Friday, August 01, 2014

Parody, quotation & format shifting exceptions coming to UK

This blogger is not known for his unstinting praise of government policy in the intellectual property arena.

However, little noticed by the wider world and much to the collective chagrin of the big music labels, changes to copyright exceptions were approved by Parliament this week. After a hiccup earlier in the summer when they were postponed by the Joint Committee on Statutory Instruments (JCSI), the

Copyright and Rights in Performances (Personal Copies for Private Use) Regulations 2014

and the

Copyright and Rights in Performances (Quotation and Parody) Regulations 2014

were approved by the House of Lords shortly before 6.30pm on Tuesday, 29 July. The regulations are now due to be implemented on 1 October 2014.

Debate commenced 4.42pm (at column 1553) and there was a further last minute attempt, by members of the Lords sympathetic to traditional big music labels' interests, to undermine the format shifting exception. It nevertheless passed unscathed.

It means that from 1 October, for the first time in the UK, we will be lawfully permitted to copy our CDs to our digital music players and from old to new music players, for private use. Though most people don't realise this common act is not currently allowed under UK copyright law. Likewise it comes as a surprise when people find out that parody is also not a currently recognised exception to copyright in the UK.

These regulations are important additions to the IP policy framework that bring the UK closer into line with international norms, although the parody exception is quite narrowly construed to allow only 'fair dealing' use of the original work.

So it is well done to -

Lord Younger of Leckie, the previous intellectual property minister, who saw these regulations through at government level for most of the past 18 months

and

Baroness Neville-Rolfe, the very new IP minister, who steered the regulations through their final hurdle.

Most especially, however, significant praise is due to Matthew Williams and the copyright team at the Department for Business, Innovation and Skills and Tony Clayton and his team of economists at the UK Intellectual Property Office, all of whom have been working tirelessly for years on improving the UK's IP policy.

There are a lot of very smart, hard working officials in public service attempting to educate the government on the need for evidence based policy making in the intellectual property and wider technology, security, economics, social, environmental and human rights policy arenas.  They deserve our respect and thanks and so, for once, I'd like to make an effort say thank you, especially to everyone involved in bringing these regulations to fruition.

Thanks also for listening and taking account of the work of my old friend, Mark Rogers. Mark would have been pleased but he'd also have been the first to remind us, gently but firmly, that we still have a lot of work to do. The road to sustainable enlightenment in policy involves unfailing care, hard graft and eternal vigilance.

