Tuesday, 23 February 2016

House of Lords - Social media and criminal offences - Communications Committee

House of Lords - Social media and criminal offences - Communications Committee:

"The Director of Public Prosecutions has published guidelines for the application of the current statute law to prosecutions involving social media communications. The guidance is clear and accessible. The guidance is structured by conduct, relating different sorts of conduct to different potential offences:

(a)  credible threats of violence to the person or damage to property:

(i)  Offences Against the Person Act 1861, s 16 (threat to kill)

(ii)  Protection From Harassment Act 1997, s 4 (fear of violence)

(iii)  Malicious Communications Act 1988, s 1 (threat)

(iv)  Communications Act 2003, s 127 (of a menacing character)

(v)  together with legislation related to racial, religious, disability, sexual orientation or transgender aggravation 

(b)  communications targeting specific individuals:

(i)  Protection from Harassment Act 1997, s 2 (harassment)

(ii)  Protection from Harassment Act 1997, s 2 (stalking)

(iii)  Protection from Harassment Act 1997, s 4 (fear of violence)

(iv)  Protection from Harassment Act 1997, s 4A (stalking involving fear of violence, serious alarm or distress) 

(c)  breach of court order, e.g. as to anonymity:

(i)  Contempt of Court Act 1981

(ii)  Sexual Offences Amendment Act 1992, s 5 (identification of a victim of a sexual offence)

(iii)  restraining orders, conditions of bail 

(d)  communications which are grossly offensive, indecent, obscene or false:

(i)  Malicious Communications Act 1988, s 1 (electronic communications which are indecent or grossly offensive, convey a threat false, provided that there is an intention to cause distress or anxiety to the victim)

(ii)  Communications Act 2003, s 127 (electronic communications which are grossly offensive or indecent, obscene or menacing, or false, for the purpose of causing annoyance, inconvenience or needless anxiety to another)

 These offences all pre-date the invention of social media. These offences are offences under the law of England and Wales; we have not considered the position in Scotland or Northern Ireland. A table of our own design showing these offences and their relationship to social media is at Appendix 3.

15.  The Protection from Harassment Act 1997 also provides for civil remedies in the form of injunctions and damages, on application to the High Court, to protect a person from harassment." 'via Blog this'

Monday, 22 February 2016

Is this the most inane government consultation of all time? Adult porn checks

Is this the most inane governmentconsultation of all time?: "Atvod had taken it onto itself to enforce age verification checks on British websites some time ago. The regulator was a product of an EU directive demanding that member states include TV-on-demand – services like iPlayer or 4oD – under some regulatory framework. Everyone else in the EU – literally everyone – added a line or two to whatever legislation they had bringing the services under the control of whichever regulator they already used. Only Britain set up its own regulator." 'via Blog this'

Sunday, 14 February 2016

Human rights in Europe should not buckle under mass surveillance

Human rights in Europe should not buckle under mass surveillance | openDemocracy:

"many of the surveillance measures contradict international human rights law. As established by the European Court of Human Rights, in fact, surveillance is – by its very nature  an interference with the right to privacy, as reiterated last December in case of Zakharov against Russia.

 Although the use of private communication information is essential in combating terrorist violence and threats, states can collect, use and store such information only under exceptional and precise conditions, while offering adequate legal safeguards and independent supervision.

 The Court of Justice of the EU also set limits to telecommunication data retention when it invalidated the EU data retention directive for its unnecessary “wide-ranging and particularly serious interference with the fundamental right to respect for private life” and personal data. This judgment echoed the concerns expressed some years earlier by the German Constitutional Court, which ruled against computerised searches by German police of potential terrorist sleepers as this breaches the individual right to self-determination and human dignity." 'via Blog this'

Wednesday, 10 February 2016

Access Now to human rights court: GCHQ surveillance violates human rights

Access Now to human rights court: GCHQ surveillance violates human rights - Access Now: "The underlying case, Big Brother Watch and others v. the United Kingdom, deals with U.K. mass surveillance programs like Tempora, as well as U.K. government access to the U.S. database compiled under the Prism surveillance program. The plaintiffs, including Big Brother Watch, Open Rights Group, English PEN, and Constanze Kurz, asked the court to investigate whether GCHQ’s practices and the current system of oversight comply with the right to privacy under Article 8 of the European Convention on Human Rights.

