<div dir="ltr">
<h1 class="">ORG policy update/2015-w29</h1>
<p><br><br>
</p>
<p><span lang="en-US">This is ORG's Policy Update for the week
beginning 10/07/2015</span></p>
<p><br><br>
</p>
<h2 class=""><a name="Legal_cases"></a>Legal cases</h2>
<h3 class=""><a name="High_Court_founds_DRIPA_illegal"></a>High
Court founds DRIPA illegal</h3>
<p>On Friday, July 17th, High Court judges <a href="http://www.theguardian.com/world/2015/jul/17/data-retention-and-surveillance-legislation-ruled-unlawful">have
overturned</a> the <a href="https://wiki.openrightsgroup.org/wiki/Data_Retention_and_Investigatory_Powers_Act_2014">Data
Retention and Investigatory Powers Act 2014</a>.
</p>
<p>DRIPA was passed in an emergency procedure in July 2014, three
months after an <a href="https://wiki.openrightsgroup.org/wiki/European_Court_of_Justice">European
Court of Justice</a>'s judgment annulled the Data Retention Directive
and made a strong case against blanket data retention without very
strong safeguards.
</p>
<p>Soon after the law was passed, two MPs, <a href="https://wiki.openrightsgroup.org/wiki/David_Davis_MP">David
Davis</a> and <a href="https://wiki.openrightsgroup.org/wiki/Tom_Watson_MP">Tom
Watson</a>, alongside civil rights group Liberty, <a href="http://www.theguardian.com/world/2014/jul/22/drip-surveillance-law-legal-challenge-civil-liberties-campaigners">announced</a>
that they were challenging the law. Open Rights Group intervened in
front of the Court at the beginning of the year and made the point
that the European Court of Justice had set out the requirements that
domestic law must follow in order to comply with European
requirements on the protection of privacy, and that DRIPA did not
comply with these requirements.
</p>
<p>The Court ruled that section one of Dripa “does not lay down
clear and precise rules providing for access to and use of
communications data”. As a result, DRIPA should be “disapplied”.
However, the Court suspends its order until March 31st, 2016, in
order “to give parliament the opportunity to put matters right”.
This is <a href="https://twitter.com/libertyhq/status/621963985965985792">the
first time</a> MPs have successfully judicially reviewed a government
act.
</p>
<p><br><br>
</p>
<h2 class=""><a name="Reports"></a>Reports</h2>
<h3 class=""><a name="RUSI_review_of_the_intelligence_capabilities_and_practices_in_the_UK"></a>
RUSI review of the intelligence capabilities and practices in the UK</h3>
<p>The Royal United Services Institute for Defence and Security
Studies issued on Tuesday, July 14th, <a href="https://www.rusi.org/events/ref:E559A4F81E3F1F#.VajRZrz8vQp">a
report</a> reviewing surveillance practices and intelligence
capabilities in the UK. It was commissioned by the then deputy Prime
Minister <a href="https://wiki.openrightsgroup.org/wiki/Nick_Clegg_MP">Nick
Clegg MP</a> in March 2014 as a response to the Snowden revelations.
</p>
<p>This report comes only weeks after the reports from the
<a href="https://terrorismlegislationreviewer.independent.gov.uk/a-question-of-trust-report-of-the-investigatory-powers-review/">Independent
Reviewer of Terrorism Legislation</a>, David Anderson, and the
<a href="http://isc.independent.gov.uk/news-archive/12march2015">Intelligence
and Security Committee</a>. It <a href="http://www.theguardian.com/commentisfree/2015/jul/14/mass-suveillance-reform-gchq-uk-intelligence-gathering-rusi-report?CMP=share_btn_tw">reaches
a lot of similar conclusions</a>, namely that “a new, comprehensive
and clearer legal framework is required” given the complexity and
opacity of the current legislation. Like the Anderson Report, this
review argues that judicial commissioners, rather than Secretaries of
State, should have the power to sign warrants.
</p>
<p>Despite having been set up to investigate into the Snowden
revelations, the panel has found “ no evidence that the British
government knowingly acts illegally in intercepting private
communications”. However, Heather Brooke <a href="http://www.theguardian.com/commentisfree/2015/jul/14/mass-suveillance-reform-gchq-uk-intelligence-gathering-rusi-report">wrote
in The Guardian</a> that herself and other writers of the report
thought they did not have access to enough evidence to make this
assumption. Brooke stated that she faced "resistance when
pushing for detailed information about what the agencies are actually
doing".
</p>
<p><br>Civil rights group have welcomed some conclusions of the
report but judged it too tame in its conclusions and recommendations.
