Liberty News

The Bill passed it's first reading in the House of Lords on 14th May 2013.

The core or the bill is:

Online Safety Bill

Make provision about the promotion of online safety; to require internet service providers and mobile phone operators to provide a service that excludes adult content; to require electronic device manufacturers to provide a means of filtering content; and for parents to be educated about online safety.

1 Duty to provide a service that excludes adult content

(1) Internet service providers must provide to subscribers an internet access service which excludes adult content unless all the conditions of subsection (3) have been fulfilled.

(2) Where mobile telephone network operators provide a telephone service to subscribers, which includes an internet access service, they must ensure this service excludes adult content unless all the conditions of subsection (3) have been fulfilled.

(3) The conditions are:

(a) the subscriber opts-in to subscribe to a service that includes adult content;
(b) the subscriber is aged 18 or over; and
(c) the provider of the service has an age verification policy which meets the standards set out by OFCOM and which has been used to confirm that the subscriber is aged 18 or over.

(4) In this section, internet service providers and mobile telephone network operators shall at all times be held harmless of any claims or proceedings, whether civil or criminal, providing that at the relevant time, the internet access provider or the mobile telephone operator was:

(a) following the standards and code set out by OFCOM in section 2; and
(b) acting in good faith.

2 Role of OFCOM

(1) It shall be the duty of OFCOM to set, and from time to time to review and revise, standards for the:

(a) filtering of adult content in line with the standards set out in section 319 of the Communications Act 2003; and
(b) age verification policies to be used under section 1 of this Act.

(2) The standards set out by OFCOM under this section must be contained in one or more codes.

(3) Before setting standards under subsection (1), OFCOM must publish, in such a manner as they think fit, a draft of the proposed code containing those standards.

(4) After publishing the draft code and before setting the standards, OFCOM must consult relevant persons and organisations.

(5) It shall be the duty of OFCOM to establish procedures for the handling and resolution of complaints in a timely manner about the observance of standards set under this section.

(6) OFCOM must prepare a report for the Secretary of State about the operation of this Act:

(a) every three years from the date of this Act coming into force; and
(b) at the direction of the Secretary of State

Today Liberty announced it has issued a claim against the British Intelligence Services over their suspected involvement in the PRISM and Project Tempora privacy scandal.

Earlier this month it emerged that the US Government has been routinely intercepting the electronic communications of non-Americans outside of the US via the PRISM programme, covertly run by the National Security Agency (NSA). It now emerges that GCHQ, the UK's eavesdropping agency, may have subjected people in the UK to blanket internet surveillance in any event.

Liberty believes that its electronic communications -- and those of its staff -- may have been unlawfully accessed by the likes of the Security Services and GCHQ.

Liberty will ask the Investigatory Powers Tribunal (IPT) whether the British Intelligence Services have used PRISM and/or Tempora to bypass the formal UK legal process which regulates the accessing of personal material. The human rights group has issued a claim in the IPT, contending that rights under Article 8 of the Human Rights Act (the right to respect for one's private and family life, home and correspondence) have been breached.

The PRISM/Tempora scandal came to light after former CIA technical assistant Edward Snowden exposed the secret US Government programme which seeks to monitor online communications across the globe. Leaks suggest the US administration has the ability to directly access content held by the world's largest internet companies and that the NSA has established an infrastructure enabling it to intercept almost everything. Furthermore, the US Foreign Intelligence Service Act treats all non-US citizens as possible enemy suspects -- entitled to none of the basic privacy protections afforded to US nationals.

Liberty is also concerned that the British Intelligence Services have used PRISM and Tempora to evade legal checks and balances and monitor people in the UK. They may be treating internet communications as international rather than domestic to evade closer scrutiny and receiving material from their US partners to evade scrutiny altogether.

The revelations come soon after the supposed scrapping of the Snoopers' Charter -- the UK Government's official attempt to stockpile information about the online habits of the entire country.

James Welch, Legal Director for Liberty, said:

Those demanding the Snoopers' Charter seem to have been indulging in out-of-control snooping even without it -- exploiting legal loopholes and help from Uncle Sam.

No-one suggests a completely unpoliced internet but those in power cannot swap targeted investigations for endless monitoring of the entire globe.

Britain's spy agency GCHQ has secretly gained access to the network of cables which carry the world's phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA).

The sheer scale of the agency's ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.

One key innovation has been GCHQ's ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months.

GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as well as targeted suspects. This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user's access to websites, all of which is deemed legal, even though the warrant system was supposed to limit interception to a specified range of targets.

The existence of the programme has been disclosed in documents shown to the Guardian by the NSA whistleblower Edward Snowden.

