Today’s impressively short Queen’s Speech contained two nuggets of interest for Index readers. Firstly, there was the mention of intellectual propety:

A further Bill will make it easier for businesses to protect their intellectual property

The debate over copyright and free speech has been fraught, with widespread criticism of governmental attempts to create laws on copyright on the web. (Read Brian Pellot on World Intellectual Property Day here here and Joe McNamee’s “Getting Copyright Right” here.)

This is something the government will have to treat very carefully, and the consultation should be fascinating.

Further in, the speech addressed crime in cyberspace:

In relation to the problem of matching internet protocol addresses, my government will bring forward proposals to enable the protection of the public and the investigation of crime in cyberspace.

Here’s more detail from the background briefing:

The Government is committed to ensuring that law enforcement and intelligence agencies have the powers they need to protect the public and ensure national security. These agencies use communications data – the who, when, where and how of a communication, but not its content – to investigate and prosecute serious crimes. Communications data helps to keep the public safe: it is used by the police to investigate crimes, bring offenders to justice and to save lives. This is not about indiscriminately accessing internet data of innocent members of the public.

As the way in which we communicate changes, the data needed by the police is no longer always available. While they can, where necessary and proportionate to do so as part of a specific criminal investigation, identify who has made a telephone call (or
sent an SMS text message), and when and where, they cannot always do the same for communications sent over the internet, such as email, internet telephony or instant messaging. This is because communications service providers do not retain
all the relevant data.

When communicating over the Internet, people are allocated an Internet Protocol (IP) address. However, these addresses are generally shared between a number of people. In order to know who has actually sent an email or made a Skype call, the
police need to know who used a certain IP address at a given point in time. Without this, if a suspect used the internet to communicate instead of making a phone call, it may not be possible for the police to identify them.

The Government is looking at ways of addressing this issue with CSPs. It may involve legislation.

Eagle-eyed observers will note that this echoes what Deputy Prime Minister Nick Clegg told LBC listeners on 25 April, after announcing that the dreaded Communications Data Bill (aka the “Snooper’s Charter”) was to be dropped. Clegg suggested then that IP addresses could be assigned to each individual device.

As I wrote at the time, “New proposals for monitoring and surveillance will no doubt emerge, and will be subject to the same scrutiny and criticism as the previous attempts to establish a Snooper’s Charter.”

Well, here we are.

Padraig Reidy is senior writer for Index on Censorship. @mePadraigReidy

The post The Queen’s speech and free speech appeared first on Index on Censorship.

Speaking on his regular “Call Clegg” slot on London’s LBC radio, Clegg told presenter Nick Ferrari that the government would not pass a law allowing authorities to monitor individuals’ web traffic, describing the idea as neither “workable” nor “proportionate”.

(Watch at 19 minutes)

Clegg went on to suggest that a “middle way” could be found, possibly including the assignment of an IP address to each web-enabled device, to allow police to “do their job”.

This would appear to be a victory for the many, including Index on Censorship, who expressed concerns over the sweeping powers proposed in the Communications Data Bill. In an August 2012 policy note, Index said:

Population-wide collection and filtering of communications data is neither necessary nor proportionate. Monitoring and surveillance of this kind impacts directly and in a chilling manner on freedom of expression, inhibiting and restricting individuals in how they receive, share and impart information and encouraging self-censorship.

So we will celebrate the apparent end of the Communications Data Bill in its current form. But it is clear from Clegg’s words, and those of his Conservative coalition partners including Home Secretary Theresa May, that this is not an issue that will be dropped.

New proposals for monitoring and surveillance will no doubt emerge, and will be subject to the same scrutiny and criticism as the previous attempts to establish a Snooper’s Charter.

Padraig Reidy is Senior Writer at Index on Censorship. @mePadraigReidy

The post Nick Clegg kills Snooper’s Charter – for now appeared first on Index on Censorship.

John Buckman, chair of the San Francisco-based Electronic Frontier Foundation (EFF), delivered the keynote speech: “Britain, under the thumb of…”

He filled in the blank with references to the copyright industry, the new Royal Charter on press regulation, overreaching child protection restrictions, the EU, the US, and private web companies, all of which pose significant challenges to digital freedom of expression in the UK.

