|
Human rights groups and tech companies unite in an open letter condemning GCHQ's Ghost Protocol suggestion to open a backdoor to snoop on 'encrypted' communication apps
|
|
|
|
31st May 2019
|
|
| See article from
privacyinternational.org |
To GCHQ The undersigned organizations, security researchers, and companies write in response to the proposal published by Ian Levy and Crispin Robinson of GCHQ in Lawfare on November 29, 2018 , entitled Principles for a More
Informed Exceptional Access Debate. We are an international coalition of civil society organizations dedicated to protecting civil liberties, human rights, and innovation online; security researchers with expertise in encryption and computer science; and
technology companies and trade associations, all of whom share a commitment to strong encryption and cybersecurity. We welcome Levy and Robinson's invitation for an open discussion, and we support the six principles outlined in the piece. However, we
write to express our shared concerns that this particular proposal poses serious threats to cybersecurity and fundamental human rights including privacy and free expression. The six principles set forth by GCHQ officials are an
important step in the right direction, and highlight the importance of protecting privacy rights, cybersecurity, public confidence, and transparency. We especially appreciate the principles' recognition that governments should not expect unfettered
access to user data, that the trust relationship between service providers and users must be protected, and that transparency is essential. Despite this, the GCHQ piece outlines a proposal for silently adding a law enforcement
participant to a group chat or call. This proposal to add a ghost user would violate important human rights principles, as well as several of the principles outlined in the GCHQ piece. Although the GCHQ officials claim that you don't even have to touch
the encryption to implement their plan, the ghost proposal would pose serious threats to cybersecurity and thereby also threaten fundamental human rights, including privacy and free expression. In particular, as outlined below, the ghost proposal would
create digital security risks by undermining authentication systems, by introducing potential unintentional vulnerabilities, and by creating new risks of abuse or misuse of systems. Importantly, it also would undermine the GCHQ principles on user trust
and transparency set forth in the piece. How the Ghost Proposal Would Work The security in most modern messaging services relies on a technique called public key cryptography. In such systems, each device generates a pair of very
large mathematically related numbers, usually called keys. One of those keys -- the public key -- can be distributed to anyone. The corresponding private key must be kept secure, and not shared with anyone. Generally speaking, a person's public key can
be used by anyone to send an encrypted message that only the recipient's matching private key can unscramble. Within such systems, one of the biggest challenges to securely communicating is authenticating that you have the correct public key for the
person you're contacting. If a bad actor can fool a target into thinking a fake public key actually belongs to the target's intended communicant, it won't matter that the messages are encrypted in the first place because the contents of those encrypted
communications will be accessible to the malicious third party. Encrypted messaging services like iMessage, Signal, and WhatsApp, which are used by well over a billion people around the globe, store everyone's public keys on the
platforms' servers and distribute public keys corresponding to users who begin a new conversation. This is a convenient solution that makes encryption much easier to use. However, it requires every person who uses those messaging applications to trust
the services to deliver the correct, and only the correct, public keys for the communicants of a conversation when asked. The protocols behind different messaging systems vary, and they are complicated. For example, in two-party
communications, such as a reporter communicating with a source, some services provide a way to ensure that a person is communicating only with the intended parties. This authentication mechanism is called a safety number in Signal and a security code in
WhatsApp (we will use the term safety number). They are long strings of numbers that are derived from the public keys of the two parties of the conversation, which can be compared between them -- via some other verifiable communications channel such as a
phone call -- to confirm that the strings match. Because the safety number is per pair of communicators -- more precisely, per pair of keys -- a change in the value means that a key has changed, and that can mean that it's a different party entirely.
People can thus choose to be notified when these safety numbers change, to ensure that they can maintain this level of authentication. Users can also check the safety number before each new communication begins, and thereby guarantee that there has been
no change of keys, and thus no eavesdropper. Systems without a safety number or security code do not provide the user with a method to guarantee that the user is securely communicating only with the individual or group with whom they expect to be
communicating. group with whom they expect to be communicating. Other systems provide security in other ways. For example, iMessage, has a cluster of public keys -- one per device -- that it keeps associated with an account corresponding to an identity
of a real person. When a new device is added to the account, the cluster of keys changes, and each of the user's devices shows a notice that a new device has been added upon noticing that change. The ghost key proposal put forward
by GCHQ would enable a third party to see the plain text of an encrypted conversation without notifying the participants. But to achieve this result, their proposal requires two changes to systems that would seriously undermine user security and trust.
First, it would require service providers to surreptitiously inject a new public key into a conversation in response to a government demand. This would turn a two-way conversation into a group chat where the government is the additional participant, or
add a secret government participant to an existing group chat. Second, in order to ensure the government is added to the conversation in secret, GCHQ's proposal would require messaging apps, service providers, and operating systems to change their
software so that it would 1) change the encryption schemes used, and/or 2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat. The Proposal Creates Serious Risks to
Cybersecurity and Human Rights The GCHQ's ghost proposal creates serious threats to digital security: if implemented, it will undermine the authentication process that enables users to verify that they are communicating with the right people, introduce
potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused. These cybersecurity risks mean that users cannot trust that their communications are secure, as users would no longer be able to trust
that they know who is on the other end of their communications, thereby posing threats to fundamental human rights, including privacy and free expression. Further, systems would be subject to new potential vulnerabilities and risks of abuse.
Integrity and Authentication Concerns As explained above, the ghost proposal requires modifying how authentication works. Like the end-to-end encryption that protects communications while they are in transit, authentication is a
critical aspect of digital security and the integrity of sensitive data. The process of authentication allows users to have confidence that the other users with whom they are communicating are who they say they are. Without reliable methods of
authentication, users cannot know if their communications are secure, no matter how robust the encryption algorithm, because they have no way of knowing who they are communicating with. This is particularly important for users like journalists who need
secure encryption tools to guarantee source protection and be able to do their jobs. Currently the overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that
the participants in a conversation are the people they think they are, and only those people. The GCHQ's ghost proposal completely undermines this trust relationship and the authentication process. Authentication is still a
difficult challenge for technologists and is currently an active field of research. For example, providing a meaningful and actionable record about user key transitions presents several known open research problems, and key verification itself is an
ongoing subject of user interface research. If, however, security researchers learn that authentication systems can and will be bypassed by third parties like government agencies, such as GCHQ, this will create a strong disincentive for continuing
research in this critical area. Potential for Introducing Unintentional Vulnerabilities Beyond undermining current security tools and the system for authenticating the communicants in an encrypted chat, GCHQ's ghost proposal could
introduce significant additional security threats. There are also outstanding questions about how the proposal would be effectively implemented. The ghost proposal would introduce a security threat to all users of a targeted
encrypted messaging application since the proposed changes could not be exposed only to a single target. In order for providers to be able to suppress notifications when a ghost user is added, messaging applications would need to rewrite the software
that every user relies on. This means that any mistake made in the development of this new function could create an unintentional vulnerability that affects every single user of that application. As security researcher Susan
Landau points out, the ghost proposal involves changing how the encryption keys are negotiated in order to accommodate the silent listener, creating a much more complex protocol--raising the risk of an error. (That actually depends on how the algorithm
works; in the case of iMessage, Apple has not made the code public.) A look back at recent news stories on unintentional vulnerabilities that are discovered in encrypted messaging apps like iMessage, and devices ranging from the iPhone to smartphones
that run Google's Android operating system, lend credence to her concerns. Any such unintentional vulnerability could be exploited by malicious third parties. Possibility of Abuse or Misuse of the Ghost Function The ghost proposal
also introduces an intentional vulnerability. Currently, the providers of end-to-end encrypted messaging applications like WhatsApp and Signal cannot see into their users' chats. By requiring an exceptional access mechanism like the ghost proposal, GCHQ
and U.K. law enforcement officials would require messaging platforms to open the door to surveillance abuses that are not possible today. At a recent conference on encryption policy, Cindy Southworth, the Executive Vice President
at the U.S. National Network to End Domestic Violence (NNEDV), cautioned against introducing an exceptional access mechanism for law enforcement, in part, because of how it could threaten the safety of victims of domestic and gender-based violence.
Specifically, she warned that [w]e know that not only are victims in every profession, offenders are in every profession...How do we keep safe the victims of domestic violence and stalking? Southworth's concern was that abusers could either work for the
entities that could exploit an exceptional access mechanism, or have the technical skills required to hack into the platforms that developed this vulnerability. While companies and some law enforcement and intelligence agencies
would surely implement strict procedures for utilizing this new surveillance function, those internal protections are insufficient. And in some instances, such procedures do not exist at all. In 2016, a U.K. court held that because the rules for how the
security and intelligence agencies collect bulk personal datasets and bulk communications data (under a particular legislative provision) were unknown to the public, those practices were unlawful. As a result of that determination, it asked the agencies
- GCHQ, MI5, and MI6 - to review whether they had unlawfully collected data about Privacy International. The agencies subsequently revealed that they had unlawfully surveilled Privacy International.12 Even where procedures exist
for access to data that is collected under current surveillance authorities, government agencies have not been immune to surveillance abuses and misuses despite the safeguards that may have been in place. For example, a former police officer in the U.S.
discovered that 104 officers in 18 different agencies across the state had accessed her driver's license record 425 times, using the state database as their personal Facebook service.13 Thus, once new vulnerabilities like the ghost protocol are created,
new opportunities for abuse and misuse are created as well.14 Finally, if U.K. officials were to demand that providers rewrite their software to permit the addition of a ghost U.K. law enforcement participant in encrypted chats,
there is no way to prevent other governments from relying on this newly built system. This is of particular concern with regard to repressive regimes and any country with a poor record on protecting human rights. The Proposal
Would Violate the Principle That User Trust Must be Protected The GCHQ proponents of the ghost proposal argue that [a]ny exceptional access solution should not fundamentally change the trust relationship between a service provider and its users. This
means not asking the provider to do something fundamentally different to things they already do to run their business.15 However, the exceptional access mechanism that they describe in the same piece would have exactly the effect they say they wish to
avoid: it would degrade user trust and require a provider to fundamentally change its service. The moment users find out that a software update to their formerly secure end-to-end encrypted messaging application can now allow
secret participants to surveil their conversations, they will lose trust in that service. In fact, we've already seen how likely this outcome is. In 2017, the Guardian published a flawed report in which it incorrectly stated that WhatsApp had a backdoor
that would allow third parties to spy on users' conversations. Naturally, this inspired significant alarm amongst WhatsApp users, and especially users like journalists and activists who engage in particularly sensitive communications. In this case, the
ultimate damage to user trust was mitigated because cryptographers and security organizations quickly understood and disseminated critical deficits in the report,16 and the publisher retracted the story.17 However, if users were
to learn that their encrypted messaging service intentionally built a functionality to allow for third-party surveillance of their communications, that loss of trust would understandably be widespread and permanent. In fact, when President Obama's
encryption working group explored technical options for an exceptional access mechanism, it cited loss of trust as the primary reason not to pursue provider-enabled access to encrypted devices through current update procedures. The working group
explained that this could be dangerous to overall cybersecurity, since its use could call into question the trustworthiness of established software update channels. Individual users aware of the risk of remote access to their devices, could also choose
to turn off software updates, rendering their devices significantly less secure as time passed and vulnerabilities were discovered [but] not patched.18 While the proposal that prompted these observations was targeted at operating system updates, the same
principles concerning loss of trust and the attendant loss of security would apply in the context of the ghost proposal. Any proposal that undermines user trust penalizes the overwhelming majority of technology users while
permitting those few bad actors to shift to readily available products beyond the law's reach. It is a reality that encryption products are available all over the world and cannot be easily constrained by territorial borders.19 Thus, while the few
nefarious actors targeted by the law will still be able to avail themselves of other services, average users -- who may also choose different services -- will disproportionately suffer consequences of degraded security and trust. The Ghost Proposal Would Violate the Principle That Transparency is Essential Although we commend GCHQ officials for initiating this public conversation and publishing their ghost proposal online, if the U.K. were to implement this approach, these activities would be cloaked in secrecy. Although it is unclear which precise legal authorities GCHQ and U.K. law enforcement would rely upon, the Investigatory Powers Act grants U.K. officials the power to impose broad non-disclosure agreements that would prevent service providers from even acknowledging they had received a demand to change their systems, let alone the extent to which they complied. The secrecy that would surround implementation of the ghost proposal would exacerbate the damage to authentication systems and user trust as described above.