Update: Guardian Blocked by the US Military

29th June 2013. See  article from  guardian.co.uk

The US army has admitted to blocking access to parts of the Guardian website for thousands of defence personnel across the country.

The confirmation follows reports in the Monterey Herald that staff at the Presidio military base south of San Francisco had complained of not being able to access the Guardian's UK site at all, and had only partial access to the US site, following publication of leaks from whistleblower Edward Snowden.

Webcams should be covered when not in use because hackers could be using them to spy on people.

A BBC Radio 5 live investigation found sites where hackers exchanged pictures and videos of people captured on their own webcams without their knowledge. The team found a thriving black market where access to compromised computers was bought and sold for a few pence.

Student Rachel Hyndman, 20, from Glasgow, who has a part-time job in a computer shop, believes she was the victim of webcam hacking. She spotted the camera on her laptop had switched itself on while she was watching a DVD in the bath. She says: I was sitting in the bath, trying to relax, and suddenly someone potentially has access to me in this incredibly private moment and it's horrifying.

Hackers are able to gain access to victims' computers using a piece of malicious software (malware) spread in infected files or by tricking the victim into visiting a spiked webpage. Such victims are labelled slaves or bots.

A BBC Radio 5 live producer posing online as a computer security enthusiast made contact with several webcam hackers from the UK and around the world. At least one of them has since been arrested on suspicion of cyber-offences. The investigation uncovered websites where hackers share pictures and videos of their victims. They include pages where hackers exchange photos of ugly slaves, and others where men swap pictures of female slaves.

For some reason the programme did not discuss whether national security services have similar capabilities. It will be interesting to see if computer manufacturers are allowed to fit a lens cap.

About 5 years ago, Skype, the Internet-based calling service, began its own secret program, Project Chess, to explore the legal and technical issues in making Skype calls readily available to intelligence agencies and law enforcement officials, according to people briefed on the program who asked not to be named to avoid trouble with the intelligence agencies.

Project Chess, which has never been previously disclosed, was small, limited to fewer than a dozen people inside Skype, and was developed as the company had sometimes contentious talks with the government over legal issues, said one of the people briefed on the project.

A Skype executive denied last year in a blog post that recent changes in the way Skype operated were made at the behest of Microsoft to make snooping easier for law enforcement. It appears, however, that Skype figured out how to cooperate with the intelligence community before Microsoft took over the company, according to documents leaked by Edward J. Snowden.

Microsoft executives are no longer willing to affirm statements made by Skype several years ago, that Skype calls could not be wiretapped.

Concerns have been raised by pub landlords and the public that council licensing authorities have been making CCTV a legal condition of every pub license.

To tackle the problem, the Government has announced that the blanket use of surveillance in pubs will end and replaced with a policy providing better balance between privacy and security.

Community Pubs Minister, Brandon Lewis MP, commented that:

CCTV has a role to play in stopping and deterring crime in anti-social behaviour hotspots. But well-run community pubs that don't have a public order problem shouldn't be tarred with the same brush.

The public deserves to have a pint in peace in a community pub without being snooped on. This government has called time on Big-Brother's secret, intrusive and costly rules that has forced pub landlords to pay to install CCTV where it was not needed.

The use of surveillance cameras should only be used if it is necessary and where it has public support.

Big Brother Watch commented:

It is only right that people should be able to enjoy a quiet pint without being constantly recorded on camera. This announcement brings some long overdue common sense to a situation where councils were driving up the cost of a pint by demanding pubs spend thousands of pounds on CCTV where there are no problems to deal with.

Our privacy is too important to be undermined by a tick-box on a licensing form and I'm sure landlords across the country will join me in raising a glass to Eric Pickles and Brandon Lewis for defending people's local pubs from needless surveillance cameras.

Facebook and Microsoft have revealed limited information about the US government orders they have received to turn over user data to security agencies.

Ted Ullyot, Facebook's general counsel, said in a statement that they had between 9,000 and 10,000 requests from all government entities, from local to federal, in the last six months of 2012. The orders involved the accounts of between 18,000 and 19,000 Facebook users on a broad range of surveillance topics.

Microsoft said they had between 6,000 and 7,000 orders, affecting between 31,000 and 32,000 accounts, but downplayed how much they had revealed.

The announcements come at the end of a week when Facebook, Microsoft and Google, normally rivals, had jointly pressured the Obama administration to loosen their legal gag on national security orders.

The companies are still not allowed to make public how many orders they received from a particular agency or on a particular subject. But the numbers do include all national security related requests including those submitted via national security letters and under the Foreign Intelligence Surveillance Act, or FISA, which companies had not previously been allowed to reveal.