The case stalled for nearly two years pending the resolution of complaints in the Investigatory Powers Tribunal. The case is now moving forward.

 In our intervention Access Now makes three key arguments:

(1) these surveillance programs not only violate the European Convention on Human Rights, but also the International Covenant on Civil and Political Rights and the International Principles on the Application of Human Rights to Communications Surveillance;

(2) it is inadequate to consider any surveillance program in a vacuum, and the entire suite of information collected under all of the separate programs is more invasive than the sum of the individual parts; and

(3) intelligence sharing regimes undermine the human rights protections included in formal, transparent channels like those available under Mutual Legal Assistance Treaties." 'via Blog this'

Monday, 8 February 2016

Submarine cable cut lops Terabits off Australia's data bridge

Submarine cable cut lops Terabits off Australia's data bridge • The Register:

"TPG's announcement says the fault is around 4,590 km from the cable's Guam landing, which means it's around 3,000 metres below the surface.

The fault notice says engineers first logged a report that “alarms indicated that a submarine line card had lost its payload”, and the company is trying to establish when a repair ship can be dispatched to the location.

 In the meantime, traffic is using alternate routes including the Australia-Japan Cable and Southern Cross.

 Last year, the SeaMeWe-3 cable which runs from Perth to Asia via Indonesia suffered multiple outages.

The situation is complicated by the Basslink cable outage. As Vulture South reported last week, a repairing the electrical cable connecting Tasmania to the mainland is going to necessitate a visit by cable repair ship the Ile de Re, because Basslink's communication fibre is going to be cut during the operation." 'via Blog this'

Cyberleagle: #IPBill Christmas Quiz

Cyberleagle: #IPBill Christmas Quiz: "[Updated 1 January 2016 with answers at foot of page]

Now that everyone has sent in their submissions to the Joint Parliamentary Committee scrutinising the draft Investigatory Powers Bill, here is a little Christmas quiz to alleviate the withdrawal symptoms.

For most of the questions you need only study the draft Bill. One requires the Explanatory Notes. For one other you have to go slightly further afield. Answers may be indeterminate.

  1. When is a person not a “person”?  
  2. What is an internet communications service?  
  3. How many times does ‘proportionate’ appear?  
  4. How does generation of data differ from obtaining data by generation?  
  5. What may identify an identifier?  
  6. When might you have to grapple with the meaning of meaning?  
  7. How many times is encryption mentioned?  
  8. Can general be specific?  
  9. Which two differently worded provisions describe the same thing?  
  10. When is data not itself?" 'via Blog this'

Never mind Internet Connection Records, what about Relevant Communications Data?

Cyberleagle: "Clause 71 of the Bill would empower the Home Office to issue retention notices covering six categories of what the draft Bill calls ‘relevant communications data’.

 According to the draft Bill’s Explanatory Notes, one of those six categories (71(9)(f)) corresponds to internet connection records. That leaves five categories which, on the face of them, seem to go wider than the existing data retention categories under the Data Retention and Investigatory Powers Act 2014 (DRIPA) as amended by the Counter Terrorism and Security Act 2015 (CTSA).

 For internet communications the current DRIPA data retention categories cover internet access services, internet e-mail and internet telephony. Those categories replicate the 2009 Data Retention Regulations, which implemented the now invalidated EU Data Retention Directive.  The CTSA extended DRIPA to include so-called IP address resolution data.

 We can get an idea of the scope of ‘relevant communications data’ by appreciating that it covers any type of communication on a network, expressly including communications where the sender or recipient is not a human being. This sweeps up not only background interactions that smartphone apps make automatically with their supplier servers, but probably the entire internet of things. 

The type of data about these communications that could be required to be retained goes beyond the relatively familiar sender, recipient, time and location information to data such as the ‘type, method or pattern’ of communication (clause 71(9)(c)).

‘Data’ is defined to include ‘any information which is not data’ (clause 195(1)).

In another departure from existing retention laws, providers could be required to generate data specifically for retention (71(8)(b)(i)). At present they can only be required to keep data that they already generate or process in the course of providing their service." 'via Blog this'

Friday, 5 February 2016

Cyberleagle: some 2016 legal cases emerging

Cyberleagle: "Questions arising out of David Davis and Tom Watson MPs’ legal challenge to the data retention provisions of DRIPA have been referred to the CJEU by the Court of Appeal. A reference from the Swedish courts (C-203/15 Tele2 Sverige) is also pending. [CJEU hearing of both cases will take place on 12 April 2016]

 Interception and surveillance complaints to the European Court of Human Rights  include a case taken by Big Brother Watch, the Open Rights Group, English PEN and Dr Constanze Kurz and one by the Bureau of Investigative Journalism. Amnesty International, Liberty, Privacy International and others have lodged a complaint following the decision of the Investigatory Powers Tribunal on bulk interception and receipt of US PRISM and UPSTREAM interception product. 

