The UK's Independent Review of Terrorism Legislation has said, it is time for a clean slate when it comes to surveillance law in the UK. In his report, David Anderson QC condemned the current legislative framework as, fragmented,
obscure, under constant challenge and variable in the protections that it affords the innocent .
Anderson was tasked with reviewing surveillance law as a requirement of the Data Retention and Investigatory Powers Act, one of the concessions gained by Labour and the Lib Dems in return for their support in rushing the Bill through
Parliament last July.
Anderson, unsurprisingly, does not condemn mass surveillance in principle and endorses bulk collection by the security services, but the report does call for a radical overhaul of how surveillance is regulated.
Here are some of the key points:
Since the Snowden revelations began two years ago, Parliament has further legislated for surveillance through DRIPA, the Counter Terrorism and Security Act 2015 and amendments to the Computer Misuse Act that legitimise hacking by the security
services. Anderson's damning verdict that the law, is variable in the protections that it affords the innocent can't be ignored. The report says: A comprehensive and comprehensible new law should be drafted from scratch, replacing the
multitude of current powers and providing for clear limits and safeguards on any intrusive power that it may be necessary for public authorities to use.
Under the current system, warrants for surveillance are signed off by government ministers, who are not independent. Anderson's recommendations that warrants should be signed off by judicial commissioners is a welcome shift away from politicial
authorisation but it would be preferable for warrants to go through the courts and be signed by serving judges to help make sure that surveillance is necessary and proportionate .
Anderson says that extending capabilities through a new Snoopers' Charter should only happen if there is, a detailed operational case needs to be made out, and a rigorous assessment conducted of the lawfulness, likely effectiveness,
intrusiveness and cost of requiring such data to be retained . So far the Government hasn't made such a case. In addition, it has made a report by Sir Nigel Sheinwald top secret. That report is believed to have suggested that a new
international treaty could be a legal alternative to the Snoopers' Charter. Despite this, the Home Secretary Theresa May today told the House of Commons that the re-drafted Snoopers' Charter would be laid before Parliament in the autumn -
although it would be scrutinised by a Joint Committee.
It is unlikely that Anderson's review and the Intelligence and Security Committee's Privacy and Security report would have happened were it not for Edward Snowden's revelations. Two years on, there are still many battles to be fought but one
thing is certain - the status quo cannot continue. MPs from all parties must act to ensure that the UK has surveillance powers fit for a democracy.
Theresa May, the Home Secretary, announced yesterday morning that the Investigatory Powers Bill will be published in draft form in the autumn. A joint committee of MPs and Peers will scrutinise the bill.
The police and intelligence services should be able monitor people suspected of serious crimes. But it's completely unclear that collecting information about everyone, all of the time is an efficient or cost-effective way of investigating
crime. And it's even less likely that this is in line with our fundamental human rights to privacy and freedom of speech.
If you agree, can you sign our petition?
We think the police and intelligence agencies should have powers that are effective and genuinely protect our privacy and freedom of speech.
The law that the NSA used to authorize its collection of vast amounts of information about the telephone calls of ordinary Americans is no more.
It's likely a temporary reprieve though.
The Senate let three provisions of the Patriot Act expire: Section 215, the section the government uses to collect phone and other business records in bulk, the Lone Wolf provision , and the roving wiretap provision. Section 215
now reverts to its pre-Patriot Act form , which doesn't permit any collection of financial or communications records, and requires the Government to provide specific and articulable facts supporting a reason to believe that the target is
an agent of a foreign power.
All indications are that this lapse will be temporary and that the Senate will soon pass the USA FREEDOM Act, which has small but important improvements over the now-lapsed section 215 and important additional transparency to the secret FISA
court. USA Freedom passed the House with overwhelming support.
Senate rules allow a final vote, which only needs a simple majority of 51, to occur early Tuesday morning. It's not clear whether any amendments will be offered and we'll keep watching on EFFLive and keep you posted as this saga continues.
But tonight, this is a historic baby step. We should all pause and for us at EFF who've been fighting mass surveillance since 2006, take a moment to smile.
The United Nations Human Rights Council has published an advance version of a report entitled, Report of the Special Rapporteur on the promotion and protection
of the right to freedom of opinion and expression, David Kaye
The report underlines the importance of encryption and anonymity in the digital age and calls on member states to protect their use under law.
David Kaye, a UN special rapporteur on freedom of expression, seeks to shine light on complex issues by asking two questions:
Do the rights to privacy and freedom of opinion and expression protect secure online communication, specifically by encryption or anonymity?
Assuming an affirmative answer, to what extent may Governments, in accordance with human rights law, impose restrictions on encryption and anonymity?
Acknowledging that some states impose draconian measures to restrict citizens' abilities to send and impart knowledge without fear, Kaye says that journalists and activists often need specialist tools to make their voices heard.
