Tag Archives: surveillance

British government’s new ‘anti-fake news’ unit has been tried before – and it got out of hand

File 20180125 107940 14x31mj.jpg?ixlib=rb 1.1
 

In this guest post, Dan Lomas, Programme Leader, MA Intelligence and Security Studies, University of Salford, explores the British government’s new ‘anti-fake news’ unit.

The decision to set up a new National Security Communications Unit to counter the growth of “fake news” is not the first time the UK government has devoted resources to exploit the defensive and offensive capabilities of information. A similar thing was tried in the Cold War era, with mixed results.

The planned unit has emerged as part of a wider review of defence capabilities. It will reportedly be dedicated to “combating disinformation by state actors and others” and was agreed at a meeting of the National Security Council (NSC).

As a spokesperson for UK prime minister Theresa May told journalists:

We are living in an era of fake news and competing narratives. The government will respond with more and better use of national security communications to tackle these interconnected, complex challenges.

 

Continue reading

How websites watch your every move and ignore privacy settings

File 20171122 6055 jrvkjw.jpg?ixlib=rb 1.1

In this guest post, Yijun Yu, Senior Lecturer, Department of Computing and Communications, The Open University examines the world’s top websites and their routine tracking of a user’s every keystroke, mouse movement and input into a web form – even if it’s later deleted.

Hundreds of the world’s top websites routinely track a user’s every keystroke, mouse movement and input into a web form – even before it’s submitted or later abandoned, according to the results of a study from researchers at Princeton University.

And there’s a nasty side-effect: personal identifiable data, such as medical information, passwords and credit card details, could be revealed when users surf the web – without them knowing that companies are monitoring their browsing behaviour. It’s a situation that should alarm anyone who cares about their privacy.

The Princeton researchers found it was difficult to redact personally identifiable information from browsing behaviour records – even, in some instances, when users have switched on privacy settings such as Do Not Track.

Continue reading

The Surveillance Triangle: Authorities, Data subjects and Means

Readers of the Information and Law Policy Centre blog may be interested in the following event held by Maastricht University.

The academic conference addresses the question as to how surveillance is perceived from the perspective of three main stakeholders involved in the process of surveillance: surveillance authorities, data subjects and companies. The conference tackles precisely this issue. It brings together the perspective of those stakeholders and provides informative insights of academics from both the EU and the US on how these issues interplay in different contexts.

Programme

9:30-10:00 Registration
10:00-10:30 Keynote speech:
The EU’s approach towards surveillance”, Philippe Renaudière, Data Protection Officer, European Commission
10:30-12:00 Panel I: The perspective of the authorities who exercise surveillance
12:00-13:30 Lunch
13:30-15:00 Panel II: The perspective of Individuals subject to surveillance
15:00-15:30 Coffee break
15:30-17:00 Panel III: Means of Surveillance
17:00-17:30 Closing remarks, Giovanni Buttarelli, EDPS
17:30-18:00 Wrap-up
18:00 Network Cocktail

Back doors, black boxes and #IPAct technical capability regulations

In the following post, Graham Smith, a member of the Information Law and Policy Centre’s Advisory Board, discusses the government’s consultation on the technical capability regulations in the Investigatory Powers Act 2016. He highlights the increased scope of the technical regulations in the IPAct when compared with the regulations issued in 2002 under the Regulation of Investigatory Powers Act (RIPA). From this starting point, he considers whether the government could or would use these new powers to compel companies, organisations and institutions to install ‘black boxes’ to collect communications data and/or provide a ‘back door’ to communication services offering end-to-end encryption (such as WhatsApp). This post was first published on Smith’s Cyberleagle blog.

The Home Office has launched an under-the-radar consultation on a critical step in the implementation of the Investigatory Powers Act (IPAct): the regulations on technical capability notices. The Open Rights Group has recently revealed details of the proposed regulations.

Under the IPAct a technical capability notice can be issued to a telecommunications operator by the Secretary of State, with the approval of a Judicial Commissioner. A notice would require the operator to install specified technical facilities. The objective is to ensure that if the operator subsequently receives, say, an interception warrant it has the technical ability to comply with it. A technical capability notice does not itself require an operator to conduct an interception. It prepares the ground in advance by ensuring the operator has equipment in place.

