The UK's Independent Review of Terrorism Legislation has said, it is time for a clean slate when it comes to surveillance law in the UK. In his report, David Anderson QC condemned the current legislative framework as, fragmented, obscure, under
constant challenge and variable in the protections that it affords the innocent .
Anderson was tasked with reviewing surveillance law as a requirement of the Data Retention and Investigatory Powers Act, one of the concessions gained by Labour and the Lib Dems in return for their support in rushing the Bill through Parliament
Anderson, unsurprisingly, does not condemn mass surveillance in principle and endorses bulk collection by the security services, but the report does call for a radical overhaul of how surveillance is regulated.
Here are some of the key points:
Since the Snowden revelations began two years ago, Parliament has further legislated for surveillance through DRIPA, the Counter Terrorism and Security Act 2015 and amendments to the Computer Misuse Act that legitimise hacking by the security services.
Anderson's damning verdict that the law, is variable in the protections that it affords the innocent can't be ignored. The report says: A comprehensive and comprehensible new law should be drafted from scratch, replacing the multitude of
current powers and providing for clear limits and safeguards on any intrusive power that it may be necessary for public authorities to use.
Under the current system, warrants for surveillance are signed off by government ministers, who are not independent. Anderson's recommendations that warrants should be signed off by judicial commissioners is a welcome shift away from politicial
authorisation but it would be preferable for warrants to go through the courts and be signed by serving judges to help make sure that surveillance is necessary and proportionate .
Anderson says that extending capabilities through a new Snoopers' Charter should only happen if there is, a detailed operational case needs to be made out, and a rigorous assessment conducted of the lawfulness, likely effectiveness, intrusiveness and
cost of requiring such data to be retained . So far the Government hasn't made such a case. In addition, it has made a report by Sir Nigel Sheinwald top secret. That report is believed to have suggested that a new international treaty could be a
legal alternative to the Snoopers' Charter. Despite this, the Home Secretary Theresa May today told the House of Commons that the re-drafted Snoopers' Charter would be laid before Parliament in the autumn - although it would be scrutinised by a Joint
It is unlikely that Anderson's review and the Intelligence and Security Committee's Privacy and Security report would have happened were it not for Edward Snowden's revelations. Two years on, there are still many battles to be fought but one thing is
certain - the status quo cannot continue. MPs from all parties must act to ensure that the UK has surveillance powers fit for a democracy.
Theresa May, the Home Secretary, announced yesterday morning that the Investigatory Powers Bill will be published in draft form in the autumn. A joint committee of MPs and Peers will scrutinise the bill.
The police and intelligence services should be able monitor people suspected of serious crimes. But it's completely unclear that collecting information about everyone, all of the time is an efficient or cost-effective way of investigating crime. And it's even less likely that this is in line with our fundamental human rights to privacy and freedom of speech.
If you agree, can you sign our petition?
We think the police and intelligence agencies should have powers that are effective and genuinely protect our privacy and freedom of speech.
The High Court is hearing a legal challenge to the government's 'emergency' surveillance law brought by two MPs.
The Data Retention and Investigatory Powers Act was fast-tracked through Parliament in three days last July. It allows Britain's intelligence agencies to gather people's phone and internet communications data.
But former Conservative minister David Davis and Labour's Tom Watson will argue that the legislation is incompatible with human rights. The Data Retention and Investigatory Powers Act was rushed through Parliament in July 2014, after a ruling by the
European Union's Court of Justice rendered existing powers illegal.
The plans were supported by the three main parties, but opposed by civil liberties campaigners. 'Lives at risk'
However, Watson and Davis say the legislation was rushed and lacked adequate safeguards, and needs to be re-thought. They will argue that the legislation is incompatible with the right to a private and family life, and data protection, under both the
Human Rights Act and the European Union Charter of Fundamental Rights.
The law that the NSA used to authorize its collection of vast amounts of information about the telephone calls of ordinary Americans is no more. It's likely
a temporary reprieve though.
