The Counter Terrorism and Security Bill is due to be published today, making it the seventh major counter terrorism law introduced in Britain since 9/11. The Bill can be accessed here.
Although we are still waiting to see the detail of the Bill, there are three Big Brother Watch briefing notes which are relevant: TPIMs, IP address matching, and the capability gap.
A brief analysis of what the Bill will include:
- Barring returning terrorists
Temporary exclusion orders will be introduced to control the return of British citizens suspected of involvement in terrorism-related activity abroad.This will result in the cancellation of travel documents and inclusion of the individual’s details on British border “watch lists”, which could include a no-fly list.
It is this proposal that has seemingly received the most backlash from politicians, with concerns about its legality and practicality.
- Fighting campus extremism
Colleges, schools, prisons, probation providers, police and councils will face a statutory duty to “prevent individuals being drawn into terrorism”.
Many educational establishments have had a policy for several years of denying a platform to ‘extremist’ speakers. However this has not been an easy policy to implement, largely due to the nature of defining ‘extremist’.
The Government has announced that it will bring forward proposals to enable IP address matching. The measures would require internet firms to keep records of customer information, to enable law enforcement bodies to decipher who was using a device, such as a smart phone or computer, at a given time.
We have produced a briefing note (PDF) on the proposals.
The key issues with the proposals are:
- There are questions over whether or not this will be technically feasible.
- Proper safeguards must be introduced to ensure that these techniques are used transparently, that there is a proper level of authorisation and that the oversight and redress mechanisms can function effectively.
- If this measure is introduced, time should be allowed to ensure that its effectiveness to law enforcements investigations can be evaluated with due care and transparency.
When the Communications Data Bill was scrapped in 2013, one of the issues that appeared to have full political consensus was the ‘resolution of IP addresses’ – particularly where mobile phone operators may have millions of customers using just a few hundred IP addresses.
In the simplest of terms, an IP address is the address you access the internet through (although ways of masking this are nothing new nor particularly technically challenging). The Home Secretary has announced her intention to include measures to tackle this in the Counter Terrorism and Security Bill.
It is perfectly reasonable that powers to provide the police with the ability to match an IP address to the person using that service is investigated. However, if such a power is required, then it should be subject to the widespread consultation and comprehensive scrutiny that has been sorely lacking to date with industry, civil society and the wider public when it comes to introducing new surveillance powers. It is important to also recognise that the Communications Data Bill went far, far beyond being a focused attempt to solve this problem.
The Daily Mail has revealed that people could be being watched in their own homes or at work as hackers are targeting webcams and uploading the live footage to the internet. The warning comes from the Information Commissioner’s Office (ICO), which is urging people to upgrade their passwords from the default setting.
Very few people would leave their front doors unlocked, yet failing to password protect your devices carries the same risks to both their privacy and security. As the capability of these devices becomes increasingly sophisticated, it is inevitable that users will inadvertently expose themselves and their lives to hackers.
It has been reported that a Russian website is featuring live feeds from the UK, including a gym in Manchester, a bedroom in Birmingham, and an office in Leicester. In light of the 350,000 estimated cameras that were sold in the UK in 2013, the number of vulnerable cameras could be in their tens of thousands.
With the concept of a ‘capability gap’ in the acquisition of communications data being increasingly discussed, we have created a briefing on the key issues and definitions of the issue which can be viewed here (PDF).
The purpose of the briefing is to demonstrate that using the concept as an argument for the introduction of mass communications data collection is fundamentally flawed and unhelpful to what is a serious debate.
The key areas covered in the briefing are:
- The definition of the capability gap
- Key issues with the capability gap
- The Interception of Communicatiions Commissioner’s Report
- Resolving the capability gap
Following Monday night’s confused debate on EU Justice and Home Affairs powers it has been revealed that the Government is embarking upon a scheme that would give European states limited access to the UK DNA database and potentially pave the way to a linking of the UK and EU databases.
This is a worrying development, made more so by the fact that, as the Financial Times reported, the move seems to have been made to appease certain member states who were concerned about the UK’s withdrawal from other EU police schemes.
It is disappointing that after sticking to their promise to stay out of the wider Prüm Convention, the Government seems to be getting close to implementing it in all but name, prioritising the wishes of other states over the safety of its own citizens.
Our new report, NHS Data Breaches (PDF), highlights the scale of data breaches in the NHS. The research reveals examples of medical data being lost, shared on social media, and inappropriately shared with third parties.
The report shows that between 2011 to 2014, there have been at least 7,255 breaches. This is the equivalent to 6 breaches every day. Examples of the data breaches include:
- At least 50 instances of data being posted on social media
- At least 143 instances of data being accessed for “personal reasons”
- At least 124 instances of cases relating to IT systems
- At least 103 instances of data loss or theft
- At least 236 instances of data being shared inappropriately via Email, letter or Fax
- At least 251 instances of data being inappropriately shared with a third party
- At least 115 instances of staff accessing their own records.
- There have been at least 32 resignations during the course of disciplinary proceedings.
- There is 1 court case pending, for a breach of the Data Protection Act. In this instance the individual may have also resigned prior to proceedings.
This afternoon MPs will take part in a vital debate, the main point of which is to decide whether or not Britain should opt back into the European Arrest Warrant (EAW). Big Brother Watch has been clear in the past that the EAW risks seeing UK citizens extradited for minor crimes and in some instances forced to spend months in detention before their case even comes to trial.
In an article for ConservativeHome Mark Field MP, a member of the Intelligence and Security Committee argues that the EAW is vital for tackling serious international crime, such as terrorism and large scale fraud. Whilst the measure was introduced in the wake of the September 11th terrorist attacks, as part of the EU’s attempts to combat international terrorism and cross-border crime, there has been a significant shift in its focus in the intervening years.
The original aims of the EAW are certainly laudable, but it has been subject to severe mission creep since 2002. This has led to a situation whereby warrants have been sent to the UK for the extradition of a man guilty of stealing a wheelbarrow and some tools or another who had committed the crime of piglet rustling. The number of frivolous requests and the resulting administrative burden this has created is clearly shown by a report by the European Parliamentary Research Service: in 2011 the UK received 6760 EAWs, of these 5761 were not executed.
Yet more evidence has come to light to show that the Regulation of Investigatory Powers Act 2000 (RIPA) is woefully out of date.
It has been revealed that GCHQ, has the ability to request large amounts of un-analysed communications from foreign intelligence agencies without first obtaining a warrant. The documents, obtained in the course of a case brought before the Investigatory Powers Tribunal (IPT), show that the use of a warrant was not necessary if it is “not technically feasible” for GCHQ to obtain one.
This is not the first revelation from the case, which was brought by a number of groups including Liberty and Privacy International. In June this year it was revealed that messages sent via platforms such as Facebook and Twitter are classed as “external communications” even if they have been sent between UK citizens. This means that there is no need to apply for a warrant before collecting the information.
As it stands the legislation being used to authorize surveillance was passed before the advent of social media, which revolutionized the way in which we communicate. When MPs were debating this bill they could not have been expected to anticipate the dramatic change in how we would communicate with each other after the launch of Facebook (2004) and Twitter (2006). As a result RIPA has not kept pace with technology and is now open to worrying interpretations.