Tuesday, July 29, 2014

Response from MP on DRIPA

On the first Monday of her summer holidays and after the Data Retention and Investigatory Powers Act had become law with her support the previous week, my MP, Nicola Blackwood, responded to my notes to her expressing concerns about the then DRIP Bill. Copy of her response below which essentially repeats the Conservative Party line.
"Dear Mr Corrigan,
Thank you for your emails about the Data Retention and Investigatory Powers Act, which has now received Royal Assent, and for your telephone call to my office. My staff passed on your message, and I know this is a subject you feel strongly about.
 I do understand the concerns that have been raised with regard to this legislation, in particular that it has come before the House as emergency legislation, and I share your desire to ensure that people’s civil liberties are protected at all times. I have consistently said it is absolutely essential that powers to monitor communications are confined to what is entirely necessary and proportionate to protect our national security, and also to be accountable.
 To be clear, this legislation goes no further than regulations which are already in place. Rather, it brings clarity to existing law following a ruling of the European Court of Justice (ECJ) in April. The ECJ’s ruling would have struck down regulations that let internet and phone companies retain communications data for law enforcement purposes for 12 months, and therefore a clearer legal framework was needed to underpin companies’ cooperation with law enforcement and intelligence agencies to intercept the communications of serious organised criminals and terrorists. I understand that some companies had already made clear to the Government that they would be unable to work with the UK on this unless that law was consolidated and made clear.
 That is why the Act brings together our data retention regulations in primary legislation, where at present it is under secondary legislation, and enables agencies to maintain their existing capabilities. In addition, it makes clear that the requirements include companies based abroad, whose phone and internet services are used in the UK. These powers, already in place, are held through not only the data retention directive and regulations, but also in relation to lawful intercept provisions of the Regulation of Investigatory Powers Act (2000).
 As you may know, the Home Secretary, Rt Hon Theresa May MP, came before the Home Affairs Select Committee, of which I am a member, last week to discuss the provisions of the Act. The Government has stated that communications data and interception plays an important role in prosecuting cases of serious organised crime. Therefore, whilst before the Committee, I took the opportunity to ask the Home Secretary about this and she clarified that such data is used in 95% of cases that the Crown Prosecution Service deals with in relation to serious and organised crime; it has been used in all major counter-terrorism investigations over the last decade.
 Theresa May MP also explained that the Government had carefully considered how to respond to the ECJ ruling, and I was reassured by her clear statement that no more powers are being sought. I agree with the statement made by the Home Secretary that these powers are only to be used ‘with very carefully controlled access arrangements to ensure that any request is necessary and proportionate to the investigation that is taking place’. The existing EU directive, which was overturned by the ECJ, had meant that the period of data retention was an ‘absolute period’ of 12 months and there was no flexibility within this. By contrast, the new regulations will mean that data can only be held for a maximum of 12 months.
 Crucially, alongside the introduction of this legislation the Government is further strengthening the oversight of intelligence capabilities. Between now and 2016, the Government will review the Regulation of Investigatory Power Act (RIPA) to make recommendations to reform and update it- this has now been reaffirmed in the wording of the Act. Ministers are also establishing a Privacy and Civil Liberties Oversight Board which I understand will work to ensure civil liberties are properly considered when the Government sets counter-terrorism policy. I have received assurances from Ministers that the Government is also restricting the number of public bodies that can ask for communications data and will be publishing annual transparency reports. This will make more information publically available than ever before.
 The Home Affairs Committee expressed our view to the Home Secretary that we supported the Bill as a whole, and particularly welcomed Clause 6(3), or the ‘sunset provision’, which means that the legislation will ‘expire’ on 16th December 2016 and will therefore be repealed or renewed at this point. Further, on the day of the vote, the Government accepted new amendments to the Bill which bind us to six-monthly reviews of its operation by the Interception of Communications Commissioner.
 Ministers are mindful that without legislation, we face the prospect of a serious degradation in the ability of law enforcement and intelligence agencies to do their jobs. It is for the reasons detailed above, i.e. that the Act does not extend existing powers and that safeguards and oversight mechanisms are expanded, that I voted for it in the House of Commons last week. The ECJ ruling disbanded the existing EU directive on the basis that it lacked sufficient safeguards, allowing phone and internet companies to store data but did not establish how this data could be accessed or for what purposes. Whereas this new legislation makes clear that the legal framework in which companies must work within, and the circumstances in which this data can be used for vital law enforcement and for our national security.
 I have attached above a copy of the letter I received from Home Office Minister, James Brokenshire MP, which explains the Act in full. I do hope this response is helpful, and thank you, once again, for taking the time to contact me on this important issue.
 Kind regards
Nicola"
The letter from Security Minister James Brokenshire which Ms Blackwood attached to her response read -
"HOUSE OF COMMONS
LONDON SW1A 0AA 10th July 2014
 Dear Colleague,
 COMMUNICATIONS DATA AND LAWFUL INTERCEPTION
It is the first duty of Government to protect the public and we are today introducing emergency legislation to ensure that our law enforcement and intelligence agencies have access to the tools they need to keep us safe.  Access to information relating to communications, subject to robust safeguards, is vital in the fight against crime and terrorism and has been used successfully for many years.

Communications data – the who, where, when and how of a communication but not its content – is a vital tool in the investigation of crime and safeguarding the public.  It has been used in 95% of serious and organised crime investigations handled by the Crown Prosecution Service and every major Security Service counter-terrorism investigation over the last decade.

