Our latest report highlights the growing use of private investigators by local and public authorities, particularly the number of times they are used without RIPA authorisation.
The law in the UK, particularly the Police and Criminal Evidence Act 1984, is broadly drawn to allow evidence to be introduced in court that in other jurisdictions would not be deemed admissible. Contrasted with the fruit of the poisonous tree
provisions in the US, and broader protection offered by the Fourth Amendment, UK law risks failing to join up the evidential admissibility process and the regulation of surveillance.
While the surveillance doesn't come cheap, with some organisation spending thousands of pounds on a single operation, the primary finding of the report is the potential loophole in surveillance regulation that is being exploited following the
passage of the Protection of Freedoms Act 2012.
Accordingly, we are seriously concerned there is a gap in UK law emerging around surveillance and the ability of third parties to conduct surveillance operations without proper regulation. Some of these operations were conducted at the request of
insurers, raising concerns about conflicts of interest.
The government has acted to control surveillance by local councils but this research shows more than ever before public bodies are using private detectives to do their snooping. The law is at breaking point and public bodies shouldn't be able to
dodge the legal checks on them by using private investigators.
Commenting on our report, Secretary of State for Local Government, Eric Pickles said:
Such powers can only be used for serious crimes, and require a magistrates' warrant. It is totally unacceptable if councils are trying to sidestep these important new checks and they should be held to account for acting outside the law.
Next time you change your Facebook relationship status, think twice about what your local council might think.
As Tony Bell found, saying he was married led to his local council deciding he was no longer entitled to his single person council tax discount, despite the marriage being a joke to wind up colleagues.
If the council had sent someone out to see what was going on, they would have to seek a magistrates approval for surveillance under the Regulation of Investigatory Powers Act. Yet doing it online appears to fall totally outside these rules.
Smart technology and the sort of big data available to social networking sites are helping police target crime before it happens. But is this ethical? Book extract from To Save Everything by Evgeny Morozov
Southampton Council's attempt to justify it's policy of requiring taxis to record audio and video of every journey took another blow when the First Tier Tribunal ruled against it.
The case stems from a complaint made by Big Brother Watch and others to the Information Commissioner's Office (ICO), and led to Oxford council abandoning it's policy and Southampton being given an enforcement notice -- essentially a
prosecution for breaching the Data Protection Act.
As reported by the barrister's chambers 11KBW, who acted for the ICO in the case:
What the Council disputed was (1) the conclusion that the policy involved the processing of sensitive personal data as well as personal data; and (2) the ICO's finding that the recording and retention of audio data was a disproportionate
interference with passengers' privacy rights under Article 8 of the European Convention.
On both points, the tribunal ruled against the council, saying the policy was disproportionate and accepting the risk of function creep .
The owners of Mrs Palm, the licensed store in Truro, Cornwall, are appealing for help and advice from other licensed store owners in combating the latest condition Cornwall Council is attempting to impose upon the business.
The council is now saying that Mrs Palm is required to install very intrusive CCTV to record and retain for not less than 31 days recognisable facial features of all persons attempting to enter the shop, leaving the shop and also of
persons in the shop.
Mrs Palm co-owner Braxton Reynolds is preparing an appeal against the condition and would welcome feedback from the industry:
Our customers are particularly concerned that they are using a shop that is extremely discreet but obviously there are serious implications for the whole industry about this, he said.
The Conservative Canadian government is abandoning its much-criticized internet surveillance bill, which would have allowed the government to keep tabs on its citizens and was disguised with bollox claims of fighting child pornographers. (The
authorities can already get all the warrants they need to investigate serious crimes)
Justice Minister Rob Nicholson announced that Bill C-30, which caused public ire over privacy, is dead. Nicholson told reporters:
We've listened to the concerns of Canadians, We will not be proceeding with Bill C-30 ... including the warrantless mandatory disclosure of basic subscriber information, or the requirement for telecommunications service providers to build
intercept capabilities within their systems.
Bill C-30 misleadingly known as the Protecting Children from Internet Predators Act was introduced in Parliament less than a year ago, and it was presented as a choice that Canadians must make: to either support the bill or be on the side of
child pornographers. He can either stand with us or stand with the child pornographers, argued Public Safety Minister Vic Toews in Parliament while attacking the opposition last February.
This comment led to public outrage, raising privacy concerns across the nation.
What made the legislation dangerous was that it forced Internet service providers to have systems that allowed police to intercept and track online communications. Also, it would have permitted authorities to have warrantless access to Internet
subscriber information, including name, address, telephone number, email address and IP address.
This is a great day, critic of the bill, Ontario Privacy Commissioner Ann Couvukian told The Globe and Mail, This is a victory for privacy and for freedom.
New technology has been developed enabling governments to snoop on people using social networking websites and apps.
The sophisticated technology relies on websites such as Facebook and Twitter to build a detailed picture of people's lives in a move that raises concerns over breach of privacy and civil liberties.
The system has been created by Raytheon, the US giant defence contractor. It is name Riot or Rapid Information Overlay Technology
It was claimed that the technology could be transformed into a Google for spies and used by governments as a means of monitoring and controlling people online.