Conclusion For these reasons, the undersigned organizations, security researchers, and companies urge GCHQ to abide by the six principles they have announced, abandon the ghost proposal, and avoid any alternate approaches that
would similarly threaten digital security and human rights. We would welcome the opportunity for a continuing dialogue on these important issues. Sincerely, Civil Society Organizations Access Now Big
Brother Watch Blueprint for Free Speech Center for Democracy & Technology Defending Rights and Dissent Electronic Frontier Foundation Engine Freedom of the Press Foundation Government Accountability Project Human Rights Watch International Civil
Liberties Monitoring Group Internet Society Liberty New America's Open Technology Institute Open Rights Group Principled Action in Government Privacy International Reporters Without Borders Restore The Fourth Samuelson-Glushko
Canadian Internet Policy & Public Interest Clinic (CIPPIC) TechFreedom The Tor Project X-Lab Technology Companies and Trade Associations ACT | The App Association Apple Google Microsoft Reform Government Surveillance ( RGS is
a coalition of technology companies) Startpage.com WhatsApp Security and Policy Experts* Steven M. Bellovin, Percy K. and Vida L.W. Hudson Professor of Computer Science; Affiliate faculty, Columbia Law
School Jon Callas, Senior Technology Fellow, ACLU L Jean Camp, Professor of Informatics, School of Informatics, Indiana University Stephen Checkoway, Assistant Professor, Oberlin College Computer Science Department Lorrie Cranor, Carnegie Mellon
University Zakir Durumeric, Assistant Professor, Stanford University Dr. Richard Forno, Senior Lecturer, UMBC, Director, Graduate Cybersecurity Program & Assistant Director, UMBC Center for Cybersecurity Joe Grand, Principal Engineer & Embedded
Security Expert, Grand Idea Studio, Inc. Daniel K. Gillmor, Senior Staff Technologist, ACLU Peter G. Neumann, Chief Scientist, SRI International Computer Science Lab Dr. Christopher Parsons, Senior Research Associate at the Citizen Lab, Munk School of
Global Affairs and Public Policy, University of Toronto Phillip Rogaway, Professor, University of California, Davis Bruce Schneier Adam Shostack, Author, Threat Modeling: Designing for Security Ashkan Soltani, Researcher and Consultant - Former FTC CTO
and Whitehouse Senior Advisor Richard Stallman, President, Free Software Foundation Philip Zimmermann, Delft University of Technology Cybersecurity Group
|
|
The European Court of Human Rights has ruled that the UK's mass interception programmes have breached the European Convention on Human Rights.
|
|
|
| 14th September 2018
|
|
| See press release from
openrightsgroup.org |
The European Court of Human Rights (ECtHR) has found that the UK's mass surveillance programmes, revealed by NSA whistleblower Edward Snowden, did not meet the quality of law requirement and were incapable of keeping the interference to
what is necessary in a democratic society. The landmark judgment marks the Court's first ruling on UK mass surveillance programmes revealed by Mr Snowden. The case was started in 2013 by campaign groups Big Brother Watch,
English PEN, Open Rights Group and computer science expert Dr Constanze Kurz following Mr Snowden's revelation of GCHQ mass spying. Documents provided by Mr Snowden revealed that the UK intelligence agency GCHQ were conducting
population-scale interception, capturing the communications of millions of innocent people. The mass spying programmes included TEMPORA, a bulk data store of all internet traffic; KARMA POLICE, a catalogue including a web browsing profile for every
visible user on the internet; and BLACK HOLE, a repository of over 1 trillion events including internet histories, email and instant messenger records, search engine queries and social media activity. The applicants argued that
the mass interception programmes infringed UK citizens' rights to privacy protected by Article 8 of the European Convention on Human Rights as the population-level surveillance was effectively indiscriminate, without basic safeguards and oversight, and
lacked a sufficient legal basis in the Regulation of Investigatory Powers Act (RIPA). In its judgment, the ECtHR acknowledged that bulk interception is by definition untargeted ; that there was a lack of oversight of the
entire selection process, and that safeguards were not sufficiently robust to provide adequate guarantees against abuse. In particular, the Court noted concern that the intelligence services can search and examine
"related communications data" apparently without restriction -- data that identifies senders and recipients of communications, their location, email headers, web browsing information, IP addresses, and more. The Court expressed concern that
such unrestricted snooping could be capable of painting an intimate picture of a person through the mapping of social networks, location tracking, Internet browsing tracking, mapping of communication patterns, and insight into who a person interacted
with. The Court acknowledged the importance of applying safeguards to a surveillance regime, stating: In view of the risk that a system of secret surveillance set up to protect national
security may undermine or even destroy democracy under the cloak of defending it, the Court must be satisfied that there are adequate and effective guarantees against abuse.'
The Government passed the Investigatory
Powers Act (IPA) in November 2016, replacing the contested RIPA powers and controversially putting mass surveillance powers on a statutory footing. However, today's judgment that indiscriminate spying breaches rights protected by
the ECHR is likely to provoke serious questions as to the lawfulness of bulk powers in the IPA. Jim Killock, Executive Director of Open Rights Group said: Viewers of the BBC drama, the
Bodyguard, may be shocked to know that the UK actually has the most extreme surveillance powers in a democracy. Since we brought this case in 2013, the UK has actually increased its powers to indiscriminately surveil our communications whether or not we
are suspected of any criminal activity. In light of today's judgment, it is even clearer that these powers do not meet the criteria for proportionate surveillance and that the UK Government is continuing to breach our right to
privacy.
Silkie Carlo, director of Big Brother Watch said: This landmark judgment confirming that the UK's mass spying breached fundamental rights vindicates Mr Snowden's courageous
whistleblowing and the tireless work of Big Brother Watch and others in our pursuit for justice. Under the guise of counter-terrorism, the UK has adopted the most authoritarian surveillance regime of any Western state, corroding
democracy itself and the rights of the British public. This judgment is a vital step towards protecting millions of law-abiding citizens from unjustified intrusion. However, since the new Investigatory Powers Act arguably poses an ever greater threat to
civil liberties, our work is far from over.
Antonia Byatt, director of English PEN said: This judgment confirms that the British government's surveillance practices have violated
not only our right to privacy, but our right to freedom of expression too. Excessive surveillance discourages whistle-blowing and discourages investigative journalism. The government must now take action to guarantee our freedom to write and to read
freely online.
Dr Constanze Kurz, computer scientist, internet activist and spokeswoman of the German Chaos Computer Club said: What is at stake is the future of mass surveillance
of European citizens, not only by UK secret services. The lack of accountability is not acceptable when the GCHQ penetrates Europe's communication data with their mass surveillance techniques. We all have to demand now that our human rights and more
respect of the privacy of millions of Europeans will be acknowledged by the UK government and also by all European countries.
Dan Carey of Deighton Pierce Glynn, the solicitor representing the applicants, stated as
follows: The Court has put down a marker that the UK government does not have a free hand with the public's communications and that in several key respects the UK's laws and surveillance practices have failed. In
particular, there needs to be much greater control over the search terms that the government is using to sift our communications. The pressure of this litigation has already contributed to some reforms in the UK and this judgment will require the UK
government to look again at its practices in this most critical of areas.
|
|
Snooper's Charter law completes in the Commons supported by Labour and the Conservatives
|
|
|
|
9th June 2016
|
|
| See bill progress from services.parliament.uk See also
article from openrightsgroup.org |
MPs have voted in the final Commons stage of the Investigatory Powers Bill. They voted in favour of the bill by 444 to 69. Some MPs - particularly Joanna Cherry, David Davis, Alistair Carmichael and Stephen McPartland - did a great job in putting the
Government under pressure. SNP, Lib Dem and Green MPs voted against. The Bill will now be debated in the House of Lords The Open Rights Group have highlighted the Filter as the nastiest part of the bill which unifies website history
and communication records into a single searchable database. The group explains: The bill is very long and complex, and hundreds of amendments have been proposed. However, the Request Filter in particular is
receiving far too little attention . With a huge range of issues to deal with, the Request Filter has been absent from the discussions from the front benches, despite being the one of two completely new developments in the Bill. As the IPB enters report
stage we need to ensure that the Filter gets the attention it deserves from MPs. The Request Filter is described by the Home Office as a safeguard designed to reduce the collateral intrusion produced in searching for small,
specific information in a large dataset. In reality, the Request Filter would allow automated complex searches across the retained data from all telecommunications operators. This has the potential for population profiling,
composite fishing trips and the unaccountable generation of new insights. It is bulk data surveillance without the bulk label, and without any judicial authorisation at all. The Food Standards Agency will be able to self-authorise itself to cross
reference your internet history with your mobile phone location and landline phone calls--and search and compare millions of other people's records too. Queries can be made across datasets. Location data - which pub you were in -
can be compared with who you phoned, or which websites you visit. All with great convenience, through automated search. The searches will be increasingly focused on events, such as a website visited , or place people have gathered, rather than the
suspects. This is the reverse of the position today, which requires the police to focus on suspects, and work outwards. In the future, with the Filter, any query can examine the data of thousands of innocent persons - to check that they don't fit
the police's search criteria. The idea of passive retained records, that lie unexamined until someone comes to the attention of the authorities, will lie dead. The data becomes an actively checked resource, allowing
everyone's potential guilt to be assessed as needed. The Filter creates convenience for law enforcement queries, and pushes practice towards the use of intrusive capabilities. It lowers the practical level on which they are
employed. Techniques that today would be used only in the most serious crimes, because they require thought and care, tomorrow may be employed in run of the mill criminal activity, public order, or even food standards, as the bill stands.
The Filter was at the centre of debates when the original Snooper's Charter was first introduced in 2012. Parliament described the Request Filter at the time as essentially a federated database of all UK citizens' communications
data . This dystopian surveillance tool should be stopped, and next week MPs will have the chance to do it. There are several amendments presented by the Lib-Dem MP Alistair Carmichael that aim to remove the filter.
Another MP, the Conservative Stephen McPartland , who was part of the Science and Technology Committee and understands the implications of the Filter, has tabled a series of amendments with measures designed to constrain the power.
These include restricting the Filter to exceptional circumstances, putting it under the control of the Judicial Commissioner as other bulk powers, and bringing it into the statute book as formal Regulations - so it is subjected to the normal transparency
and processes of judicial review. It is important that all those amendments get debated. We want the complete removal of the filter. McPartland's amendments describe the minimum requirements even a proponent should be seeking, but
more importantly give MPs an opportunity to be told what the filter is, what it is capable of, and why the government plans so little oversight for it. The nature of the Filter must be discussed to expose the Orwellian doublespeak
characterisation by the Home Office of this surveillance tools as a safeguard to improve privacy.
|
|
Nothing to hide, nothing to fear? The immense powers in the UK's new surveillance bill are questioned in a new documentary film, The Haystack
|
|
|
|
27th April 2016
|
|
| From opendemocracy.net by Matthew Linares |
The Haystack is a new documentary , released today by Scenes of Reason , bringing together leading lights for and against the UK's Investigatory Powers Bill. This unprecedented piece of legislation, which is now under parliamentary scrutiny, seeks to
affirm and expand the surveillance remit of UK security services and other departments, including new powers for the police to access internet connection records -- a database of the public's online activity over the previous 12 months.