The interception of the content of communications is of critical importance to the preservation of national security. Since 2010, the majority of the Security Service’s top priority UK counter-terrorism investigations have used intercept capabilities in some form to identify, understand or disrupt plots seeking to harm the UK and its citizens.  However, two recent developments have put these crucial capabilities at risk.  Without legislation, we face the real prospect of a serious degradation in the ability of law enforcement and intelligence agencies to do their jobs.

Firstly, the European Court of Justice judgment of 8 April declared the EU Data Retention Directive (2006) invalid.  This Directive required Member States in Europe to provide for a mandatory communications data retention framework covering certain data for the purpose of the investigation of serious crime.  Following the judgment, our domestic Data Retention (EC Directive) Regulations 2009, which transposed the Directive, remain in force.  However, we need to legislate to maintain an effective mandatory communications data retention framework, and to address the ruling unambiguously and immediately.

If companies could no longer be required to retain communications data, law enforcement’s capability to prevent and detect crime and protect the public would be severely degraded; many investigations would be delayed and some would cease entirely.

The second component of the Bill will put beyond doubt that companies providing communication services to customers in the UK must comply with lawful requests under the Regulation of Investigatory Powers Act 2000 irrespective of where those companies are located.    A number of overseas communication service providers have questioned whether they are required to comply with obligations under the Act in relation to the interception of communications.
 With the increasing globalisation of communications, any decrease in cooperation from overseas providers could have a devastating impact on national security.  If we lose visibility of what terrorists are saying to each other, we will lose the ability to understand and mitigate the threat that they pose.

This Bill will ensure that communications data continues to be available when it is needed.  Whilst most of the European Court’s criticisms are already addressed in UK law, the Bill will also respond to the judgment.  The European Court’s judgment did not take into account national laws on access to communications, and in particular the UK’s access regime with its robust safeguards.  Our communications data regime is internationally respected, and already addresses most of the criticisms made in the judgment.  However, we are introducing a number of new safeguards to respond to the judgment, such as enhancing our data retention notice regime, and formalising the requirements placed on communications companies to safeguard this crucial data.  We will also create a Code of Practice on Data Retention, which will put best-practice guidance on a statutory footing.  Furthermore, the Bill will also put beyond doubt the extra-territorial application of RIPA to ensure that companies, irrespective of where they are based, can comply with their obligations.

The legislation does not create any new powers, rights of access or obligations on communications companies beyond those that already exist. It does not seek to replicate the proposals that were included in the Draft Communications Data Bill, published in 2012. And it would sit aside the already robust regime RIPA provides to regulate access to retained data.

We must act now to ensure that the capability of our law enforcement and intelligence agencies to prevent and detect crime, protect the public and ensure national security does not rapidly and seriously diminish.  The need to act is made all the more pressing because the threats we face remain considerable, not least the collapse of Syria, the emergence of the Islamic State of Iraq and the Levant, organised crime that crosses national boundaries and the expanding scope of cybercrime.

All these threats and many more should remind us that the world is a dangerous place and the United Kingdom needs the capabilities to defend its interests and protect its citizens.

The proposals on communications data and investigatory powers which I have set out above are necessary to ensure that law enforcement and security agencies are able to continue making use of these essential tools. These provisions are not intended to fill the gap which we were looking to close with the draft communications data bill but to ensure that law enforcement can continue to access the material which they currently have access to.

JAMES BROKENSHIRE "
I've responded briefly -
Dear Nicola,

Thanks for taking the time to send a response on the first day of your summer holidays. I can only repeat that for something as serious as an emergency law that requires blanket, indiscriminate communications data retention, targeted not at criminals but  the entire population, every single MP should take notice and make the requisite time to read the proposed legislation and associated documents.

It is incumbent upon MPs to understand what the laws that you are passing actually say, rather than what the party briefing or ministerial assurances might be telling you they say. When the time comes to apply the law, ministerial assurances are not worth the paper they are written on.