The Senate let three provisions of the Patriot Act expire: Section 215, the section the government uses to collect phone and other business records in bulk, the Lone Wolf provision , and the roving wiretap provision. Section 215 now reverts
to its pre-Patriot Act form , which doesn't permit any collection of financial or communications records, and requires the Government to provide specific and articulable facts supporting a reason to believe that the target is an agent of a foreign
All indications are that this lapse will be temporary and that the Senate will soon pass the USA FREEDOM Act, which has small but important improvements over the now-lapsed section 215 and important additional transparency to the secret FISA court. USA
Freedom passed the House with overwhelming support.
Senate rules allow a final vote, which only needs a simple majority of 51, to occur early Tuesday morning. It's not clear whether any amendments will be offered and we'll keep watching on EFFLive and keep you posted as this saga continues.
But tonight, this is a historic baby step. We should all pause and for us at EFF who've been fighting mass surveillance since 2006, take a moment to smile.
The United Nations Human Rights Council has published an advance version of a report entitled, Report of the Special Rapporteur on the promotion and protection
of the right to freedom of opinion and expression, David Kaye
The report underlines the importance of encryption and anonymity in the digital age and calls on member states to protect their use under law.
David Kaye, a UN special rapporteur on freedom of expression, seeks to shine light on complex issues by asking two questions:
Do the rights to privacy and freedom of opinion and expression protect secure online communication, specifically by encryption or anonymity?
Assuming an affirmative answer, to what extent may Governments, in accordance with human rights law, impose restrictions on encryption and anonymity?
Acknowledging that some states impose draconian measures to restrict citizens' abilities to send and impart knowledge without fear, Kaye says that journalists and activists often need specialist tools to make their voices heard.
A VPN connection, or use of Tor or a proxy server, combined with encryption, may be the only way in which an individual is able to access or share information in such environments.
Noting that individuals should be able to send and receive information beyond their borders, the rapporteur states that some member states act to deny those freedoms by restricting communications using aggressive filtering:
Encryption enables an individual to avoid such filtering, allowing information to flow across borders. Moreover, individuals do not control -- and are usually unaware of -- how or if their communications cross borders. Encryption and anonymity may
protect information of all individuals as it transits through servers located in third countries that filter content.
Anonymity has been recognized for the important role it plays in safeguarding and advancing privacy, free expression, political accountability, public participation and debate.
Some States exert significant pressure against anonymity, offline and online. Yet because anonymity facilitates opinion and expression in significant ways online, States should protect it and generally not restrict the technologies that provide it.
Kaye notes that several states have attempted to combat anonymity tools such as TOR, VPNs and proxies, with Russia even offering significant cash bounties for techniques which would enable it to unmask TOR users. However, due to their human rights value,
use of such tools should actually be encouraged.
Because such tools may be the only mechanisms for individuals to exercise freedom of opinion and expression securely, access to them should be protected and promoted.
States should revise or establish, as appropriate, national laws and regulations to promote and protect the rights to privacy and freedom of opinion and expression.
In respect of encryption and anonymity, Kaye says that member states should adopt policies of non-restriction or comprehensive protection , and only introduce restrictions on a proportional, court-order supported, case-by-case basis.
Adding that states and companies alike should actively promote strong encryption and anonymity, Kaye says that measures that weaken individual's online security, such as backdoors, weak encryption standards and key escrows, should be avoided.
Finally, Kaye advises member states to not only encourage the use of encryption, but also make it the norm.
A senior policeman is preparing the way for state snooping to be ratcheted up into 'private space'.
Scotland Yard commander Mak Chishty starts with the bizarre assertion that Islamist propaganda on the internet and social media is influencing children as young as five. Surely if children so young are showing signs of extremism, then one has to suggest
that family background and culture is the more likely basis. But it's probably not politically correct to suggest this. It's a long standing general tenet of propaganda that 'outside sources' should be blamed, not the people involved, a theme that is
carried throughout Chishty's piece.
Chishty said children aged five had voiced opposition to marking Christmas, branding it as haram . He also warned that there was no end in sight to the parade of British Muslims, some 700 so far, being lured from their bedrooms to Syria by Islamic
State (Isis) propaganda.
