When the Communications Data Bill was scrapped in 2013, one of the issues that appeared to have full political consensus was the ‘resolution of IP addresses’ – particularly where mobile phone operators may have millions of customers using just a few hundred IP addresses.
In the simplest of terms, an IP address is the address you access the internet through (although ways of masking this are nothing new nor particularly technically challenging). The Home Secretary has announced her intention to include measures to tackle this in the Counter Terrorism and Security Bill.
It is perfectly reasonable that powers to provide the police with the ability to match an IP address to the person using that service is investigated. However, if such a power is required, then it should be subject to the widespread consultation and comprehensive scrutiny that has been sorely lacking to date with industry, civil society and the wider public when it comes to introducing new surveillance powers. It is important to also recognise that the Communications Data Bill went far, far beyond being a focused attempt to solve this problem.
The Daily Mail has revealed that people could be being watched in their own homes or at work as hackers are targeting webcams and uploading the live footage to the internet. The warning comes from the Information Commissioner’s Office (ICO), which is urging people to upgrade their passwords from the default setting.
Very few people would leave their front doors unlocked, yet failing to password protect your devices carries the same risks to both their privacy and security. As the capability of these devices becomes increasingly sophisticated, it is inevitable that users will inadvertently expose themselves and their lives to hackers.
It has been reported that a Russian website is featuring live feeds from the UK, including a gym in Manchester, a bedroom in Birmingham, and an office in Leicester. In light of the 350,000 estimated cameras that were sold in the UK in 2013, the number of vulnerable cameras could be in their tens of thousands.
With the concept of a ‘capability gap’ in the acquisition of communications data being increasingly discussed, we have created a briefing on the key issues and definitions of the issue which can be viewed here (PDF).
The purpose of the briefing is to demonstrate that using the concept as an argument for the introduction of mass communications data collection is fundamentally flawed and unhelpful to what is a serious debate.
The key areas covered in the briefing are:
- The definition of the capability gap
- Key issues with the capability gap
- The Interception of Communicatiions Commissioner’s Report
- Resolving the capability gap
Following Monday night’s confused debate on EU Justice and Home Affairs powers it has been revealed that the Government is embarking upon a scheme that would give European states limited access to the UK DNA database and potentially pave the way to a linking of the UK and EU databases.
This is a worrying development, made more so by the fact that, as the Financial Times reported, the move seems to have been made to appease certain member states who were concerned about the UK’s withdrawal from other EU police schemes.
It is disappointing that after sticking to their promise to stay out of the wider Prüm Convention, the Government seems to be getting close to implementing it in all but name, prioritising the wishes of other states over the safety of its own citizens.
Our new report, NHS Data Breaches (PDF), highlights the scale of data breaches in the NHS. The research reveals examples of medical data being lost, shared on social media, and inappropriately shared with third parties.
The report shows that between 2011 to 2014, there have been at least 7,255 breaches. This is the equivalent to 6 breaches every day. Examples of the data breaches include:
- At least 50 instances of data being posted on social media
- At least 143 instances of data being accessed for “personal reasons”
- At least 124 instances of cases relating to IT systems
- At least 103 instances of data loss or theft
- At least 236 instances of data being shared inappropriately via Email, letter or Fax
- At least 251 instances of data being inappropriately shared with a third party
- At least 115 instances of staff accessing their own records.
- There have been at least 32 resignations during the course of disciplinary proceedings.
- There is 1 court case pending, for a breach of the Data Protection Act. In this instance the individual may have also resigned prior to proceedings.
This afternoon MPs will take part in a vital debate, the main point of which is to decide whether or not Britain should opt back into the European Arrest Warrant (EAW). Big Brother Watch has been clear in the past that the EAW risks seeing UK citizens extradited for minor crimes and in some instances forced to spend months in detention before their case even comes to trial.
In an article for ConservativeHome Mark Field MP, a member of the Intelligence and Security Committee argues that the EAW is vital for tackling serious international crime, such as terrorism and large scale fraud. Whilst the measure was introduced in the wake of the September 11th terrorist attacks, as part of the EU’s attempts to combat international terrorism and cross-border crime, there has been a significant shift in its focus in the intervening years.
The original aims of the EAW are certainly laudable, but it has been subject to severe mission creep since 2002. This has led to a situation whereby warrants have been sent to the UK for the extradition of a man guilty of stealing a wheelbarrow and some tools or another who had committed the crime of piglet rustling. The number of frivolous requests and the resulting administrative burden this has created is clearly shown by a report by the European Parliamentary Research Service: in 2011 the UK received 6760 EAWs, of these 5761 were not executed.