The film provides an excellent roundup of arguments on both sides of the tortuous surveillance debate, including Conservative MP Johnny Mercer echoing the well-worn refrain, if you have nothing to hide, you have nothing to fear. Jim
Killock of the Open Rights Group , speaking at the film's launch, quipped that Mr Mercer might feel a bit different if it were the left-wing government of Jeremy Corbyn and
John McDonnell wielding these powers. Indeed, as far-right parties attract support around Europe and the world, the likelihood increases of tremendous state surveillance becoming the plaything of ever more abusive regimes. The
immense capabilities contained within the bill are unpalatable in the hands of any authority -- they are all too easily harnessed to undermine perfectly reasonable political opposition and judicial work. By way of example, the film outlines one such case
where the current UK government improperly gained access to privileged details of a court case against it. In this light, the bill seems an intolerable threat to democracy and free expression. Voices of concern from the security
community , such as Sir David Omand, ex-GCHQ chief, explain that precautions against terrorism require more spying. Others reject this, noting that security services have failed to act on intelligence when they do have it -- spending enormous sums on
digital surveillance only reduces their efficacy in the realm of traditional detective work. Moreover, those costs, to be borne by government and industry, are excessive at a time of cuts to other public services designed to protect us from more
conventional enemies, such as disease.
|
|
200 senior lawyers write a letter to the Guardian about the snooper's charter
|
|
|
|
15th March 2016
|
|
| See article from theguardian.com |
The UK's investigatory powers bill receives its second reading on Tuesday. At present the draft law fails to meet international standards for surveillance powers. It requires significant revisions to do so. First, a law that gives
public authorities generalised access to electronic communications contents compromises the essence of the fundamental right to privacy and may be illegal. The investigatory powers bill does this with its bulk interception warrants and bulk
equipment interference warrants . Second, international standards require that interception authorisations identify a specific target -- a person or premises -- for surveillance. The investigatory powers bill also fails this
standard because it allows targeted interception warrants to apply to groups or persons, organisations, or premises. Third, those who authorise interceptions should be able to verify a reasonable suspicion on the
basis of a factual case. The investigatory powers bill does not mention reasonable suspicion -- or even suspects -- and there is no need to demonstrate criminal involvement or a threat to national security. These are
international standards found in judgments of the European court of justice and the European court of human rights, and in the recent opinion of the UN special rapporteur for the right to privacy. At present the bill fails to meet these standards -- the
law is unfit for purpose. The stories you need to read, in one handy email Read more If the law is not fit for purpose, unnecessary and expensive litigation will follow, and further reform will be required. We urge members of the
Commons and the Lords to ensure that the future investigatory powers legislation meets these international standards. Such a law could lead the world. Paul Ridge, Jaani Riordan, Patrick Roche, Deborah Russo, Adam Sandell, Joseph
Savirimuthu, Anton Schutz, Dr Kirsteen Shields, Bethany Shiner, Gus Silverman, Natasha Simonsen, Martha Spurrier, Alison Stanley, Angela Stevens, Dr Sujitha Subramanian, Samantha Taylor, Gwawr Thomas, Anna Thwaites, Chris Topping, Dr Maria Tzanou,
Anthony Vaughan, Dr Asma Vranaki, John Wadham, Adam Wagner, Amos Waldman, Liam Walker, Tony Ward, Camille Warren, Sue Willman, Dr Maggie Wykes, Adrienne Yong, Dr Alison Young, Dr Hakeem O Yusuf, Dr Aldo Zammit Borda, Dr Reuven Ziegler, Dr Stephen J
Murdoch University College London, Helen Mowatt, Imran Khan, Kemi Spector, Dr Gavin W Anderson University of Glasgow, Colin Murray Newcastle University, Aidan O’Donnell University of Strathclyde, Professor Daniel Wilsher City University, Mikhil Karnik,
Conor McCormick Queen’s University Belfast, Professor Valsamis Mitsilegas Queen Mary University of London, Graeme Hall, Christopher McCorkindale University of Strathclyde,
|
|
The UN's Special Rapporteur on the right to privacy condemns Investigatory Powers Bill
|
|
|
| 10th March
2016
|
|
| See press
release from openrightsgroup.org |
The Special Rapporteur on the right to privacy has heavily criticised the Investigatory Powers Bill in his first report to the Human Rights Council. The report calls for disproportionate, privacy-intrusive measures such as bulk
surveillance and bulk hacking as contemplated in the Investigatory Powers Bill [to] be outlawed rather than legitimised. Jim Killock, Executive Director of Open Rights Group responded to the report's findings:
The Special Rapporteur's report is yet another damning criticism of the Investigatory Powers Bill. Not only does it call for the disproportionate powers in the Bill to be 'outlawed rather than legitimised', it points out that the Bill
does not comply with recent human rights rulings, which means it could be open to legal challenges. The report also voices another serious concern -- that the impact of this extreme legislation will be felt around the world, and
copied by other countries. The Government cannot continue to ignore the overwhelming evidence that the IPB is a deeply flawed piece of legislation.
|
|
Three parliamentary committees have now passed damning judgement on the Home Office's draft Investigatory Powers Bill. But will they listen?
|
|
|
|
13th February 2016
|
|
| See article from opendemocracy.net by
Julian Huppert Julian Huppert is a Lecturer at the University of Cambridge. He was previously the Member of Parliament for Cambridge as a Liberal Democrat, serving as a member of the Home Affairs Select Committee. |
Three parliamentary committees have now reported on the Home Secretary's draft Investigatory Powers Bill. All three have raised major criticisms of both the powers proposed and the way they are set out. The first was the report of
the Science and Technology Committee , on February 9th, which criticised the
lack of clarity in the bill, and highlighted the need for integrity and security in online transactions. Then we had the Intelligence and Security Committee, with the
first report from the new committee. Long derided as weak, too close to and too trusting of the agencies it was supposed to be overseeing,
it caused ripples in the establishment with its short and to the point 15-page report. In that report they savaged the bill, describing it as a "missed opportunity". They say that "the privacy protections are
inconsistent and in our view need strengthening", and that some of the provisions -- equipment interference, bulk personal data sets, and communications data -- "are too broad and lack sufficient clarity". The proposals around
communications data are described as "inconsistent and largely incomprehensible". Their criticisms are so deep that they express specific concern that it may not be possible to fix the bill by the end of 2016, and
suggest the Home Office make sure to take the time to get it right. They say "the draft Bill has perhaps suffered from a lack of sufficient time and preparation and it is important that this lesson is learned prior to introduction of the new
legislation." Given that aspects of this legislation were claimed to be ready to be passed into law in 2012, this is utterly damning. The largest report was that of the Joint Committee set up specifically to examine this
bill, released this morning, February 11th. Whereas the one set up to consider the 2012 draft Communications Data Bill, on which I served, was chaired by the independently minded Lord Blencathra, this one was chaired by a former chair of the Intelligence
and Security Committee (from its rather more cosy and quiescent days), Lord Murphy. They also had a very abridged timetable, and say on numerous occasions that they simply didn't have the time to properly analyse important sections of the legislation.
Despite this, the 182-page report contains some heavy criticism of the bill, in many cases calling on the government to address criticisms or change the legislation, and they specifically call for some powers to be removed from
the bill. In a rather derisory remark, they say of the Home Office that: We recommend that more effort should be made to reflect not only the policy aims but also the practical realities of how the internet works
on a technical level.
This is the Home Office's third effort to get legislation in this area correct. The first effort was slated by a Joint Committee, and the replacement that was then drawn up was not deemed to be
good enough even to present to parliament. This third version has now faced a triple whammy of criticism, and it is now clear that the Home Office will have to make substantial changes if it wants to get legislation through. I
hope the Home Office will listen to the criticism, especially from the ISC, and produce a better bill for parliament. If they do, we can be in a better place than the one we have now, where RIPA and other obscure legislation gives widespread uncodified
powers in ways that were never intended. If not, I foresee a rocky road for them in parliament, and many embarrassing defeats. If the Home Office get this right, we can benefit from both better security and better protection for
privacy. If they refuse to listen, they have the power to worsen both.
|
|
A report on the UK's Investigatory Powers Bill
|
|
|
| 7th February 2016
|
|
| See article from eff.org |
The House of Commons Science and Tech Committee has published its report on the draft Investigatory Powers Bill, influenced by comments submitted by 50 individuals, companies, and organizations, including EFF. The report is the first of three
investigations by different Parliamentary committees. While it was intended to concentrate on the technological and business ramifications of the bill, their conclusions reflect the key concern of lawmakers, companies, and human rights groups about the
bill's dangerously vague wording. The Investigatory Powers Bill, as written, is so vague as to permit a vast range of surveillance actions, with profoundly insufficient oversight or insight into what Britain's intelligence,
military and police intend to do with their powers. It is, in effect, a carefully-crafted loophole wide enough to drive all of existing mass surveillance practice through. Or, in the words of Richard Clayton, Director of the Cambridge Cloud Cybercrime
Centre at the University of Cambridge, in his submissions to the committee: the present bill forbids almost nothing ... and hides radical new capabilities behind pages of obscuring detail. The bill is 192 pages long,
excluding over 60 pages of explanatory notes. Our comments to the committee focused on just one aspect of the bill, what they call equipment interference. Despite our emphasis on just one small part of the bill, our analysis revealed multiple
ambiguities and broad new powers that would allow the security and intelligence agencies, law enforcement and the armed forces, to target electronic equipment such as computers and smartphones in order to obtain data, including communications content.
The bill also provides for the UK government to compel companies and individuals to comply with its surveillance demands, including those located outside Britain, and to bar companies from revealing that they were the subject of such demands. As the
committee says in its conclusions, We believe the industry case regarding public fear about 'equipment interference' is well founded. The bill also includes a new mandate for data retention whose breadth is similarly
ambiguous. Terms like internet connection records, telecommunications service, relevant communications data, communications content, technical feasibility, and reasonable practicable were all criticized in the
report for their vague and overbroad use. The government's excuse is that it wants to create a future-proof bill, but loose language is bad for businesses trying to understand what obligations they are under. And it's certainly bad for civil
liberties when governments exploit those ambiguities to obtain or hold onto new powers. The details of these definitions and safeguards surrounding them should not be punted into secondary legislation. As the committee notes, a
disturbing degree of detail about the Investigatory Powers Bill is deferred to future Codes of Practice. We've been down this road before in the UK. IPB's predecessor, the Regulation of Investigatory Powers Act (2000) also placed its devilish
details into future statutory instruments, which were often slipped past Parliamentarians with little warning or debate. The result was years of expansion of RIPA powers, to the point where powers originally intended for the intelligence services were
delegated to over four hundred public bodies. Even the head of MI5 , Lady Manningham-Buller, who lobbied for the RIPA powers, was shocked by the eventual overreach: I can remember being astonished to read that
organizations such as the Milk Marketing Board, and whatever the equivalent is for eggs, would have access to some of the techniques. On the principle governing the use of intrusive techniques which invade people's privacy, there should be clarity in the
law as to what is permitted and they should be used only in cases where the threat justified them and their use was proportionate.
This is why, as the committee says, it is essential that this timetable does not
slip and that the Codes of Practice are indeed published alongside the Bill so they can be fully scrutinized and debated. We would go further: EFF believes that a productive discussion around the Investigatory Powers Bill can
only begin once all the cards are on the table. The UK government needs to answer all the questions raised by the committee, including those currently postponed to Codes of Practice, and embed those answers in a revised bill, which can then be more
seriously considered, or it's destined for a future of abuse followed by dismantlement in the courts. The series of successful challenges in the UK and EU against previous surveillance law and practice shows that vague and
unbounded language cannot survive a serious challenge in the courts. If the UK government wants its surveillance rules to stand the test of time, it needs to build them on a firm foundation of clarity, necessity, and proportionality.
|
|
|
|
|
| 7th January 2016
|
|
|
And Terrible Theresa accused of deceit over comms data definition See article from theregister.co.uk
|
|
|
|
|
| 6th
January 2016
|
|
|
The government couches the snoopers charter draft law in well known data protection principles but then carefully corrupts them by omitting a few 'nots' See
article from theregister.co.uk |
|
But only until this is criminalised in the upcoming Snooper's Charter
|
|
|
| 1st January 2016
|
|
| See article from theregister.co.uk |
Microsoft will warn email and OneDrive users if it detects apparent attempts by governments to hack into their accounts. Google, Facebook, Twitter and Yahoo already offer similar government hacker alert systems to the one just introduced by Microsoft.
Alerts are far from rare. Google, for example, reportedly tells tens of thousands of users every few months that they've been targeted by foreign spooks. |
|
|
|
|
|
29th December 2015
|
|
|
Thanks to soft touch oversight. Privacy International battle exposes bulk warrants See article from theregister.co.uk
|
|
Theresa May states the internet snooping powers won't be restricted to serious crimes but will be used to target internet insults, trolling and bullying
|
|
|
|
26th December 2015
|
|
| See article from dailymail.co.uk
|
The governments invasive mass snooping laws will be used to bring online bullies and trolls to justice, the Home Secretary says. Theresa May reportedly says that surveillance powers, unveiled under the Investigatory Powers Bill last month, will be
used by police and spooks to track down and identify anonymous cyberbullies. The Times reports that 'officials' will be able to unmask users going by various aliases. Previously the government has maintained that the far reaching Snooper's
Charter would be restricted to tracking serious crimes such as terrorism and child abuse. Offsite Article: Theresa May wants to see your internet history, so we thought it was only fair to ask for hers 26th December
2015. See article from independent.co.uk
The Independent requested the Home Secretary's work browsing history for the last week of October under the Freedom of Information Act. The Home Office has refused to make Theresa May's internet
browsing history public under freedom of information rules, arguing that a request to do so is vexatious .