A video obtained by the Guardian newspaper reveals how the software system can gather personal information about people, including their friends, interests and the places they visit, from social networking websites including Foursquare, Facebook
In the video, the software analyses the behaviour of a Raytheon employee Nick to show the places he has used his smartphone, the day or time of most internet activity and the location of photos posted online. We know where Nick's going, we
know what Nick looks like, now we want to try to predict where he may be in the future, says the video.
Ginger McCall, from the US-based Electronic Privacy Information Centre said:.
Social networking sites are often not transparent about what information is shared and how it is shared.
Users may be posting information that they believe will be viewed only by their friends, but instead, it is being viewed by government officials or pulled in by data collection services like the Riot search.
Offsite Comment: Why we should all worry about being tracked online
Skype is a voice, video and chat communications platform with over 600 million users worldwide, effectively making it one of the world's largest telecommunications companies. Many of its users rely on Skype for secure communications--whether they
are activists operating in countries governed by authoritarian regimes, journalists communicating with sensitive sources, or users who wish to talk privately in confidence with business associates, family, or friends.
It is unfortunate that these users, and those who advise them on best security practices, work in the face of persistently unclear and confusing statements about the confidentiality of Skype conversations, and in particular the access that
governments and other third parties have to Skype user data and communications.
We understand that the transition of ownership to Microsoft, and the corresponding shifts in jurisdiction and management, may have made some questions of lawful access, user data collection, and the degree of security of Skype communications
temporarily difficult to authoritatively answer. However, we believe that from the time of the original announcement of a merger in October 2011, and on the eve of Microsoft's integration of Skype into many of its key software and services, the
time has come for Microsoft to publicly document Skype's security and privacy practices.
We call on Skype to release a regularly updated Transparency Report that includes:
Quantitative data regarding the release of Skype user information to third parties, disaggregated by the country of origin of the request, including the number of requests made by governments, the type of data requested, the proportion of
requests with which it complied -- and the basis for rejecting those requests it does not comply with.
Specific details of all user data Microsoft and Skype currently collects, and retention policies.
Skype's best understanding of what user data third-parties, including network providers or potential malicious attackers, may be able to intercept or retain.
Documentation regarding the current operational relationship between Skype with TOM Online in China and other third-party licensed users of Skype technology, including Skype's understanding of the surveillance and censorship capabilities that
users may be subject to as a result of using these alternatives.
Skype's interpretation of its responsibilities under the Communications Assistance for Law Enforcement Act (CALEA), its policies related to the disclosure of call metadata in response to subpoenas and National Security Letters (NSLs), and more
generally, the policies and guidelines for employees followed when Skype receives and responds to requests for user data from law enforcement and intelligence agencies in the United States and elsewhere.
Other companies, such as Google, Twitter and Sonic.net already release transparency reports detailing requests for user data by third parties twice a year. We believe that this data is vital to help us help Skype's most vulnerable users, who rely
on your software for the privacy of their communications and, in some cases, their lives.
Abine, Access, AIDS Policy Project, ASL19, Asociacion de Internautas, Aspiration, Bolo, Bhi, Calyx Institute, ChokePoint Project, Crossbear Project, Cryptocat ,Crypto.is, Cyber Arabs/IWPR, DFRI, Digital Rights Foundation, Digitale, Gesellschaft,
DotConnectAfrica, DISC Development, Egyptian Initiative for Personal Right,s Electronic Frontier Foundation, The Engine Room, Expression Online Coalition, Front Line Defenders, Free Network Foundation, Global Voices Advocacy, GreatFire.org ,The
Guardian Project, Hermes Center for Digital Human Rights, Internet Protection Lab, The Julia Group, May First/People Link, Nachtpult, OpenITP, Open Media, Open Technology Institute, Progressive Global Commons, Public Sphere Project, Radical
Designs, Reporters Without Borders, TagMeNot, Tech for Freedom, Telecomix, Thai Netizen Network, Tibet Action Institute, Zwiebelfreunde.
The Australian Attorney-General's Department is pushing for new powers for the Australian Security Intelligence Organisation (AISO) to hijack the computers of suspected terrorists.
A spokesman said it was proposing that ASIO be authorised to use a third party computer for the specific purpose of gaining access to a target computer :
The purpose of this power is to allow ASIO to access the computer of suspected terrorists and other security interests.
(It would be used) in extremely limited circumstances and only when explicitly approved by the Attorney-General through a warrant.
Importantly, the warrant would not authorise ASIO to obtain intelligence material from the third party computer.
The Attorney-General's Department refused to explain yesterday how third-party computers would be used, as this may divulge operationally sensitive information and methods used by ASIO in sensitive national security investigations. But it
said technological advances had made it increasingly difficult for ASIO to execute search warrants directly on target computers, particularly where a person of interest is security conscious.
But cyber specialist Andrew Pam, a board member of the Electronic Frontiers lobby group, predicted ASIO could copy the tactics of criminal hackers to seize control of target computers. Australians' PCs might be used to send a malicious email with
a virus attached, or to load malware onto a website frequently visited by the target.
Victoria's acting Privacy Commissioner, Dr Anthony Bendall, said that ASIO's proposed new powers are characteristic of a police state. To access a third party's computer, which has no connection with the target, is extraordinarily broad and
A report shows that the European Commission plans to force the UK to allow other member states access to personal details of every motorist in Britain as well as access to the national DNA database and fingerprint records.