The proposed regulations will spell out what kind of facilities a technical capability notice can require a telecommunications operator to install. For example, the consultation touches on one of the many controversial topics in the IPAct: the possible use of technical capability notices in effect to prevent telecommunications operators from providing users with end to end encryption facilities.

Telecommunications operators are widely defined in the IPAct to include not only telcos, ISPs and the like but also web e-mail, social media platforms, cloud hosts and over the top communications providers.

Technical capability notices already exist, but in a much more limited form, under the Regulation of Investigatory Powers Act 2000 (RIPA). S.12 of RIPA enacted a three layer scheme similar to that under the new IPAct:

  • first the statute, laying out in broad terms the Home Office’s powers to require an operator to install an interception capability;
  • second, regulations made under the Act. These put more flesh on the obligations and potentially narrow the categories of provider who could be made subject to a notice;
  • third, technical capability notices themselves, issued by the Secretary of State to individual service providers (but not necessarily to all of those within scope of the Act or the regulations).

These pave the way for actual interception warrants, requiring operators to carry out particular interceptions.

The main change with the IPAct is that technical capability notices are no longer limited to interception. They apply to three of the powers under the Act: interception (targeted, thematic and bulk), communications data acquisition (ordinary and bulk) and equipment interference (targeted, thematic and bulk).

Another high level change is that the IPAct allows technical capability notices to be given to private as well as to public telecommunications providers. The draft regulations reflect this expansion.

Also, unlike under RIPA, IPAct technical capability notices have to be approved by a Judicial Commissioner.

The proposed IPAct regulations are in many respects similar to the existing 2002 regulations made under RIPA. However there are some significant differences.

Continue reading

Call for papers: Critical Research in Information Law

Deadline 15 March 2017

The Information Law Group at the University of Sussex is pleased to announce its annual PhD and Work in Progress Workshop on 3 May 2017. The workshop, chaired by Professor Chris Marsden, will provide doctoral students with an opportunity to discuss current research and receive feedback from senior scholars in a highly focused, informal environment. The event will be held in conjunction with the Work in Progress Workshop on digital intermediary law.

We encourage original contributions critically approaching current information law and policy issues, with particular attention on the peculiarities of information law as a field of research. Topics of interest include:

  • internet intermediary liability
  • net neutrality and media regulation
  • surveillance and data regulation
  • 3D printing
  • the EU General Data Protection Regulation
  • blockchain technology
  • algorithmic/AI/robotic regulation
  • Platform neutrality, ‘fake news’ and ‘anti-extremism’ policy.

How to apply: Please send an abstract of 500 words and brief biographical information to Dr Nicolo Zingales  by 15 March 2017. Applicants will be informed by 30 March 2017 if selected. Submission of draft papers by selected applicants is encouraged, but not required.

Logistics: 11am-1pm 3 May in the Moot Room, Freeman Building, University of Sussex.

Afternoon Workshop: all PhD attendees are registered to attend the afternoon workshop 2pm-5.30pm F22 without charge (programme here).

Financial Support: Information Law Group can repay economy class rail fares within the UK. Please inform the organizers if you need financial assistance.

CFP: Bytes, Bodies and Souls: Interrogating Human Digitalisation

conference-imageKent Law School, in conjunction with the Eastern Academic Research Consortium, invites early career academics and postgraduate research students to participate in the “Bytes, Bodies and Souls: Interrogating Human Digitalisation” workshop to be held on 30th May, 2017.

The workshop aims to bring together researchers across the social sciences, humanities, sciences and other relevant disciplines who are interested in examining the consequences, possibilities, and limitations of human digitalisation.

Papers and Posters are welcomed on any aspect of the conference theme. This may include, although is not restricted to:

  • Big Data and its challenges
  • The role and impact of the Internet of Things
  • Digital ownership and appropriation processes
  • Privacy, surveillance, and control
  • The role of algorithms in the governance of human digitalisation
  • Politics of digital humans from cyber activism to post-truth
  • Digital human aesthetics; the forging of a digital soul

Abstracts for papers are invited for consideration. Abstracts should be no more than 300 words in length. Successful applicants will be allocated 15 minutes for the presentation of their paper plus time for questions and discussion.