... Read the full
article from independent.co.uk |
|
|
|
|
| 23rd December 2015
|
|
|
How the Investigatory Powers Bill will affect ISPs See article from openrightsgroup.org
|
|
Apple asks if the risk of your bank account being cleared out by hackers is a price worth paying for the government being able to snoop on your personal messages
|
|
|
| 22nd December 2015
|
|
| See article from
theguardian.com |
Apple has called for changes to the UK government's investigatory powers bill, over fears it would weaken the security of personal data of millions of law-abiding citizens . In a submission to the bill committee the company expressed major
concerns and called for wholesale changes before the bill is passed. It siad: We believe it would be wrong to weaken security for hundreds of millions of law-abiding customers so that it will also be weaker for the
very few who pose a threat. In this rapidly evolving cyber-threat environment, companies should remain free to implement strong encryption to protect customers
Apple highlighted the main areas of the bill that it wants to see changed.
It told the committee that passages in the bill could give the government the power to demand Apple alters the way its messaging service, iMessage, works. The company said this would weaken encryption and enable the security services to eavesdrop on
iMessage for the first time. In its submission, Apple said: The creation of backdoors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers. A key left under
the doormat would not just be there for the good guys. The bad guys would find it too.
Apple said it was worried about the scope of the bill as many of the provisions in the bill apply to companies regardless of where they are based,
giving the bill international scope, despite being a purely domestic piece of legislation. It also runs the risk of placing companies in a damned if they do, damned if they don't position. The company said: Those
businesses affected will have to cope with a set of overlapping foreign and domestic laws. When these laws inevitably conflict, the businesses will be left having to arbitrate between them, knowing that in doing so they might risk sanctions. That is an
unreasonable position to be placed in.
|
|
|
|
|
|
12th December 2015
|
|
|
Proposed snooper's charter will enable GCHQ to snoop on all available data See article from bbc.co.uk |
|
|
|
|
|
2nd December 2015
|
|
|
Thanks to soft touch oversight. Privacy International battle exposes bulk warrants See article from theregister.co.uk
|
|
Offsite articles outlining details of the Snooper's Charter
|
|
|
| 13th
November 2015
|
|
| |
The Tory war on privacy 13th November 2015. See article from spiked-online.com The Investigatory Powers Bill should be
ripped up. By Tom Slater What the Investigatory Powers Bill will mean for your internet use 10th November 2015. See
article from theregister.co.uk So who REALLY knows what
I access?
The Register details what ISPs will and will not be able to determine from your internet usage. However the article should be read with a little caution. Eg just because an ISP cannot determine which of your family members is accessing the websites on
the log doesn't mean the authorities can't. In fact the bill mentions specific capabilities to use context and tracking cookies etc to determine which family member access which sites.
UK surveillance bill could bring very dire consequences , warns Apple chief 10th November 2015. See article from theguardian.com
Any back door is a back door for everyone, says Tim Cook of proposals to allow authorities to track citizens' internet use without requiring warrant
UK Surveillance
Bill a Threat to Privacy 9th November 2015. See article from hrw.org
Key aspects of the bill include:
The bill would preserve current blanket data retention requirements for communications data and add a new requirement for communications service providers to retain users' "Internet connection records" for up to 12
months. As described in the government's explanatory notes, this requirement means that the government could get a list of all the websites a person visits or online services they use for up to a year. Even though this would not provide access to the
specific pages of a website the person visited, it would be highly revealing of a person's online activity and could result in self-censorship with a chilling effect on free expression. It would also breach the right to privacy and to information, given
that it applies to all users regardless of whether they are under suspicion. Intelligence agencies and police would be able to access such communications data without a warrant or review by a judge. Although judicial approval is required for police to
gain access to journalists' sources, it would not be required for intelligence agencies to get this access.
Request Filters... 5th November 2015. See article from theregister.co.uk
T
he Snooper's Charter Bill reveals how the state will maintain a separate datebase entry for every internet user, even when they share an internet connection Commenting on the government spin about the snooper's
charter... 5th November 2015. See article from theguardian.com .
The surveillance bill is as big a threat to state security as to personal liberty. By Simon Jenkins Surveillance Q&A what web data is affected – and how to foil the snoopers... 5th November 2015. See
article from theguardian.com .
Critics call it a revived snooper's charter, because the government wants police and spies to be given access to the web browsing history of everyone in Britain. However, Theresa May says her measures would require internet
companies to store data about customers that amount to simply the modern equivalent of an itemised phone bill . Who is right? And is there anything you can do to make your communications more secure?
Will UK spy bill risk exposing people's porn habits? ...
5th November 2015. See article from bbc.co.uk . So, the bill proposes the authorities be given the right to retrospectively
check people's internet connection records without having to obtain a warrant. That means, for example, they would be allowed to learn someone had used Snapchat at 07:30 on their smartphone at home and then two hours later
visited Facebook's website via their laptop at work. It may sound fairly innocuous - but of course many people have internet habits that are legal but nevertheless very private. So, is their privacy being put at risk?
|
|
As if it wasn't bad enough that all and sundry will be given the powers to snoop into our innermost private secrets, now it seems we will have to pay through the nose for the privilege
|
|
|
| 12th
November 2015
|
|
| See article from theregister.co.uk
|
Speaking at a Commons Select Committee hearing this week, ISPs warned that the costs of implementing the system outlined in the government's Snooper's Charter Bill would be huge, far larger than the £175m the government has earmarked for them. ISPs would face significant additional costs, and would pass those on to its customers, the MPs were told. Chairman of the Internet Service Providers Association (ISPA), James Blessing, said that given an
infinite budget he could create the system that the government imagines in its legislation. But, he noted, the bill appears to be limiting the amount of funds available to a figure we don't recognize as suitable for the industry. Making the point more bluntly, CEO of ISP Gigaclear, Matthew Hare, noted:
One way or the other, the citizens of this country will end up paying to be spied on.
|
|
Police restrict march protesting against government surveillance
|
|
|
| 5th
November 2015
|
|
| Thanks to Trog See article from bbc.co.uk See also
Facebook Page |
The Million Mask March is an annual protest against government cuts and surveillance across the UK, with the largest gathering in London. It is organised by the internet group Anonymous. The Facebook page for the event, on 5th November, said it was
intended to oppose the encroaching destruction of civil liberties. The Met Police said they were imposing conditions under the Public Order Act. Ch Supt Pippa Mills said conditions were being placed on the protest because we have such
serious concerns . The police have specified: The march must not start before 18:00 GMT and must finish at 21:00; Attendees should stick to a particular route between Parliament Square and Trafalgar Square; Officers have the power to make
protesters remove facial coverings. Protests are expected across the world, with demonstrations expected to take place in countries including Cambodia, Chile, Canada, America and Mexico. |
|
More propaganda from Theresa May and co shown to be bollox
|
|
|
|
4th November 2015
|
|
| 3rd November 2015. See article from telegraph.co.uk |
Internet and social media companies will be banned from putting customer communications beyond their own reach under new laws to be unveiled on Wednesday. Companies such as Apple, Google and others will no longer be able to offer encryption so
advanced that even they cannot decipher it when asked to, the Daily Telegraph can disclose. Measures in the Investigatory Powers Bill will place in law a requirement on tech firms and service providers to be able to provide unencrypted
communications to the police or spy agencies if requested through a warrant. A Home Office spokessnoop said: The Government is clear we need to find a way to work with industry as technology develops to ensure that,
with clear oversight and a robust legal framework, the police and intelligence agencies can access the content of communications of terrorists and criminals in order to resolve police investigations and prevent criminal acts. That
means ensuring that companies themselves can access the content of communications on their networks when presented with a warrant, as many of them already do for their own business purposes, for example to target advertising. These companies' reputations
rest on their ability to protect their users' data.
Update: The impact of a ban on encryption 4th November 2015. See
article from publicaffairs.linx.net Contrary
to recent promises by Ministers that the government will not attempt to weaken or undermine encryption, the new obligation would require companies to ensure that they had the capability to decrypt any data they stored. This would particularly impact
cloud-based companies like Apple and Facebook, which have won consumer trust for the integrity of their Facetime and WhatsApp communications services by designing them with encryption that protects customer data even from the company itself.
End-to-end encryption means, for communications, that the message is encrypted by the sender with a key known only to the intended recipient. Thus Alice can Facetime Bob safe in the knowledge that Apple cannot access the
communication, even though Facetime communications need to be sent through servers run by Apple. End-to-end encryption also applies for data storage in the cloud: a business storing its corporate data in a cloud service like Amazon S3 or Google Glacier
will encrypt that data with a key that it knows and Amazon or Google does not. The ability to support end-to-end encryption has been a crucial factor enabling adoption of cloud-based services as a viable alternative to traditional
applications run by corporate IT departments. Quite apart from any consumer backlash, prohibiting this capability would give pause to more security-sensitive businesses, that have a duty to protect the integrity of their customer data: if storing data in
the cloud means exposing customer data to the cloud-service provider, use of cloud services becomes much riskier. Recent high-profile breaches at TalkTalk, Vodafone and credit-rating agency Experian have greatly raised sensitivity to risk.
|
|
|
|
|
| 2nd November 2015
|
|
|
The Investigatory Powers Bill is our chance to publicly set the rules around surveillance. By Julian Huppert See
article from opendemocracy.net |
|
Time to write a bot to visit millions of random sites to obscure your actual browsing
|
|
|
| 2nd November 2015
|
|
| See article from telegraph.co.uk |
Councils, the taxman and dozens of other public bodies will be able to search the internet and social media activity of everyone in Britain, The Telegraph can disclose. Technology firms will be required to keep records of the websites and apps
which people have used and details of when they accessed them for 12 months under new powers unveiled this week. The new powers, contained in legislation which is published on Wednesday , will primarily be used by police and the security services
in pursuit of suspected terrorists and serious criminals. Nominally they will not be allowed to see which pages people have viewed or their searches while on the websites and apps, or the content of any messages, without a warrant, however it
would seem likely obtaining a warrant will be a rubber stamp exercise. The Telegraph understands that a total of 38 bodies will also be entitled to access the records for the purpose of detecting or preventing crime . A government
source claims that access will be limited, targeted and strictly controlled and overseen by a new Investigatory Powers Commissioner, but such 'oversight' has never ever done anything to reign in the authorities in any previous incarnation of
snooping laws. Ministers are also planning to introduce a new offence to deter the abuse of powers which will result in significant fines. Councils will also be required to get requests signed off by a magistrate before they are authorised, but it
seems unlikely that a magistrate would ever side with anyone accused of a crime. The authorities will be able to see which websites were visited, but not the exact page that they viewed. The intelligence agencies, police and the National
Crime Agency will be the obvious users of the capability but other bodies including the Financial Conduct Authority, HMRC, councils, the Health and Safety Executive and the Department for Work and Pensions will be able to access the information.
|
|
|
|
|
|
1st November 2015
|
|
|
The state still wants licence to pry. By Henry Porter See article from theguardian.com |
|
Police call for the ability to snoop on the browsing history of all British internet users
|
|
|
| 31st
October 2015
|
|
| 30th October 2015. See article from theguardian.com
|
Police have lobbied the government for the power to view the internet browsing history of every computer user in Britain ahead of the publication of legislation on regulating surveillance powers. Senior officers want to revive the measures similar to
those contained in the snooper's charter , which would force telecommunications companies to retain for 12 months data that would disclose websites visited by customers, reported the Times. Richard Berry, the National Police Chiefs' Council
spokesman for data communications refused to comment on any specifics of the forthcoming legislation, but claimedr the police were not looking for anything beyond what they could already access through telephone records. Detailing the powers police want,
he said: We essentially need the 'who, where, when and what' of any communication, who initiated it, where were they and when did it happened. And a little bit of the 'what', were they on Facebook, or a banking site,
or an illegal child-abuse image-sharing website?
Update: ISPs warn about police snooping 31st October 2015. See
article from theguardian.com
ISPs have warned that any new powers introduced by the government to allow broader snooping of web browsing behaviour must come with adequate oversight to protect civil liberties. The Internet Service Providers' Association (ISPA) has sent a
checklist of five key principles to MPs that it believes any new legislation must adhere to. The ISPA said it had not yet been consulted over any extension of powers to cover internet browsing history. Andrew Kernahan, ISPA spokesman, said:
Once the bill is published we will be going through it with a fine-toothed comb. What we do know is that internet connection records that the government wanted was included in the draft communications data bill that was
rejected by parliament. The independent reviewer of terrorism legislation, David Anderson, said there needed to be a rigorous assessment conducted of the lawfulness, likely effectiveness, intrusiveness and cost of requiring such data to be retained.
