Open Rights Group – Briefing on Counter-Terrorism and Security Bill

The Open Rights Group has prepared a briefing on the Counter-Terrorism and Security bill announced by the Home Secretary Theresa May on 26 November 2014.

The Bill extends the scope of the Data Retention and Investigatory Powers Act 2014 (DRIPA). The bill introduces other measures such as a duty on certain authorities to prevent people being drawn into terrorism; the core requirement of the new legislation is that ISPs record the user of a specific IP address at a specific time.

In April 2014 blanket data retention was ruled illegal by the Court of Justice of the European Union (CJEU) and it is doubtful that the new legislation complies with the permissible limits of data retention set out by this judgement.

See also this previous post for further information on the proposed legislation.


Tribunal says Tempora programme is legal

Jennifer Baker reports on The Register website that the UK’s Investigatory Powers Tribunal (IPT) has ruled that GCHQ’s mass surveillance Tempora programme is legal in principle.  It made the ruling following a case brought by Privacy International, Liberty, Amnesty International and other parties.

Tempora is the code name given to an operation run by GCHQ to allow huge amounts of intercepted internet data to be temporarily stored for analysis.  It is reported to hold content for three days and metadata for 30 days.  The  case put to the tribunal was that Tempora breached article 8 of the European Convention on Human Rights, which is the right to privacy, as well as article 10, which protects freedom of expression.

Privacy International deputy director Eric King said of the decision:

“Today’s decision by the IPT that this is business as usual is a worrying sign for us all.  The idea that previously secret documents, signposting other still secret documents, can justify this scale of intrusion is just not good enough, and not what society should accept from a democracy based on the rule of law.”

Privacy International has issued a statement on the ruling which can be found here.

I’m Terrified of My New TV

Michael Price writes on the Brennan Center for Justice website about the privacy issues with internet enabled televisions.

Internet enabled, or “Smart” televisions have become very come in recent years; however, as Price points out the amount of data  collected by these TVs is staggering.  In the case of the TV he has purchased this includes records of the apps used, websites visited and when and for how long you use it.  The TV can also perform facial and voice recognition, the data from which is uploaded to a corporate server.  Little wonder the TV comes with a privacy policy 46-pages long.

Much of the data captured and transmitted by his new TV is stored in the cloud and would be classed as “third party records”, but he highlights that (in the US) there is currently little privacy  protection for such data.

Biometrics in smartphones need more control – ex-GCHQ boss

Leala Padmanabhan reports on the BBC News website that Sir John Adye, the former head of GCHQ between 1989 and 1996, has highlighted security concerns with some biometric technology, such as fingerprint recognition used on Apple’s iPhone 6 and on other devices.

He gave as an example of the lack of clear information on what happens to an individuals biometric data when used for identity checking on a smartphone and the lack of physical supervision of such devices versus for example, the way an ATM is supervised by a bank.  Commenting on Apple’s iPhone 6 biometric fingerprint recognition he said:

“………They appear to have a good system at the moment for protecting their operating system, so it’s difficult for anyone outside to penetrate it and retrieve data from it.  But how long will that last, because the criminals … are very inventive at finding ways in, and although you can protect it in that way on the device itself, what happens if the device is lost or stolen?”