In an interview with the Guardian, Chishty said there was now a need for a move into the private space of Muslims to spot views that could show the beginning of radicalisation far earlier. He said this could be shown by subtle changes in
behaviour, such as shunning certain shops, citing the example of Marks & Spencer, which could be because the store is sometimes mistakenly perceived to be Jewish-owned.
Chishty said friends and family of youngsters should be intervening much earlier, watching out for subtle, unexplained changes, which could also include sudden negative attitudes towards alcohol, social occasions and western clothing. They should
challenge and understand what caused such changes in behaviour, the police commander said, and seek help, if needs be from the police, if they are worried. Chishty said:
We need to now be less precious about the private space. This is not about us invading private thoughts, but acknowledging that it is in these private spaces where this [extremism] first germinates. The purpose of private-space intervention is to engage,
explore, explain, educate or eradicate. Hate and extremism is not acceptable in our society, and if people cannot be educated, then hate and harmful extremism must be eradicated through all lawful means.
Asked to define private space , Chishty said:
It's anything from walking down the road, looking at a mobile, to someone in a bedroom surfing the net, to someone in a shisha cafe talking about things.
Update: Google and Whatsapp will be forced to hand messages to MI5
Google, Facebook and other internet giants will be forced to give British spies access
to encrypted conversations of people of interest under plans expand snooping powers.
New laws will require Whatsapp, which is owned by Facebook, Snapchat and other popular apps to hand messages sent by their users to MI5, MI6 and GCHQ.
The new power is to be included in a new Investigatory Powers Bill which will overhaul the ability of the spy agencies to intercept communications.
The bill, announced in the Queen's Speech, will revive the so-called snoopers charter but is much wider than previous planned.
The security and intelligence agencies are complaining that encryption facilities around many online conversations are now so sophisticated to crack.
Under the proposed new powers, the spy agencies will be able to obtain a warrant from the Home Secretary that will oblige an internet companies to break down its encryption protection and allow access to communications.
The US Senate has unsurprisingly blocked a bill that would have ended the bulk collection of Americans' phone records by the National Security Agency (NSA).
The White House has pressed the Senate to back the a bill passed by the House of Representatives - the Freedom Act - which would end bulk collection of domestic phone records. These records would remain with telephone companies subject to a case-by-case
review. The 57-42 Senate vote fell short of the 60-vote threshold.
Another vote held over a two-month extension to the existing programmes - Section 215 of the USA Patriot Act - also failed to reach the threshold. Senators are to meet again on 31 May - a day before the bill is due to expire.
The British government sneakily changed anti-hacking laws to exempt GCHQ and other law
enforcement agencies from criminal prosecution, it has been revealed.
Details of the change became apparent at the Investigatory Powers Tribunal which is hearing a challenge to the legality of computer hacking by UK law enforcement and intelligence agencies.
The Government amended the Computer Misuse Act (CMA) two months ago. It used a little-noticed addition to the Serious Crime Bill going through parliament to provide protection for the intelligence services. The change was introduced just weeks after the
Government faced a legal challenge that GCHQ's computer hacking to gather intelligence was unlawful under the CMA.
Eric King, the deputy director of Privacy International, said:
The underhand and undemocratic manner in which the Government is seeking to make lawful GCHQ's hacking operations is disgraceful.
Hacking is one of the most intrusive surveillance capabilities available to any intelligence agency, and its use and safeguards surrounding it should be the subject of proper debate. Instead, the Government is continuing to neither confirm nor deny the
existence of a capability it is clear they have, while changing the law under the radar.
Scottish National Party MPs are commendably planning to oppose flagship Conservative legislation by courting Tory backbenchers, The Telegraph
Nicola Sturgeon's Westminster MPs want to block the so-called Snoopers' Charter by courting libertarian Tories who have previously opposed Theresa May's plans for internet mass snooping. The conservatives want to implement a searchable database so
that the authorities will be able to more fully analyse people's internet usage and communications.
The SNP MPs also believe they can gather enough cross-party support to kill off reprehensible Tory plans to repeal the Human Rights Act and replace it with a lesser British Bill of Rights.