Kernahan said despite the bill's rejection, the government had not consulted with ISPs . We are still yet to have a proper conversation about this, he said. |
|
|
|
|
|
21st September 2015
|
|
|
As the head of MI5 launches a push for unparalleled powers, will he answer challenging questions on why banning encryption, or weakening it through compulsory backdoors, won't make us all less safe? By Julian Huppert See
article from opendemocracy.net |
|
The government initiates its propaganda campaign to justify deeper mass snooping
|
|
|
| 18th
September 2015
|
|
| See
article from publicaffairs.linx.net
See article
from publicaffairs.linx.net |
Andrew Parker, the Head of MI5, has called for more up-to-date surveillance laws in an interview with the BBC, where he also stated that communications companies have an ethical responsibility to alert the authorities to potential
threats . Parker said: MI5 and others need to be able to navigate the internet to find terrorist communication, we need to be able to use data sets to be able to join the dots to be able to find and stop the
terrorists who mean us harm before they are able to bring plots to fruition. We have been pretty successful at that in recent years but it is becoming more difficult to do it as technology changes faster and faster [and]
encryption comes in.
The government is currently planning renewed attempts to pass the Communications Data Bill, also known as the Snoopers' Charter . They are expected to bring forward a new version of the Bill in October.
Commentator and encryption expert Bruce Schneier commented: For most of human history, surveillance has been expensive. Over the last couple of decades, it has become incredibly cheap and almost ubiquitous. That a
few bits and pieces are becoming expensive again isn't a cause for alarm.
The government has also been briefing the communication industry about the extended snooping plan. Theresa May has already met with companies including
BT, TalkTalk, EE, Vodaphone, and Virgin Media to discuss plans to bring forward a new draft of the Communications Data Bill in October. Non-ISP networks and civil liberties groups have reportedly been summoned to separate meetings.
|
|
|
|
|
| 2nd September
2015
|
|
|
Snoopers' Charter will cause extreme rise in business costs, say UK IT professionals See
article from telecomreseller.com |
|
|
|
|
| 1st August 2015
|
|
|
Does the government really want to ban WhatsApp, iMessage and Skype? See article from bbc.co.uk |
|
Judges 'disapplies' UK government's emergency law to continue the collection of snooping data after the original basis was found invalid in European Court
|
|
|
| 17th July
2015
|
|
| See article from
terrorismlegislationreviewer.independent.gov.uk |
In a decision of great potential importance, the Divisional Court (a Lord Justice and High Court Judge sitting together) have declared section 1 of DRIPA, an Act of Parliament passed in 2014, to contravene the EU Charter of Fundamental Rights as it was
interpreted in the Digital Rights Ireland judgment of April 2014. Digital Rights Ireland declared invalid the Data Retention Directive of 2006, an EU measure which had been promoted by the UK and which required all Member States to retain
telecommunications data for periods of between 6 and 24 months. DRIPA (enacted under emergency procedures in July 2014, in only four days) was the UK's reaction to Digital Rights Ireland. Its purpose was to provide a statutory basis, replacing the
now-invalid Directive, for the requirement that service providers in the UK retain certain categories of data (e.g. sender/recipient, date/time/duration of communication, but not content or web browsing history) for 12 months. The Divisional Court
judgment applied the Digital Rights Ireland principles to DRIPA, disapplying the Act of Parliament to the extent that it failed to respect the EU Charter of Fundamental Rights. It remains to be seen whether the Government will appeal and,
if so, how quickly that appeal will be heard. |
|
Not content with impoverishing young people, David Cameron seeks to ban their favourite messaging apps
|
|
|
| 11th July 2015
|
|
| See
article from
huffingtonpost.co.uk See
David Cameron's proposed encryption ban would 'destroy the internet' from
businessinsider.com.au See Internet firms delete customer data post-Snowden to stop spies getting it from telegraph.co.uk
|
WhatsApp, Facebook Messenger and Snapchat could all potentially be banned under the latest revision of the Government's Snoopers Charter that's being drafted at the moment. The Investigatory Powers Bill, mentioned in the
2015 Queen's Speech , would allow the government to ban instant messaging apps that refuse to remove end-to-end encryption. Home Secretary Theresa
May reportedly plans to push the bill forward as quickly as possible, putting it in front of the Government by the Autumn. The unconfirmed ban has caused an outcry on social media with reactions ranging from anger to disbelief that the Government
would be able to take on companies like Apple, Google and Facebook. David Cameron hinted at such repressive measures earlier this year in the aftermath of the Paris shootings when he claimed that when implementing new surveillance powers he
would have no problem banning services like Snapchat if they didn't comply. He threatened: In our country, do we want to allow a means of communication between people which even in extremes, with a signed warrant from
the Home Secretary personally that we cannot read. My answer to that question is no we must not. If I am prime minister, I will make sure it is a comprehensive piece of legislation that makes sure we do not allow terrorist safe
spaces to communicate with each other.
In a damning report on government surveillance however ,
leading computer experts at MIT have claimed that the proposals by both the US and UK governments have 'failed to account for the risks' that are inherently associated with removing encryption. The report states: These
proposals are unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm.
|
|
Open Rights Group outlines the Anderson Report promoting the Snooper's Charter
|
|
|
| 13th
June 2015
|
|
| See article from
openrightsgroup.org See
report [pdf] from
terrorismlegislationreviewer.independent.gov.uk See
article from
publicaffairs.linx.net
|
The UK's Independent Review of Terrorism Legislation has said, it is time for a clean slate when it comes to surveillance law in the UK. In his report, David Anderson QC condemned the current legislative framework as, fragmented, obscure,
under constant challenge and variable in the protections that it affords the innocent . Anderson was tasked with reviewing surveillance law as a requirement of the Data Retention and Investigatory Powers Act, one of the
concessions gained by Labour and the Lib Dems in return for their support in rushing the Bill through Parliament last July. Anderson, unsurprisingly, does not condemn mass surveillance in principle and endorses bulk collection by
the security services, but the report does call for a radical overhaul of how surveillance is regulated. Here are some of the key points: Legal reform Since the Snowden
revelations began two years ago, Parliament has further legislated for surveillance through DRIPA, the Counter Terrorism and Security Act 2015 and amendments to the Computer Misuse Act that legitimise hacking by the security services. Anderson's damning
verdict that the law, is variable in the protections that it affords the innocent can't be ignored. The report says: A comprehensive and comprehensible new law should be drafted from scratch, replacing the multitude of current powers and
providing for clear limits and safeguards on any intrusive power that it may be necessary for public authorities to use. Warrants Under the current system, warrants for surveillance are signed
off by government ministers, who are not independent. Anderson's recommendations that warrants should be signed off by judicial commissioners is a welcome shift away from politicial authorisation but it would be preferable for warrants to go through the
courts and be signed by serving judges to help make sure that surveillance is necessary and proportionate . Snoopers' Charter Anderson says that extending capabilities through a new Snoopers'
Charter should only happen if there is, a detailed operational case needs to be made out, and a rigorous assessment conducted of the lawfulness, likely effectiveness, intrusiveness and cost of requiring such data to be retained . So far the
Government hasn't made such a case. In addition, it has made a report by Sir Nigel Sheinwald top secret. That report is believed to have suggested that a new international treaty could be a legal alternative to the Snoopers' Charter. Despite this, the
Home Secretary Theresa May today told the House of Commons that the re-drafted Snoopers' Charter would be laid before Parliament in the autumn - although it would be scrutinised by a Joint Committee. It is unlikely that Anderson's
review and the Intelligence and Security Committee's Privacy and Security report would have happened were it not for Edward Snowden's revelations. Two years on, there are still many battles to be fought but one thing is certain - the status quo cannot
continue. MPs from all parties must act to ensure that the UK has surveillance powers fit for a democracy. Timetable Theresa May, the Home Secretary, announced yesterday morning that the
Investigatory Powers Bill will be published in draft form in the autumn. A joint committee of MPs and Peers will scrutinise the bill. Petition The police and intelligence services should be able
monitor people suspected of serious crimes. But it's completely unclear that collecting information about everyone, all of the time is an efficient or cost-effective way of investigating crime. And it's even less likely that this is in line with
our fundamental human rights to privacy and freedom of speech. If you agree, can you sign our petition?
We think the police and intelligence agencies should have powers that are effective and genuinely protect our privacy and freedom of speech.
|
|
Tom Watson and David Davis in court to challenge 'emergency' mass snooping legislation
|
|
|
|
4th June 2015
|
|
| See article from bbc.co.uk
See also America curbs state snooping, Britain gives the green light from
theguardian.com by Simon Jenkins |
The High Court is hearing a legal challenge to the government's 'emergency' surveillance law brought by two MPs. The Data Retention and Investigatory Powers Act was fast-tracked through Parliament in three days last July. It allows Britain's
intelligence agencies to gather people's phone and internet communications data. But former Conservative minister David Davis and Labour's Tom Watson will argue that the legislation is incompatible with human rights. The Data Retention and
Investigatory Powers Act was rushed through Parliament in July 2014, after a ruling by the European Union's Court of Justice rendered existing powers illegal. The plans were supported by the three main parties, but opposed by civil liberties
campaigners. 'Lives at risk' However, Watson and Davis say the legislation was rushed and lacked adequate safeguards, and needs to be re-thought. They will argue that the legislation is incompatible with the right to a private and family life, and
data protection, under both the Human Rights Act and the European Union Charter of Fundamental Rights. |
|
SNP to spearhead opposition against the Snooper's Charter and the Tory abolition of our human rights
|
|
|
| 12th May 2015
|
|
| See article from
telegraph.co.uk |
Scottish National Party MPs are commendably planning to oppose flagship Conservative legislation by courting Tory backbenchers, The Telegraph reveals. Nicola Sturgeon's Westminster MPs want to block the so-called Snoopers' Charter by courting libertarian
Tories who have previously opposed Theresa May's plans for internet mass snooping. The conservatives want to implement a searchable database so that the authorities will be able to more fully analyse people's internet usage and communications.
The SNP MPs also believe they can gather enough cross-party support to kill off reprehensible Tory plans to repeal the Human Rights Act and replace it with a lesser British Bill of Rights. One senior SNP MP told the Telegraph:
Both those issues fall in that tricky civil liberties space for the Conservatives where there are fault lines, We think the mass collection of data is wrong. There is a line beyond which it is
unacceptable for civil liberties can be impinged. SNP opposition would likely be matched by Labour and the Lib Dems, meaning only a few dozen Tory rebels would be enough to block the flagship manifesto pledges.
|
|
|
|
|
|
11th May 2015
|
|
|
The Huffinton Post provides a handy flowchart to find out See article from huffingtonpost.co.uk |
|
Giving the Tories a majority lets them quickly move to resurrect the snooper's charter
|
|
|
|
9th May 2015
|
|
| See
article
from independent.co.uk |
The Conservatives are already planning to introduce the huge surveillance powers known as the Snoopers' Charter, hoping that the removal from government of the Liberal Democrats that previously blocked the controversial law will allow it to go through.
The law, officially known as the Draft Communications Data Bill, is already back on the agenda according to Theresa May. It is expected to force British internet service providers to keep huge amounts of data on their customers, and to make that
information available to the government and security services in a searchable format. The snoopers' charter received huge criticism from computing experts and civil liberties campaigners in the wake of introduction. It was set to come into law in
2014, but Nick Clegg withdrew his support for the bill and it was blocked by the Liberal Democrats. Theresa May, who led the legislation as home secretary, said shortly after the Conservatives' election victory became clear that she will seek to
re-introduce it to government. With the re-election of May and the likely majority of her party, the bill is likely to find success if the new government tries again. David Cameron has suggested that his party could introduce even more
wide-ranging powers if he was re-elected to government. Speaking in January, he said that there should be no form of communication that the government was unable to read -- likely causing chaos among the many internet services that rely on encryption to
keep users' data safe . |
|
A 2nd attempt to revive the Snooper's Charter fails in the House of Lords
|
|
|
| 2nd
February 2015
|
|
| See article from
theguardian.com |
Four lords who champion the surveillance state have been defeated for a 2nd time in reviving the Snooper's Charter. Former Tory defence secretary Toim King finally withdrew the massive amendment in the face of defeat by the combined vote of
Labour/Tory and LibDem peers. The amendment would have required every phone and internet company to store for 12 months the entire personal online history or communications data of all their customers, in such a manner as to facilitate invasive
database searches for information by the police and secret services. Tom King said: Our failure to take this exceptional opportunity which could have sent this to another place [the Commons] means that the risk
to fill this gap will be longer than it need be. We just have to pray that we do not pay too high a price for that.
