Liberty News

A man was fined £90 for refusing to show his face to police trialling new facial recognition systems.

The man pulled his jumper up above his chin as he walked past Met Police officers trialling Live Facial Recognition software in east London.

BBC cameras filmed as officers swooped on the man, told him to wind his neck in then handed him the hefty penalty charge.

A campaigner from Big Brother Watch -- who were protesting the use of cameras on the day -- was also filmed telling an officer: I would have done the same.

Today, after a five year battle with the UK government, Privacy International has won at the UK Supreme Court. The UK Supreme Court has ruled that the Investigatory Powers Tribunal's (IPT) decisions are subject to judicial review in the High Court. The Supreme Court's judgment is a major endorsement and affirmation of the rule of law in the UK. The decision guarantees that when the IPT gets the law wrong, its mistakes can be corrected.

Key point:

• UK Supreme Court rules that the UK spying tribunal - the IPT - cannot escape the oversight of the ordinary UK courts

The leading judgment of Lord Carnwath confirms the vital role of the courts in upholding the rule of law. The Government's reliance on an 'ouster clause' to try to remove the IPT from judicial review failed. The judgment confirms hundreds of years of legal precedent condemning attempts to remove important decisions from the oversight of the courts.

Privacy International's case stems from a 2016 decision by the IPT that the UK government may use sweeping 'general warrants' to engage in computer hacking of thousands or even millions of devices, without any approval from by a judge or reasonable grounds for suspicion. The Government argued that it would be lawful in principle to use a single warrant signed off by a Minister (not a judge) to hack every mobile phone in a UK city - and the IPT agreed with the Government.

Privacy International challenged the IPT's decision before the UK High Court. The Government argued that even if the IPT had got the law completely wrong, or had acted unfairly, the High Court had no power to correct the mistake. That question went all the way to the UK Supreme Court, and resulted in today's judgment.

In his judgment, Lord Carnwath wrote:

"The legal issue decided by the IPT is not only one of general public importance, but also has possible implications for legal rights and remedies going beyond the scope of the IPT's remit. Consistent application of the rule of law requires such an issue to be susceptible in appropriate cases to review by ordinary courts."

Caroline Wilson Palow, Privacy International's General Counsel, said:

"Today's judgment is a historic victory for the rule of law. It ensures that the UK intelligence agencies are subject to oversight by the ordinary UK courts.

Countries around the world are currently grappling with serious questions regarding what power should reside in each branch of government. Today's ruling is a welcome precedent for all of those countries, striking a reasonable balance between executive, legislative and judicial power.

Today's ruling paves the way for Privacy International's challenge to the UK Government's use of bulk computer hacking warrants. Our challenge has been delayed for years by the Government's persistent attempt to protect the IPT's decisions from scrutiny. We are heartened that our case will now go forward."

Simon Creighton, of Bhatt Murphy Solicitors who acted for Privacy International, said:

"Privacy International's tenacity in pursuing this case has provided an important check on the argument that security concerns should be allowed to override the rule of law. Secretive national security tribunals are no exception. The Supreme Court was concerned that no tribunal, however eminent its judges, should be able to develop its own "local law". Today's decision welcomes the IPT back from its legal island into the mainstream of British law."

NewsGuard is a US organisation trying to muscle in governments' concerns about 'fake news'' It doesn't fact check individual news stories but gives ratings to news organisations on what it considers to be indicators of 'trustworthiness'.

At the moment it is most widely known for providing browser add-ons that displays a green shield when readers are browsing an 'approved' news website and a red shield when the website is disapproved.

Now the company is pushing something a little more Orwellian. It is in talks with UK internet providers such that the ISP would inject some sort of warning screen should an internet user [inadvertently] stray onto a 'wrong think' website.

The idea seems to be that users can select whether they want these intrusive warnings or not, via a similar mechanism used for the parental control of website blocking.

NewsGuard lost an awful of credibility in the UK when its first set of ratings singled out the Daily Mail as a 'wrong think' news source. It caused a bit of a stink and the decisions was reversed, but it rather shows where the company is coming from.

 Surely they are patronising the British people if they think that people want to be nagged about reading the Daily Mail. People are well aware of the bases and points of views of news sources they read. They will not want to be nagged by those that think they know best what people should be reading.