A VPN connection, or use of Tor or a proxy server, combined with encryption, may be the only way in which an individual is able to access or share information in such environments.
Noting that individuals should be able to send and receive information beyond their borders, the rapporteur states that some member states act to deny those freedoms by restricting communications using aggressive filtering:
Encryption enables an individual to avoid such filtering, allowing information to flow across borders. Moreover, individuals do not control -- and are usually unaware of -- how or if their communications cross borders. Encryption and anonymity may
protect information of all individuals as it transits through servers located in third countries that filter content.
Anonymity has been recognized for the important role it plays in safeguarding and advancing privacy, free expression, political accountability, public participation and debate.
Some States exert significant pressure against anonymity, offline and online. Yet because anonymity facilitates opinion and expression in significant ways online, States should protect it and generally not restrict the technologies that provide it.
Kaye notes that several states have attempted to combat anonymity tools such as TOR, VPNs and proxies, with Russia even offering significant cash bounties for techniques which would enable it to unmask TOR users. However, due to their human rights value,
use of such tools should actually be encouraged.
Because such tools may be the only mechanisms for individuals to exercise freedom of opinion and expression securely, access to them should be protected and promoted.
States should revise or establish, as appropriate, national laws and regulations to promote and protect the rights to privacy and freedom of opinion and expression.
In respect of encryption and anonymity, Kaye says that member states should adopt policies of non-restriction or comprehensive protection , and only introduce restrictions on a proportional, court-order supported, case-by-case basis.
Adding that states and companies alike should actively promote strong encryption and anonymity, Kaye says that measures that weaken individual's online security, such as backdoors, weak encryption standards and key escrows, should be avoided.
Finally, Kaye advises member states to not only encourage the use of encryption, but also make it the norm.
A senior policeman is preparing the way for state snooping to be ratcheted up into 'private space'.
Scotland Yard commander Mak Chishty starts with the bizarre assertion that Islamist propaganda on the internet and social media is influencing children as young as five. Surely if children so young are showing signs of extremism, then one has to suggest
that family background and culture is the more likely basis. But it's probably not politically correct to suggest this. It's a long standing general tenet of propaganda that 'outside sources' should be blamed, not the people involved, a theme that is
carried throughout Chishty's piece.
Chishty said children aged five had voiced opposition to marking Christmas, branding it as haram . He also warned that there was no end in sight to the parade of British Muslims, some 700 so far, being lured from their bedrooms to Syria by Islamic
State (Isis) propaganda.
In an interview with the Guardian, Chishty said there was now a need for a move into the private space of Muslims to spot views that could show the beginning of radicalisation far earlier. He said this could be shown by subtle changes in
behaviour, such as shunning certain shops, citing the example of Marks & Spencer, which could be because the store is sometimes mistakenly perceived to be Jewish-owned.
Chishty said friends and family of youngsters should be intervening much earlier, watching out for subtle, unexplained changes, which could also include sudden negative attitudes towards alcohol, social occasions and western clothing. They should
challenge and understand what caused such changes in behaviour, the police commander said, and seek help, if needs be from the police, if they are worried. Chishty said:
We need to now be less precious about the private space. This is not about us invading private thoughts, but acknowledging that it is in these private spaces where this [extremism] first germinates. The purpose of private-space intervention is to engage,
explore, explain, educate or eradicate. Hate and extremism is not acceptable in our society, and if people cannot be educated, then hate and harmful extremism must be eradicated through all lawful means.
Asked to define private space , Chishty said:
It's anything from walking down the road, looking at a mobile, to someone in a bedroom surfing the net, to someone in a shisha cafe talking about things.
Update: Google and Whatsapp will be forced to hand messages to MI5
Google, Facebook and other internet giants will be forced to give British spies access
to encrypted conversations of people of interest under plans expand snooping powers.
New laws will require Whatsapp, which is owned by Facebook, Snapchat and other popular apps to hand messages sent by their users to MI5, MI6 and GCHQ.
The new power is to be included in a new Investigatory Powers Bill which will overhaul the ability of the spy agencies to intercept communications.
The bill, announced in the Queen's Speech, will revive the so-called snoopers charter but is much wider than previous planned.
The security and intelligence agencies are complaining that encryption facilities around many online conversations are now so sophisticated to crack.
Under the proposed new powers, the spy agencies will be able to obtain a warrant from the Home Secretary that will oblige an internet companies to break down its encryption protection and allow access to communications.
The US Senate has unsurprisingly blocked a bill that would have ended the bulk collection of Americans' phone records by the National Security Agency (NSA).
The White House has pressed the Senate to back the a bill passed by the House of Representatives - the Freedom Act - which would end bulk collection of domestic phone records. These records would remain with telephone companies subject to a case-by-case
review. The 57-42 Senate vote fell short of the 60-vote threshold.
