 Panel II: The perspective of Individuals subject to surveillance
15:00-15:30 Coffee break
15:30-17:00 Panel III: Means of Surveillance
17:00-17:30 Closing remarks, Giovanni Buttarelli, EDPS
17:30-18:00 Wrap-up
18:00 Network Cocktail

Submissions to the Law Commission’s consultation on ‘Official Data Protection’: Guardian News and Media

The Law Commission has invited interested parties to write submissions commenting on the proposals outlined in a consultation report on ‘official data protection’. The consultation period closed for submissions on 3 May, although some organisations have been given an extended deadline. (For more detailed background on the Law Commission’s work please see the first post in this series). 

The Information Law and Policy Centre is re-publishing some of the submissions written by stakeholders and interested parties in response to the Law Commission’s consultation report (pdf) to our blog. In due course, we will collate the submissions on a single resource page. If you have written a submission for the consultation you would like (re)-published please contact us

Please note that none of the published submissions reflect the views of the Information Law and Policy Centre which aims to promote and facilitate cross-disciplinary law and policy research, in collaboration with a variety of national and international institutions.

The fourteenth submission in our series is the response submitted by Guardian News and Media. The executive summary outlines that Guardian News and Media is “very concerned that the effect of the measures set out in the consultation paper (‘CP’) would be to make it easier for the government to severely limit the reporting of public interest stories”.

Download (PDF, 912KB)

(Previous submissions published in this series: Open Rights GroupCFOI and Article 19The Courage FoundationLibertyPublic Concern at WorkThe Institute of Employment RightsTransparency International UKNational Union of Journalists, and English Pen, Reporters Without Borders and Index on Censorship, the Open Government NetworkLorna Woods, Lawrence McNamara and Judith Townend, Global Witness, and the British Computer Society.)

Submissions to the Law Commission’s consultation on ‘Official Data Protection’: British Computer Society

The Law Commission has invited interested parties to write submissions commenting on the proposals outlined in a consultation report on ‘official data protection’. The consultation period closed for submissions on 3 May, although some organisations have been given an extended deadline. (For more detailed background on the Law Commission’s work please see the first post in this series). 

The Information Law and Policy Centre is re-publishing some of the submissions written by stakeholders and interested parties in response to the Law Commission’s consultation report (pdf) to our blog. In due course, we will collate the submissions on a single resource page. If you have written a submission for the consultation you would like (re)-published please contact us

Please note that none of the published submissions reflect the views of the Information Law and Policy Centre which aims to promote and facilitate cross-disciplinary law and policy research, in collaboration with a variety of national and international institutions.

The thirteenth submission in our series is the response submitted by the British Computer Society.

Download (PDF, 829KB)

(Previous submissions published in this series: Open Rights GroupCFOI and Article 19The Courage FoundationLibertyPublic Concern at WorkThe Institute of Employment RightsTransparency International UKNational Union of Journalists, and English Pen, Reporters Without Borders and Index on Censorship, the Open Government NetworkLorna Woods, Lawrence McNamara and Judith Townend, and Global Witness.)

Submissions to the Law Commission’s consultation on ‘Official Data Protection’: Global Witness

The Law Commission has invited interested parties to write submissions commenting on the proposals outlined in a consultation report on ‘official data protection’. The consultation period closed for submissions on 3 May, although some organisations have been given an extended deadline. (For more detailed background on the Law Commission’s work please see the first post in this series). 

The Information Law and Policy Centre is re-publishing some of the submissions written by stakeholders and interested parties in response to the Law Commission’s consultation report (pdf) to our blog. In due course, we will collate the submissions on a single resource page. If you have written a submission for the consultation you would like (re)-published please contact us

Please note that none of the published submissions reflect the views of the Information Law and Policy Centre which aims to promote and facilitate cross-disciplinary law and policy research, in collaboration with a variety of national and international institutions.

The twelfth submission in our series is the response submitted by Global Witness.

Download (PDF, 332KB)

(Previous submissions published in this series: Open Rights GroupCFOI and Article 19The Courage FoundationLibertyPublic Concern at WorkThe Institute of Employment RightsTransparency International UKNational Union of Journalists, and English Pen, Reporters Without Borders and Index on Censorship, the Open Government Network, and Lorna Woods, Lawrence McNamara and Judith Townend.)

Submissions to the Law Commission’s consultation on ‘Official Data Protection’: National Union of Journalists (NUJ)

The Law Commission has invited interested parties to write submissions commenting on the proposals outlined in a consultation report on ‘official data protection’. The consultation period closed for submissions on 3 May, although some organisations have been given an extended deadline. (For more detailed background on the Law Commission’s work please see the first post in this series). 

