Internet News

Last year, 1,209 people were found guilty of offences of internet insult under Section 127 of the Communications Act 2003.

It is a crime under the Communications Act to send by means of a public electronic communications network a message or other material that is grossly offensive or of an indecent, obscene or menacing character .

Statistics released by the Ministry of 'Justice' (MoJ) show that 1,501 defendants were prosecuted under the law last year - including 70 juveniles - while another 685 were cautioned. Of those convicted, 155 were jailed - compared to just seven a decade before. The average custodial sentence was 2.2 months.

The MoJ figures also revealed a rise in the number of convictions under the Malicious Communications Act, which states that it is an offence to send a threatening, offensive or indecent letter, electronic communication or article with the intent to cause distress or anxiety.

The "right to be forgotten" applies to any search engine accessible in the UK, the Information Commissioner's Office has claimed. In a blog post earlier this month, ICO demanded:

In August we issued our first enforcement notice in this area , ordering Google to remove nine search results brought up by entering an individual's name. Google has so far responded constructively, and the links are no longer visible on the European versions of their search engine. However we consider that they should go a step further, and make the links no longer visible to anyone directly accessing any Google search services from within the UK (this would include someone sat a desk in Newcastle, but using google.com). This is a proper and proportionate reflection of what the EU Court of Justice ruling means in practice, and so we've clarified the original enforcement notice , with the original text remaining the same but with a new section added spelling out exactly what we expect of Google.

The Electronic Frontier Foundation (EFF) and Visualizing Impact have launched Onlinecensorship.org, a new platform to document the who, what, and why of content takedowns on social media sites. The project, made possible by a 2014 Knight News Challenge award, will address how social media sites moderate user-generated content and how free expression is affected across the globe.

Controversies over content takedowns seem to bubble up every few weeks, with users complaining about censorship of political speech, nudity, LGBT content, and many other subjects. The passionate debate about these takedowns reveals a larger issue: social media sites have an enormous impact on the public sphere, but are ultimately privately owned companies. Each corporation has their own rules and systems of governance that control users' content, while providing little transparency about how these decisions are made.

At Onlinecensorship.org, users themselves can report on content takedowns from Facebook, Google+, Twitter, Instagram, Flickr, and YouTube. By cataloging and analyzing aggregated cases of social media censorship, Onlinecensorship.org seeks to unveil trends in content removals, provide insight into the types of content being taken down, and learn how these takedowns impact different communities of users. EFF Director for International Freedom of Expression and co-founder of Onlinecensorship.org Jillian C. York said:

We want to know how social media companies enforce their terms of service. The data we collect will allow us to raise public awareness about the ways these companies are regulating speech. We hope that companies will respond to the data by improving their regulations and reporting mechanisms and processes--we need to hold Internet companies accountable for the ways in which they exercise power over people's digital lives.

York and Onlinecensorship.org co-founder Ramzi Jaber were inspired to action after a Facebook post in support of OneWorld's Freedom for Palestine project disappeared from the band Coldplay's page even though it had received nearly 7,000 largely supportive comments. It later became clear that Facebook took down the post after it was reported as abusive by several users. Jaber said:

By collecting these reports, we're not just looking for trends. We're also looking for context, and to build an understanding of how the removal of content affects users' lives. It's important companies understand that, more often than not, the individuals and communities most impacted by online censorship are also the most vulnerabl. Both a company's terms of service and their enforcement mechanisms should take into account power imbalances that place already-marginalized communities at greater risk online.

Onlinecensorship.org has other tools for social media users, including a guide to the often-complex appeals process to fight a content takedown. It will also host a collection of news reports on content moderation practices.

Europe is very close to the finishing line of an extraordinary project: the adoption of the new General Data Protection Regulation (GDPR), a single, comprehensive replacement for the 28 different laws that implement Europe's existing 1995 Data Protection Directive . More than any other instrument, the original Directive has created a high global standard for personal data protection, and led many other countries to follow Europe's approach. Over the years, Europe has grown ever more committed to the idea of data protection as a core value. In the Union's Charter of Fundamental Rights, legally binding on all the EU states since 2009, lists the "right to the protection of personal data" as a separate and equal right to privacy. The GDPR is intended to update and maintain that high standard of protection, while modernising and streamlining its enforcement.

The battle over the details of the GDPR has so far mostly been a debate between advocates pushing to better defend data protection, against companies and other interests that find consumer privacy laws a hindrance to their business models. Most of the compromises between these two groups have now already been struck.

The result is a ticking time-bomb that will be bad for online speech, and bad for the future reputation of the GDPR and data protection in general.