Without going through the process of matching each government assurance with contradictory evidence, something I suspect would be of little interest, I would like to draw your attention to one important misunderstanding. It seems increasingly to be the belief amongst MPs that blanket data collection and retention is acceptable in law and that the only concern should be the subsequent access to that data. Assertions to this effect are simply wrong.

The April European Court of Justice(ECJ) judgement restated the position clearly that mass indiscriminate data retention "constitutes in itself an interference with the rights guaranteed by Article 7 of the Charter." (Para 34 of the decision). Article 7 of the Charter of Fundamental rights, as you know, guarantees everyone “the right to respect for his or her private and family life, home and communications”. The European Court of Human Rights (ECtHR) laid down the same prohibition of blanket retention in the S. and Marper v UK case in December 2008.

Please do not be misled into the erroneous belief that retention is acceptable and access is therefore the only problem. Underpinning any future regulatory framework in this area with such a fundamentally flawed assumption would be a big mistake on many levels. Both retention and access in and of themselves present serious article 7 and article 8 challenges, as the ECJ, the ECtHR and many other national courts have made clear.

Have a good holiday.

Regards,

Ray

Thursday, July 17, 2014

Another letter to my MP on DRIP

I've written to Nicola Blackwood, MP, again about the Data Retention and Regulatory Powers (DRIP) Bill, this time directly criticising MPs' approach to it. I phoned and wrote to her prior to the debate in the Commons on Tuesday but have had no substantive response, as of yet. Ms Blackwood does usually take the time to respond and I do expect to hear from her. It will by then, however, be much too late to do anything about the legislative plane crash that is DRIP with MPs currently fast asleep at the controls.
Nicola,
I was disappointed to see you didn’t attend the debate on the Data Retention & Investigatory Powers (DRIP) Bill on Tuesday, 15 July, yet showed up to vote it through.
It’s inspires little confidence in the integrity of Parliament when MPs just vote as instructed by the party leadership without any apparent evidence of engagement with the substance of the proposed legislation. I appreciate MPs are busy but for something as serious as an emergency law that requires blanket, indiscriminate communications data retention targeted not at criminals but  the entire population, every single MP should take notice and make time.
I would make one final request that you do take the requisite time to read the Bill and associated documents at http://services.parliament.uk/bills/2014-15/dataretentionandinvestigatorypowers/documents.html
In order to understand what the Bill actually says rather than what the party briefing might be telling you it says.
And then take a principled stand against the Bill when the it comes before the Commons for confirmation later today.
Regards,
Ray

PS For information, I’m a co-signatory of the letter from UK academics to MPs asking that full and proper parliamentary scrutiny by (sic) applied to DRIP to ensure Parliamentarians are not mislead as to what powers this Bill truly contains. Our opposition to the Bill has been noted by Lord Knight in the House of Lords debate on DRIP yesterday and widely reported in the mainstream media by The Independent, The Guardian, the technology press such as Wired, also in The Wall Street Journal and several other prominent overseas media outlets.  Copy available at
Ray Corrigan 
Typo in the PS corrected in follow upmail.

Tuesday, July 15, 2014

DRIP debate in House of Commons

Data Retention & Investigatory Powers (DRIP) Bill debate in House of Commons (begins 12:45:37)
Not to be recommended for those of a quesy disposition

Open Letter to MPs re DRIP from UK academics

Open letter to MPs on the emergency Data Retention and Investigatory Powers (DRIP) Bill being rushed through the House of Commons today. (Full disclosure - I'm a co-signatory)
"Tuesday 15th July 2014 
To all Members of Parliament, 
Re: An open letter from UK internet law academic experts 

