Liberty News

A committee of the British Parliament has proposed legal reforms to Britain's intelligence agencies that are mostly cosmetic and would do little to protect individual privacy.

In a report published on March 12, the Intelligence and Security Committee acknowledged that agencies like MI5 collect, sift through and examine millions of communications. Most of this is legal, the committee said, and justified by national security. It proposed a new law that would tell people more about the kind of information the government collects about them but would not meaningfully limit mass surveillance. That is hardly sufficient for a system that needs strong new checks and balances.

As things stand now, intelligence agencies can monitor vast amounts of communications and do so with only a warrant from a government minister to begin intercepting them. Lawmakers should limit the amount of data officials can sweep up and require them to obtain warrants from judges, who are more likely to push back against overly broad requests.

The parliamentary committee, however, did not see the need to limit data collection and concluded that ministers should continue to approve warrants because they are better than judges at evaluating diplomatic, political and public interests. That rationale ignores the fact that ministers are also less likely to deny requests from officials who directly report to them.

The committee's acceptance of the status quo partly reflects the fact that Britons have generally been more accepting of intrusive government surveillance than Americans ; security cameras, for instance, are ubiquitous in Britain. But the committee itself was far from impartial. Its nine members were all nominated by Prime Minister David Cameron, who has pushed for even greater surveillance powers.

The Intelligence and Security Committee publishes the findings of its Privacy and Security Inquiry while Open Rights Group has published its own report into the activities are GCHQ and their impact on British citizens.

The consequences of GCHQ's activities have the potential to harm society, the economy and our foreign standing. These have not been fully explored by Parliament. We hope that this report helps MPs to understand the range of GCHQ's activities and the fact that they affect ordinary people not just those suspected of threatening national security.

Open Rights Group responded to the Intelligence and Security Committee's report into Security and Privacy. Executive Director, Jim Killock said:

The ISC's report should have apologised to the nation for their failure to inform Parliament about how far GCHQ's powers have grown. This report fails to address any of the key questions apart from the need to reform our out-of-date surveillance laws. This just confirms that the ISC lacks the sufficient independence and expertise to hold the agencies to account.

A report published by Open Rights Group, has called for the reform of oversight mechanisms, including the Intelligence and Security Committee, so that they are truly independent, accountable to Parliament and have sufficient technical expertise to tackle the technical, legal and ethical issues around surveillance. We also call for reform of the laws that allow surveillance to be replaced by new comprehensive surveillance legislation that complies with human rights law and reflects the current technical landscape.

These would mean:

• Targeted surveillance not mass surveillance
• Prior judicial authorisation for all surveillance decisions
• Increasing the legal protection for communications data so that it is the same as for the content of communications
• Ending statutory definitions that are out outdated in the digital age -- such as the current distinctions between 'internal' and 'external' communications.

See  Big Brother Watch report from  openrightsgroup.org

Update: Report acknowledges failings but paves way for snooper's charter

See  article from  theguardian.com

The conclusion from the cross-party group of senior MPs and peers on the intelligence services -- who operate within the ring of secrecy -- that Britain's complex web of surveillance laws needs replacing with a single act of parliament would never have happened without those disclosures taking place.

Their recommendation that this new legal framework must be based on an explicit avowal of intrusive surveillance capabilities and spell out authorisation procedures, privacy constraints, transparency requirements, targeting criteria and the rest is also significant.

...Read the full article

Government proposals to expand the National Health Service Central Register (NHSCR) will pave the way for a national ID register in Scotland. The proposals have been made public in a little-known consultation that closes at the end of February. Digital rights campaigners, the Open Rights Group (ORG) believe that the consultation is flawed, misleading and could fundamentally change the relationship between citizen and state.

Open Rights Group Executive Director, Jim Killock said:

Government proposals that jeopardise our right to privacy need proper consideration. The SNP rejected a national ID register when the UK government tried to introduce ID cards. These proposals could pave the way for a similar scheme in Scotland and are being introduced without a proper debate by the public or MSPs.

Most Scottish citizens already have a unique identity number in the NHS system. This plan is to share this unique identifier with up to 120 other Scottish public bodies - including Glasgow Airport, the Royal Botanical Gardens and the Caledonian Maritime Assets Ltd. Scottish residents could then be tracked across all their interactions with public bodies, including your benefits, bus pass travel or library usage.

