Following York Council’s announcement that the city is to become the first in the UK with city-wide free Wifi, the Council has found itself in hot water for failing to properly inform users about the fact mobile users could find personal information, including their precise location, exposed.
It has been reported that when mobile users sign up for the free WiFi service they are inadvertently handing over vast amounts of personal information. The technology picks up signals from your mobile and links them with your social media profile on your smartphone – storing information such as your age, gender, interests, friends and your location. A BBC report shows exactly how the information is used and analysed.
Whilst we have become accustomed to accessing internet services for free in the expectation that our data will be used for marketing or advertising purposes (there is no such thing as a free lunch after all), we continue to call for internet users to be provided more transparent information about what happens to their data when they sign up for a service.
Journalists and publishers are at risk of being branded as terrorists, warns a report into the UK’s terrorism legislation.
The report entitled The Terrorism Acts in 2013 was authored by Professor David Anderson QC, the Independent Reviewer of Terrorism Legislation. It covered topics such as the use of stop and search powers by the police as well as how often Section 7 of the Terrorism Act 2000 was used to question and/or detain travelers.
Perhaps the most interesting (and worrying) section considered the definition of terrorism and under what circumstances terrorism legislation could be applied. Looking at the judgement in the case of David Miranda Professor Anderson highlighted the fact that “the publication (or threatened publication) of words may equally constitute terrorist action”.
As Professor Anderson explained the ruling raises the possibility that the author of a book, newspaper article or blog could be treated in the same way as a person who carries out more recognisable forms of terrorism, such as “shootings” or “hostage takings”.
All that is needed for this to happen is for the published material to be judged to be for the “purpose of advancing a political, religious, racial or ideological cause, designed to influence the government and liable to endanger life, or create a serious risk to health or safety.”
Even plans made with the best of intentions can go awry. In a speech made last week, Mark Hoban, a former Minister of State for Work and Pensions, floated the idea of combining previously separate personal financial information into a single database.
Mr Hoban argued that “It would be great if we could use the Retirement Saver Service to store data on their savings, pensions – state and private – and housing”. The idea is that it would give individuals a clearer idea of their current savings situation as well as helping to signpost any necessary action they would need to take in the future.
At the moment the regulatory framework simply isn’t good enough to ensure that another new database would be secure. The sanctions that are available for punishing those who misuse personal information and break the Data Protection Act 1998 are almost non-existent. At present the most any breach will receive is a fine, there is no option for a court to hand down a custodial sentence. When compared to the financial gains that can be made through selling the information on, a, usually small, fine cannot be considered to be an effective deterrent.
Whilst the DRIP Bill process is coming to an end in Parliament, it is certainly timely that the Office of the United Nations High Commissioner for Human Rights has published his report on “The right to privacy in the digital age” (PDF).
The report raises some important questions regarding the legitimacy of mass data retention, the role of private companies, and the potential impact on privacy and human rights.
We have picked out (the many) key points from the report:
- As noted by the Special Rapporteur on the right to freedom of expression and opinion, technological advancements mean that the State’s effectiveness in conducting surveillance is no longer limited by scale or duration (p.3)
- Deep concerns have been expressed as policies and practices that exploit the vulnerability of digital communications technologies to electronic surveillance and interception in counties across the globe have been exposed. Examples … government mass surveillance emerging as a dangerous habit rather than an exceptional measure. (p.3)
The Civil Society groups behind the Don’t Spy On Us coalition have produced a briefing on the fast-track Data Retention and Investigatory Powers Bill (PDF).
You can read our initial analysis of the emergency legislation announcement, as well as our amendment recommendations here.
The Data Retention and Investigatory Powers (DRIP) Bill was published on 10th July 2014 following a press conference given by the Prime Minister and Deputy Prime Minister announcing emergency surveillance legislation. They indicated that the leader of the Opposition had already given Labour’s support to the Bill following private cross-party discussions and this was confirmed by the Shadow Home Secretary in the Chamber later in the day. The Bill is now due to receive all its substantive stages in the House of Commons next Tuesday 16th July. The Lords will be invited to pass the Bill on Wednesday and the Commons will consider any Lords amendments on Thursday. Royal Assent is to be granted before summer recess and the legislation will come into effect immediately. Parliamentary scrutiny and debate is therefore effectively neutered and it is unlikely that the Bill will be substantively amended.
It was somewhat ironic that yesterday of all days the Internet Service Providers Awards were held in London. Big Brother Watch were invited to pick up the tongue in cheek award of ‘Internet Villain’ on behalf of the winners (who would obviously not be attending).
The shortlist of finalists were selected by the ISPA Council in recognition of their achievements in hindering the industry. The category stated: “The Internet Villain category recognises individuals or organisations that have upset the Internet industry and hampered its development – those who the industry loves to hate.”
With the announcement of emergency legislation on the retention and interception of communications data the question of safeguarding the privacy of individuals should be foremost in the minds of legislators.
However the speed that the Bill is tabled to progress at raises concerns over the amount of scrutiny it will receive. If the Government wants to force communication service providers to retain citizens’ data then they must be prepared to open the system to a greater deal of transparency than is already in place.
As Big Brother Watch has repeatedly pointed out it is possible to increase the level of transparency around surveillance without compromising security. In the US the Department of Justice publishes information provided by federal and state officials on orders authorizing or approving interceptions of wire, oral, or electronic communications in annual reports.
Over the weekend you may have read about the Government’s plans for more policing powers to be transferred over to the EU, including the prospect of the UK joining a Europe-wide DNA database. Considering a debate is planned for Thursday on the current set of Justice and Home Affairs opt-outs, these plans seem absurdly premature.
You can read our briefing note on the reported plans and our concerns about the problems with the current system here.
There are some fundamental problems with the UK’s DNA database (DNAD) that need urgently addressing before the Government even thinks about allowing EU Member States to have direct access to the data. These problems are outlined in our 2012 report (pdf), which was published following the reforms made by the Protection of Freedoms Act 2012.
With the publication of the second report by the US’s Privacy and Civil Liberties Board (PCLOB), the ball is now firmly in the UK Government’s court. The report added to the US’s response to the revelations made by Edward Snowden and places the lack of a response on this side of the Atlantic in stark contrast.
The report focused on Section 702 of the Foreign Intelligence Surveillance Act, which allows authorisation for surveillance to be “conducted within the United States but targeting only non-US persons reasonably believed to be located outside of the United States.”
Whilst it was generally favourable to the US intelligence agencies and their activities, the report did make a series of recommendations. These included revising the NSA’s targeting procedures to include a set of criteria for determining the “foreign intelligence values” of a target and a written explanation for why a target has been selected and what information surveillance is likely to return. Perhaps the most interesting section concerns efforts aimed at improving accountability and transparency within the US intelligence community.
Concerns have been raised in recent weeks regarding the European Commission’s plans for all new cars to be installed with event data recorders in order to enable the eCall system.We have produced a briefing (PDF) to explain the background of the policy, the concerns that have been raised and the other potential uses for event data recorders once they have been installed. The key points raised in our briefing are:
- There is an important distinction to be made between eCall and the Event Data Recorders (EDRs). Whilst the eCall system may not record the location of the car constantly, the EDR does have that capability.
- There are concerns that the EDRs ability to gather extensive data can and will be misused as:
- the data could be accessed by hackers to track individuals’ location.
- insurance companies can use this to promote personalised insurance quotes by recording how individuals drive.
- police forces have already been using eCall systems to track suspicious motorists.
- The installation of the EDR will be mandatory, a move that goes against British principles of liberty and freedom of choice.
- The eCall system is not cost efficient nor will it have a significant impact on safety in the UK.