The current draft of the GDPR doubles down on Google Spain, and raises new problems. (The draft currently under negotiation is not publicly available, but July 2015 versions of the provisions that we refer to can be found in this comparative table of proposals and counter-proposals by the European institutions. Article numbers referenced here, which will likely change in the final text, are to the proposal from the Council of the EU unless otherwise stated.)

First, it requires an Internet intermediary (which is not limited to a search engine, though the exact scope of the obligation remains vague) to respond to a request by a person for the removal of their personal information by immediately restricting the content, without notice to the user who uploaded that content (Articles 4(3a), 17, 17a, and 19a.). Compare this with the DMCA takedown notices, which include a notification requirement, or even the current Right to Be Forgotten process, which give search engines some time to consider the legitimacy of the request. In the new GDPR regime, the default is to block.

Then, after reviewing the (also vague) criteria that balance the privacy claim with other legitimate interests and public interest considerations such as freedom of expression (Articles 6.1(f), 17a(3) and 17.3(a)), and possibly consulting with the user who uploaded the content if doubt remains, the intermediary either permanently erases the content (which, for search engines, means removing their link to it), or reinstates it (Articles 17.1 and 17a(3)). If it does erase the information, it is not required to notify the uploading user of having done so, but is required to notify any downstream publishers or recipients of the same content (Articles 13 and 17.2), and must apparently also disclose any information that it has about the uploading user to the person who requested its removal (Articles 14a(g) and 15(1)(g)).

Think about that for a moment. You place a comment on a website which mentions a few (truthful) facts about another person. Under the GDPR, that person can now demand the instant removal of your comment from the host of the website, while that host determines whether it might be okay to still publish it. If the host's decision goes against you (and you won't always be notified, so good luck spotting the pre-emptive deletion in time to plead your case to Google or Facebook or your ISP), your comment will be erased. If that comment was syndicated, by RSS or some other mechanism, your deleting host is now obliged to let anyone else know that they should also remove the content.

Finally, according to the existing language, while the host is dissuaded from telling you about any of this procedure, they are compelled to hand over personal information about you to the original complainant. So this part of EU's data protection law would actually release personal information!

What are the incentives for the intermediary to stand by the author and keep the material online? If the host fails to remove content that a data protection authority later determines it should have removed, it may become liable to astronomical penalties of ?100 million or up to 5% of its global turnover, whichever is higher (European Parliament proposal for Article 79).

That means there is enormous pressure on the intermediary to take information down if there is even a remote possibility that the information has indeed become "irrelevant", and that countervailing public interest considerations do not apply.

It is not too late yet: proposed amendments to the GDPR are still being considered. We have written a joint letter with ARTICLE 19 to European policymakers, drawing their attention to the problem and explaining what needs to be done. We contend that the problems identified can be overcome by relatively simple amendments to the GDPR, which will help to secure European users' freedom of expression, without detracting from the strong protection that the regime affords to their personal data.

Without fixing the problem, the current draft risks sullying the entire GDPR project. Just like the DMCA takedown process, these GDPR removals won't just be used for the limited purpose they were intended for. Instead, it will be abused to censor authors and invade the privacy of speakers. A GDPR without fixes will damage the reputation of data protection law as effectively as the DMCA permanently tarnished the intent and purpose of copyright law.

Ofcom writes:

Children are becoming more trusting of what they see online, but sometimes lack the understanding to decide whether it is true or impartial.

Ofcom's Children and Parents: Media and Attitudes Report reveals that children aged 8-15 are spending more than twice as much time online as they did a decade ago, reaching over 15 hours each week in 2015. But even for children who have grown up with the internet - so-called digital natives - there's room to improve their digital know-how and understanding.

For example, children do not always question what they find online. One in five online 12-15s (19%) believe information returned by a search engine such as Google or Bing must be true, yet only a third of 12-15s (31%) are able to identify paid-for adverts in these results.

Nearly one in ten (8%) of all children aged 8-15 who go online believe information from social media websites or apps is all true - doubling from 4% in 2014.

Children are increasingly turning to YouTube for true and accurate information about what's going on in the world. The video sharing site is the preferred choice for this kind of information among nearly one in ten (8%) online children, up from just 3% in 2014. But only half of 12-15s (52%) who watch YouTube are aware that advertising is the main source of funding on the site, and less than half (47%) are aware that vloggers (video bloggers) can be paid to endorse products or services.

James Thickett, Ofcom's Director of Research, said:

The internet allows children to learn, discover different points of view and stay connected with friends and family. But these digital natives still need help to develop the know-how they need to navigate the online world.