ORG believes that this is building an ID card system in Scotland and that any such changes should be introduced as primary legislation, which would allow a proper public and parliamentary debate.

ORG has published its response to the consultation.

ORG is also urging its supporters in Scotland to contact their MSPs about the proposals.

Samsung is warning customers about discussing personal information in front of their smart television set.

The warning applies to TV viewers who control their Samsung Smart TV using its voice activation feature.

Such TV sets listen to some of what is said in front of them and may share details they hear with Samsung or third parties, it said.

Privacy campaigners said the technology smacked of the telescreens, in George Orwell's 1984, which spied on citizens. Presumably the 'third parties' receiving the data are the likes of GCHQ and the NSA.

Samsung's privacy policy explains that the TV set will be listening to people in the same room to try to spot when commands or queries are issued via the remote. It goes on to say:

If your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.

Soon after, an activist for the EFF circulated the policy statement on Twitter comparing it to George Orwell's description of the telescreens in his novel 1984 that listen to what people say in their homes.

Samsung explained further in response to the international interest:

If a consumer consents and uses the voice recognition feature, voice data is provided to a third party during a requested voice command search. At that time, the voice data is sent to a server, which searches for the requested content then returns the desired content to the TV.

Samsung claimed that it did not retain voice data or sell the audio being captured. But this does not really deny the possibility that the data is passed on to GCHQ.

Update: Samsung rewrites its privacy policy to remove the ominous sounding '3rd Party'

11th February 2015. See  article from  theregister.co.uk

Samsung hasn't actually changed how its TVs' voice recognition works but it has just changed the language of its privacy policy to help clarify how the voice-recognition works. Samsung no longer warns customers about the perils of speaking too freely in front of their televisions. Here's what it says now:

To provide you the Voice Recognition feature, some interactive voice commands may be transmitted (along with information about your device, including device identifiers) to a third-party service provider (currently, Nuance Communications, Inc.) that converts your interactive voice commands to text and to the extent necessary to provide the Voice Recognition features to you.

The new language appears to indicate that Samsung is only sharing the audio data it captures with a speech recognition provider and not with more sinister partners, such as GCHQ and the NSA.

Update: Microsoft and Apple Too

14th February 2015. See  article from  dailymail.co.uk

Millions of Britons are being spied on in their homes by Microsoft's voice-activated Xbox game consoles, Apple smartphones and other hi-tech gadgets.

Kinect-controlled Xboxes listen to everything around them, silently waiting for commands such as Xbox turn on or instructions to load up computer games.

Apple also records what people say when they press a button on their iPhones and issue a command to its voice activation service Siri, but the firm says the data is anonymised, but this can usually be unpicked with information such as GPS location. According to a source, Apple hangs on to the information for up to two years.

Microsoft's Kinect gadgets are so sophisticated and pervasive that Britain's telecommunications security agency, GCHQ, is even said to have considered using them to monitor families.

Like most gadgets that use voice recognition, Xboxes controlled by Kinect record what people say then translate that information into text commands so that the device knows what to do. Simple commands such as Xbox turn on are recorded and processed on the spot, but more complicated instructions are sent to powerful remote servers for translation.

Microsoft said its customers can stop Kinect listening by unplugging it.

Data about innocent US individuals gathered incidentally during intelligence operations must be deleted immediately under new rules from the Obama administration.

However, if the data belongs to a non-US citizen, it can be held for up to five years.

This includes phonecalls, emails and social media activity gathered by American security services.

The monitoring of foreign leaders will also be regularly reviewed.

The new rules were announced in a report by the Office of the Director of National Intelligence .

Four members of the House of Lords have attempted to bring back from the dead the Communications Data Bill -- otherwise known as the Snoopers' Charter. The entirety of the bill that had previously been rejected (or at least put on hold) by Parliament -- some 18 pages in all -- was added as a late amendment to the Counter Terrorism and Security Bill currently passing through the Lords. This is utterly cynical at best, and a total abuse of parliamentary procedure at worst.

The Communications Data Bill is the one which required ISPs (or any telecommunications provider') to keep a log of all activity associated with an individual or IP address. Whilst ostensibly requested for 'security reasons (being played up again in the light of the Charlie Hebdo murders in France) -- this mass retention of data is nothing less than oppressive, unwarranted, mass surveillance of the entire populace.