The rest of the day was split between four panel sessions and eight impromptu “unconference” sessions for which participants pitched ideas and convened small groups to discuss them.

I spoke on a panel about the right to offend, alongside ORG’s Peter Bradwell and The Next Web’s Martin Bryant. Overly broad and outdated legislation, most notably Section 5 of the 1986 Public Order Act and Section 127 of the 2003 Communications Act, are regularly used to criminalise freedom of expression both online and offline in the UK. Despite a successful campaign to drop “insulting” words from the grounds on which someone can be prosecuted for offence under Section 5, the fact that neither of these provisions address the speaker’s (or tweeter’s) intentions continues to chill freedom of expression in the UK.

Also troubling is the fact that other states, India and the UAE for example, point to these and other British laws as justification to prosecute offensive expression in their own jurisdictions. I argued that protecting everyone’s fundamental right to freedom of expression is more important than protecting the feelings of a few people who might take offense to satirical, blasphemous or otherwise unsavoury views. For freedom of expression to be preserved in society, potentially offensive expression requires the utmost protection.

Another panel addressed the proposed EU General Data Protection Regulation, which intends to strengthen existing privacy principles set out in 1995 and harmonise individual member states’ laws on data protection. Provisions in the proposal around consent, data portability and the “right to be forgotten” aim to give users greater control of their personal data and hold companies more accountable for their use of it. Many companies that rely on user data oppose the regulation and have been lobbying hard against it with the UK government on their side whereas some privacy advocates argue it does not go far enough.

There were also discussions on the open rights implications of copyright legislation and the UK’s Draft Communications Data bill (AKA Snooper’s Charter), which looks set to make a comeback in the Queen’s speech on May 8.

The “unconference” sessions addressed specific causes for concern around digital rights in the UK and abroad. I participated in a session on strategies for obtaining government data in the UK and another on the US Foreign Intelligence Surveillance Act of 1978 (FISA) Amendments Act of 2008. This Act, along with the Protect America Act of 2007 legalised warrantless wiretapping of foreign intelligence targets. Digital rights activists took notice of the laws because the rise of cloud computing means even internal UK and EU data is potentially susceptible to US surveillance mechanisms.

Other “unconference” sessions focused on anonymity, password security, companies’ terms of service, activism and medical confidentiality.

The full OrgCon North agenda is available here. ORG’s national conference will take place on 8 June and will feature EFF co-founder John Perry Barlow who wrote the much circulated and cited “Declaration of the Independence of Cyberspace” in 1996.

Brian Pellot is Digital Policy Adviser for Index on Censorship. Follow him @brianpellot

The post Debating digital rights at OrgCon North appeared first on Index on Censorship.

It’s not just state gathering of data that worries people, of course. Many people object to the hoovering up and monetisation of data posted on public and private networks by the many private web companies whose services so many of us now use.

The right to privacy and the right to free expression often go hand in hand. Surveillance is bound to curtail what we say, and enable what we say to be used against us.

In Stockholm last week, Google brought together experts from politics, business, policing and civil liberties to discuss the complex intermingling of free speech, security and surveillance online.

Hosted in a former church overlooking Stockholm Harbour, the latest “Big Tent” event was kicked off with a discussion between Swedish Foreign Minister Carl Bildt and Google’s Global Head of Free Expression Ross Lajeunesse.

Bildt raised a laugh while voicing confusion over the safety of “cloud computing”, asking “Where is the bloody cloud?”

But Lajeunesse insisted that cloud computing is the best way to guarantee safety from hacking and theft, adding that Google’s gmail is encrypted in an effort to protect users from surveillance.

Discussing China’s method’s of web censorship and surveillance (Read Index’s China correspondent here), Bildt put forward the interesting proposition that the authorities use of “50 cent party” a network of thousands of civilians paid to post pro government content in web conversations, was perhaps a sign the authorities had admitted that censorship had failed, as the government seemed to have conceded that you know had to argue your case rather than censor others.

Lajeunesse was hopeful for Chinese web users, simply saying that 700 milllion people who want access to information cannot be held back.

