[ORG PM] ORG policy update - 15 September 2017
Slavka Bielikova
policy.monitoring at openrightsgroup.org
Fri Sep 15 14:12:21 BST 2017
https://wiki.openrightsgroup.org/wiki/ORG_policy_update/2017-w37
ORG policy update/2017-w37
This is ORG's Policy Update for the week beginning 11/09/2017.
If you are reading this online, you can also subscribe to the email
version or unsubscribe
<https://lists.openrightsgroup.org/listinfo/parliamentary.monitor>.
ORG’s work
* Following the First Reading of the Data Protection Bill in the House
of Lords, we have started preparing a briefing outlining our
concerns about the current clauses in the Bill.
* Save the date for ORGCon -it will take place on Saturday 4 November
at Friends House on Euston Road in London. We have a second smaller
event planned on Sunday 5 November in a different location (TBC).
This year is all about the Digital Fightback. Confirmed speakers so
far are Graham Linehan, Noel Sharkey, Helen Lewis, Jamie Bartlett
and Nanjira Sambuli. Tickets are on sale now
<https://orgcon.openrightsgroup.org/>!
Planned local group events:
* Join ORG Glasgow
<https://www.meetup.com/ORG-Glasgow/events/243106505/> for a free
screening of The Internet’s Own Boy on 2 October. The Internet’s Own
Boy tells the life story of programmer, writer, political and
internet activist Aaron Swartz, an internet pioneer and free speech
campaigner. Following the screening, Scotland Director Matthew Rice
will be available for a discussion and will give information about
how to get involved in initiatives in Glasgow and Scotland.
* Join ORG Leeds
<https://www.meetup.com/ORG-Leeds/events/243357617/> o 21 September
for an evening of talks and discussion where they will explore the
current state of digital rights, why they matter and the dangers of
mass surveillance to our democracy.
Official meetings
* Jim Killock met with John Whittingdale
<https://wiki.openrightsgroup.org/w/index.php?title=John_Whittingdale&action=edit&redlink=1> regarding
various privacy issues; and with Lord Errol
<https://wiki.openrightsgroup.org/w/index.php?title=Lord_Errol&action=edit&redlink=1> to
discuss age verification.
* Javier Ruiz gave evidence to the GLA Oversight Committee of the
London Assembly. He was in a panel on privacy and the use of
personal data with Elizabeth Denham, the Information Commissioner,
and Renate Samson from Big Brother Watch. The committee discussed
the Met Police face recognition plans, road pricing and mobile
tracking by TfL, among other issues.
UK Parliament
Parliament is back on recess as the party conference season is on.
The Data Protection Bill is in the House (of Lords)
The House of Lords read the Data Protection Bill
<https://publications.parliament.uk/pa/bills/lbill/2017-2019/0066/18066.pdf> (pdf),
(explanatory notes - pdf
<https://publications.parliament.uk/pa/bills/lbill/2017-2019/0066/18066en.pdf>)
for the first time this week. The Second Reading of the Bill is
scheduled for 10 October.
The DPBill is the implementation of the EU’s General Data Protection
Regulation which should be in place across the EU Member States by May 2018.
The new Bill will make changes to consent given to data collecting and
processing allowing only unticked opt-in boxes to signify it. It will
also place restrictions on children consenting to data collection and
processing without parental authorisation under a certain age. Other
changes will include the right to have one’s data be “erased” in certain
circumstances, changes to notifications of data subjects affected by
data breaches. The Bill deals with law enforcement and implements the
new EU requirements for data protection law in this area.
The Bill will allow individual data subjects to bring complaints to the
Information Commissioner’s Office if their data has not been processed
in compliance with the law and demand compensation from data controllers.
Section 173 of the Bill allows data subjects to designate a body or
other organisation (which meet specific criteria) to exercise certain
rights on their behalf. The GDPR provided a derogation to the Member
States to allow organisations raise complaints on data processing
without a named data subject. The UK decided not to implement this option.
This approach to data protection policy will stop many dubious or
harmful data processing practices from being investigated. Affected data
subjects may often wish not to have their names publicly associated with
certain companies. In many cases, they will not realise they have been
affected.