One senior SNP MP told the Telegraph:
Both those issues fall in that tricky civil liberties space for the Conservatives where there are fault lines,
We think the mass collection of data is wrong. There is a line beyond which it is unacceptable for civil liberties can be impinged.
SNP opposition would likely be matched by Labour and the Lib Dems, meaning only a few dozen Tory rebels would be enough to block the flagship manifesto pledges.
The Conservatives are already planning to introduce the huge surveillance powers known as the Snoopers' Charter, hoping that the removal from
government of the Liberal Democrats that previously blocked the controversial law will allow it to go through.
The law, officially known as the Draft Communications Data Bill, is already back on the agenda according to Theresa May. It is expected to force British internet service providers to keep huge amounts of data on their customers, and to make that
information available to the government and security services in a searchable format.
The snoopers' charter received huge criticism from computing experts and civil liberties campaigners in the wake of introduction. It was set to come into law in 2014, but Nick Clegg withdrew his support for the bill and it was blocked by the Liberal
Democrats. Theresa May, who led the legislation as home secretary, said shortly after the Conservatives' election victory became clear that she will seek to re-introduce it to government. With the re-election of May and the likely majority of her party,
the bill is likely to find success if the new government tries again.
David Cameron has suggested that his party could introduce even more wide-ranging powers if he was re-elected to government. Speaking in January, he said that there should be no form of communication that the government was unable to read -- likely
causing chaos among the many internet services that rely on encryption to keep users' data safe .
The French parliament has approved a controversial law extending mass snooping capabilities of the intelligence services, with the aim of preventing
The law on intelligence-gathering, adopted by 438 votes to 86, was drafted after muslim terrorists attacked the Charlie Hebdo office and a Jewish supermarket.
The Socialist government says the law is needed to take account of changes in communications technology. But critics say it is a dangerous extension of mass surveillance.
The new law define new purposes for which secret intelligence-gathering may be used. It sets up a supervisory body, the National Commission for Control of Intelligence Techniques (CNCTR), with wider rules of operation. And inevitably it authorises new
methods, such as the bulk collection of metadata via internet providers
One online advocacy group, La Quadrature du Net, wrote after the vote:
Representatives of the French people have given the Prime Minister the power to undertake massive and limitless surveillance of the population.
All new cars will within three years contain tracking devices. Under EU laws the technology will be compulsory from 2018 and fitted as standard in every model of
car and small van.
The authorities unconvincingly claim that the device will somehow only be activated in the event of a crash when it will be used to provide an accurate location for police and ambulance services. As well as location the device will track speed and
direction of travel and other events such as the airbags being deployed. Again this may be useful in the event of a crash but will be even more useful to the police for law enforcement and surveillance.
Privacy campaigners expressed concern over the protection of people's personal driving information, habits and locations from commercial companies such as insurers, as well as hackers with ulterior motives. Emma Carr, director of Big Brother Watch, said:
There is a clear risk that once this device is installed, drivers will lose total control over who has access to their data and how they will use it.
Forcing drivers to have a device installed in their car, which is capable of recording and transmitting exactly where and when they are driving, is totally unacceptable.
The European Parliament itself admitted that it expects a whole host of commercial companies to have access to this data.
New technology developed by US researchers can transmit messages through popular multiplayer online games, making it very difficult for censors
to detect and block.
One of the most difficult tasks faced by those attempting to subvert internet restrictions , such as those put in place by China's so-called Great Firewall, is doing so in a manner that doesn't provoke suspicion from censors. Rishab Nithyanand, a
researcher at Stony Brook University and one of the developers of The Castle explained:
People who were using [anonymising tools] were fairly easily detected by censors and blocked.
The Castle uses video games as a benign transport, transmitting and receiving data through the game itself in a manner that will just look like normal gameplay from the outside.
We can basically transmit any kind of information through the video game.
Games already transmit huge amounts of data between players and servers, and between players themselves. This data is usually encrypted to prevent cheating, making it hard for censors to spot anything suspicious.