On Thursday 10 July the Coalition Government (with support from the Opposition) published draft emergency legislation, the Data Retention and Investigatory Powers Bill (“DRIP”). The Bill was posited as doing no more than extending the data retention powers already in force under the EU Data Retention Directive, which was recently ruled incompatible with European human rights law by the Grand Chamber of the Court of Justice of the European Union (CJEU) in the joined cases brought by Digital Rights Ireland (C-293/12) and Seitlinger and Others (C-594/12) handed down on 8 April 2014. 
In introducing the Bill to Parliament, the Home Secretary framed the legislation as a response to the CJEU’s decision on data retention, and as essential to preserve current levels of access to communications data by law enforcement and security services. The government has maintained that the Bill does not contain new powers. 
On our analysis, this position is false. In fact, the Bill proposes to extend investigatory powers considerably, increasing the British government’s capabilities to access both communications data and content. The Bill will increase surveillance powers by authorising the government to;
  • compel any person or company – including internet services and telecommunications companies – outside the United Kingdom to execute an interception warrant (Clause 4(2));
  • compel persons or companies outside the United Kingdom to execute an interception warrant relating to conduct outside of the UK (Clause 4(2));
  • compel any person or company outside the UK to do anything, including complying with technical requirements, to ensure that the person or company is able, on a continuing basis, to assist the UK with interception at any time (Clause 4(6)).
  • order any person or company outside the United Kingdom to obtain, retain and disclose communications data (Clause 4(8)); and
  • order any person or company outside the United Kingdom to obtain, retain and disclose communications data relating to conduct outside the UK (Clause 4(8)).
The legislation goes far beyond simply authorising data retention in the UK. In fact, DRIP attempts to extend the territorial reach of the British interception powers, expanding the UK’s ability to mandate the interception of communications content across the globe. It introduces powers that are not only completely novel in the United Kingdom, they are some of the first of their kind globally. 
Moreover, since mass data retention by the UK falls within the scope of EU law, as it entails a derogation from the EU’s e-privacy Directive (Article 15, Directive 2002/58), the proposed Bill arguably breaches EU law to the extent that it falls within the scope of EU law, since such mass surveillance would still fall foul of the criteria set out by the Court of Justice of the EU in the Digital Rights and Seitlinger judgment. 
Further, the bill incorporates a number of changes to interception whilst the purported urgency relates only to the striking down of the Data Retention Directive. Even if there was a real emergency relating to data retention, there is no apparent reason for this haste to be extended to the area of interception. 
DRIP is far more than an administrative necessity; it is a serious expansion of the British surveillance state. We urge the British Government not to fast track this legislation and instead apply full and proper parliamentary scrutiny to ensure Parliamentarians are not mislead as to what powers this Bill truly contains. 
Signed,

Dr Subhajit Basu, University of Leeds
Dr Paul Bernal, University of East Anglia
Professor Ian Brown, Oxford University
Ray Corrigan, The Open University
Professor Lilian Edwards, University of Strathclyde
Dr Theodore Konstadinides, University of Surrey
Professor Chris Marsden, University of Sussex
Dr Karen Mc Cullagh, University of East Anglia
Dr. Daithí Mac Síthigh, Newcastle University
Professor David Mead, University of East Anglia
Professor Andrew Murray, London School of Economics
Professor Steve Peers, University of Essex
Julia Powles, University of Cambridge
Professor Burkhard Schafer, University of Edinburgh
Professor Lorna Woods, University of Essex
Update 17/7/'14: I'm pleased to say Dr Andres Guadamuz, University of Sussex and Professor Viktor Mayer-Schönberger, Oxford University have joined as signatories to the letter.

Note to MP re Data Retention & Investigatory Powers (DRIP) Bill

In addition to phoning my MP, Nicola Blackwood, yesterday I emailed her asking that she consider voting down the Data Retention & Investigatory Powers (DRIP) Bill.
Dear Nicola,

Sorry I missed you when I phoned your office earlier today. I'm writing to you about the complex emergency data retention and investigatory powers (DRIP) Bill the Government are rushing through Parliament this week.