In such situations, an independent privacy group should be able to lodge
a complaint.
UK national developments
IPT refers bulk data collection to the EU court
The Investigatory Powers Tribunal (IPT) ruled last week
<http://www.ipt-uk.com/docs/Privacy%20International%20v%20SSFCA%20and%20Ors%20September%202017.pdf> (pdf)
that the European Court of Justice (CJEU
<https://wiki.openrightsgroup.org/wiki/CJEU>) should decide on the
legality of the UK’s mass surveillance legislation in the case brought
against the intelligence agencies (MI5, MI6, GCHQ) by Privacy International.
Privacy International has been trying to prevent the government from
collecting and retaining bulk communications data (BCD) and bulk
personal data sets (BPD). At the latest hearing, the IPT considered
whether the collection and retention of BCD and BPD are lawful under the
EU law
<https://www.theregister.co.uk/2017/09/08/european_court_must_rule_on_legality_of_uks_mass_surveillance_tribunal_says/> -
Charter of Fundamental Rights of the European Union and the Treaty of
the European Union.
The IPT did not expedite the case to the CJEU
<https://wiki.openrightsgroup.org/wiki/CJEU> which means that it could
take years before the final judgment is handed down.
The Government publishes new National Cyber Security Strategy
The Government published their National Cyber Security Strategy for
2016-2021
<https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021>.
The Strategy sets out the Government’s plan to make the UK secure and
resilient in cyberspace.
The Government plans to work towards three objectives which they name as:
Defend - to defend the UK against evolving cyber threats, to respond
effectively to incidents, to ensure UK networks, data and systems are
protected and resilient.
Deter - to make the UK a difficult target for aggression in cyberspace
by detecting, understanding, investigating and disrupting hostile actions.
Develop - to cultivate growing cyber security industry.
Furthermore, the Government plans on pursuing international action and
invest in existing and new partnerships through the EU, NATO and the UN.
The strategy relies on capabilities of cyber security industry to
minimise phishing attacks, filtering known bad IP addresses, and
actively blocking malicious online activity.
The Government announced in the strategy that they will launch two new
cyber innovation centres to drive the development of cutting-edge cyber
products and dynamic new cyber security companies.
IPO plans a crackdown on set-top boxes
The Intellectual Property Office published the new IP Crime Report for
the period 2016 to 2017
<https://www.gov.uk/government/publications/annual-ip-crime-and-enforcement-report-2016-to-2017>.
The report offers a recap of the year’s fight against copyright
infringement accompanied by insights from the Police Intellectual
Property Crime Unit and Crown Prosecution Service.
The report cites figures provided by the Ministry of Justice showing
that only 47 people were found guilty of copyright infringement. The
number dropped from the previous year when 69 people were found guilty.
The report hints at more efforts in the next 12 months to target the
set-top box threat following the judgment from the European Court of
Justice
<https://torrentfreak.com/selling-piracy-configured-media-players-is-illegal-eu-court-rules-170426/> which
ruled that sale of pre-configured set-top boxes (which allow users to
access copyright infringing material) falls within communication to the
public and therefore the boxes break the copyright law.
However, it is unlikely that the current legislation will be able to
tackle casual offenders
<https://torrentfreak.com/new-uk-ip-crime-report-reveals-continued-focus-on-pirate-kodi-boxes-170908/> and
will remain focusing only the most serious cases.
Biometrics Commissioner calls for a clear policy on facial custody
images
The Commissioner for the Retention and Use of Biometric Material, Paul
Wiles, published his yearly report
<https://www.gov.uk/government/publications/biometrics-commissioner-annual-report-2016>.
In the report, the Commissioner outlined future biometric challenges.
Wiles identified the collection and storing of facial custody images as
one of the most serious issues for the future. He emphasised the need to
consider technical quality, management, interpretation, and governance
and criticised the lack of independent oversight. The Commissioner
called for a clear policy to correct this situation.