King was backed by three other senior peers, Labour's Alan West, the Liberal Democrat Alex Carlile and crossbencher
Ian Blair, a former Metropolitan commissioner. David McLean, who chaired the parliamentary joint committee examining the bill, said they had spent six months going through the same proposals in the draft communications bill in detail in 2012 and
came to a unanimous verdict. They reported it was too sweeping in scope, that it failed to address the issue of blogs, that it needed safeguards against fishing expeditions , and that it needed to be substantially redrafted to prevent it being a
snooper's charter. |
|
Disgraceful attempt by 4 snoop friendly Lords to sneak in the previously rejected Snooper's Charter
|
|
|
|
1st February 2015
|
|
| 23rd January 2015. See article from
pirateparty.org.uk See also Abuse of
Parliamentary procedure from openrightsgroup.org |
Four members of the House of Lords have attempted to bring back from the dead the Communications Data Bill -- otherwise known as the Snoopers' Charter. The entirety of the bill that had previously been rejected (or at least put on hold) by Parliament --
some 18 pages in all -- was added as a late amendment to the Counter Terrorism and Security Bill currently passing through the Lords. This is utterly cynical at best, and a total abuse of parliamentary procedure at worst. The Communications
Data Bill is the one which required ISPs (or any telecommunications provider') to keep a log of all activity associated with an individual or IP address. Whilst ostensibly requested for 'security reasons (being played up again in the light of the
Charlie Hebdo murders in France) -- this mass retention of data is nothing less than oppressive, unwarranted, mass surveillance of the entire populace. We know all too well from the Snowden revelations that power is abused by those who hold it --
and that there is mission creep in the data retained and the uses to which it can be put. There is no reason to think that this would be any different. Previously the bill had been rejected in scrutiny by a joint committee of the Lords and Commons
for a variety of reasons - amongst them the fact that the Home Office had totally underestimated the cost involved as well as the lack of any evidence that there is any benefit to be had by requiring ISPs to hold this data. It was also requested that the
Independent reviewer on Terrorism legislation, David Anderson, reviewed and commented on the bill and Parliament is still waiting for his response to the initial proposals. Given all that, it is shocking and simply unacceptable that four unelected
Lords are attempting to pass this draconian legislation, not in its own right, but as a late amendment to a current bill. It is a total abuse of parliamentary procedure and means that this legislation will not suffer the intense scrutiny that a new bill
would, but instead would be passed in a backhanded fashion without review and consideration by both Houses. The House of Lords is intended in our parliamentary system to be a revising chamber -- adding a totally new bill as an amendment to
an existing one completely goes against that entire principle. The very fact that they feel it is necessary to bring the bill in this underhand manner shows that they clearly don't have any faith in the ability of the legislation to stand up to proper
scrutiny. The rushed passing of the #DRIP legislation set the worrying precedent for this kind of action by parliament when seeking to pass contentious legislation that avoids scrutiny. As a party we warned of the dangers of Parliament passing
controversial and oppressive surveillance laws without appropriate time or scrutiny. Despite the calls of both ourselves and others, that bill passed into law. Update: Defeated 1st February 2015. See
article from
publicaffairs.linx.net The House of Lords has rejected amendments to the Counter-Terrorism and Security Bill which would have introduced substantial parts of the
Communications Data Bill, more commonly known as the Snoopers' Charter . The amendments were withdrawn at the request of Lord Bates, Parliamentary Under-Secretary at the Home Office, who argued that including the amendments at such a late
stage could jeopardise the entire Bill. Lord Bates promised to investigate the possibility of sharing more widely a redrafted version of the draft Communications Data Bill, apparently written to take into account the Joint Committee's
recommendations , but which has so far been kept under wraps by the Home Office. |
|
Government introduces new law to extend detailed logs of internet usage to mobile phones and tablets
|
|
|
| 23rd
November 2014
|
|
| See article from
theguardian.com See
article from
theregister.co.uk See Counter-Terrorism and Security Bill
from publications.parliament.uk See bill
progress from services.parliament.uk
|
Police are to get powers to force internet firms to hand over details linked to IP addresses in order to help them help snoop on people's internet use. The anti-terrorism and security bill will oblige internet service providers (ISPs) to retain
information linking IP (Internet Protocol) addresses to individual subscribers. The home secretary, Theresa May, said the measure would boost national security, but again complained that Liberal Democrats were blocking further steps.
Loss of the capabilities on which we have always relied is the great danger we face, May said. The bill provides the opportunity to resolve the very real problems that exist around IP resolution and is a step in the right
direction towards bridging the overall communications data capability gap.
However, the Lib Dems insisted that the communications data bill -- branded the snooper's charter -- was dead and buried . The party also
stressed that the deputy prime minister, Nick Clegg, had been calling for the IP measures since spring 2013. The technical details are either sparse or misleading, maybe deliberately. Home and mobile broadband users have obviously had their IP
address recorded and logged for sometime along with logs of messages and websites visited. I believe that the bill is targeted at internet access on mobile phones where an IP address is shared by many users simultaneously without retaining detailed user
records per IP message. The Register obtained a slightly getter explanation from the Home Office:
Every internet user is assigned an IP address to ensure communication service providers know which data should go to which customer and routes it accordingly. Addresses are sometimes assigned to a specific device, such as a broadband router located in a
home or company. But they are usually shared between multiple users and allocated randomly by the provider's automated systems. Many providers currently have no business reason for keeping a log of who has used each address. It is
therefore not always possible for law enforcement agencies accessing the data to identify who was using an IP address at any particular time. Such communications data is a vital tool in the investigation of terrorist and criminal
activity, and significantly contributes to the conviction of child sex offenders. The inability to link IP addresses to individuals poses serious challenges for law enforcement agencies. The proposed measures would reduce the risk
of terrorism by improving the ability of the police and other agencies to identify terror suspects who may be communicating with each other via the internet. It would also help to identify and prosecute organised criminals; cyber
bullies and computer hackers; and protect vulnerable people. For example, it can be used to identify a child who has threatened over social media to commit suicide. This legislation will not however address all the capability gaps
that the Draft Communications Data Bill aimed to fill. These gaps will continue to have a serious impact on law enforcement and intelligence agencies. For example, the provisions will not enable the retention of weblogs -- a record of information
relating to a communication between a user and the internet, including a record of websites that have been visited.
Update: Retaining MAC addresses 27th November 2014. See
article from
publicaffairs.linx.net The Counter-Terrorism and Security Bill amends the definition of relevant communications data that Internet providers are required to
retain. The apparent intention is to ensure that Internet providers retain IP port numbers or machine MAC addresses when these are necessary to distinguish users, such as when the network is employing Carrier-Grade Network Address Translation (CGN).
|
|
|
|
|
| 12th September 2014
|
|
|
It can be argued that it is less about regulating the government and more about conferring them without much regulation at all. By David Banks See
article from theguardian.com |
|
Tom Watson MP: 'The surveillance state is running amok and Parliament has absolutely failed'
|
|
|
| 27th September 2013
|
|
| See
article from
openrightsgroup.org
|
Labour MP Tom Watson spoke out at the Labour Conference to criticise Ed Miliband, David Cameron, Nick Clegg and the rest of Parliament for turning a blind eye to the explosive growth in the power of the surveillance state Speaking in the light
of a summer of revelations from whistleblower Edward Snowden about the Internet surveillance programmes of British and American intelligence, he said: We're living in the most closed system of liberal democracy in the
Western world. We have the most unaccountable intelligence services. Parliamentary scrutiny hasn't just failed. It doesn't exist. I can't think what any party leader has said about this. That's an absolute
disgrace. This is a callous denial of our freedom. I have no faith in the Intelligence and Security Committee [which is charged with overseeing the UK intelligence agencies]. I hope Parliamentarians say we're not going to take it
this anymore. We have to say we're not going to put up with this and build a cross-party coalition to make the intelligence services accountable for once and for all and provide oversight of a surveillance state running amok.
He was speaking at a fringe event hosted by campaign groups Open Rights Group and Big Brother Watch. Also speaking was Paul Johnson, the Deputy Editor of The Guardian who has orchestrated their coverage of the Edward Snowden
revelations. He talked about: The most surreal 36 hours I've ever had as a journalist where, on the orders of GCHQ, we bought masks and anglegrinders...to destroy the material [that they had from Edward Snowden].
We told them two weeks earlier it was already in New York. The whole thing was surreal. It was an entirely bizarre moment. It illustrates at heart that the British Government doesn't believe this story should have been written.
Javier Ruiz, Campaigns Director of Open Rights Group called for the start of a movement against mass surveillance: This isn't just the responsibility of political parties. We really need to look at a
political solution that involves citizens, government and private companies.
Nick Pickles - Director of Big Brother Watch, told the audience: How we govern data isn't fit for the Internet age.
Parliament need to drag the intelligence agencies into the open. Secrecy cannot be justified to simply prevent embarrassment. We've been telling the world to do one thing while doing a completely different thing ourselves.
|
|
GCHQ haven't been sitting idly by waiting for the government to pass the snooper's charter
|
|
|
| 22nd
June 2013
|
|
| See article from
guardian.co.uk
|
Britain's spy agency GCHQ has secretly gained access to the network of cables which carry the world's phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American
partner, the National Security Agency (NSA). The sheer scale of the agency's ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and
telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate. One key innovation has been GCHQ's ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30
days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months. GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as
well as targeted suspects. This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user's access to websites, all of which is deemed legal, even though the warrant system was supposed to
limit interception to a specified range of targets. The existence of the programme has been disclosed in documents shown to the Guardian by the NSA whistleblower Edward Snowden. Update: Guardian Blocked by the US
Military 29th June 2013. See article from
guardian.co.uk The US army has admitted to blocking access to parts of the Guardian website for thousands of defence personnel across the country. The confirmation
follows reports in the Monterey Herald that staff at the Presidio military base south of San Francisco had complained of not being able to access the Guardian's UK site at all, and had only partial access to the US site, following publication of leaks
from whistleblower Edward Snowden.
|
|
Snooper's Charter absent from Queen's speech but there is a reference to new legislation to more accurately record and correlate users with their internet activity
|
|
|
| 9th
May 2013
|
|
| See article from
publicaffairs.linx.net
|
This session's Queen's speech did not contain any explicit mention of the Communications Data Bill, but did make reference to proposals aimed at making it easier for law enforcement to match IP addresses to individuals.
My government will continue to reduce crime and protect national security. Legislation will be introduced to reform the way in which offenders are rehabilitated in England and Wales. Legislation will be brought
forward to introduce new powers to tackle anti-social behaviour, cut crime and further reform the police. In relation to the problem of matching internet protocol addresses, my government will bring forward proposals to enable the
protection of the public and the investigation of crime in cyberspace. The government provides more details in the briefing notes on the Queen's Speech: [IP] addresses are generally shared between a
number of people. In order to know who has actually sent an email or made a Skype call, the police need to know who used a certain IP address at a given point in time. Without this, if a suspect used the internet to communicate instead of making a phone
call, it may not be possible for the police to identify them. The Government is looking at ways of addressing this issue with CSPs. It may involve legislation.
Commentators have linked these proposals to
comments made by Deputy Prime Minister Nick Clegg in April, suggesting that the government could be considering some sort of intervention relating to IPv6 adoption. Right now, there are not enough IP addresses to go
round for all of the devices being used. Temporary addresses are attached to computers and phones while they are online, but the records of these are patchy, which means they cannot easily be matched back to individuals. The
police say a clearer picture would be a huge help in their investigations and we should explore how that can be done. --- Nick Clegg, writing in The Telegraph
|
|
Nick Clegg announces that the Snooper's Charter isn't going to happen
|
|
|
| 25th April 2013
|
|
| See article from
bigbrotherwatch.org.uk
|
The Deputy Prime Minister, Nick Clegg, has just announced that the Communications Data Bill is dead. He said on LBC: What people dub the snoopers' charter, that's not going to happen -- certainly with Lib Dems in
government.
