The European Parliament, last Wednesday voted on a resolution coming from its Civil Liberties committee which determines the European Parliament’s response to the NSA’s democratic over reach. As Glyn Moody points out in his Techdirt article, in order to become binding, it will need to be agreed by the Council of Ministers where their votes are directed by the Governments of the EU member states. …
I read Privacy and Big Data by Craig and Ludloff towards the end of 2013. The first chapter is called “The Perfect Storm”. The book lists a number of consumer and corporate computing trends, from Google’s search solution and their clustered file systems, the consumer adoption of cloud storage and the realisation of parallel computing models. There is no question that data is growing at an explosive rate and that new computational models are being developed to use these new volumes of data in timescales appropriate to the human. These new models are of interest to both the new internet companies and to Governments yet because of both social media and the distributed nature of modern computing raise questions of privacy. …
Today, Parliament released the “Culture” select committee’s report “Supporting the Creative Industries”. The headline pursued by most media outlets is that Google’s efforts to limit copyright infringement by its ‘users’ is, to quote the committee chairman, John Whittingdale, “derisory”. This is reported by Computing, which extends Whittingdale’s quotes which demand further action from Google which is erroneously singled out as the single largest source of piracy and thus the single largest source of damage to Britain’s creative industries. Peter Bradwell of the ORG, and Paul Bernal of UEA cover the report and its impact, in Peter’s case on the ORG Blog, in an article called, Culture Committee copyright report one-sided and simplistic and in Paul’s case on his blog in an article called, Supporting the creative economy?. The ORG verbal evidence to the committee is available as a video here…, on Parliament TV. Enjoy the show and Peter’s persistant return to statistics and facts …
This was chaired by Jamie Bartlett of Demos, with David Blunkett and Helen Goodman with Nick Pickles of Big Brotherwatch. Jamie Bartlett, who has an interesting publication record at Demos may have been the perfect chair for the meeting.
He opened by looking at Labour’s mixed record, on the positive side introducing the Human Rights Act and on the less positive side, introducing RIPA and extending detention. RIPA is not well understood; but it defines the powers and duties in the issue of search warrants as a result most police searches are now self-authorised. He made the point that once in existence, databases suffer from scope creep and that to some extent the Communications Data Bill is an attempt to legalise actions already taken. …
Earlier this week, the Guardian in conjunction with its partner publishers, New York Times and ProPublica ran an article, Revealed: how US and UK spy agencies defeat internet privacy and security. As we’ll see, the title is a bit misleading, but the agencies certainly gave it their best shot. This story builds on the initial Snowden leaks that the NSA has been using computer technology to spy on everyone using the internet in the USA. The story rapidly came to the UK where it became clear that Britain’s GCHQ was tapping the UK/USA telecom links, sharing intelligence with the USA and providing the NSA with a slightly more legal way of spying on US citizens. There is little doubt that the US & UK’s intelligence agencies have outsourced their own domestic spying which is legally restricted to each other. …
The next session, called “Naked Citizens! The Data Protection Regulation and why you should care about it”.
The speakers were Anna Fielder from Privacy International, David Smith, the Deputy Information Commissioner and Kasey Chappele, a Lawyer from Vodafone. Fortunately for Kasey, no-one asked about about Vodafone’s Tax Affairs. She went through some of Vodafone’s route to where they are today, and they are quite proud of where they’ve got to. Critically, she argued that while Privacy is seen as a compliance issue, it won’t improve, it’s only when companies start to compete on Privacy that managers will treat Privacy as more than a burden. …
A tweeted conversation between Tom Watson MP and Chris Gerhard, in the afterglow, of the Guardian’s running a story that the FBI are looking for warrant-less and secret intrusion into an email provider’s customers. …
I dropped into the #openrightsgroup meetup last night. Jim Killock presented on the coming legislative challenges, the crawl of the DE Act to execution, the resurrection of the CDDP, the corporate lobbying of the Tories and the EPP in European Parliament to weaken the EU’s proposed Data Privacy regulation. The resurrection of DRM in the standards world (HTML5) was raised, as was retaining the capability to help scrutinise electronic counting of paper votes, and oppose the full automation of elections. Jim announced that the ORG are organising an ORGCON North and an ORGCON in London later in this year. Welcome to #ORGCON13 …
I have suggested in two blog articles, that the should the UK’s security services build their proposed internet surveillance system, that it will be accessed illegally by the well resourced and technically savvy, and legally by those that can afford the lawyers, mainly big business or the sensitive libel litigators. There is well proven precedent that laws designed for a narrow purpose will bleed into broader areas.