The technology, which was published on the code repository GitHub last week, is built to use 0AD , an open-source, multiplayer real-time strategy game. The technology could easily be adapted to a similar title, such as Starcraft or the hugely-popular
We will need to update our investigative laws to keep up with changing technology, strengthening both the powers available, and the safeguards that
protect people's privacy. This is why Labour argued for an independent review, currently being undertaken by David Anderson. We will strengthen the oversight of our intelligence agencies to make sure the public can continue to have confidence in the
vital work that they do to keep us safe.
Labour have provided a rather vague statement on their plans. They call for "strengthening the powers available" but it isn't clear which powers they think need strengthening. We are also unclear on which safeguards they think need to be put
into place to protect people's privacy. Improving oversight of the intelligence agencies is an important area to reform. In our view though, it is also important that the powers and capabilities of the intelligence agencies, as revealed by Edward
Snowden, are limited to targeted surveillance on people suspected of crimes. Labour have not committed to any change to the bulk collection of our internet use that GCHQ currently undertakes. It is disappointing that a party which makes so much of its
support for the Human Rights Act elsewhere in its manifesto does not see the human rights of privacy, freedom of speech and association as important enough to change its approach to state surveillance.
We will keep up to date the ability of the police and security services to access communications data -- the 'who,
where, when and how' of a communication, but not its content. Our new communications data legislation will strengthen our ability to disrupt terrorist plots, criminal networks and organised child grooming gangs, even as technology develops. We will
maintain the ability of the authorities to intercept the content of suspects' communications, while continuing to strengthen oversight of the use of these powers.
We will ban the police from accessing journalists' phone records to identify whistle-blowers and other sources without prior judicial approval.
The Conservatives want to increase the surveillance powers available to the police and intelligence agencies. Like Labour, there is no detail on which powers they would strengthen in particular. They say they will introduce "new communications data
legislation" which we can only assume is a revamped Communications Data Bill - commonly known as the Snoopers' Charter. The bulk collection of the content of our communications revealed in the documents released by Edward Snowden is not addressed.
It is right that police should need judicial approval before they can access journalists' phone records but judicial authorisation for surveillance should be sought before surveillance on all of us, not just journalists. There is no explicit mention of
David Cameron's previously stated principle that all communications should be accessible by the state even when they have been encrypted.
Ensure judicial authorisation is required for the acquisition of communications data which might reveal journalists' sources or other privileged communications, for any of the purposes allowed under RIPA; and allow journalists the
opportunity to address the court before authorisation is granted, where this would not jeopardise the investigation.
Ensure proper oversight of the security services.
Establish in legislation that the police and intelligence agencies should not obtain data on UK residents from foreign governments that it would not be legal to obtain in the UK under UK law.
Oppose the introduction of the so-called Snooper's Charter. We blocked the draft Communications Data Bill and would do so again. Requiring companies to store a record of everyone's internet activities for a year or to collect
third-party communications data for non-business purposes is disproportionate and unacceptable, as is the blanket surveillance of our paper post.
Set stricter limits on surveillance and consider carefully the outcomes of the reviews we initiated on surveillance legislation by the Royal United Services Institute and the Independent Reviewer of Terrorism Legislation David
Anderson QC. We are opposed to the blanket collection of UK residents' personal communications by the police or the intelligence agencies. Access to metadata, live content, or the stored content of personal communications must only take place without
consent where there is reasonable suspicion of criminal activity or to prevent threats to life.
Uphold the right of individuals, businesses and public bodies to use strong encryption to protect their privacy and security online.
The Liberal Democrats give much greater detail on what they would like to see on the issue of surveillance than Labour or the Conservatives. This should be welcomed. We are happy to see that they oppose the blanket collection of UK residents' personal
communications by the police or intelligence agencies. It will be interesting to see whether they retain their opposition to blanket collection if the reports mentioned above in their manifesto do not share their position. There is also a good commitment
to the right to use strong encryption online. We welcome the Liberal Democrat's call for judicial authorisation before journalists' communications data is accessed but we think this should be necessary before bulk collection of our communications is
Oppose any case for secret unaccountable mass surveillance of the type exposed by Edward Snowden. We do accept that government law enforcement agencies may occasionally need to intercept communications in specific circumstances.