Big Brother Watch commented: Nick Clegg has made the right decision for our economy, for internet security and for our freedom. Recording the websites we look at
and who we email would not have made us safer, as some of the country's leading cyber security academics argued this week. It would have made Britain a less attractive place to start a company and put British companies in the position of being paid by
the Government to spy on their customers, something that oppressive regimes around the world would have quickly copied. Rather than spending billions on another Whitehall IT disaster that tramples over our civil liberties and
privacy on an unprecedented scale, we should focus on ensuring the police have the skills and training to make use of the huge volume of data that is available. If small, technical changes to existing legislation are required, then they should be
properly thought through before being subject to the widespread consultation and comprehensive assessment this plan sorely lacked.
Dr Julian Huppert MP, Lib Dem spokesperson for Home Affairs and a member of the Joint Committee on the
draft Communications data Bill, said: I am delighted that Nick Clegg has stood up for the British public on this. He was right to demand that these proposals be published as a draft, which gave us all a chance to see
just how badly thought through the Home Office proposals were. And he is now right to say that what the Home Office propose is unacceptable. Spending billions of pounds to keep track of every website we go to, and what we do on facebook or google, is
simply wrong. If we want to actually cut crime, spend the extra money on the police.
|
|
Joint letter sent to BT, Sky, Virgin and TalkTalk by ORG, Privacy International and Big Brother Watch, asking ISPs to stand up for their customers.
|
|
|
| 24th
April 2013
|
|
| See article from
openrightsgroup.org
|
Sent to: Neil Berkett, Virgin Media Jeremy Darroch, Sky Dido Harding, TalkTalk Warren Buckley, BT Jeremy Woodrow, Royal Mail Ronan Dunne, O2 Richard Tang, Zen Internet One year
ago, it became public knowledge that the Government intends to introduce legislation relating to communications data. We did not learn of this in Parliament, but in media leaks. It has become clear that a critical component of the
Communications Data Bill is that UK communication service providers will be required by law to create data they currently do not have any business purpose for, and store it for a period of 12 months. Plainly, this crosses a line
no democratic country has yet crossed -- paying private companies to record what their customers are doing solely for the purposes of the state. These proposals are not fit for purpose, which possibly explains why the Home Office
is so keen to ensure they are not aired publicly. There has been no public consultation, while on none of your websites is there any reference to these discussions. Meetings have been held behind closed doors as policy has been
developed in secret, seemingly the same policy formulated several years ago despite widespread warnings from technical experts. That your businesses appear willing to be co-opted as an arm of the state to monitor every single one
of your customers is a dangerous step, exacerbated by your silence Consumers are increasingly concerned about their privacy, both in terms of how much data is collected about them and how securely that data is kept. Many
businesses have made a virtue of respecting consumer privacy and ensuring safe and secure internet access. Sadly, your customers have not had the opportunity to comment on these proposals. Indeed, were it not for civil society
groups and the media, they would have no idea such a policy was being considered. We believe this is a critical failure not only of Government, but a betrayal of your customers' interests. You appear to be engaged in a conspiracy
of silence with the Home Office, the only concern being whether or not you will be able to recover your costs. We urge you to withdraw your participation in a process that in our view is deeply flawed, pursuing a pre-determined
solution that puts competition, security and privacy at risk in an unprecedented way. With best wishes, Jim Killock, Executive Director, Open Rights Group Nick Pickles, Director, Big Brother Watch Sam Smith, Technologist, Privacy International
Update: ISPs respond 25th April 2013. See article from
publicaffairs.linx.net Responding to the letter, ISPA UK pointed out the active role of ISPs in criticising the draft Bill. ISPs have
been open in their approach, with a number of ISPs and ISPA giving evidence publicly to the Joint Committee that criticised the draft bill. It is for the government to publish its proposals, and when it does, we will examine the new draft bill closely
alongside our members, parliamentarians and other stakeholders as part of the open parliamentary scrutiny the bill will receive. ISPA members recognise the needs of law enforcement, however want to see a bill that is workable and proportionate and takes
into account the recommendations of the joint committee.
|
|
|
|
|
|
23rd April 2013
|
|
|
The Home Office is trying to trap Britain. In the past Downing Street has listened to entrepreneurs, but are other Departments hampering their plans? By Sara Kelly of Coalition for a Digital Economy See
article from telegraph.co.uk |
|
The Home Office is refusing to reveal the basic details about exactly how invasive the snooper's charter is
|
|
|
| 22nd
April 2013
|
|
| See
article from
telegraph.co.uk
|
Theresa May, the Home Secretary, has so far declined to explain a proposed snooping system that would allow officials to trawl through the public's private emails, text messages and other messages sent through the internet. The Information
Commissioner has now ordered the Home Office to publish advice ministers received on the design, cost and risks of the new snooping system by May 11. If the Home Office does not comply with the Information Notice issued by the Commissioner last
week it will be judged as being in contempt of court . Dominic Raab, a Tory MP with an interest in human rights, requested the advice in a Freedom of Information request last summer, but May's department has refused to publish the guidance
citing supposed national security concerns. Raab said: This far-reaching scheme could drain the swamp of every email, text message and phone call made by every citizen, a tectonic shift in the relationship
between the citizen and the state. So, it's astonishing that Home Office bureaucrats are risking contempt of court by trying to cover up the most basic information on how the scheme will operate in practice.
|
|
|
|
|
| 20th April 2013
|
|
|
The Coalition's new internet surveillance laws are disastrous and could be used to oppress us, one of David Cameron's technology advisers has said. See
article from telegraph.co.uk |
|
40 Tory MPs set to oppose the Government's Snooper's Charter
|
|
|
| 22nd
December 2012
|
|
| See article from
dailymail.co.uk
|
Nasty plans for a snoopers charter' were in turmoil last night after 40 Tory MPs threatened a full-scale revolt. They are demanding major changes to the Communications Bill. The backbenchers say the Bill's scope must be limited to
terrorism and the most serious crimes if Britain is not to be turned into a nation of suspects. Tory MP Dominic Raab has collected the names of 40 colleagues who will sign an open letter opposing the Bill unless it is substantially amended:
- "We urge you to limit the application of the Bill to terrorist offences and the most serious crimes, limit access to such data to the intelligence agencies, SOCA and the police, and make the regime subject to judicial
warrant as a safeguard against abuse."
- "From a law enforcement perspective, there has been no explanation as to how those using foreign internet and communications service providers will be
prevented from circumventing the regime."
- "Equally, given the public sector's woeful track record of protecting personal data, we are concerned about the vulnerability of the scheme to both the
negligence of officials and attempts to infiltrate the system by those with criminal intent. We would urge you to consult in further detail with the Information Commissioner, internet providers, telephone companies and other external experts, to test the
technical integrity of the proposals."
- "Finally, the Home Office estimates the proposals would cost £2 billion. The Committee stated that these estimates 'are not robust'. We urge Ministers to
subject the proposals to external audit and re-consider their law enforcement cost-benefit in light of the suggestions made, above, to limit their breadth and tighten their focus."
Deputy Prime Minister Nick Clegg has already demanded the Government return to the drawing board . Now the prospect of a rebellion by both Coalition parties means ministers may have to rely on Labour support. However, the Opposition has yet to
say where it stands on the issue. The 40 MPs are unnamed but Raab said the 40 MPs include 19 first elected in 2010, a group who have proved they will take a stand on issues of importance.
|
|
|
|
|
|
15th December 2012
|
|
| The new Communications Data Bill continues the trend away from privacy to giving the state full access to our private lives. See
article from spiked-online.com |
|
|
|
|
|
13th December 2012
|
|
| Open Rights Group outlines some the parliamentary criticisms of the Government's Snooper's Charter See
article from openrightsgroup.org |
|
Parliamentary committee sees through the government's bollox and reports on how nasty the Snooper's Charter really is
|
|
|
| 12th
December 2012
|
|
| See article from
independent.co.uk
|
Ministers signalled they will rewrite the Snooper's Charter which gives police, security services and anyone else the government nominates new powers to snoop on communications. An influential parliamentary committee branded it overkill and Deputy
Prime Minister Nick Clegg said it needed a fundamental rethink . Home Secretary Theresa May accepted the substance of a highly-critical report by the committee set up to scrutinise the draft version of the Bill, which would allow a
range of official bodies to monitor emails, web phone calls and activity on social networking sites. The committee of MPs and peers said the legislation would give the Home Secretary sweeping powers to issue secret notices ordering
communications companies to disclose potentially limitless categories of data . And they accused the Government of using fanciful and misleading figures to support its case for the legislation. Clegg said he was ready to block the
Bill in its current form, and called on the Home Office to go back to the drawing board : I believe the coalition Government needs to have a fundamental rethink about this legislation. We
cannot proceed with this Bill and we have to go back to the drawing board. We need to reflect properly on the criticisms that the committee have made, while also consulting much more widely with business and other interested groups.
|
|
|
|
|
| 2nd November 2012
|
|
| Theresa May faced tough questions when she appeared before the Joint Committee on the draft Communications Data Bill. See
article from publicaffairs.linx.net |
|
|
|
|
| 1st
November 2012
|
|
| Big Brother Watch has published new research showing just how little support the Home Office's draft Communications Data bill has. See
article from bigbrotherwatch.org.uk |
|
Major internet companies set to oppose the Government's Snooper's Charter
|
|
|
|
14th October 2012
|
|
| See article from
dailymail.co.uk
|
Google, Facebook and Twitter are set to torpedo reprehensible Home Office plans to spy on every citizen's emails and website visits. The companies have threatened to block the snoopers charter, which requires them to store all data for a
year so that security agencies, police and councils can request its disclosure should they need to investigate internet insults. Civil liberty groups point out that the powers would create a surveillance state, but Britain's security and
intelligence agencies claim they are vital to investigate insulting messages and crimes against political correctness. Parliamentary testimonies of internet bosses have been released by a cross-party committee of MPs and peers that is scrutinising
the draft Communications Data Bill. They reveal directors from Google, Facebook, Yahoo!, Microsoft and Twitter believe the Bill would breach users' privacy and allow repressive regimes to spy on Britons. Facebook said it might go to court to
resist the new law, while Google and Twitter executives said they could refuse to unlock encrypted data if the Government were to seek the information via third-party providers such as BT. Facebook said it might go to court to resist the new law, while
Google and Twitter said they could refuse to unlock encrypted data
|
|
|
|
|
| 9th September 2012
|
|
| Should the Communications Data Bill become law, it will be an intervention too far from the surveillance state. By Henry Porter See
article from guardian.co.uk |
|
Parliamentary inquiry calls for evidence about the proposed 'Snooper's Charter'
|
|
|
| 6th July 2012
|
|
| See article from
bbc.co.uk
|
The public is being invited to submit evidence on the government's plans for a Snooper's Charter. This comes as a parliamentary committee launches its inquiry on the draft Communications Data Bill. Conservative peer Lord Blencathra, David
Maclean, chairs the joint committee of MPs and peers holding the inquiry and stressed a privacy-security balance. He said: Each and every one of us will be affected by the bill. This committee
wants to ensure that the draft bill will ensure a sufficient balance between an individuals' privacy and national security. We intend very thoroughly to examine the government's proposals and hope to hear from interested bodies
and organisations about exactly how the changes in technology and the way we use it should be reflected in legislation about access to communication data.