I think it is only governments and politicians that are supposedly concerned about 'fake news anyway'. They see it as some sort blame opportunity. It can't possibly be their politicians' own policies that are so disastrously unpopular with the people, surely it must be mischievous 'fake news' peddlers that are causing the grief.

Do you know where you were five years ago? Did you have an Android phone at the time? It turns out Google might know--and it might be telling law enforcement.

In a new article, the New York Times details a little-known technique increasingly used by law enforcement to figure out everyone who might have been within certain geographic areas during specific time periods in the past. The technique relies on detailed location data collected by Google from most Android devices as well as iPhones and iPads that have Google Maps and other apps installed. This data resides in a Google-maintained database called Sensorvault, and because Google stores this data indefinitely, Sensorvault includes detailed location records involving at least hundreds of millions of devices worldwide and dating back nearly a decade.

The data Google is turning over to law enforcement is so precise that one deputy police chief said it shows the whole pattern of life. It's collected even when people aren't making calls or using apps, which means it can be even more detailed than data generated by cell towers.

The location data comes from GPS signals, cellphone towers, nearby Wi-Fi devices and Bluetooth beacons. According to Google, users opt in to collection of the location data stored in Sensorvault. However, Google makes it very hard to resist opting in, and many users may not understand that they have done so. Also, Android devices collect lots of other location data by default, and it's extremely difficult to opt out of that collection.

Using a single warrant--often called a geo-fence or reverse location warrant--police are able to access location data from dozens to hundreds of devices--devices that are linked to real people, many of whom (and perhaps in some cases all of whom) have no tie to criminal activity and have provided no reason for suspicion. The warrants cover geographic areas ranging from single buildings to multiple blocks, and time periods ranging from a few hours to a week.

So far, according to the Times and other outlets, this technique is being used by the FBI and police departments in Arizona, North Carolina, California, Florida, Minnesota, Maine, and Washington, although there may be other agencies using it across the country. But police aren't limiting the use of the technique to egregious or violent crimes-- Minnesota Public Radio reported the technique has been used to try to identify suspects who stole a pickup truck and, separately, $650 worth of tires. Google is getting up to 180 requests a week for data and is, apparently, struggling to keep up with the demand.

Law enforcement seems to be using a three-step process to learn the names of device holders (in some cases, a single warrant authorizes all three steps). In the first step, the officer specifies the area and time period of interest, and in response, Google gives the police information on all the devices that were there, identified by anonymous numbers--this step may reveal hundreds of devices.

After that, officers can narrow the scope of their request to fewer devices, and Google will release even more detailed data, including data on where devices traveled outside the original requested area and time period. This data, which still involves multiple devices, reveals detailed travel patterns. In the final step, detectives review that travel data to see if any devices appear relevant to the crime, and they ask for the users' names and other information for specific individual devices.

Techniques like this also reveal big problems with our current warrant system. Even though the standard for getting a warrant is higher than other legal procedures--and EFF pushes for a warrant requirement for digital data and devices--warrants, alone, are no longer enough to protect our privacy. Through a single warrant the police can access exponentially more and more detailed information about us than they ever could in the past. Here, the police are using a single warrant to get access to location information for hundreds of devices. In other contexts, through a single warrant, officers can access all the data on a cell phone or a hard drive; all email stored in a Google account (possibly going back years); and all information linked to a social media account (including photos, posts, private communications, and contacts).

We shouldn't allow the government to have such broad access to our digital lives. One way we could limit access is by passing legislation that mandates heightened standards, minimization procedures, and particularity requirements for digital searches. We already have this in laws that regulate wiretaps , where police, in addition to demonstrating probable cause, must state that they have first tried other investigative procedures (or state why other procedures wouldn't work) and also describe how the wiretap will be limited in scope and time.

As the Times article notes, this technique implicates innocent people and has a real impact on people's lives. Even if you are later able to clear your name, if you spend any time at all in police custody, this could cost you your job, your car, and your ability to get back on your feet after the arrest. One man profiled in the Times article spent nearly a week in police custody and was having trouble recovering, even months after the arrest. He was arrested at work and subsequently lost his job. Due to the arrest, his car was impounded for investigation and later repossessed. These are the kinds of far-reaching consequences that can result from overly broad searches, so courts should subject geo-location warrants to far more scrutiny.