The reasoning behind state surveillance was discussed in a later panel. After Francesca Bosco, of the United Nations Interregional Crime and Justice Research Institute gave a frankly terrifying account of cyber crime and web security (in brief, there’s a lot of crime and no real security), Brian Donald of Europol discussed the need for surveillance, citing examples of tracking people engaged in the trade of images of child sexual abuse. He countered fears of dragnet surveillance expressed by Eva Galperin of the Electronic Frontier Foundation and Jacob Mchangama of Danish civil liberties group CEPOS, saying that he was in fact limited in his powers to fight crime by European data protection laws.

Galperin and Mchangama both also expressed concern over the policing and surveillance of not just of crime, but of speech online (a subject of considerable debate in the UK).

It seems like the back-and-forth on these issues will not be resolved any time soon. Security, surveillance and free speech have always been intertwined. But mass use of the web, as our lives move online, makes the debate on achieving a balance all the more urgent.

The post Surveillance, security and censorship appeared first on Index on Censorship.

There has been some slightly offputting hyperbole about the software’s potential ability to “predict crime”, with frequent mentions of the Philip K Dick story and later Tom Cruise film Minority Report, in which psychics are used to predict potential crime, allowing police to arrest people before any damage is done.

This is largely down to the Raytheon representative’s boast in the promotional video obtained by the Guardian that RIOT can predict where people will be, based on previous behaviour.

When one looks at what he actually says and demonstrates, it’s seems to me that the programme can not really predict anything. It can identify patterns, from which users can make assumptions.

The example used in the video is that by far the most frequent time and place for the surveillance subject (a Raytheon employee) to “check in” on FourSquare is 6am at the gym. From here, a human user can reasonably assume that the subject will be at his gym at 6am most days. Not quite seeing into the future then.

And not exactly revolutionary, but merely a way of presenting data that users themselves have already volunteered into the public sphere.

Nonetheless, this technology is disquieting. More and more of our lives are recorded, day-to-day, online and publicly. Technology such as RIOT shows how easy it is to build up a very detailed picture of someone’s life, movements, interests etc. All this freely available data could have huge implications for users in the present and the future.

The UK government is currently in the process of redrafting the Communications Data Bill, which faced heavy criticism (not least from Index) for its far-reaching provisions which would force communications companies to retain data, and allow government agencies to track vast amounts of users traffic – not just publicly available social media messages, but emails, text messages phone calls and even letters. Should such a bill eventually go through with similar powers, it’s likely that other countries will follow suit.

Of course, some states are ahead of the game: yesterday it was reported that journalists working in Burma had received warnings from Google of potential email security breaches. Though the Burmese authorities have denied being behind the hacking, suspicions remain.

Surveillance inevitably has an effect on free expression, as people will not speak freely if they fear they are permanently watched and recorded. But we live in an age where tracking has become so easy, and so cheap, that without a principled stand against it, surveillance will become the norm.

Padraig Reidy is senior writer at Index on Censorship. He tweets at @mePadraigReidy

The post “RIOT” and the problems of life online appeared first on Index on Censorship.

The post UK “snooper’s charter” to be redrafted appeared first on Index on Censorship.

The coalition’s plan to store information on every citizen’s use of email, the web, and phones have been dealt a serious blow by a parliamentary committee report. Padraig Reidy reports

Home Secretary Theresa May’s plan to store information on every citizen’s use of email, the web, and phones have been dealt a severe blow by a parliamentary committee report.

In a report seen by Index on Censorship, the Joint Committee on the Communications Data Bill described the proposed new law as “too sweeping”, and going “further than it need or should”.

The committee was particularly concerned by a clause in the bill that would give the Home Secretary the power to extend the remit of the law at any time, without putting the changes before parliament. The government claimed that this was needed in order to “future proof” the legislation, saying it would otherwise be impossible to keep pace with digital communications innovation.

But critics of the Communications Data Bill, including Index, said the clause was unacceptable, allowing huge levels of surveillance and storage without any democratic oversight. The committee today endorsed that view, while acknowledging the need for governments to be able to carry out limited surveillance.

Currently, communications service providers store data on communications traffic for one year. The government’s proposal would oblige them to hold it indefinitely. The Home Office defines “communications data” as: “[T]he information about a communication. It can include the time and duration of a communication, the number or email address of the originator and recipient and sometimes the location of the device from which the communication was made.”