Abstracts for posters are invited for consideration. Abstracts should be no more than 300 words in length. Accepted poster presenters will need to deliver the hard copy of their poster to the venue no later than 9 am on the day of the workshop to allow it to be displayed throughout the day.

Submissions should be sent in a Word document format to a.m.holmes@kent.ac.uk. Please include name, title, institution, and email correspondence address and whether you wish to be considered for a paper or poster presentation. The deadline for submission is Friday 3rd March 2017. Successful applicants will be notified by the 19th March 2017.

Why the rise of wearable tech to monitor employees is worrying

Shutterstock.com

In this guest post, Ivan Manokha, Departmental Lecturer in International Political Economy at the University of Oxford, considers the use of wearable technology in the workplace and the potential privacy implications of collecting the data of employees. 

An increasing number of companies are beginning to digitally monitor their employees. While employers have always scrutinised their workers’ performance, the rise of wearable technology to keep tabs has more of a dystopian edge to it. Monitoring has become easier, more intrusive and is not just limited to the workplace – it’s 24/7.

Devices such as Fitbit, Nike+ FuelBand and Jawbone UP, which can record information related to health, fitness, sleep quality, fatigue levels and location, are now being used by employers who integrate wearable devices into employee wellness programmes.

One of the first was BP America, which introduced Fitbit bracelets in 2013. In 2015 at least 24,500 BP’s employees were using them and more and more US employers have followed suit. For instance, the same year, Vista Staffing Solutions, a healthcare recruitment agency, started a weight-loss programme using Fitbits and wifi-enabled bathroom scales. Appirio, a consulting company, started handing out Fitbits to employees in 2014.

In the UK similar projects are under consideration by major employers. And this trend will only intensify in the years to come. By 2018, estimates suggest that more than 13m of these devices will be part of worker wellness schemes. Some analysts say that by the same year, at least 2m employees worldwide will be required to wear health-and-fitness trackers as a condition of employment.

According to some, this is a positive development. Chris Brauer, an academic at Goldsmiths, University of London, argues that corporate managers will now be comparable to football managers. They will be equipped with a dashboard of employee performance trajectories, as well as their fatigue and sleep levels. They will be able to pick only the fittest employees for important business meetings, presentations, or negotiations.

It seems, however, that such optimism overlooks important negative and potentially dangerous social consequences of using this kind of technology. History here offers a word of warning.

Historical precedent

The monitoring of workers’ health outside the workplace was once attempted by the Ford Motor Company. When Ford introduced a moving assembly line in 1913 – a revolutionary innovation that enabled complete control over the pace of work – the increase in productivity was dramatic. But so was the rise in worker turnover. In 1913, every time the company wanted to add 100 men to its factory personnel, it was necessary to hire 963, as workers struggled to keep up with the pace and left shortly after being recruited.

Ford’s solution to this problem was to double wages. In 1914, the introduction of a US$5 a day wage was announced, which immediately led to a decline in worker turnover. But high wages came with a condition: the adoption of healthy and moral lifestyles.

The company set up a sociology department to monitor workers’ – and their families’ – compliance with its standards. Investigators would make unannounced calls upon employees and their neighbours to gather information on living conditions and lifestyles. Those that were deemed insufficiently healthy or morally right were immediately disqualified from the US$5 wage level.

Analysing Ford’s policies, Italian political philosopher and revolutionary Antonio Gramsci coined the term “Fordism” for this social phenomenon. It signalled fundamental changes to labour, which became much more intense after automation. Monitoring workers’ private lives to control their health, Gramsci argued, was necessary to preserve “a certain psycho-physical equilibrium which prevents the physiological collapse of the worker, exhausted by the new method of production”.

Parallels today

Today, we are faced with another great change to how work is done. To begin with, the “great doubling” of the global labour force has led to the increase in competition between workers around the world. This has resulted in a deterioration of working and employment conditions, the growth of informal and precarious labour, and the intensification of exploitation in the West.

So there has been a significant increase in the average number of hours worked and an increase in the intensity of labour. For example, research carried out by the Trade Union Congress in 2015 discovered that the number of people working more than 48 hours in a week in the UK was rising and it warned of a risk of “burnout Britain”.