I understand you may be compelled as a member of the Conservative Party into agreeing with the contents of this Bill. However, I would urge you at the very least to

·         push back on the timeframe on this legislation (there is no real emergency that requires it be passed this week)
·         advocate the deletion of clause 5 which expands the definition of “communications service” exponentially
·         advocate the amended date for the repeal of the legislation (clause 6(3)) be brought forward to three months from today or at the very latest 31 December this year – if the government are serious about this being an emergency so there can be a debate then 6 months should provide adequate time for this
·         advocate the deletion of the really complex investigatory powers amendments to the Regulation of Investigatory Powers Act 2000 (clauses 3 and 4)

As I see it, the primary threat is the Government is concerned about is a lawsuit for failing to comply with the European Court of Justice ruling in April (in joined cases C-293/12 and C-594/12) that existing Data Retention laws are incompatible with human rights.

I would welcome comprehensive public and parliamentary debates about the issues connected to the Bill, in which you and all MPs are involved.

I appreciate you are busy so have not loaded this email with an analysis of the Bill but if you are interested in further details I have expanded on some of the problems at


I’d appreciate it if you would oppose(sic) against this legislation being rushed through in a day and as always thanks for taking time to consider my perspective on this kind of legislation.

Regards,

Ray
"...oppose..."  in that final sentence should, of course, read "...vote..."

Monday, July 14, 2014

Data Retention & Investigatory Powers (DRIP) Bill: a significant change in the law

The "emergency" Data Retention & Investigatory Powers (DRIP) Bill being rushed though Parliament this week sets out to -
  • make provision for data retention, now that the Court of Justice of the European Union has annulled the data retention directive; the asserted intention (of the Home Secretary) being to "maintain the status quo" by essentially re-enacting the Data Retention Regulations 2009 (S.I. 2009/859)
  • amend the grounds for issuing interception warrants or granting or giving certain authorisations or notices under Part 1 of the Regulation of Investigatory Powers Act (RIPA) 2000 
  • make provision to apply data retention and investigatory powers extra-territorially
  • expand the meaning of "telecommunications service
These stated intentions on the front page of the draft Bill alone create a clear impression that this measure goes significantly beyond an effort to "maintain the status quo". Reading the Bill itself, along with its associated 10 pages of draft regulations and 15 pages of explanatory notes only confirms this impression. The number of times the Home Secretary repeated last week that the new law was just about maintaining the status quo on data retention, in the face of those disagreeable European Court judges, was undermined by the lady herself adding that there is allegedly an
" increasingly pressing need to put beyond doubt the application of our laws on interception, so that communication service providers have to comply with their legal obligations irrespective of where they are based" (final para, Hansard, 10/07/14 Col 456)
If re-enacting the 2009 data retention regulations, this time as primary legislation, was all the government intended this could be done in significantly less than 32 pages of statute, regulations and explanatory notes. Whether to protect the UK from the EU law, as David Allen Green suggests, or otherwise, a new Bill could just say it was enacting the 2009 regulations as primary legislation. Job done.

Given how comprehensively the European Court of Justice dismantled the data retention directive that those regulations are based on - blanket indiscriminate data retention is a disproportionate interference with rights guaranteed under Articles 7 & 8 and 52(1) of the Charter of Fundamental Rights of the European Union -  that short cut to making the 2009 regs primary legislation would still be incompatible with the Charter. But it would be known law, just with brand spanking primary statute new foundations. (Even though it would be a law that the European Court has clearly stated is incompatible with those lily-livered human rights abhorrent to all true Brits, if prominent parliamentarians are to be believed). The extra provisions beyond that intent just make the Bill even more complex.

What if DRIP was just shoring up the 2009 regulations? Well blanket indiscriminate data retention has been outlawed by every high court that has considered it, including courts in Germany, Slovenia, Romania, Austria, Bulgaria, Sweden, Czech Republic and Cyprus and of course the European Court of Justice in April this year.