The cross-party committee of lords and MPs also criticised the government’s consultation on the bill, saying: “Meaningful consultation can take place only once there is clarity as to the real aims of the Home Office, and clarity as to the expected use of the powers under the bill.”

The bill’s proposal for a “request filter”, allowing government agencies to search stored information, also came under fire. While acknowledging the capacity would have certain benefits, the report warns that safeguards should be introduced to minimise the risk of “fishing expeditions”, by restricting search criteria.

Index on Censorship welcomed the report: Head of Advocacy Mike Harris said:

“The Joint Committee report supports what Index has been saying all along: that the draft Communications Data Bill would threaten the privacy and free expression of British citizens, effectively reversing the presumption of innocence and potentially chilling the information that we share. If enacted in its current form, it would mean that the UK had one of the most draconian data laws in the western world, giving justification to surveillance tactics carried out by authoritarian states such as Belarus and Kazakhstan.”

Comms Data Bill Index Submission 22 August 12

The post Communications Data Bill: Setback for UK government as “snooper’s charter” slammed appeared first on Index on Censorship.

The boom in surveillance technology sales is chilling free speech. We need to wake up to this reality, says Mike Harris

This piece originally appeared on the Independent Blogs

Wide-eyed internet visionaries told us technology would free its users from the iron grip of states, with the internet blind to borders and not respecting the dictats of bureaucrats. Instead technology is making dystopia not just possible, but cheap. Unthinkingly we’re sending our most private data across the internet thinking it a private space. Exploiting this weakness, Western technology companies have spotted a market for surveillance equipment that allows governments to hoover up data — and use it to spy on their citizens. Much of this technology has been exported to authoritarian states, but as we are discovering, if you allow British firms to flout human rights abroad, the rot begins to set in at home.

Gamma Group is run from a non-descript warehouse unit in a commercial park on the edge of Andover. This blandness is a deceit. Gamma sell a product called FinFisher, a piece of software that infects a computer and takes full control of it, allowing Skype calls to be intercepted and every keystroke the user types to be sent across the internet to another computer. The software is so sophisticated human rights groups initially couldn’t even prove it existed.  Now, the University of Toronto Munk School has published research said to show that Bahraini activists have been targeted using FinFisher.

After opening emails with titles like “Torture reports on Nabeel Rajab” (a leading human rights activist now imprisoned) their computers were reportedly infected and their personal data sent to an undisclosed third party. The government of Bahrain denies it was behind the apparent deliberate sabotage. However, opposition activists are now panicked fearing their security has been breached. In response, Gamma Group reportedly said in a 23 July email that it can’t comment on any individual customers and that Gamma complies with the export regulations of the UK, US and Germany. It added that FinFisher is a tool for monitoring criminals and to reduce the risk of abuse of its products the company only sells the product to governments.

Meanwhile in Sweden telecoms giant Teliasonera has, according to a television documentary, sold surveillance equipment to almost the entire roll call of degenerate post-Soviet regimes: Uzbekistan, Azerbaijan, Tajikistan, Kazakhstan and Belarus. In response to the documentary, a spokeswoman for Teliasonera said that “police tap into information from telecom networks to fight crime” and “the rules for how far their authority goes are different from country to country.” When pressed about complicity in human rights violations, she reportedly declined to comment on why security agencies were being given access to telecom buildings in Azerbaijan and Uzbekistan.

One Teliasonera source told news show Uppdrag Granskning: “The Arab Spring prompted the regimes to tighten their surveillance … There’s no limit to how much wiretapping is done, none at all.” Teliasonera’s equipment gives security services the capacity to monitor everything in real time — from the location of mobile phone users, their calls and SMS messages, to their emails and Facebook messages.

As Irina Bogdanova told Index on Censorship, she believes that surveillance equipment was used to locate her brother, former political prisoner Andrei Sannikov, using the signal from his mobile phone. Sannikov, a presidential candidate in 2010’s rigged elections, was stopped whilst hidden in the back of a vehicle travelling across Minsk. During his trial recordings of his private phone calls were played to the court. In a rigged legal system, the KGB didn’t need to do this, but it was a clear signal to other opposition figures that the state is watching their every move.