We know all too well from the Snowden revelations that power is abused by those who hold it -- and that there is mission creep in the data retained and the uses to which it can be put. There is no reason to think that this would be any different.

Previously the bill had been rejected in scrutiny by a joint committee of the Lords and Commons for a variety of reasons - amongst them the fact that the Home Office had totally underestimated the cost involved as well as the lack of any evidence that there is any benefit to be had by requiring ISPs to hold this data. It was also requested that the Independent reviewer on Terrorism legislation, David Anderson, reviewed and commented on the bill and Parliament is still waiting for his response to the initial proposals.

Given all that, it is shocking and simply unacceptable that four unelected Lords are attempting to pass this draconian legislation, not in its own right, but as a late amendment to a current bill. It is a total abuse of parliamentary procedure and means that this legislation will not suffer the intense scrutiny that a new bill would, but instead would be passed in a backhanded fashion without review and consideration by both Houses.

The House of Lords is intended in our parliamentary system to be a revising chamber -- adding a totally new bill as an amendment to an existing one completely goes against that entire principle. The very fact that they feel it is necessary to bring the bill in this underhand manner shows that they clearly don't have any faith in the ability of the legislation to stand up to proper scrutiny.

The rushed passing of the #DRIP legislation set the worrying precedent for this kind of action by parliament when seeking to pass contentious legislation that avoids scrutiny. As a party we warned of the dangers of Parliament passing controversial and oppressive surveillance laws without appropriate time or scrutiny. Despite the calls of both ourselves and others, that bill passed into law.

Update: Defeated

1st February 2015. See  article from  publicaffairs.linx.net

The House of Lords has rejected amendments to the Counter-Terrorism and Security Bill which would have introduced substantial parts of the Communications Data Bill, more commonly known as the Snoopers' Charter .

The amendments were withdrawn at the request of Lord Bates, Parliamentary Under-Secretary at the Home Office, who argued that including the amendments at such a late stage could jeopardise the entire Bill.

Lord Bates promised to investigate the possibility of sharing more widely a redrafted version of the draft Communications Data Bill, apparently written to take into account the Joint Committee's recommendations , but which has so far been kept under wraps by the Home Office.

According to Thai Netizen Network, the cabinet has given the green light to the proposed Cyber Security bill to establish a National Committee for Cyber Security, under the Ministry of Digital Economy and Society (MDES), whose former title was the Ministry of Information and Communication Technology (MICT). The Cyber Security Bill was one of eight proposed bills on telecommunications which are aimed at restructuring and tightening control of telecommunications in Thailand.

In the draft, the National Committee for Cyber Security will be operated under the supervision of the Minister of Digital Economy and Society to oversee threats to national cyber security, which is defined as cyber threats related to national security, military security, stability, economic security, and interference on internet, satellite, and telecommunications networks.

Most importantly, the committee is authorized to access all communication traffic via all communication devices, such as post, telephone, mobile phone, internet, and other electronic devices. The committee will also have the authority to order all public and private organizations to cooperate against any perceived threats to national cyber security.

In the aftermath of the terrorist attacks in Paris, EU ministers have issued a joint statement calling for ISPs to help to report and remove extremist material online.

The statement was signed by interior ministers from 11 European countries, including the UK's Theresa May, on 11 January, with French ministers and security representatives from the US, Canada and EU in attendance. It called for tighter internet surveillance and border controls.

But of course David Cameron wants to go further. According to the Independant, Cameron could block WhatsApp and Snapchat if he wins the next election, as part of his plans for extreme surveillance powers announced in the wake of the shootings in Paris. He said that he would stop the use of methods of communication that cannot be read by the security services even if they have a warrant.

But that could include popular chat and social apps that encrypt their data, such as WhatsApp. Apple's iMessage and FaceTime also encrypt their data, and could fall under the ban along with other encrypted chat apps like Telegram.

The comments came as part of David Cameron's pledge to revive the snoopers' charter to help security services spy on internet communications. He said: In our country, do we want to allow a means of communication between people which [...] we cannot read? But companies such as WhatsApp have remained committed to keeping their services encrypted and unable to be read by authorities.

Politics does make for strange bedfellows. Cameron's announcement comes just days after the Iranian government decided it was taking a similar step and banned WhatsApp, along with comms software Tango and LINE.

See also Why MI5 does not need more surveillance powers after the Paris attacks  from  theguardian.com by Henry Porter.