More than nine in ten parents of 8-15s (92%) manage their children's internet use in some way - either through technical tools, talking to or supervising their child, or setting rules about access to the internet and online behaviour. Nearly four in ten parents (38%) use all four approaches.

Among the technical tools used by parents are network-level content filters offered by broadband providers. Almost six in ten parents of 8-15s (56%) are aware of these parental controls, up from 50% in 2014, and a quarter (26%) use them, up from 21% in 2014.

It appears that the vast majority of children do hear the advice given about staying safe online. Some 97% of children aged 8-15 recall advice they've been given, particularly from parents.

The large majority (84%) of children aged 8-15 also say they would tell their parents, another family member or a teacher if they saw something online they found worrying, nasty or offensive. However, 6% of children say they would not tell anyone.

A Change.org petition is urging Mark Zuckerberg to support freedom of expression in India by unblocking an atheist Facebook group with over 13,000 members titled Indian Atheists Debate Corner.

Facebook, the petition said, had not given any reason for the blockade. One day users in India who tried to visit the site were simply hit with a message that the content was unavailable. This was not the first time a Facebook page for atheists had been censored.

As usual, when shoddy Facebook censorship obtains sufficient publicity then Facebook hold up their hands, claim it was all ghastly mistake, and restore the site. Of course victims unable to raise the required publicity stay censored.

Presumably the atheist groups were flagged by Facebook users who disagree with the website. According to Facebook's transparency report released earlier this week, it censored the postings of thousands of Indian Facebook users because they were anti-religious or was deemed to be hate speech that could cause unrest and disharmony within India.

Facebook would only say that the Indian Atheists Debate Corner was blocked after a reviewer found it violated Facebook rules. After examining the page again as a result of an inquiry, Facebook decided the page did not violate its rules.

It's a reminder that Facebook censors, as The Economist wrote last year, operate under a cloak of anonymity, with no accountability to users. It is often unclear why one piece of content is removed, while another is not. But in failing to better scrutinize take-down requests and their legal underpinnings, Facebook has unwittingly contributed to a long-standing culture of religious persecution and censorship in India.

Quebec is moving ahead with a plan to order ISPs to block unlicensed gambling websites, an initiative that some say sets a dangerous precedent for censorship of the Web.

Quebec Finance Minister Carlos Leitao tabled censorship legislation to implement the blocking in the province's Consumer Protection Act that direct Internet service providers (ISPs) to block access to a list of unauthorized gambling sites to be drawn up by Loto-Quebec. Failure to comply could lead to a fine of up to $100,000 and twice that for subsequent offences.

The move is intended to maintain a monopoly for the government's own website, Espacejeux which expects to benefit from the censorship to the tune of an additional $13.5-million in 2016-17 and $27-million a year after that.

But critics say the scheme amounts to censorship, that it is technically unworkable and that the province does not have the authority to regulate the Internet in this fashion. Timothy Denton, chairman of the Canadian chapter of the Internet Society, a group that advocates keeping the Internet open and free said:

It is censorship. It's blocking access to otherwise legally available sites in the interests of enhancing one's gambling monopoly. A lot of countries try to do it, but we don't call them liberal democracies.

The Tory war on privacy

13th November 2015. See article from spiked-online.com

The Investigatory Powers Bill should be ripped up. By Tom Slater

What the Investigatory Powers Bill will mean for your internet use

10th November 2015. See  article from theregister.co.uk

So who REALLY knows what I access?

The Register details what ISPs will and will not be able to determine from your internet usage. However the article should be read with a little caution. Eg just because an ISP cannot determine which of your family members is accessing the websites on the log doesn't mean the authorities can't. In fact the bill mentions specific capabilities to use context and tracking cookies etc to determine which family member access which sites.

UK surveillance bill could bring very dire consequences , warns Apple chief

10th November 2015. See article from theguardian.com

Any back door is a back door for everyone, says Tim Cook of proposals to allow authorities to track citizens' internet use without requiring warrant

UK Surveillance Bill a Threat to Privacy

9th November 2015. See  article from hrw.org

Key aspects of the bill include:

• The bill would preserve current blanket data retention requirements for communications data and add a new requirement for communications service providers to retain users' "Internet connection records" for up to 12 months. As described in the government's explanatory notes, this requirement means that the government could get a list of all the websites a person visits or online services they use for up to a year. Even though this would not provide access to the specific pages of a website the person visited, it would be highly revealing of a person's online activity and could result in self-censorship with a chilling effect on free expression. It would also breach the right to privacy and to information, given that it applies to all users regardless of whether they are under suspicion. Intelligence agencies and police would be able to access such communications data without a warrant or review by a judge. Although judicial approval is required for police to gain access to journalists' sources, it would not be required for intelligence agencies to get this access.