I can vouch for the effectiveness of surveillance in distilling fear. I flew into Belarus the day Oleg Bebenin, a human rights activist, was found dead in suspicious circumstances. After making a series of calls to London to tell colleagues I thought Oleg had been murdered, my mobile was cut off whilst I was stood alone in the streets of Minsk. My contacts in Belarus also had their mobile phones disconnected.

The British government has the powers under the Export Control Act 2002 to stop the export of any equipment that can be used to breach human rights, but with many surveillance products it has seemingly chosen not to do so. The situation is so grave that Privacy International is preparing to take the government to court to force it to take action. Yet, it isn’t just the use of this technology abroad which is of concern. The debate is moving much closer to home.

In Britain, the government is proposing legislation (the Communications Data Bill) that will grant the Home Secretary the power to blanket retain data on every citizen for an undefined purpose. It won’t require judicial approval — but potentially every text message, every Facebook message, every phone call, every email from everyone in Britain would be stored on behalf of Her Majesty’s Government. If the Bill passes, companies will have to collect data they don’t currently collect and the Home Secretary will be able to ask manufacturers of communications equipment to install hardware such as ‘black boxes’ on their products to make spying easier. This proposed scale of state surveillance will add the UK to the ranks of countries such as Kazakhstan, China and Iran. This total population monitoring would break the fundamental principle that a judge and court order is required before the state invades the privacy of its citizens by holding their personal data.

Five years ago the mobile phone you carried in your pocket could pin-point you in an urban area with a margin of error of approximately 50 metres; on the latest phones it’s around 2.5 metres. Yet, we still haven’t woken up to the possibility of technology enabling states to monitor individuals on a scale unimaginable to even the wildest of science fiction writers just a generation ago. This surveillance is being used right now in authoritarian regimes to silence opposition, as the market for this technology grows with little interference from Western governments, it will become cheaper. Once it becomes almost priceless for Western governments to monitor all our data, the arguments for allowing private communication could become drowned out by the desire for public order and safety. Then the chill on free speech will be complete.

Mike Harris is head of advocacy at Index. He tweets at @cllr_mikeharris

The post Communications Data Bill: Technology is making dystopia not just possible, but cheap appeared first on Index on Censorship.

While the internet and social media facilitate democratic instant global discourse, they are also tools of control, says Kirsty Hughes

PLUS: Read our Storify of the Dublin Internet Freedom Conference

At first glance, it seems self-evident that the exponential increase in the way millions of us communicate through email, mobile phones, Twitter, Facebook or myriad other websites must have hugely extended our freedom of speech.

We can now comment, receive, share, send and publish information around the world to an extent unimaginable a few decades ago. The Arab Spring unfolded in part through the power of social media as protesters used Facebook, Twitter and mobiles to organise.

Much of our public debate is now concerned with whether children are safe in this digital world or how to deal with abusive “trolls” online rather than worries about constraints on our digital freedoms.

While few would be surprised that authoritarian countries like China or Iran monitor and censor information and criticism online at least as much as they ever did (and still do) offline, many are complacent about their internet rights in democracies such as Ireland or Britain. However, we are sanguine about our internet freedoms at our peril — they are already under increasing attack and constraint. If we are not to wake up one day and find that our internet is constrained and under surveillance — our freedom of speech and our privacy compromised — then we must actively defend those rights now.

One of the biggest threats to our digital freedom comes about because of the amount of easily collected information about what we do online, on our mobile phones and through Twitter and Facebook accounts. Controlling how, and how much, companies like Facebook and Google can gather and use information on their users is one challenge, but a much bigger one is stopping governments snooping on all our activities and contacts.

In a democracy, we probably accept that to tackle crime or terrorism, police may, within strict limits, sometimes have the right to monitor phone calls, track who is calling whom or even who is visiting someone’s house. However we don’t expect that to apply to the vast majority of citizens going about their daily business, nor do we expect phone companies to be told to track all of our calls.

The Chinese government demands that companies who provide internet services track and monitor all their users — a huge and chilling intrusion on free speech and privacy. Just last week, the British government published the Communications Data Bill, a “snoopers’ charter”, which will give police and other authorities unprecedented access to information on everyone’s emails, phone calls and internet usage.

If it becomes law, it will demand that internet service providers and mobile phone companies collect even more data than they do today for their own commercial purposes – and hand it over when asked. Imagine the outcry, in the days before the internet, if a record was taken of whomever you sent a letter to, whoever you called and whoever you met.