Offsite: Snooped internet records will be made available
to foreign police 10th July 2012. See article from
dailymail.co.uk Foreign police forces will be able to obtain details of the British public's internet use, emails and text messages. In a controversial move, MPs were
told that officials in Europe and the US will be able to take advantage of the Home Office's proposed snoopers charter. The information could be used for pursuing UK citizens for crimes which allegedly took place while they were on holiday
or over the internet. In response to a parliamentary question, ministers said police and public authorities overseas would also be free to request access to the mountains of information which will be stored. British officials will then decide
whether the data should be provided. In theory, every nation is free to lodge a request, although Britain's long-standing partners in the EU, plus countries such as the US and Canada, are most likely to be successful.
|
|
|
|
|
| 17th June 2012
|
|
| Theresa May wants to monitor every personal communication we make. It's a step too far in a democratic society. By Henry Porter See
article from guardian.co.uk |
|
|
|
|
|
16th June 2012
|
|
| In the US file-sharers will soon be monitored on behalf of the MPAA and RIAA, and in the UK there are plans to monitor and store all Internet communications. To counter this people are turning to VPN
services. How long before VPNs become illegal? See article from torrentfreak.com |
|
Government publishes draft bill allowing snooping on all internet and mobile communications
|
|
|
| 15th June
2012
|
|
| See article from
privacyinternational.org See article from
publicaffairs.linx.net See Communications Capabilities briefing
and summary of key issues [pdf] from bigbrotherwatch.org.uk
|
The government has published a draft version of a bill that, if signed into law in its current form, would force Internet Service Providers (ISPs) and mobile phone network providers in Britain to install black boxes in order to collect and store
information on everyone's internet and phone activity, and give the police the ability to self-authorise access to this information. However, the Home Office failed to explain whether or not companies like Facebook, Google and Twitter will be brought
under the Regulation of Investigatory Powers Act (RIPA), and how they intend to deal with HTTPS encryption. Faith in the integrity of HTTPS encryption is what makes online banking and the entire e-commerce industry possible, and Google uses it to
secure its Gmail service, as do most webmail providers. The need for easy access to Gmail has been one of the Home Office's primary justifications for the Communications Bill, but technology experts are dubious as to whether it is possible to technically
and lawfully break HTTPS on a nationwide scale. At this morning's Home Office briefing, Director of the Office for Security and Counter-Terrorism Charles Farr was asked about how the black box technology would handle HTTPS encryption. His only response
was: It will. The draft Bill includes controversial measures to require network operators to acquire communications data relating to third party services -- for example, requiring an ISP to discover and record when its customers post a
message on a social networking site, and to which other user of the site that message was addressed. The Bill does not specify what data ISPs are to acquire, nor provide any limits; the requirements for ISPs are to be set out in Orders made by the Home
Secretary at a later date. Writing in The Sun, Home Secretary Theresa May said: I just don't understand why some people criticise these proposals. People have a right to privacy. But unless you are a criminal,
then you've nothing to worry about from this new law. This isn't a snoopers' charter, it's a criminals' nightmare.
At a press and MP briefing at Parliament today, Julian Huppert MP said that he couldn't believe the bill could even be
put before the House in its current form. David Davis MP remarked that, given that the RIPA process is already a disgrace , the Home Office should be introducing a bill that introduces warrant requirements to RIPA rather than making it even easier
for the police to access citizens' communications data. He also revealed that David Maclean, the most right-wing politician the Home Office ever saw , will be chairing the committee on the bill. Dr Gus Hosein, Executive Director of Privacy
International, said: In the UK, we've historically operated under the presumption that the government has no business peering into the lives of citizens unless there is good reason to - that people are innocent until proven guilty. This legislation
would reverse that presumption and fundamentally change the relationship between citizen and state, and their relationship with their internet and mobile service providers. Yet there are still big question marks over whether Facebook and Google will be
brought under RIPA, and how far the government is willing to go in undermining internet security in order to fulfil its insatiable desire for data.
|
8th April 2012 | | |
| Council snoopers to read our emails as internet giants could be forced to hand over data. Daily Mail
considers the new snooping proposals in terms of council use and misuse See article from
dailymail.co.uk |
7th April 2012 | |
| | Supporting these disgraceful laws
to bring in Orwellian government snooping would eradicate the very point of the party See article from guardian.co.uk
|
7th April 2012 | |
| | Theresa May asked for her complete
browsing history and communications data via a freedom of information request. Thanks to Sergio See article from whatdotheyknow.com
|
6th April 2012 | |
| | The Home Secretary and Justice Secretary have written to MPs to address concerns around Big
Brother Policies. A number of questions remained unanswered and some answers contradict recent statements See
article from bigbrotherwatch.org.uk |
5th April 2012 | | | |
Government plans to allow email surveillance are among the most serious threats to freedom in the democratic world. By Henry Porter See
article from henry-porter.com |
5th April 2012 | |
| | Spy Blog discusses the anonymous media briefings to soften us up for even more internet snooping
in the Queens Speech next month See article from vladtepesblog.com |
4th April 2012 | | | Government spout bollox
trying to defend their nasty and massive snooping capability
| See article from telegraph.co.uk See also Lib Dem
histrionics in civil liberties spat is vital test for Cameron from telegraph.co.uk
|
There is a growing backlash against the proposals to let the security services monitor every email, phone call and website visit by politicians from both coalition parties. Chief among the Conservative rebels was Jacob Rees-Mogg MP, who suggested
the proposals were hypocritical given the Prime Minister's previous stance against the control state . In a 2009 speech Cameron said: Faced with any problem, any crisis, given any excuse, Labour grasp for more information, pulling more
and more people into the clutches of state data capture. Rees-Mogg said: The Government ought to remember why it favoured liberty in opposition. The powers it creates may in future be used by less benevolent administrations. David Davis, the former Shadow Home Secretary, said the plan was
an unnecessary extension of the ability of the State to snoop on people. What this is talking about doing is not focusing on terrorists or criminals. It's absolutely everybody's emails, phone calls, web access. Senior Liberal Democrats are
also planning to rebel. They want the Government to clarify whether the legislation will allow GCHQ to access information on demand and without a warrant. The party passed a motion at its spring conference banning communication interception
without named, specific and time-limited warrants. Tim Farron, the President of the Liberal Democrats, wrote on Twitter: We didn't scrap ID cards to back creeping surveillance by other means. State mustn't be able to trace citizens at
will. Big Brother Clegg tries the angle that there is no central database See article from telegraph.co.uk While there will be no database, providers will be required to record all
activities of their customers so they can be accessed if needed. Nick Clegg said he was against the idea of a central database and the government reading people's e-mails at will. He claimed: I'm totally opposed as a Liberal Democrat and as
someone who believes in people's privacy and civil liberties. But in fact if the proposal is a rehash of what the police etc wanted under Labour, then they wanted the ISP's to provide access to their local databases so that the police could
actually use it like a central database (albeit a little bit slower on database searches). Clegg also claimed that the government will not ram legislation through Parliament . He said the proposals would be published in draft first
to allow them to be debated. Meanwhile Theresa May has been suggesting that the capability is primarily for tracking down terrorists and paedophiles. But of course that has always been the stated case, and it has never stopped the capability to be
used for trivial snooping eg to help councils investigate all sorts of low level nonsense. LibDems have been fed some blather trying to get them on the government track See
article from
privacyinternational.org An internal Liberal Democrat briefing on Home Office plans to massively expand government surveillance was today passed to Privacy
International. The document contains significant evasions and distortions about the proposed Communications Capabilities Development Programme (CCDP), and is clearly intended to persuade unconvinced Lib Dem MPs to vote in favour of the proposal.
...Read the full article Comment:
Obsessive control-freakery See also Letter to MP by Phantom on the Melon Farmers Forum The very reason I loathe Labour with a passion is because of the obsessive control-freakery they displayed during
their years in power. With their being voted out, it seemed we were rid of these big brother tendencies. Now it appears some in government have been infected by much the same virus. ...
Kindly tell the Home Secretary where to stick her proposals for yet greater surveillance of communications. ...Read the full Letter to MP Update: Big Brother Cameron Sticks the
Boot in to Big Brother Clegg 11th April 2012. See article from telegraph.co.uk The Prime Minister said that Nick Clegg was made fully aware during a meeting of the National Security Council of Home Office plans for
police powers to monitor internet communications. In a put-down to his Coalition partners, Cameron said it was important to remember that some of the most senior Liberal Democrats in government waived through the proposals before they were
made public. The Deputy Prime Minister hit back, saying he had made clear in the meeting that he would stop the laws unless civil liberties were protected. Conservative ministers insist the new laws will simply widen the current
scope of powers --- police and intelligence agencies are already allowed to monitor telephone calls, letters and emails. They dispute the idea that monitoring voice calls and other communications over the internet amounts to snooping. Prominent
Lib Dems have expressed outrage that the changes will allow the police greater power to track online communications, such as on Facebook and Skype.
|
2nd April 2012 | | |
Coalition government proposes extreme internet surveillance
| See
article from independent.co.uk
|
UK Police and intelligence officers are to be handed the power to monitor people's messages online in what has been described as an attack on the privacy of vast numbers of Britons. The Home Secretary, Theresa May, intends to introduce
legislation in next month's Queen's Speech which would allow law-enforcement agencies to snoop on citizens using Facebook, Twitter, online gaming forums and the video-chat service Skype. Regional police forces, MI5 and GCHQ, the Government's
eavesdropping centre, would be given the right to know who speaks to whom on demand and in real time and without a warrant. Warrants would only be required to view the content of messages. Civil liberties groups rightfully expressed
grave concern at the move. Nick Pickles, director of the Big Brother Watch campaign group, described it as An unprecedented step that will see Britain adopt the same kind of surveillance as in China and Iran.
David Davis, the former Conservative shadow Home Secretary, said: The state was unnecessarily extending its power to snoop on its citizens. It is not focusing on terrorists or on
criminals, the MP said. It is absolutely everybody. Historically, governments have been kept out of our private lives. They don't need this law to protect us. This is an unnecessary extension of the ability of the state to snoop on ordinary innocent
people in vast numbers.
Shami Chakrabarti, director of Liberty, said the Conservatives and the Liberal Democrats had resisted greater surveillance powers when in opposition: This is more ambitious
than anything that has been done before. The Coalition bound itself together in the language of civil liberties. Do they still mean it?
May is confident of enacting the new law because it has the backing of the Liberal Democrats, once
strong supporters of civil liberties, but now obviously not. Senior Liberal Democrat backbenchers are believed to have been briefed by their ministers on the move and are not expected to rebel in any parliamentary vote. A senior adviser to Big Brother
Clegg said he had been persuaded of the merits of extending the police and security service powers The Home Office said that the legislation would be introduced as soon as parliamentary time allows , and said:
We need to take action to maintain the continued availability of communications data as technology changes. Communications data includes time, duration and dialling numbers of a phone call or an email address. It does not include the
content of any phone call or email and it is not the intention of Government to make changes to the existing legal basis for the interception of communications. However these claims about not snooping on contents seem somewhat
contradictory when considering the proposed extension to social networking. There the communications only exist as the contents of a web page. There are no dialled numbers and email connections on Facebook, just the messages on your wall. According to The Sunday Times, which broke the story, the ISP's Association, which represents communications firms, was unhappy with the proposal when it was briefed by the Government last month. A senior industry official told the paper:
The network operators are going to be asked to put probes in the network and they are upset about the idea... it's expensive, it's intrusive to your customers, it's difficult to see it's going to work and it's going to be a nightmare to run legally.
Comm Guy Herbert, General Secretary of NO2ID said: Astonishing brass neck from the Home Office, attempting to feed us reheated leftovers from the authoritarian end of the Blair administration. It is not very
far from a bug in every living room that can be turned on and turned off at official whim. Whatever you are doing online, whoever you are in contact with, you will never know when you are being watched. And nobody else will either, because none of it
will need a warrant. Put aside privacy – and the government has – the scheme is an astonishing waste of money. What problem does it solve that is worth billions?
Comment: Acquitted 2nd
April 2012. See article from press.mu.no2id.net
Guy Herbert, General Secretary of campaign group NO2ID said: Astonishing brass neck from the Home Office, attempting to feed us reheated leftovers from the authoritarian end of the Blair administration. It is not very
far from a bug in every living room that can be turned on and turned off at official whim. Whatever you are doing online, whoever you are in contact with, you will never know when you are being watched. And nobody else will either, because none of it
will need a warrant. It looks like the Home Office is setting out to leapfrog China and gain the UK an unenviable position as the most monitored society in history. The automatic recording and tracing of everything done online by
anyone -- of almost all our communications and much of our personal lives, shopping and reading -- just in case it might come in useful to the authorities later, is beyond the dreams of any past totalitarian regime, and beyond the current capabilities of
even the most oppressive states. The vague assertion that all this is needed to deal with the usual bogeyman, terrorism, is worthless. It is hard to imagine any threat that is serious enough to justify it. But something that aims
to make surveillance easy will create a demand for surveillance. Unless it is subject to proper controls from the beginning, then the pretexts for access will multiply. That would mean the end of privacy. Put aside privacy -- and
the government has -- the scheme is an astonishing waste of money. What problem does it solve that is worth billions?
Comment: Same Old Policy 3rd April 2012. From David It's
interesting that the new email/phone snooping thing is *exactly* the same as that about to be brought in by Labour in 2006 - methinks this one is down to the long-term Whitehall Mandarins, rather than any particular party....
|
| |