Request Filters...

5th November 2015. See  article from theregister.co.uk

T he Snooper's Charter Bill reveals how the state will maintain a separate datebase entry for every internet user, even when they share an internet connection

Commenting on the government spin about the snooper's charter...

5th November 2015. See article from theguardian.com .

The surveillance bill is as big a threat to state security as to personal liberty. By Simon Jenkins

Surveillance Q&A what web data is affected – and how to foil the snoopers...

5th November 2015. See article from theguardian.com .

Critics call it a revived snooper's charter, because the government wants police and spies to be given access to the web browsing history of everyone in Britain.

However, Theresa May says her measures would require internet companies to store data about customers that amount to simply the modern equivalent of an itemised phone bill .

Who is right? And is there anything you can do to make your communications more secure?

Will UK spy bill risk exposing people's porn habits? ...

5th November 2015. See article from bbc.co.uk .

So, the bill proposes the authorities be given the right to retrospectively check people's internet connection records without having to obtain a warrant.

That means, for example, they would be allowed to learn someone had used Snapchat at 07:30 on their smartphone at home and then two hours later visited Facebook's website via their laptop at work.

It may sound fairly innocuous - but of course many people have internet habits that are legal but nevertheless very private. So, is their privacy being put at risk?

Prosecutors in Hamburg have launched an investigation into the European head of Facebook over the website's alleged failure to remove racist hate speech.

German politicians and celebrities have voiced 'concern' about the rise of xenophobic comments in German on Facebook and on other social media as the country struggles to cope with the million refugees who have responded to the country's inviitation.

Facebook's Hamburg-based managing director for northern, central and eastern Europe , Martin Ott, may be held responsible for the social platform not removing hate speech. This move follows an investigation into three other Facebook managers started last month.

The German chancellor, Angela Merkel, has previously urged Facebook to do more on the matter.

Facebook said it would not commenting on the investigation. But we can say that the allegations lack merit and there has been no violation of German law by Facebook or its employees.

China has issued its first press credentials allowing reporters to post state approved 'news' stories on websites.

The state-run Xinhua 'news' agency reports that China granted its first press credentials to online media just last week, adding:

China previously banned most websites from reporting on news, only allowing them to edit and publish news from traditional media.

Online-media reporters are expected to actively expound socialist core values and amplify the mainstream voice in the Internet, making cyberspace 'clear and bright.

That may have been the law, but it was hardly true in practice. Online-only news portals like Sina and Sohu have been reporting news for years, let alone the numerous bloggers and citizen journalists throughout the country. In theory anyone writing original news content, doing interviews, or publishing is technically breaking the law.

The first group of officially-credentialed agencies included the People's Daily, the government portal for Tibet, and Xinhua News Agency itself. So far, the only groups issued state permits to report are... state-run media agencies. No commercial (i.e. not state-run) news portals have yet been issued online press credentials.

The Million Mask March is an annual protest against government cuts and surveillance across the UK, with the largest gathering in London. It is organised by the internet group Anonymous. The Facebook page for the event, on 5th November, said it was intended to oppose the encroaching destruction of civil liberties.

The Met Police said they were imposing conditions under the Public Order Act. Ch Supt Pippa Mills said conditions were being placed on the protest because we have such serious concerns . The police have specified:

The march must not start before 18:00 GMT and must finish at 21:00; Attendees should stick to a particular route between Parliament Square and Trafalgar Square; Officers have the power to make protesters remove facial coverings.

Protests are expected across the world, with demonstrations expected to take place in countries including Cambodia, Chile, Canada, America and Mexico.

Internet and social media companies will be banned from putting customer communications beyond their own reach under new laws to be unveiled on Wednesday.

Companies such as Apple, Google and others will no longer be able to offer encryption so advanced that even they cannot decipher it when asked to, the Daily Telegraph can disclose.

Measures in the Investigatory Powers Bill will place in law a requirement on tech firms and service providers to be able to provide unencrypted communications to the police or spy agencies if requested through a warrant. A Home Office spokessnoop said:

The Government is clear we need to find a way to work with industry as technology develops to ensure that, with clear oversight and a robust legal framework, the police and intelligence agencies can access the content of communications of terrorists and criminals in order to resolve police investigations and prevent criminal acts.

That means ensuring that companies themselves can access the content of communications on their networks when presented with a warrant, as many of them already do for their own business purposes, for example to target advertising. These companies' reputations rest on their ability to protect their users' data.