Eric King, deputy director of Privacy International, <a href="https://www.privacyinternational.org/?q=node/623">stated
that</a> “root and branch reform is needed to bring our spy
agencies under democratic control”; ORG's Executive Director Jim
Killock <a href="https://www.openrightsgroup.org/press/releases/org-response-to-the-rusi-review">expressed
his regrets</a> that “RUSI has condoned mass surveillance, which
now seems to be termed ‘bulk collection’ to disguise the real and
disturbing practices of blanket collection”.
</p>
<p><br><br>
</p>
<h3 class=""><a name="IOCOO_report_on_Investigatory_powers_shows_human_errors_and_illegal_access_to_journalists.27_sources"></a>
IOCOO report on Investigatory powers shows human errors and illegal
access to journalists' sources</h3>
<p>The Interception of Communications Commissioner's Office published
its <a href="http://www.iocco-uk.info/docs/2015%20Half-yearly%20report%20%28web%20version%29.pdf">half-yearly
report</a> this week. It sheds light on seventeen serious errors
committed by British authorities using investigatory powers. Human
errors <a href="http://www.theregister.co.uk/2015/07/17/iocco_report_reveals_police_raid_wrong_house_typo/">have
led to</a> wrong person being investigated or delayed welfare checks.
</p>
<p>The report <a href="http://www.theregister.co.uk/2015/07/16/police_dodged_judicial_approval_to_spy_on_journalists_sources/">gives
details on</a> two cases in which authorities gained access, without
proper judicial approval, to metadata allowing them to identify
journalists' sources, despite the <a href="https://wiki.openrightsgroup.org/wiki/Regulation_of_Investigatory_Powers_Act">Regulation
of Investigatory Powers Act</a> safeguards to protect professional
secrecy. One of those cases was investigating a source inside the
police forces themselves, but it is not clear whether the source was
doing something illegal or was a whistleblower.
</p>
<p><br><br>
</p>
<h2 class=""><a name="European_Union"></a>European Union</h2>
<h3 class=""><a name="Passenger_Name_Record_proposal_voted_in_European_Parliament.27s_civil_liberties_committee"></a>
Passenger Name Record proposal voted in European Parliament's civil
liberties committee</h3>
<p>The Civil Liberties, Justice & Home Affairs committee of the
<a href="https://wiki.openrightsgroup.org/wiki/European_Parliament">European
Parliament</a> <a href="http://www.europarl.europa.eu/news/en/news-room/content/20150714IPR81601/html/Passenger-Name-Records-MEPs-back-EU-system-with-data-protection-safeguards">adopted</a>
on Wednesday, July 15th, a proposal for the creation of an European
Passenger Name Record (PNR). This scheme will collect information
from passengers on flights entering or exiting the EU, so that they
can be used by Member States or Europol in the prevention,
investigation and prosecution of serious criminal or terrorist
offences. The proposal faced strong opposition as many MEPs
<a href="http://www.euractiv.com/sections/infosociety/passenger-name-record-law-passes-first-hurdle-parliament-316354">criticised
it</a> for being a disproportionate infringement on privacy. It was
however passed with 32 votes to 27. Safeguards have been secured,
such as a mandatory log and documentation of all activities on the
data or strict conditions for the transfer of data to third
countries. Sixteen European countries <a href="http://www.euractiv.com/sections/infosociety/passenger-name-record-law-passes-first-hurdle-parliament-316354">already
have</a> similar national law and domestic PNR schemes; the EU has
also signed sharing of PNR data with the US, Canada and Australia.
</p>
<p>The main point of debate was the length of the storage: even
though any information allowing the identification of a passenger
would have to be “masked out” after thirty days, it could be
accessed and de-anonymised up to five years after its collection.
European digital rights group EDRi <a href="https://edri.org/eu-pnr-unproven-ineffective-strategies-are-not-security/">denounced</a>
an ineffective measure that “put[s] innocent people at risk of
suspicion”, and <a href="https://edri.org/ep-pushes-for-more-surveillance-and-profiling-of-eu-citizens/">questioned
the legality</a> of such data retention given the annulment of the
Data Retention directive by the European Court of Justice last year.
</p>
<p>This vote gives mandate to the Parliament's negotiator to start
the trialogue with the other European institutions on this proposal
in September.