In the Government’s response
<https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/643638/2017-08-23__Letter_from_Baroness_Williams_to_Paul_Wiles_Biometrics_Commissioner.pdf>(pdf),
the Minister for Countering Extremism, Baroness Williams of Trafford,
said that there should be a presumption that police will remove the
custody image from their database unless there is an exceptional reason
for it to be retained. The Minister said that this strikes a reasonable
balance between privacy and public protection.
The Commissioner also notes that the private sector has been
increasingly using the biometrics to develop big data and that it is
possible for the government to do so as well. The Government’s response
indicated that they will push a Biometrics strategy that will address
these issues.
International developments
New iPhone X to use facial recognition
Apple announced this week a release of new models of iPhone. The iPhone
X will contain the Face ID feature that will use face recognition
<https://www.theguardian.com/commentisfree/2017/sep/13/facial-recognition-iphone-x-privacy> to
allow users access into their phones. The new feature will replace the
fingerprint identification and will complement passcodes.
The new technology raised several security concerns regarding the
coerced scanning of user’s facial features. Apple employed several
security measures, for example not allowing access to the phone if
user’s eyes are closed. However, in various circumstances, users could
still be forced to have their faces scanned.
This feature can also prove troublesome for iPhone users when police
want to gain access to the device. The law is likely to treat biometric
information differently to passcodes and the users might easily be
ordered to unlock their phone with a facial scan. You can read more
about the legal status of facial ID scans in the US here
<https://www.theverge.com/2017/9/12/16298192/apple-iphone-face-id-legal-security-fifth-amendment>.
Questions in the UK Parliament
Question on electronic surveillance
Lyn Brown MP <https://wiki.openrightsgroup.org/wiki/Lyn_Brown_MP> asked
<https://www.theyworkforyou.com/wrans/?id=2017-09-04.7878.h&s=%22surveillance%22> the
Secretary of State for the Home Department to make an assessment of the
potential merits of wider use of equipment interference warranty in
conjunction with notices requiring technology companies to maintain a
capacity to provide access to individual devices as an alternative to
place requirements on the companies to decrypt messages sent using their
communications software.
Ben Wallace MP
<https://wiki.openrightsgroup.org/wiki/Ben_Wallace_MP> responded that
the Government will commence the provisions of the Investigatory Powers
Act 2016 concerning technical capability notices in due course and will
bring forward regulations, on which we have already held a targeted
consultation with relevant bodies.
Question on pornography
Chi Onwurah MP
<https://wiki.openrightsgroup.org/wiki/Chi_Onwurah_MP> asked
<https://www.theyworkforyou.com/wrans/?id=2017-09-06.9256.h&s=%22internet%22> the
Secretary of State for Digital, Culture, Media and Sport, what
representations she has received on the implementation processes for age
verification for online pornography; and how that data is stored and shared.
Matthew Hancock MP
<https://wiki.openrightsgroup.org/wiki/Matthew_Hancock_MP> responded
that the department is in discussion with the British Board of Film
Classification as the intended age verification regulator, and those who
will be involved in the regulatory framework, such as age verification
providers. The Secretary of State Guidance to the Regulator will be laid
in Parliament later this year.
Question on CCTV
Layla Moran MP asked
<https://www.theyworkforyou.com/wrans/?id=2017-09-04.8098.h&s=%22data+protection%22#g8098.r0> the
Secretary of State for the Home Department, what assessment has been
made of the effectiveness of current legislation regulating the use of
CCTV cameras with facial recognition and biometric tracking capabilities.
Nick Hurd MP
<https://wiki.openrightsgroup.org/wiki/Nick_Hurd_MP> responded that
there is no legislation regulating the use of CCTV cameras with facial
recognition and biometric tracking capabilities. However, the
Surveillance Camera Code of Practice requires any police use of facial
recognition or other biometric characteristic recognition systems to be
clearly justified and proportionate in meeting the stated purpose.
Question on facial recognition
Edward Davey MP
<https://wiki.openrightsgroup.org/wiki/Edward_Davey_MP> asked
<https://www.theyworkforyou.com/wrans/?id=2017-09-04.7426.h&s=%22data+protection%22#g7426.r0> the
Secretary of State for the Home Department, which independent oversight
mechanism is responsible for overseeing the police's use of automated
facial recognition technology.
