Even plans made with the best of intentions can go awry. In a speech made last week, Mark Hoban, a former Minister of State for Work and Pensions, floated the idea of combining previously separate personal financial information into a single database.
Mr Hoban argued that “It would be great if we could use the Retirement Saver Service to store data on their savings, pensions – state and private – and housing”. The idea is that it would give individuals a clearer idea of their current savings situation as well as helping to signpost any necessary action they would need to take in the future.
At the moment the regulatory framework simply isn’t good enough to ensure that another new database would be secure. The sanctions that are available for punishing those who misuse personal information and break the Data Protection Act 1998 are almost non-existent. At present the most any breach will receive is a fine, there is no option for a court to hand down a custodial sentence. When compared to the financial gains that can be made through selling the information on, a, usually small, fine cannot be considered to be an effective deterrent.
Whilst the DRIP Bill process is coming to an end in Parliament, it is certainly timely that the Office of the United Nations High Commissioner for Human Rights has published his report on “The right to privacy in the digital age” (PDF).
The report raises some important questions regarding the legitimacy of mass data retention, the role of private companies, and the potential impact on privacy and human rights.
We have picked out (the many) key points from the report:
- As noted by the Special Rapporteur on the right to freedom of expression and opinion, technological advancements mean that the State’s effectiveness in conducting surveillance is no longer limited by scale or duration (p.3)
- Deep concerns have been expressed as policies and practices that exploit the vulnerability of digital communications technologies to electronic surveillance and interception in counties across the globe have been exposed. Examples … government mass surveillance emerging as a dangerous habit rather than an exceptional measure. (p.3)
The Civil Society groups behind the Don’t Spy On Us coalition have produced a briefing on the fast-track Data Retention and Investigatory Powers Bill (PDF).
You can read our initial analysis of the emergency legislation announcement, as well as our amendment recommendations here.
The Data Retention and Investigatory Powers (DRIP) Bill was published on 10th July 2014 following a press conference given by the Prime Minister and Deputy Prime Minister announcing emergency surveillance legislation. They indicated that the leader of the Opposition had already given Labour’s support to the Bill following private cross-party discussions and this was confirmed by the Shadow Home Secretary in the Chamber later in the day. The Bill is now due to receive all its substantive stages in the House of Commons next Tuesday 16th July. The Lords will be invited to pass the Bill on Wednesday and the Commons will consider any Lords amendments on Thursday. Royal Assent is to be granted before summer recess and the legislation will come into effect immediately. Parliamentary scrutiny and debate is therefore effectively neutered and it is unlikely that the Bill will be substantively amended.
It was somewhat ironic that yesterday of all days the Internet Service Providers Awards were held in London. Big Brother Watch were invited to pick up the tongue in cheek award of ‘Internet Villain’ on behalf of the winners (who would obviously not be attending).
The shortlist of finalists were selected by the ISPA Council in recognition of their achievements in hindering the industry. The category stated: “The Internet Villain category recognises individuals or organisations that have upset the Internet industry and hampered its development – those who the industry loves to hate.”
With the announcement of emergency legislation on the retention and interception of communications data the question of safeguarding the privacy of individuals should be foremost in the minds of legislators.
However the speed that the Bill is tabled to progress at raises concerns over the amount of scrutiny it will receive. If the Government wants to force communication service providers to retain citizens’ data then they must be prepared to open the system to a greater deal of transparency than is already in place.
As Big Brother Watch has repeatedly pointed out it is possible to increase the level of transparency around surveillance without compromising security. In the US the Department of Justice publishes information provided by federal and state officials on orders authorizing or approving interceptions of wire, oral, or electronic communications in annual reports.
Over the weekend you may have read about the Government’s plans for more policing powers to be transferred over to the EU, including the prospect of the UK joining a Europe-wide DNA database. Considering a debate is planned for Thursday on the current set of Justice and Home Affairs opt-outs, these plans seem absurdly premature.
You can read our briefing note on the reported plans and our concerns about the problems with the current system here.
There are some fundamental problems with the UK’s DNA database (DNAD) that need urgently addressing before the Government even thinks about allowing EU Member States to have direct access to the data. These problems are outlined in our 2012 report (pdf), which was published following the reforms made by the Protection of Freedoms Act 2012.
With the publication of the second report by the US’s Privacy and Civil Liberties Board (PCLOB), the ball is now firmly in the UK Government’s court. The report added to the US’s response to the revelations made by Edward Snowden and places the lack of a response on this side of the Atlantic in stark contrast.
The report focused on Section 702 of the Foreign Intelligence Surveillance Act, which allows authorisation for surveillance to be “conducted within the United States but targeting only non-US persons reasonably believed to be located outside of the United States.”
Whilst it was generally favourable to the US intelligence agencies and their activities, the report did make a series of recommendations. These included revising the NSA’s targeting procedures to include a set of criteria for determining the “foreign intelligence values” of a target and a written explanation for why a target has been selected and what information surveillance is likely to return. Perhaps the most interesting section concerns efforts aimed at improving accountability and transparency within the US intelligence community.
Concerns have been raised in recent weeks regarding the European Commission’s plans for all new cars to be installed with event data recorders in order to enable the eCall system.We have produced a briefing (PDF) to explain the background of the policy, the concerns that have been raised and the other potential uses for event data recorders once they have been installed. The key points raised in our briefing are:
- There is an important distinction to be made between eCall and the Event Data Recorders (EDRs). Whilst the eCall system may not record the location of the car constantly, the EDR does have that capability.
- There are concerns that the EDRs ability to gather extensive data can and will be misused as:
- the data could be accessed by hackers to track individuals’ location.
- insurance companies can use this to promote personalised insurance quotes by recording how individuals drive.
- police forces have already been using eCall systems to track suspicious motorists.
- The installation of the EDR will be mandatory, a move that goes against British principles of liberty and freedom of choice.
- The eCall system is not cost efficient nor will it have a significant impact on safety in the UK.
A debate has erupted around revenge pornography and whether new legislation is required to tackle the problem of jilted lovers posting sexually explicit photographs online. Whilst there is no doubt that these occurrences are deeply damaging and upsetting for the individuals involved, the Government must ensure that any new laws created to police what is posted on the internet is done so with a clear head and not in the heat of the moment.
Yesterday Chris Grayling MP, the Justice Secretary, said yesterday that the Government is very open to a discussion about creating new legislation specifically for revenge porn offences, whilst Julian Huppert MP called for “criminal sanction [to be] available when people share indecent images in the knowledge that consent would not have been given”. Today, two Liberal Democrat members of the House of Lords has tabled an amendment to the Criminal justice and Courts Bill with the intention of making ‘revenge porn’ a criminal offence.
First GameStation threatened to harvest the souls of its customers’ though its Terms and Conditions (no really!), now it has been revealed that Facebook has been attempting to manipulate its users’ moods after gaining ‘consent’ by burying information about the project in its Terms and Conditions.
Over one week in 2012, Facebook manipulated the extent to which people were exposed to emotional expressions in their News Feed. The point of this experiment was to ascertain whether exposure to emotional posts on Facebook led to users to post similarly emotional content. The project was conducted in collaboration with Cornell University and the University of California. Katherine Sledge Moore of Illinois University claimed that this was nothing unusual “based on what we’ve agreed to by joining Facebook”.