</p>
<p><br><br>
</p>
<h2 class=""><a name="International_Developments"></a>International
Developments</h2>
<h3 class=""><a name="Chinese_Internet_security_draft_law_enhances_the_power_of_the_Cyberspace_Administration"></a>
Chinese Internet security draft law enhances the power of the
Cyberspace Administration</h3>
<p>A new Internet security law published by the Chinese government
this month (<a href="http://arstechnica.co.uk/tech-policy/2015/07/chinas-new-internet-law-formalises-stricter-censorship-surveillance-powers/">here
in English</a>) further enhances – or at least, gives greater legal
basis to - Chinese authorities' control over Internet in China. The
draft law contains provisions allowing state agencies to ask network
operators to stop the transmission of “[any] information which
release or transmission of is prohibited by laws”. The Bill also
<a href="http://arstechnica.co.uk/tech-policy/2015/07/chinas-new-internet-law-formalises-stricter-censorship-surveillance-powers/">allows
for</a> the complete shutting down of Internet in a region, in order
to “protect national security and social public order”. Such a
shutting down was carried for six months in 2009 in the Western
province of Xinjiang, but this law gives those kind of operations
stronger legal groundings.
</p>
<p>The draft law <a href="http://thediplomat.com/2015/07/china-to-codify-internet-control-measures/">enhances</a>
the Cyberspace Administration's status and power. Chaired by the
President Xi Jinping himself and set up for the monitoring of online
content in 2013, this agency is gradually centralising power over
networks. Jennifer Zhang, an Internet researcher at the University of
Hong Knog, <a href="http://thediplomat.com/2015/07/china-to-codify-internet-control-measures/">wrote
that</a> "it is unclear whether the Cyberspace Administration
will be subject to any form of supervision and oversight”.
</p>
<p><br><br>
</p>
<h2 class=""><a name="ORG_Media_coverage"></a>ORG Media
coverage</h2>
<p>See <a href="https://wiki.openrightsgroup.org/wiki/ORG_Press_Coverage">ORG
Press Coverage</a> for full details.
</p>
<dt>2015-07-17 – Bit-tech - <a href="http://www.bit-tech.net/news/bits/2015/07/17/dripa-illegal/1">High
Court rules DRIP Act surveillance illegal</a>
</dt><dd>
Author: Gareth Halfacree
</dd><dd style="margin-bottom:0.2in">
Summary: Article mentioning the role of ORG in the fight against
DRIPA
</dd><dt>
2015-07-14 – Wired - <a href="http://www.wired.co.uk/news/archive/2015-07/14/rusi-reports-calls-for-judicial-sign-off-interception-warrants">Surveillance
report calls for judicial sign-off on interceptions</a>
</dt><dd>
Author: Katie Collins
</dd><dd style="margin-bottom:0.2in">
Summary: Article quoting Jim Killock on the RUSI report
</dd><dt>
2015-07-14 – The Inquirer - <a href="http://www.theinquirer.net/inquirer/news/2417640/gchq-oversight-needs-its-eyes-testing-finds-independent-study">GCHQ
oversight needs its eyes testing, finds independent study</a>
</dt><dd>
Author: Dave Neal
</dd><dd style="margin-bottom:0.2in">
Summary: Article quoting Jim Killock on the RUSI report
</dd><dt>
2015-07-13 – Telegraph - <a href="http://www.telegraph.co.uk/technology/social-media/11736230/Will-WhatsApp-really-be-banned-in-the-UK.html">Will
WhatsApp really be banned in the UK?</a>
</dt><dd>
Author: Sophie Curtis
</dd><dd style="margin-bottom:0.2in">
Summary: One of the numerous articles on the effect that banning
encryption would have on services such as whatsapp. Quotes Jim
Killock on the matter.
</dd><h2 class="">
<a name="ORG_contact_details"></a>ORG contact details</h2>
<p><a href="http://www.openrightsgroup.org/people/staff">Staff page</a>
</p>
<ul><li><p style="margin-bottom:0in"><a href="http://www.openrightsgroup.org/people/staff#jim">Jim
Killock, Executive Director</a>
</p>
</li><li><p style="margin-bottom:0in"><a href="http://www.openrightsgroup.org/people/staff#javier">Javier
Ruiz, Policy</a>
</p>
</li><li><p style="margin-bottom:0in"><a href="http://www.openrightsgroup.org/people/staff#ed">Ed
Paton-Williams, Campaigns</a>
</p>
</li><li><p style="margin-bottom:0in"><a href="http://www.openrightsgroup.org/people/staff#pam">Pam
Cowburn, Communications</a>
</p>
</li><li><p><a href="http://www.openrightsgroup.org/people/staff#lee">Lee
Maguire, Tech</a>
</p>
</li></ul>
</div>