The Information Law and Policy Centre is re-publishing some of the submissions written by stakeholders and interested parties in response to the Law Commission’s consultation report (pdf) to our blog. In due course, we will collate the submissions on a single resource page. If you have written a submission for the consultation you would like (re)-published please contact us

Please note that none of the published submissions reflect the views of the Information Law and Policy Centre which aims to promote and facilitate cross-disciplinary law and policy research, in collaboration with a variety of national and international institutions.

The eighth submission in our series is the response submitted by the National Union of Journalists (NUJ). The NUJ’s submission was accompanied by a press release arguing “that editorial matters relating to national security, official secrets and the public interest are decisions best left to journalists.”

(Previous submissions published in this series: Open Rights Group, CFOI and Article 19, The Courage FoundationLibertyPublic Concern at WorkThe Institute of Employment Rights and Transparency International UK)

Download (PDF, 281KB)

Information Law and Policy in the General Election Manifestos

With the General Election fast-approaching, we have collected together a few blog posts from around the web that consider what the party manifestos say about information law and policy.

Paul Magrath, Head of Product Development and Online Content, discusses proposed changes to Media law as part of a more general review of law and justice policies. He identifies newspaper regulation as the big issue here: “Specifically,

  1. Should the Leveson inquiry recommendations be enforced in full, including the costs provisions of section 40 of the Crime and Courts Act 2013
  2. Should the second part of the Leveson inquiry go ahead?”

Chris Pounder has picked out all the relevant sections in the manifestos which relate to data protection and human rights (Article 8 and 10) issues. He says:

“The main controversy relates to the Conservative manifesto which hints at leaving the ECHR after the next General Election in 2022 and raises the prospect of the establishment of a national population register.”

Christopher Knight at 11KBW provides an entertaining look at the data protection elements of the manifestos (while also passing comment on the various aesthetic features). He considers the Lib Dems pledge to repeal or substantially re-write the Investigatory Powers Act 2016; Labour’s commitment to “strong data protection rules to protect personal privacy”; and the Conservatives’ “Digital Charter” as well as their proposals for the National Data Guardian for Health and Social Care, and a new “expert Data Use and Ethics Commission”.

If you like election manifestos presented infographically, then Rights Info has jazzed up the relevant sections on human rights for you. You’ll find ‘Privacy and Free Speech’ at the bottom of the section for each of the parties.

If you want to find out more about the approach taken to cybersecurity in the manifestos, please do come along to our free cybersecurity event this Monday where our expert panel will be looking at party policies and the fall out from the recent WannaCry attack. You can book online here.

Event: Challenges of the New Transnational Cyber Policing

This event took place at the Information Law and Policy Centre at the Institute of Advanced Legal Studies on Monday, 26 June 2017.

Date:
26 June 2017
Time: 
17:00 to 19:00
Venue:
Institute of Advanced Legal Studies, 17 Russell Square, London WC1B 5DR
Book: Online on the SAS events website. (Event is free but registration is required.)

Cryptomarkets, Computer Hacking and Child Exploitation Material: Challenges of the New Transnational Cyber Policing

Speaker: Dr Monique Mann
Discussant: Professor Ian Walden

Description:

A seminar discussion by Dr Monique Mann, School of Justice, Faculty of Law,  Queensland University of Technology, Brisbane, Australia.

Cyberspace presents new opportunities for offending and new challenges for policing. Both the transnational nature of the internet and anonymising dark net infrastructure challenge conventional policing methods, prompting the introduction of enhanced investigatory and intelligence capabilities, such as Computer Network Operations (CNOs), to detect and investigate crimes with an online dimension. These new forms of online surveillance and policing transcend multiple legal jurisdictions, and test established procedures governing access to, and the admissibility of, online evidence.

This seminar will summarise three research projects concerning online policing to highlight a range of emerging challenges and issues.

First, a discussion of the dismantling of the Silk Road crypto market will be used to demonstrate how US conspiracy law drives transnational cyber investigations and how these processes reflect ideological conceptions of justice and due process to legitimise US extraterritorial surveillance and access to digital evidence.

Second, an analysis of high profile cases of computer hackers who have been sought for extradition by the US from the UK are presented. These reveal important legal and human rights considerations where the alleged unlawful conduct occurred exclusively online and concurrent jurisdiction applies at both at the source and location of harm.

Finally, the Playpen clandestine network used for the distribution of child exploitation material is considered as these cases offer crucial insights into new and emerging developments such as recent amendments to US Criminal Procedure that authorise extraterritorial governmental hacking.

The seminar will conclude with a discussion of the implications for future criminological research, online policing and transnational criminal law and justice reform. This includes recognition of the importance of the shifting legal geographies associated with strategies for accessing digital evidence and due process safeguards in extraterritorial online criminal investigations.

A wine reception will follow our discussion.

Speaker Details:

Dr Monique Mann is a lecturer at the School of Justice, Faculty of Law, at the Queensland University of Technology in Brisbane, Australia. She is also a member of the Crime and Justice Research Centre and the Intellectual Property and Innovation Law Research Group at QUT Law.