Yet the UK coalition government and their agreeable main opposition party don't stop just at giving our likely defunct data retention regulations the protection of parliamentary supremacy, to protect us from those big bad Europeans and their terribly un-British human rights that only protect pedophiles and terrorists. They go much further -
  • expanding data retention
  • providing the Secretary of State with Henry VIII powers to amend the law
  • expanding the reach of data retention and access, extra territorially
  • amending and expanding the scope of the incredibly complicated Regulation of Investigatory Powers Act (RIPA) 2000
  • amending and expanding the scope of what constitutes a "telecommunications service"
Clause 1 of DRIP, for example, attempts to re-enact the 2009 regulations, in addition to giving the Secretary of State, under sections 1(3), 1(4) and 1(7) wide ranging Henry VIII clause powers to amend the law, essentially as and when she likes. Section 1(1) puts a nominal brake on data retention by stating the Secretary of State can only order retention she considers "necessary and proportionate". However, given successive UK governments are repeatedly on record as claiming blanket surveillance is not just necessary and proportionate but "essential" to "save lives" that's not much of a practical restraint.

Some of the provisions of DRIP are seriously far reaching but mind numbing and I'd refer you in particular to excellent legal analyses by Steve Peers, Graham Smith, Liberty, the Open Rights Group, Privacy International, Big Brother Watch, Article 19 and English PEN and Tom Hickman who all do the job much better than I can on this.

If legalese leaves you cold there are quite a lot of nicely digestible articles floating around various corners of the web outlining the issues including those from the following cast of characters -
I should here, though, before closing draw your attention to Clauses 5 and 6 of DRIP. Clause 5 states:
"5 Meaning of "telecommunications service"
In section 2 of the Regulation of Investigatory Powers Act 2000 (meaning of "interception" etc), after subsection (8) insert - 
"(8A) For the purposes of the definition of "telecommunications service" in subsection (1), the cases in which a service is to be taken to consist in the provision of access to, and of facilities for making use of, a telecommunication system include any case where a service consists in or includes facilitating the creation, management or storage of communications transmitted, or that may be transmitted, by means of such a system."
It seems that in attempting to bring services like Twitter and Facebook further into the data retention and investigatory powers fold, the government has managed to expand the scope of what is meant by "telecommunications service". It would now seem to encompass email listservs, webmail servers (as it says in the explanatory notes), social media providers like Facebook, app providers, retailers, gaming sites, the whole spectrum of website controllers/operators, bloggers, broadcast, print and online media and you can probably think of many more. I wonder if they'll try to use it as leverage on the good folk at the Guardian
Dear Mr Rusbridger,
Subject to the provisions of the DRIP Act 2014 we require that you retain and provide us with access, in the first instance, to the metadata and content of all your primary sources on GCHQ surveillance ...
I suspect even Mr Rusbridger's adversaries in the bulk of the mainstream press might suddenly find themselves on his side on the mass surveillance debate were that to happen.

Clause 6(3) of the Bill is the so-called sunset clause which says the law times out aka gets repealed on 31 December 2016. The history of such sunset clauses is that they get continually renewed - especially with nominally labelled anti-terrorist legislation. No politician can risk being accused of being soft on terrorism. If the government were serious that this is a temporary emergency measure to allow for a free and full debate on the matters it addresses the sunset clause would be three months, or at the very longest, expire at the end of this year. Not 2 and half years from now, when whichever government is in power can, if I may mix my metaphors, kick the sunset clause into the long grass with little concern about  political opposition.