Such specific surveillance should be proportionate, necessary, effective and within the rule of law, with independent judicial approval and genuine parliamentary oversight.
Replace the Regulation of Investigatory Powers Act 2000, which has failed
to regulate the deployment of undercover police;
to support the confidentiality of journalistic sources;
to support legal confidentiality; and
to enshrine an open and effective right of redress.
The Green Party have released a manifesto with very strong commitments on surveillance reform in line with the calls of the Don't Spy On Us campaign. They are the only party to mention Edward Snowden in their manifesto! Their calls for targeted
surveillance that is proportionate and with independent judicial authorisation are very welcome. They also note the problem that victims of inappropriate surveillance do not currently have a right of redress; another of the Don't Spy On Us principles.
Currently, British intelligence is fragmented between a number of agencies, including MI5, MI6, GCHQ and BBC Monitoring. All have different funding streams and report to different government departments. This generates a significant overlap in work and
resources and risks exposing gaps in the system.
UKIP will create a new over-arching role of Director of National Intelligence (subject to confirmation hearing by the relevant Commons Select Committee), who will be charged with reviewing UK intelligence and security, in order to ensure threats are
identified, monitored and dealt with by the swiftest, most appropriate and legal means available. He or she will be responsible for bringing all intelligence services together; developing cyber security measures; cutting down on waste and encouraging
information and resource sharing.
At our recent civil liberties hustings in Brighton Pavilion, the UKIP candidate said that his party opposes "all general surveillance". There is no sign of that in their manifesto. They say nothing about which surveillance powers GCHQ should
have, how they should be overseen and how they should get oversight. There are currently two reviews of surveillance being carried out and their manifesto mentions neither of them. It is surprising, to say the least, that after nearly two years of news
about GCHQ surveillance, UKIP's only response is that there are too many intelligence agencies and that too many resources are being wasted.
The Green Party has published its manifesto with the promise to oppose secret unaccountable mass surveillance of the type exposed by Edward
Snowden and to replace the Regulation of Investigatory Powers Act (RIPA) 2000, which empowers hundreds of UK state agencies to conduct covert mass surveillance on individuals. The manifesto continued:
We do accept that government law enforcement agencies may occasionally need to intercept communications in specific circumstances. Such specific surveillance should be proportionate, necessary, effective and within the rule of law, with independent
judicial approval and genuine parliamentary oversight.
This compares with the Conservative manifesto pledge to re-introduce the Snooper's Charter, the Communications Data Bill
The Green Party also pledged to support and protect internet freedom and to limit surveillance - presumably both online and offline - and data retention by government agencies. At the same time, it supported the extension of EU data protection laws and
expressed opposition to large US data-driven companies .
It would also oppose efforts to apply patents to software, limit online censorship and the takedown of content or [online] activity . However, the manifesto wasn't explicit in terms of the kinds of content referred to.
The Green Party also pledged to introduce a more satisfactory law on so-called malicious comments made on social media than the blanket and crude section 127 of the Communications Act 2003 .
But the Green Party are ban happy in other areas and it seems that the miserable gits have got horse racing in their sights. Reprehensible!
Rights groups have asked the European Court of Human Rights to rule on the legality of the UK's mass snooping regime.
Amnesty International, Liberty and Privacy International have jointly filed a legal complaint with the court. The three organisations claim that the surveillance carried out by GCHQ breaches the European Convention on Human Rights that enshrines certain
freedoms in law.
A similar legal challenge mounted in the UK last year saw judges rule that the spying did not breach human rights.
Nick Williams, legal counsel for Amnesty said in a statement:
The UK government's surveillance practices have been allowed to continue unabated and on an unprecedented scale, with major consequences for people's privacy and freedom of expression.
Information that had come to light in the last 12 months showed, said Amnesty, that there were flaws in the oversight system. One revelation concerned arrangements GCHQ has with its US counterparts to get at data it would be difficult for the UK agency
to get permission to acquire. There were also loopholes in UK laws governing surveillance being exploited by GCHQ to expand its spying abilities, it said.