Spy chiefs may have been operating a secret snoopers charter' to track people's internet use in the UK, a senior Government minister has admitted.

Business Secretary Vince Cable made the claim after it emerged GCHQ trawled through private information, including emails, photographs and social networking pages, harvested by a secret U.S. surveillance programme.

Critics accused agents at the listening post of attempting to bypass British law by sending requests for intercepts to American authorities.  Foreign Secretary William Hague responded with the fanciful nonsense that the critics fears were fanciful nonsense.

Only terrorists, criminals and spies should fear secret activities of the British and US intelligence agencies, the Foreign Secretary has claimed. However large numbers of people getting in trouble with the authorities for jokey tweets and the like may think otherwise. People downloading porn may also consider it a bit fearful to watched by the state, considering the clamour for men to be jailed should they download a dangerous byte or two.

William Hague is due to appear before the House of Commons on Monday in an attempt to play down concerns about the US National Security Agency's snooping scheme, codenamed Prism, which allows it to mine data from Facebook and other internet companies.

While he will offer reassuring words, it is unlikely that Mr Hague will offer MPs much by way of hard information. In an interview on the BBC's Andrew Marr Show on Sunday, Hague refused to say whether the British government knew of the existence of Prism before it emerged last week. H e said:

I can't confirm or deny in public what Britain knows about and what Britain doesn't, for obvious reasons

Major-General Jonathan Shaw, the former Ministry of Defence head of cyber security, said yesterday that there was no such thing as total security or total freedom. He said:

What we're seeing is an incredibly difficult job of getting the balance right between security and freedom.

When politicians speak of 'balance' then you know rights are being taken away, and that the balance will end up in favour of the state.

Offsite Article: Modern Day Hero

10th June 2013. See  article from  guardian.co.uk

Edward Snowden has been revealed as the whistleblower behind the NSA surveillance revelations. The 29-year-old source behind the biggest intelligence leak in the NSA's history explains his motives, his uncertain future and why he never intended on hiding in the shadows

...Read the full article

Offsite Article: What is Prism?

10th June 2013. See  article from  gizmodo.com

What's most troubling about PRISM isn't that it collects data. It's the type of data it collects. According to the Washington Post report, that includes:

...audio and video chats, photographs, e-mails, documents, and connection logs... [Skype] can be monitored for audio when one end of the call is a conventional telephone, and for any combination of audio, video, chat, and file transfers when Skype users connect by computer alone. Google's offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.

...Read the full article

Update: Charges

22nd June 2013. See  article from  guardian.co.uk

The US has filed charges against National Security Agency ( NSA ) whistleblower Edward Snowden in a sealed criminal complaint dated 14 June, according to a court document made public on Friday.

Snowden was charged with theft of government property, unauthorised communication of national defence information and wilful communication of classified communications intelligence information to an unauthorised person, the document said.

The Scottish Identity Card Scandal, John Welford

Most people will recognise the card pictured: it's the pensioner bus pass, first introduced by the Scottish Government in 2006. Well no, actually it isn't. In fact, it's a fully functioning Scottish identity card. And its covert and dishonest introduction has been a gross national scandal. I think that it's time at last for the Scottish people to know the truth...

This is one of the most shocking governmental scandals that I can ever recall. It has involved a deliberate, systematic deception of the Scottish people by their government over several years. Stealthily creating a National ID scheme and supporting database represents a most sinister and despicable conspiracy against the people. And yet it continues today...

Please do take whatever action you can. This Trojan Horse ID card has absolutely no place in Scotland, so complain to your MSP and council about it...

Demand honest government and transparent, privacy-friendly entitlement systems.

We deserve nothing less - take action now.

Anglo-American intelligence scandals, such as the one that preceded the Iraq war, are usually smothered or buried in an endless, unpublished inquiry. Normal service soon resumes and everyone gets to keep his job. But the issues thrown up by the Guardian's Prism revelations couldn't be more clear-cut. Did GCHQ make use of NSA 's Prism system to bypass British laws and spy on the public through covert access to internet giants such as Google and Facebook?

All that is needed from William Hague and Theresa May, the ministers who oversee the intelligence agencies, and the head of GCHQ , Sir Iain Lobban, is straight answers about what they knew and who authorised an operation that generated 197 intelligence reports last year. No obfuscation.

No cover-up. No inquiry yet.

That way, we will know that the proper checks and balances on Britain's intelligence agencies are finally being activated.

Nothing less will do. Assurances from Sir Malcolm Rifkind, the head of the compliant Commons intelligence and security committee, will not be enough, particularly as he has hinted at his support for the mass surveillance proposed in the communications data bill.