We already have example of the Norwich Pharmacal case, where HMRC were subpoenaed to release records to a party in a civil case. This has bled from intellectual property to other cases. It should be noted that giving HMRC the facts they require is mandatory. It’s this bleeding of law from its original purpose to others that often makes the worse law.
The inland revenue refused point blank to take on the Child Support Agency’s collection duties and also fought tooth and nail to keep its data private from the CSA. They felt that many men would tell the truth to them, but seek to avoid co-operating with the CSA; inter-agency co-operation would in their eyes make their duties more difficult; they’d loose co-operation of many of taxpayers.
The decennial Census is mandatory. The privacy guarantee is that neither individual returns nor micro-sets that allow the identification of individuals will be published, yet this was run by Lockheed Martin, an organisation subject to Patriot Act supervision?
The establishment of the Criminal Records Bureau (CRB) has also created another luge, from the specific to the general. It was created to ensure that staff in schools criminal records were known. It is now used for parent volunteers and it is becoming common place for large employers to ask for a criminal records check before offering work. The CRB won’t release their data to organisations with no child protection roles without the permission of data subject, so guess what the options are if you want or need the job.
(That’d be quite a good caveat, no non law enforcement organisations can access the snoopers database without permission of the data subjects, but we need to change RIPA, since very large number of organisations can issue.)
This is all an interesting contrast as private (i.e. legally confidential) data is made available to the interested, but public data is being privatised.
Actually the Tories seem conflicted, their manifesto promises and early actions suggest they’d like to live with and act on the view that public data should be made available to allow the crowd-sourcing of innovation using the data, such as TFL and the train locations, enabling the private sector to create jobs and income on the back of a public sunk investment. They were persuaded that the public or the taxpayer as they like to see it had already paid for the data. However, the cutting of the Universities funding system weakens the public claim on the research output of these institutions; enabling the enclosure of this research by the academic publishers.
Alec Muffett has performed a sterling service in a bunch of articles at Crypticide, including reviewing the evidence presented to Parliament to pointing out that at the time, the Home Office consider Facebook and Twitter to be UK ISPs and seem to plan to require them to retain message data, not message header data for 12 months.
As a penultimate point, someone called Derek, writes and explains how the technology works. His article is quite simple and so a good point to start; he explores the ease of adoption of encryption technology, which is quite useful, but this is why the Home Office asked questions in their consultation as to how and if encryption technology should be restricted.
My final comment is that the recent hacking of Twitter and the NYT is further proof that the growing amount of literature that “brute force” attacks on password systems are getting cheaper and cheaper is right; at least if you are a state actor. To keep a site secure, you have to do everything right, to hack it, they need to have forgotten or been cheap once. …
The BBC reports that a court has ruled that “Blanket” use of the Criminal Records Bureau (CRB) may not be compatible with Human Rights Act, and thus with human rights. The CRB was set up to create a single point at which those organisations with a child care duty such as schools, can check the criminal records of those they employ or permit to volunteer. This court case looks at the circumstances of an individual who committed acts when he was 11 that put him on the register. Unlike Denmark, as exposed in Borgen last week, the UK age of criminal responsibility is 10. Hard cases make poor law.
The article does not explore the growing ‘requirement’ by professional services employers without a child care duty to ask for both ask for both CRB reports and to ask for permission to pass these reports on to potential customers. More proof that if you create the database, it will be both hacked and judicially extended. …