Bottom line

The bottom line on DRIP is
  • DRIP is a major change in UK data retention, surveillance and investigatory powers laws
  • it involves the cementing into statute blanket indiscriminate data retention and therefore affects everyone in the UK
  • this blanket indiscriminate data retention activity was considered a serious and disproportionate breach of the right privacy by the European Court of Justice
  • I consider this an abuse of the rule of law
  • this data retention element of DRIP alone undermines UK citizens rights in the context of the Charter of Fundamental Rights of the EU and must presumably, therefore, as a direct challenge to the European Court of Justice (ECJ) ruling (in joined cases C-293/12 and C-594/12) declaring the data retention directive invalid, be open to legal challenge at European level.
  • DRIP additionally expands the immensely complex Regulation of Investigatory Powers Act (RIPA) 2000 interception powers, including the extra-territorial reach of those powers
  • DRIP, having been agreed behind closed doors by the leadership of the three biggest political parties, is being rushed through Parliament without proper parliamentary scrutiny 
  • the Home Secretary has admitted in evidence to the Home Affairs Select Committee today that MPs will not know the full details of the law they are being asked to pass this week
  • this appears to me to be an affront to the principle of Parliamentary sovereignty
  • clause 5 expands the scope of the meaning of "communications service" to a degree that it could be interpreted to mean any entity using a computer and the internet
  • there is no emergency that justifies rushing this ill thought out law through - no ongoing serious crime investigations will be put at risk, as communications service providers have a long history of cooperating willingly with the police on such matters; I suspect as in the past they would be perfectly willing to continue to retain and provide access to communications of suspects about whom law enforcement authorities have reasonable cause to harbour suspicion
  • the "be afraid of terrorists and pedophiles" line is wearing very thin
The entire DRIP enterprise is a mess which if it does, as is likely, get passed in haste this week, we will all come to regret at our leisure. Some commentators have amusingly labelled it the Dangerous Logs Act. The sad thing about that particular joke is that many of the MPs, following their party line and voting DRIP through in the next few days, will not get it.

Friday, July 11, 2014

Mass surveillance and scared politicians

So the latest UK government shambles on communications surveillance is the emergency Data Retention and Investigatory Powers (DRIP) Bill to be rushed through next week in a single day. "Explanatory notes" on the draft Bill are available here.  The official text of the Home Secretary's statement in Parliament yesterday about the Bill is here.

In short, the latter says -
Be AFRAID... terrorists... child abusers... serious criminals might get away... because of those idiot European Court judges ... BE AFRAID ...Our data retention regulations are A1, super duper, OK ... but just in case they're not we need to pass this new emergency law... just to let us do what we've always been doing... BE AFRAID... but don't worry we'll protect you with this new emergency law that even that Labour gang agree is wonderful... oh and just in case I didn't mention it... BE VERY AFRAID!
Prior to that David Cameron and Nick Clegg had made a big announcement about it at an earlier specially trailored press conference. The telling point for me in this session was when the BBC's Nick Robinson, generally totally clueless about digital rights whilst on air at least, decided to go for the standard journalistic trolling approach, perhaps since he didn't really have any informed questions to ask. Mr Robinson accused Mr Cameron of rushing through an emergency law in haste which we would all repent at leisure. To which the Prime Minister responded with a cracking voice and a face like a toddler on the verge of tears -
"I am simply not prepared to be a prime minister who has to address the people after a terrorist incident and explain that I could have done more to prevent it."
There you have the whole story of the political interest in the construction of our mass surveillance infrastructure in a single sentence.

Our political leaders are scared.

They are not scared of the terrorists.

No.

They are scared that the next time there is a terrorist attack they will be accused of having not done enough to prevent it.

So they have to DO SOMETHING.

It doesn't matter if that something causes untold damage of immeasurable proportions.

In fact it is better if it is immeasurable, preferably complex, costly, involving computers; and accompanied by a selection of misleading 2 to 3 second soundbites carefully crafted for promotional purposes which come with bonus points if they can include sniping at Europe or human rights.

That way critics cannot easily pin them down.

But they must, at all costs, DO SOMETHING.

It is also better if that something involves everyone, plus large sums of public money, plus computers.

Then when the inevitable happens they can hit the broadcast circuits with pride "We did everything we could and we're going to try harder and spend more money on high tech security and never let the terrorists win..."

And you know what's so sad about this disastrously damaging cycle? The fear driving the politicians to get things so completely wrong will not save them from accusations of incompetence. When the time comes the media will still attack the government for not doing enough.

The parliamentary debate on DRIP yesterday was a parody of itself (Begins at 11:18:53)


TheyWorkForYou have the transcript of the debate.

Analysis of DRIP later if I get the chance but what is very clear is that it much more than a re-assertion of the data retention regulations.