...Read the full article

The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America's largest telecoms providers, under a top secret court order issued in April.

The order, a copy of which has been obtained by the Guardian, requires Verizon on an ongoing, daily basis to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries.

The document shows for the first time that under the Obama administration the communication records of millions of US citizens are being collected indiscriminately and in bulk -- regardless of whether they are suspected of any wrongdoing.

The secret Foreign Intelligence Surveillance Court (Fisa) granted the order to the FBI on April 25, giving the government unlimited authority to obtain the data for a specified three-month period ending on July 19. Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.

...Read the full article

Offsite: An interesting day of reactions

8th June 2013. See  article from  guardian.co.uk

Offsite: Total disregard for the basic democracy of consent from the people

9th June 2013. See  article from  dailymail.co.uk

Mark Zuckerberg of Facebook and Larry Page of Google both strongly denied giving unfettered access to user data to U.S. officials, ...BUT... it turns out both companies have, in fact, cooperated with governments requests.

Zuckerberg denied his company's link to secret government data-sharing scheme PRISM on Friday in a blustery posted message that described allegations that Facebook gave US or any other government direct access to our servers as outrageous.

Now, sources tell the New York Times that both Facebook and Google discussed plans to create secure portals for the government like a digital version of the secure physical rooms that have long existed for classified information with U.S. officials.

This session's Queen's speech did not contain any explicit mention of the Communications Data Bill, but did make reference to proposals aimed at making it easier for law enforcement to match IP addresses to individuals.

My government will continue to reduce crime and protect national security. Legislation will be introduced to reform the way in which offenders are rehabilitated in England and Wales.

Legislation will be brought forward to introduce new powers to tackle anti-social behaviour, cut crime and further reform the police.

In relation to the problem of matching internet protocol addresses, my government will bring forward proposals to enable the protection of the public and the investigation of crime in cyberspace.

The government provides more details in the briefing notes on the Queen's Speech:

[IP] addresses are generally shared between a number of people. In order to know who has actually sent an email or made a Skype call, the police need to know who used a certain IP address at a given point in time. Without this, if a suspect used the internet to communicate instead of making a phone call, it may not be possible for the police to identify them.

The Government is looking at ways of addressing this issue with CSPs. It may involve legislation.

Commentators have linked these proposals to comments made by Deputy Prime Minister Nick Clegg in April, suggesting that the government could be considering some sort of intervention relating to IPv6 adoption.

Right now, there are not enough IP addresses to go round for all of the devices being used. Temporary addresses are attached to computers and phones while they are online, but the records of these are patchy, which means they cannot easily be matched back to individuals.

The police say a clearer picture would be a huge help in their investigations and we should explore how that can be done. --- Nick Clegg, writing in The Telegraph

The Indian government last month quietly began rolling out a project that gives it access to everything that happens over the country's telecommunications network---online activities, phone calls, text messages and even social media conversations.

Called the Central Monitoring System, it will be the single window from where government arms such as the National Investigation Agency or the tax authorities will be able to monitor every byte of communication.

After the Mumbai blasts in November 2008, the government has been arming itself with powers and technology to help it eavesdrop on digital communications. The information technology law, enacted in 2000 and amended twice in 2008 and 2011, gives designated government officials the authority to listen in on phone calls, read SMSes, emails, and monitor websites.

However, Pavan Duggal, a Supreme Court advocate specialising in cyberlaw, said the government has given itself unprecedented powers to monitor private internet records of citizens. This system is capable of tremendous abuse, he said. The Central Monitoring System, being set up by the Centre for Development of Telematics, plugs into telecom gear and gives central and state investigative agencies a single point of access to call records, text messages and emails as well as the geographical location of individuals.

Work on the system has been kept under wraps for nearly two years. Several government agencies have issued tenders seeking specialised equipment and systems for such monitoring. The program is currently said to be running in a preliminary state, and should be fully in place by August of 2014.

Sent to:

Neil Berkett, Virgin Media
Jeremy Darroch, Sky
Dido Harding, TalkTalk
Warren Buckley, BT
Jeremy Woodrow, Royal Mail
Ronan Dunne, O2
Richard Tang, Zen Internet

One year ago, it became public knowledge that the Government intends to introduce legislation relating to communications data. We did not learn of this in Parliament, but in media leaks.

It has become clear that a critical component of the Communications Data Bill is that UK communication service providers will be required by law to create data they currently do not have any business purpose for, and store it for a period of 12 months.

Plainly, this crosses a line no democratic country has yet crossed -- paying private companies to record what their customers are doing solely for the purposes of the state.

These proposals are not fit for purpose, which possibly explains why the Home Office is so keen to ensure they are not aired publicly.