Yet more evidence has come to light to show that the Regulation of Investigatory Powers Act 2000 (RIPA) is woefully out of date.
It has been revealed that GCHQ, has the ability to request large amounts of un-analysed communications from foreign intelligence agencies without first obtaining a warrant. The documents, obtained in the course of a case brought before the Investigatory Powers Tribunal (IPT), show that the use of a warrant was not necessary if it is “not technically feasible” for GCHQ to obtain one.
This is not the first revelation from the case, which was brought by a number of groups including Liberty and Privacy International. In June this year it was revealed that messages sent via platforms such as Facebook and Twitter are classed as “external communications” even if they have been sent between UK citizens. This means that there is no need to apply for a warrant before collecting the information.
As it stands the legislation being used to authorize surveillance was passed before the advent of social media, which revolutionized the way in which we communicate. When MPs were debating this bill they could not have been expected to anticipate the dramatic change in how we would communicate with each other after the launch of Facebook (2004) and Twitter (2006). As a result RIPA has not kept pace with technology and is now open to worrying interpretations.
Lord Strasburger, Big Brother Watch’s advisory council member, has tabled an amendment to the Serious Crime Bill which would stop the police from being able to access journalists’ phone records to identify their sources without permission from a judge. The amendment is to be debated on Tuesday, and we are calling on you to contact members of the House of Lords to ask them to lend it their support. You can find a directory of Lords here.
Supporting the amendment, the deputy prime minister stated that: “It’s incredibly important in a free society that journalists should be able to go after information where there’s a clear public interest to do so, without fear of being snooped upon or having all of their files kind of rifled through without clear justification.”
The amendment follows concerns that a loophole in the Regulation of Investigatory Powers Act (RIPA) is being exploited to allow access to private information without judicial authorisation. This is in light of the revelations that journalists at the Mail on Sunday and the Sun had secretly had their phone records obtained.
Commenting on his amendment, Lord Strasburger said: “The Liberal Democrats are serious about protecting whistle-blowers and the freedom of the press to expose corruption through the use of confidential sources. Ripa must be changed to close the loophole that the police have been using with virtually no scrutiny.
“Of course this is not the only major flaw in Ripa and I wish more newspapers had backed the Guardian when it exposed the widespread collection by the state of phone and other records of ordinary citizens through the Tempora Project and other secret surveillance activities.”
Today we have also released a report on how police forces are using ‘directed surveillance’ powers permitted under RIPA, calling on the government to introduce judicial authorisation for all use of surveillance powers, increased transparency around how the powers are being used, and for the right of redress for those who have been spied on.
Today we are publishing a report
highlighting the true scale of police forces’ use of surveillance powers. The report comes at a time when the powers have faced serious criticism, following revelations that police have used them to access journalists’ phone records.
The research focuses on the use of ‘directed surveillance’ contained in the controversial Regulation of Investigatory Powers Act (RIPA) by police forces; a form of covert surveillance conducted in places other than residential premises or private vehicles which is deemed to be non-intrusive, but is still likely to result in personal information about the individual being obtained.
Although the report details how directed surveillance powers were authorised more than 27,000 times over a three year period, police forces are not compelled to record any other statistics; therefore we cannot know the exact number of individuals that these authorisations relate to.
As part of the investigation into the use of RIPA by police, a request for details of ‘covert human intelligence’ (informers) and ‘intrusive surveillance’ (covert surveillance carried out in residential premises or private vehicles) was also submitted. However the request was rejected by forces as they believe releasing the information would negatively impact on police capability
Despite the law being changed in 2012 to stop local authorities using the same powers without a magistrate’s approval, police forces do not require any such permission. The report proposes three measures that should be introduced, including:
- a requirement for police forces to publish data on how often and why these powers are used,
- judicial approval of all surveillance operations
- the right for subjects of surveillance to be informed.
The police should not be able to keep the details secret of how and why members of the public are spied on. To do so whilst not having to seek a courts approval to use the powers is simply unacceptable. Local authorities now have to justify how they will snoop on members of the public and it is about time that this authorisation procedure became the norm, not the exception.
Any member of the public that has been put under surveillance should be told that that has been the case when there is no risk to an on-going investigation. This is standard practice in a number of other countries with it being recognised as being an important oversight mechanism. It is clear that this added level of accountability will ensure that the public will only face being spied on when it is truly necessary.