Professor Ian Walden is Professor of Information and Communications Law and head of the Institute of Computer and Communications Law (ICCL) in the Centre for Commercial Law Studies, Queen Mary University of London.

Where to after Watson? The challenges and future of mass data retention in the UK

CJEUAs our lives have increasingly become data-driven and digital by default, finding the balance between privacy and national security/law enforcement has become one of the central legal, political, and ethical debates of the information age. On 11 May, the Director of the Information Law and Policy Centre, Dr Nora Ni Loideain joined a panel of experts at a Bingham Centre event to discuss the latest round in the legal debate – the European Court of Justice’s (CJEU) recent ruling in a case brought by Tom Watson MP against the UK government in regard to the legality of the Data Retention and Investigatory Powers Act (DRIPA). Although DRIPA has now expired, the CJEU Grand Chamber judgment delivered last December also calls into question the legal status of the legislation which replaced DRIPA in 2016, the Investigatory Powers Act (IP Act).

According to the panel chair, Professor Lorna Woods, the CJEU judgment formed what might be considered a “strong view” on privacy and regarded mass data retention as “disproportionate” compared to citizens’ rights to privacy. In this regard, the ruling continued in the same vein as the landmark 2014 Digital Rights Ireland judgment, which struck down the EU’s instrument for mandatory mass data retention – the Data Retention Directive – and declared it to be incompatible with the right to respect for private life and data protection protected by Articles 7 and 8 of the EU Charter of Fundamental Rights.

As we wait for the UK Court of Appeal to interpret the Watson/Tele2 judgment in relation to UK law, the panel considered what the Grand Chamber’s judgment might mean for mass data retention. In particular, Professor Lorna Woods put it to the panel and audience to consider whether the scope of data retention currently provided for under the IP Act 2016 was still possible in light of the reasoning of the CJEU Grand Chamber’s judgment. Continue reading

Back doors, black boxes and #IPAct technical capability regulations

In the following post, Graham Smith, a member of the Information Law and Policy Centre’s Advisory Board, discusses the government’s consultation on the technical capability regulations in the Investigatory Powers Act 2016. He highlights the increased scope of the technical regulations in the IPAct when compared with the regulations issued in 2002 under the Regulation of Investigatory Powers Act (RIPA). From this starting point, he considers whether the government could or would use these new powers to compel companies, organisations and institutions to install ‘black boxes’ to collect communications data and/or provide a ‘back door’ to communication services offering end-to-end encryption (such as WhatsApp). This post was first published on Smith’s Cyberleagle blog.

The Home Office has launched an under-the-radar consultation on a critical step in the implementation of the Investigatory Powers Act (IPAct): the regulations on technical capability notices. The Open Rights Group has recently revealed details of the proposed regulations.

Under the IPAct a technical capability notice can be issued to a telecommunications operator by the Secretary of State, with the approval of a Judicial Commissioner. A notice would require the operator to install specified technical facilities. The objective is to ensure that if the operator subsequently receives, say, an interception warrant it has the technical ability to comply with it. A technical capability notice does not itself require an operator to conduct an interception. It prepares the ground in advance by ensuring the operator has equipment in place.

The proposed regulations will spell out what kind of facilities a technical capability notice can require a telecommunications operator to install. For example, the consultation touches on one of the many controversial topics in the IPAct: the possible use of technical capability notices in effect to prevent telecommunications operators from providing users with end to end encryption facilities.

Telecommunications operators are widely defined in the IPAct to include not only telcos, ISPs and the like but also web e-mail, social media platforms, cloud hosts and over the top communications providers.

Technical capability notices already exist, but in a much more limited form, under the Regulation of Investigatory Powers Act 2000 (RIPA). S.12 of RIPA enacted a three layer scheme similar to that under the new IPAct:

  • first the statute, laying out in broad terms the Home Office’s powers to require an operator to install an interception capability;
  • second, regulations made under the Act. These put more flesh on the obligations and potentially narrow the categories of provider who could be made subject to a notice;
  • third, technical capability notices themselves, issued by the Secretary of State to individual service providers (but not necessarily to all of those within scope of the Act or the regulations).

These pave the way for actual interception warrants, requiring operators to carry out particular interceptions.

The main change with the IPAct is that technical capability notices are no longer limited to interception. They apply to three of the powers under the Act: interception (targeted, thematic and bulk), communications data acquisition (ordinary and bulk) and equipment interference (targeted, thematic and bulk).

Another high level change is that the IPAct allows technical capability notices to be given to private as well as to public telecommunications providers. The draft regulations reflect this expansion.

Also, unlike under RIPA, IPAct technical capability notices have to be approved by a Judicial Commissioner.

The proposed IPAct regulations are in many respects similar to the existing 2002 regulations made under RIPA. However there are some significant differences.

Continue reading