There has been no public consultation, while on none of your websites is there any reference to these discussions. Meetings have been held behind closed doors as policy has been developed in secret, seemingly the same policy formulated several years ago despite widespread warnings from technical experts.

That your businesses appear willing to be co-opted as an arm of the state to monitor every single one of your customers is a dangerous step, exacerbated by your silence

Consumers are increasingly concerned about their privacy, both in terms of how much data is collected about them and how securely that data is kept. Many businesses have made a virtue of respecting consumer privacy and ensuring safe and secure internet access.

Sadly, your customers have not had the opportunity to comment on these proposals. Indeed, were it not for civil society groups and the media, they would have no idea such a policy was being considered.

We believe this is a critical failure not only of Government, but a betrayal of your customers' interests. You appear to be engaged in a conspiracy of silence with the Home Office, the only concern being whether or not you will be able to recover your costs.

We urge you to withdraw your participation in a process that in our view is deeply flawed, pursuing a pre-determined solution that puts competition, security and privacy at risk in an unprecedented way.

With best wishes,

Jim Killock, Executive Director, Open Rights Group
Nick Pickles, Director, Big Brother Watch
Sam Smith, Technologist, Privacy International

Update: ISPs respond

25th April 2013. See  article from  publicaffairs.linx.net

Responding to the letter, ISPA UK pointed out the active role of ISPs in criticising the draft Bill.

ISPs have been open in their approach, with a number of ISPs and ISPA giving evidence publicly to the Joint Committee that criticised the draft bill. It is for the government to publish its proposals, and when it does, we will examine the new draft bill closely alongside our members, parliamentarians and other stakeholders as part of the open parliamentary scrutiny the bill will receive. ISPA members recognise the needs of law enforcement, however want to see a bill that is workable and proportionate and takes into account the recommendations of the joint committee.

Theresa May, the Home Secretary, has so far declined to explain a proposed snooping system that would allow officials to trawl through the public's private emails, text messages and other messages sent through the internet.

The Information Commissioner has now ordered the Home Office to publish advice ministers received on the design, cost and risks of the new snooping system by May 11.

If the Home Office does not comply with the Information Notice issued by the Commissioner last week it will be judged as being in contempt of court .

Dominic Raab, a Tory MP with an interest in human rights, requested the advice in a Freedom of Information request last summer, but May's department has refused to publish the guidance citing supposed national security concerns. Raab said:

This far-reaching scheme could drain the swamp of every email, text message and phone call made by every citizen, a tectonic shift in the relationship between the citizen and the state.

So, it's astonishing that Home Office bureaucrats are risking contempt of court by trying to cover up the most basic information on how the scheme will operate in practice.

In the wake of this week's passage of the controversial Cyber Intelligence Sharing and Protection Act (CISPA) by the U.S. House of Representatives, representatives from internet activists Anonymous are calling for an Internet Blackout Day on Monday in protest.

Specifically, Anonymous is calling upon website owners to take down their normal pages and replace them with a page that explains the reasons for the  protest.

CISPA is a US snooper's charter which would allow Internet Service Providers and other Web-themed companies to share information about their users with the government and one another under the guise of cyber-security -- with increased protection against any privacy lawsuits that their users might bring as a result.

The Electronic Frontier Foundation have explained in a FAQ:

Whenever these prerequisites are met, CISPA is written broadly enough to permit your communications service providers to share your emails and text messages with the government, or your cloud storage company could share your stored files

Although the bill passed the house, there are still some fairly significant hurdles before CISPA springs alive. Not only does the bill have to make its way through the Senate, it also has to survive a previously threatened veto by the White House.

In late 2012, back when it was still officially known as Research in Motion, the company behind BlackBerry handsets worked with the Indian government to enable surveillance of Blackberry Messenger and Blackberry Internet Service emails. But now India's authorities are complaining that they can only spy on communications sent between the estimated 1 million BlackBerry users in India---and they want a list of all BlackBerry handsets across the globe.

Though India's government says its spooks have now been provided with a list of all Indian BlackBerry users' PIN codes---meaning monitoring communications of these users is now feasible---the authorities don't have PIN codes of foreign users. That makes it difficult for them to identify and eavesdrop on messages sent between India and people in other countries. And that's what they want to change.

As India's Economic Times reported yesterday, a government panel has recommended that BlackBerry be asked to provide access to 'PIN' details of all its handsets across the globe to enable intelligence agencies in the country to track messages exchanged between Indian subscribers and those living abroad. BlackBerry has not yet provided these data due to privacy and legal provisions, but the company has previously ceded to India's surveillance demands after being threatened with getting shut off from the country.