Nick Hurd MP
<https://wiki.openrightsgroup.org/wiki/Nick_Hurd_MP> responded that the
Surveillance Camera Code of Practice requires any police use of facial
recognition or biometric recognition systems, in general, to be clearly
justified and proportionate. The retention of facial images by the
police is governed by data protection legislation and by Authorised
Professional Practice governed by the College of Policing.
Question on the NHS hack
Jon Trickett MP
<https://wiki.openrightsgroup.org/wiki/Jon_Trickett_MP> asked
<https://www.theyworkforyou.com/wrans/?id=2017-09-04.7509.h&s=cyber#g7509.r0> the
Secretary of State for Health, what changes have been made to the NHS'
cyber security following the cyber attack in May 2017.
Jackie Doyle-Price MP
<https://wiki.openrightsgroup.org/wiki/Jackie_Doyle-Price_MP> responded
that The Department developed an immediate response plan. The document
Your Data: Better Security, Better Choice, Better Care accepts the 10
Data Security Standards proposed by Dame Fiona Caldicott, the National
Data Guardian, and sets out the timescales for how the Government plans
to deliver key actions on cyber security and data sharing.
Question on cybercrime
Jon Trickett MP
<https://wiki.openrightsgroup.org/wiki/Jon_Trickett_MP> asked
<https://www.theyworkforyou.com/wrans/?id=2017-09-04.7509.h&s=cyber#g7509.r0> the
Minister for the Cabinet Office, what the target figure is for the
objective relating to the number of online products and services coming
into use being secure by default by 2021.
Caroline Nokes MP
<https://wiki.openrightsgroup.org/wiki/Caroline_Nokes_MP> responded that
there is no target figure due to the magnitude of online products and
services.
ORG media coverage
/See ORG Press Coverage
<https://wiki.openrightsgroup.org/wiki/ORG_Press_Coverage> for full
details./
2017-09-14-The Sun-BIG BROTHER'S FACEBOOK: Is YOUR face on a database of
19 million photos which lets Brit cops SPY on ordinary people?
<https://www.thesun.co.uk/tech/4463299/facial-recognition-scanning-cctv-police/>
Author: Margi Murphy
Summary: Jim Killock quoted on calling for the non- suspect's facial
custody images to be deleted by police.
Topics: Biometrics
<https://wiki.openrightsgroup.org/wiki/Biometrics>, Surveillance
<https://wiki.openrightsgroup.org/wiki/Surveillance>
2017-09-14-Gears of Biz-UK police have a database of 19 million faces
<http://gearsofbiz.com/uk-police-have-a-database-of-19-million-faces/56208>
Author: Daniela Blot
Summary: Jim Killock quoted on the non- suspect's facial custody
images having to be deleted by police.
Topics: Biometrics
<https://wiki.openrightsgroup.org/wiki/Biometrics>, Surveillance
<https://wiki.openrightsgroup.org/wiki/Surveillance>
ORG Contact Details
Staff page <https://www.openrightsgroup.org/people/staff>
* Jim Killock, Executive Director
<https://www.openrightsgroup.org/people/staff#jim>
* Javier Ruiz, Policy
<https://www.openrightsgroup.org/people/staff#javier>
* Ed Johnson-Williams, Campaigns
<https://www.openrightsgroup.org/people/staff#ed>
* Pam Cowburn, Communications
<https://www.openrightsgroup.org/people/staff#pam>
* Lee Maguire, Tech <https://www.openrightsgroup.org/people/staff#lee>
* Myles Jackman, Legal Director
<https://www.openrightsgroup.org/people/staff#myles>
* Slavka Bielikova, Policy Officer
* Matthew Rice, Scotland Director
* Mike Morel, Communications Officer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openrightsgroup.org/pipermail/parliamentary.monitor/attachments/20170915/7fd7d1bd/attachment.html>
More information about the Parliamentary.monitor
mailing list