Update: The impact of a ban on encryption

4th November 2015. See  article from publicaffairs.linx.net

Contrary to recent promises by Ministers that the government will not attempt to weaken or undermine encryption, the new obligation would require companies to ensure that they had the capability to decrypt any data they stored. This would particularly impact cloud-based companies like Apple and Facebook, which have won consumer trust for the integrity of their Facetime and WhatsApp communications services by designing them with encryption that protects customer data even from the company itself.

End-to-end encryption means, for communications, that the message is encrypted by the sender with a key known only to the intended recipient. Thus Alice can Facetime Bob safe in the knowledge that Apple cannot access the communication, even though Facetime communications need to be sent through servers run by Apple. End-to-end encryption also applies for data storage in the cloud: a business storing its corporate data in a cloud service like Amazon S3 or Google Glacier will encrypt that data with a key that it knows and Amazon or Google does not.

The ability to support end-to-end encryption has been a crucial factor enabling adoption of cloud-based services as a viable alternative to traditional applications run by corporate IT departments. Quite apart from any consumer backlash, prohibiting this capability would give pause to more security-sensitive businesses, that have a duty to protect the integrity of their customer data: if storing data in the cloud means exposing customer data to the cloud-service provider, use of cloud services becomes much riskier. Recent high-profile breaches at TalkTalk, Vodafone and credit-rating agency Experian have greatly raised sensitivity to risk.

A US domain registry xyz.com has put in a proposal to ICANN that would see it automatically censoring new domain names that match a Chinese government blacklist. Industry news site Domain Incite has reported that this puts perhaps close to 12,000 banned words and expressions onto the blacklist, thereby preventing terms such as the Chinese words for democracy and human rights from being registered within any of the company's top-level domains, which include .xyz, .college, .rent, .theatre, .protection and .security. This will apply not only to Chinese registrants, but to registrants worldwide.

In describing to ICANN the consultations that it has undertaken about these censorship plans, xyz.com blithely claims We believe that no parties have any legitimate reason to object to the introduction of this service . Chinese bloggers and dissidents, some of whom have received sentences as severe as life in prison for speaking out online, might beg to differ with this assessment.

Censorship of a domain name is not the same as censorship of the content hosted at that domain name (the Chinese government does both, but xyz.com's proposal only affects the former). Neither would the censorship plan prevent users from registering domain names from the government blacklist in any of other hundreds of top-level domains run by competing registries (though China will still block these from access by Chinese users), or registering trivial variants that avoid the blacklist. Even so, as ineffective as it may be, xyz.com's complicity in advancing the Chinese government's censorship of the Internet remains profoundly misguided, and contrary to their role as a provider of domain names to the world.

xyz.com's casual acceptance of Chinese censorship of its domain space provides an open invitation to China and other governments to apply more pressure on registrars and on ICANN itself to further limit the expression of speech through domain names. In the long term, this will only further erode the ability for users to express themselves online, by registering domain names that describe or complement speech hosted at that domain, or are a short and pithy speech act in themselves.

Update: Backing off

 4th November 2015

The CEO of .xyz has written to deny that any domains would be blocked by their registry, as their proposal had suggested. Whether this had been a miscommunication in the proposal, or is a reversal of their previous position, we welcome the now unambiguous statement by .xyz that Internet users in China and worldwide will be free to register strings that offend the Chinese government in any of the .xyz registry's top-level domains.

Councils, the taxman and dozens of other public bodies will be able to search the internet and social media activity of everyone in Britain, The Telegraph can disclose.

Technology firms will be required to keep records of the websites and apps which people have used and details of when they accessed them for 12 months under new powers unveiled this week.

The new powers, contained in legislation which is published on Wednesday , will primarily be used by police and the security services in pursuit of suspected terrorists and serious criminals.

Nominally they will not be allowed to see which pages people have viewed or their searches while on the websites and apps, or the content of any messages, without a warrant, however it would seem likely obtaining a warrant will be a rubber stamp exercise.

The Telegraph understands that a total of 38 bodies will also be entitled to access the records for the purpose of detecting or preventing crime .

A government source claims that access will be limited, targeted and strictly controlled and overseen by a new Investigatory Powers Commissioner, but such 'oversight' has never ever done anything to reign in the authorities in any previous incarnation of snooping laws.

Ministers are also planning to introduce a new offence to deter the abuse of powers which will result in significant fines. Councils will also be required to get requests signed off by a magistrate before they are authorised, but it seems unlikely that a magistrate would ever side with anyone accused of a crime.

The authorities will be able to see which websites were visited, but not the exact page that they viewed.

The intelligence agencies, police and the National Crime Agency will be the obvious users of the capability but other bodies including the Financial Conduct Authority, HMRC, councils, the Health and Safety Executive and the Department for Work and Pensions will be able to access the information.