Another big threat to internet freedom comes through governments blocking access to sites or even to the web as a whole. At first glance this seems a problem in authoritarian and totalitarian regimes. China has increasingly sophisticated technology to block access to sites and ensure that ordinary users do not come across web pages and debates on democracy or the Chinese government itself.

This March, Pakistan put out a multimillion-dollar tender for a national-level filtering and blocking system. Apart from the outcry this caused in Pakistan and beyond, it raises the question of who supplies and exports the technology. Corporations should not be complicit in human rights abuses but where are the controls on exports of this kind?

In Britain, there has been a lot of debate about child protection online. While few would deny that parents should pay careful attention to what their children access online, the Daily Mail has been demanding nationwide network filters be set by all internet service providers so that users would have to opt in to view legal adult content.

This would be censorship of legal material, yet who decides which sites are on a “blocked” list? Research on blocking and filters has shown they frequently catch sites that are not the intended target — “overblock” in the jargon. Getting unblocked once you are on a list is not easy, yet the British government is now consulting on child protection filters.

The internet has freed many of us to be our own publishers and commentators without needing to go through the gateway of a publishing company or the comment and letters pages of a newspaper. This has increased our ability to criticise politicians, powerful businesses and others. There is a strong backlash against this — governments and large businesses are active in monitoring comments they don’t like and demanding websites take offending words down, often trying to hold the website, not the author, responsible.

“Takedown” requests are increasing in many countries — Spain has seen a big rise, while India, the largest democracy, is proving a challenge for websites which face large numbers of takedown requests on religious and political grounds.

Many countries have “hate speech” laws and libel laws for offline publications and it may be straightforward to apply these laws equally to online publication — although the online world also makes it very easy to rapidly publish rebuttals. However the evidence suggests many takedown requests are not made because comment is illegal or libellous but simply because it is critical. Web hosts often go along with such requests, even without a court order, to be on the safe side and avoid any possible legal costs and actions.

We are starting to see the privatisation of censorship — private web companies deciding whether to take something down, not a judge or a court — and it is mostly invisible. Google publishes a “transparency report” of all the takedown requests it receives — but where are the British or Irish governments’ own transparency reports showing all the requests they make and on what grounds?

Surveillance, blocking and censorship across our digital world sounds like a nightmare in another country. It risks being the reality at home too, though, unless governments and businesses are challenged to respect and defend our fundamental human right to free expression online as much as off.

The post Internet freedoms under increasing attack appeared first on Index on Censorship.

This shift has profound implications for the UK, the US and any country that claims to be committed to rule of law and the protection of fundamental freedoms.

This isn’t the first time that an Executive has seized the general authority to search through the private communications and papers without individualized suspicion. To the contrary, the United States was founded in large part on the rejection of “general warrants” – papers that gave the Executive (then the King) unchecked power to search colonial Americans without cause. The Fourth Amendment was adopted in part to stop these “hated writs” and to make sure that searches of the papers of Americans required a probable cause showing to a court. Indeed, John Adams noted that “the child Independence was born,” when Boston merchants unsuccessfully sued to stop these unchecked powers, then being used by British customs inspectors seeking to stamp out smuggling.

The current warrantless surveillance programs on both sides of the Atlantic return us to the policies of King George III only with a digital boost. In both, our daily digital “papers” — including intimate information such as who we are communicating with, what websites we visit (which of course includes what we’re reading) and our locations as we travel around with our cell phones — are collected and subjected to some sort of datamining. Then we’re apparently supposed to trust that no one in government will ever misuse this information, that the massive amounts of information about us won’t be subject to leak or attack, and that whatever subsequent measures are put into place to government access to it by various government agencies will be sufficient to protect our privacy and ensure due process, fairness and security.

On that score, at least the UK government is willing to discuss the proposal publicly and allow Parliament to vote on it.  But this puts the onus on the British people to tell their representatives to soundly reject it.  The message to the Executive should be clear: general warrants were a bad idea in 1760, and they are still a bad idea today.

Cindy Cohn is the Legal Director for the Electronic Frontier Foundation (EFF) as well as its General Counsel

The post The return of a bad idea appeared first on Index on Censorship.