Indeed, employee burnouts have become a major concern of employers. A UK survey of human resources directors carried out in 2015 established that 80% were afraid of losing top employees to burnout.

Ford’s sociology department was shut down in the early 1920s for two reasons. It became too costly to maintain it in the context of increasing competition from other car manufacturers. And also because of growing employee resistance to home visits by inspectors, increasingly seen as too intrusive into their private lives.

Wearable technology, however, does not suffer from these inconveniences. It is not costly and it is much less obviously intrusive than surprise home visits by company inspectors. Employee resistance appears to be low, though there have been a few attempts to fake the results of the tracking (for example, workers strapping their employer-provided Fitbits onto their dogs to boost their “activity levels”). The idea of being tracked has mostly gone unchallenged.

Labour commodified to the extreme

But the use of wearable technology by employers raises a range of concerns. The most obvious is the right to privacy. The use of wearable technology goes significantly further than computer systems where emails are already logged and accessible to employers.

Surveillance becomes continuous and all-encompassing, increasingly unconfined to the workplace, and also constitutes a form of surveillance which penetrates the human body. The right to equal employment opportunities and promotion may also be compromised if employers reserve promotion for those who are in a better physical shape or suffer less from fatigue or stress.

It may also be argued that the use of wearable technology takes what the Hungarian historian Karl Polanyi called the “commodification” of human labour to an extreme. Monitoring worker health both inside and outside the workplace involves the treatment of people as machines whose performance is to be maximised at all costs. However, as Polanyi warned, human labour is a “fictitious commodity” – it is not “produced” for sale to capital as a mere tool. To treat it as such risks ultimately leading to a “demolition of society”.

To protect individual rights, systems have been introduced to regulate how data that is gathered on employees is stored and used. So one possible solution is to render the data collected by trackers compulsorily anonymous. For example, one company that collects and monitors employee data for companies, Sociometric Solutions only charts broader patterns and connections to productivity, rather than individual performance.

This, however, does not address concerns about the increasing commodification of human labour that comes with the use of wearable technology and any potential threats to society. To prevent this, it is perhaps necessary to consider imposing an outright ban on its use by employers altogether.

The ConversationIvan Manokha, Departmental Lecturer in International Political Economy, University of Oxford

This article was originally published on The Conversation. Read the original article.

How the UK passed the most invasive surveillance law in democratic history

IPBill image

In this guest post, Paul Bernal, Lecturer in Information Technology, Intellectual Property and Media Law at the University of East Anglia, reflects on the passage of the Investigatory Powers Bill. The legislation was recently passed in Parliament and given Royal Assent on 29 November 2016.

You might not have noticed thanks to world events, but the UK parliament recently approved the government’s so-called Snooper’s Charter and it has now become law. This nickname for the Investigatory Powers Bill is well earned. It represents a new level and nature of surveillance that goes beyond anything previously set out in law in a democratic society. It is not a modernisation of existing law, but something qualitatively different, something that intrudes upon every UK citizen’s life in a way that would even a decade ago have been inconceivable. Continue reading

Information Law and Policy Centre’s annual workshop highlights new challenges in balancing competing human rights

dsc_0892  dsc_0896  dsc_0898

Our annual workshop and lecture – held earlier this month – brought together a wide range of legal academics, lawyers, policy-makers and interested parties to discuss the future of human rights and digital information control.

A number of key themes emerged in our panel sessions including the tensions present in balancing Article 8 and Article 10 rights; the new algorithmic and informational power of commercial actors; the challenges for law enforcement; the liability of online intermediaries; and future technological developments.

The following write up of the event offers a very brief summary report of each panel and of Rosemary Jay’s evening lecture.

Morning Session

Panel A: Social media, online privacy and shaming

Helen James and Emma Nottingham (University of Winchester) began the panel by presenting their research (with Marion Oswald) into the legal and ethical issues raised by the depiction of young children in broadcast TV programmes such as The Secret Life of 4, 5 and 6 Year Olds. They were also concerned with the live-tweeting which accompanied these programmes, noting that very abusive tweets could be directed towards children taking part in the programmes.

Continue reading