Another vote held over a two-month extension to the existing programmes - Section 215 of the USA Patriot Act - also failed to reach the threshold. Senators are to meet again on 31 May - a day before the bill is due to expire.
The British government sneakily changed anti-hacking laws to exempt GCHQ and other law
enforcement agencies from criminal prosecution, it has been revealed.
Details of the change became apparent at the Investigatory Powers Tribunal which is hearing a challenge to the legality of computer hacking by UK law enforcement and intelligence agencies.
The Government amended the Computer Misuse Act (CMA) two months ago. It used a little-noticed addition to the Serious Crime Bill going through parliament to provide protection for the intelligence services. The change was introduced just weeks after the
Government faced a legal challenge that GCHQ's computer hacking to gather intelligence was unlawful under the CMA.
Eric King, the deputy director of Privacy International, said:
The underhand and undemocratic manner in which the Government is seeking to make lawful GCHQ's hacking operations is disgraceful.
Hacking is one of the most intrusive surveillance capabilities available to any intelligence agency, and its use and safeguards surrounding it should be the subject of proper debate. Instead, the Government is continuing to neither confirm nor deny the
existence of a capability it is clear they have, while changing the law under the radar.
The French parliament has approved a controversial law extending mass snooping capabilities of the intelligence services, with the aim of preventing
The law on intelligence-gathering, adopted by 438 votes to 86, was drafted after muslim terrorists attacked the Charlie Hebdo office and a Jewish supermarket.
The Socialist government says the law is needed to take account of changes in communications technology. But critics say it is a dangerous extension of mass surveillance.
The new law define new purposes for which secret intelligence-gathering may be used. It sets up a supervisory body, the National Commission for Control of Intelligence Techniques (CNCTR), with wider rules of operation. And inevitably it authorises new
methods, such as the bulk collection of metadata via internet providers
One online advocacy group, La Quadrature du Net, wrote after the vote:
Representatives of the French people have given the Prime Minister the power to undertake massive and limitless surveillance of the population.
All new cars will within three years contain tracking devices. Under EU laws the technology will be compulsory from 2018 and fitted as standard in every model of
car and small van.
The authorities unconvincingly claim that the device will somehow only be activated in the event of a crash when it will be used to provide an accurate location for police and ambulance services. As well as location the device will track speed and
direction of travel and other events such as the airbags being deployed. Again this may be useful in the event of a crash but will be even more useful to the police for law enforcement and surveillance.
Privacy campaigners expressed concern over the protection of people's personal driving information, habits and locations from commercial companies such as insurers, as well as hackers with ulterior motives. Emma Carr, director of Big Brother Watch, said:
There is a clear risk that once this device is installed, drivers will lose total control over who has access to their data and how they will use it.
Forcing drivers to have a device installed in their car, which is capable of recording and transmitting exactly where and when they are driving, is totally unacceptable.
The European Parliament itself admitted that it expects a whole host of commercial companies to have access to this data.
New technology developed by US researchers can transmit messages through popular multiplayer online games, making it very difficult for censors
to detect and block.
One of the most difficult tasks faced by those attempting to subvert internet restrictions , such as those put in place by China's so-called Great Firewall, is doing so in a manner that doesn't provoke suspicion from censors. Rishab Nithyanand, a
researcher at Stony Brook University and one of the developers of The Castle explained:
People who were using [anonymising tools] were fairly easily detected by censors and blocked.
The Castle uses video games as a benign transport, transmitting and receiving data through the game itself in a manner that will just look like normal gameplay from the outside.
We can basically transmit any kind of information through the video game.
Games already transmit huge amounts of data between players and servers, and between players themselves. This data is usually encrypted to prevent cheating, making it hard for censors to spot anything suspicious.
The technology, which was published on the code repository GitHub last week, is built to use 0AD , an open-source, multiplayer real-time strategy game. The technology could easily be adapted to a similar title, such as Starcraft or the hugely-popular
Rights groups have asked the European Court of Human Rights to rule on the legality of the UK's mass snooping regime.
Amnesty International, Liberty and Privacy International have jointly filed a legal complaint with the court. The three organisations claim that the surveillance carried out by GCHQ breaches the European Convention on Human Rights that enshrines certain
freedoms in law.
A similar legal challenge mounted in the UK last year saw judges rule that the spying did not breach human rights.
Nick Williams, legal counsel for Amnesty said in a statement:
The UK government's surveillance practices have been allowed to continue unabated and on an unprecedented scale, with major consequences for people's privacy and freedom of expression.
Information that had come to light in the last 12 months showed, said Amnesty, that there were flaws in the oversight system. One revelation concerned arrangements GCHQ has with its US counterparts to get at data it would be difficult for the UK agency
to get permission to acquire. There were also loopholes in UK laws governing surveillance being exploited by GCHQ to expand its spying abilities, it said.