 Investigatory Powers Tribunal challenges brought by Privacy International and seven ISPs around the world to equipment interference and by Privacy International to use of bulk personal datasets are pending. The latter includes a challenge to the use of national security directions under S.94 Telecommunications Act 1984. " 'via Blog this'

Wednesday, 3 February 2016

What's behind the shield? Unspinning the "privacy shield" spin - EDRi

What's behind the shield? Unspinning the "privacy shield" spin - EDRi: "The US was so sure that it would be able to persuade the EU to capitulate in the negotiations that it adopted the flawed “Cybersecurity Act”. Under that legislation, a provision was adopted under which Internet companies (either voluntarily or under coercion) will be able to secretly share personal data with US authorities – in direct contravention of the ruling of the Court of Justice of the EU.

Similarly, the previously announced but unpublished (see the first bullet point, above) Umbrella Agreement is seriously deficient and needs to be re-negotiated before it can be adopted. The EU now has no leverage to demand this.

Finally, the crucial Judicial Redress Act has been amended by the US Senate in a way that means that individuals outside the US can only get redress if their government shares enough data with the US authorities." 'via Blog this'

EU Law Analysis: Live. Die. Repeat. The ‘Privacy Shield’ deal as ‘Groundhog Day’: endlessly making the same mistakes?

EU Law Analysis: Live. Die. Repeat. The ‘Privacy Shield’ deal as ‘Groundhog Day’: endlessly making the same mistakes?: "How does this relate to the new EU/US privacy deal, dubbed ‘Privacy Shield’? Obviously the deal involves the USA, and it was reached yesterday, on Groundhog Day. And it’s a new incarnation of a prior deal: ‘Safe Harbor’, killed last October by the CJEU in the Schrems judgment (discussed here).

While the text of the new agreement is not yet available, the initial indication is that it is bound to be killed in turn – unless the CJEU, admittedly an increasingly fickle judicial deity, is willing to go back on its own case law. Goodness knows how many further reincarnations will be necessary before the US and EU can reach enlightenment." 'via Blog this'

GDPR and the Digital Age of Consent for Online Services

GDPR and the Digital Age of Consent for Online Services:

"Apart from being difficult to enforce on a practical level, the proposed threshold is also at odds with the existing legal framework in the UK on the capacity of young people to enter into contracts.

In England and Wales, a child does not generally acquire full legal capacity until the age of 18. However, minors can and do enter into contracts before reaching full age.

Like the ICO's approach to processing of personal data, the English courts take the view that the validity of such contracts will depend on the child's understanding of the transaction.

In the Court of Appeal judgment in R v Oldham Metropolitan BC, ex parte Garlick [1993] AC 509, for example, Scott LJ commented that, whilst a child well under the age of 10 could purchase sweets, a 4-year-old could not contract for the occupation of residential property.

Clearly this is an extreme example, but the point is that children acquire contractual capacity on a gradual basis as their understanding of the world develops. Drawing a line in the sand for all circumstances is impractical and unworkable.

It is therefore likely that a minor could legally consent to a website's terms and conditions and privacy policy well before their 16th birthday, provided that they understood the nature of the contract.

Nevertheless, it is well established at common law that contracts entered into by minors are voidable at the minor's option but remain binding on the other party. Information society service providers could therefore be at risk of a minor voiding their consent to the processing of their data months after accessing a website or app." 'via Blog this'

European Court of Human Rights revisits intermediary liability – TechnoLlama

European Court of Human Rights revisits intermediary liability – TechnoLlama: "The European Court of Human Rights (ECtHR) has revisited the issue of liability for Internet intermediaries in the case of Magyar Tartalomszolgáltatók Egyesülete and Index.Hu v Hungary.

This is the second time in less than a year that the ECHR deals with this issue, as it had already produced a controversial decision in the case of Delfi v Estonia, where the court had ruled against news intermediaries and declared them liable for abusive comments posted by users.

I have to say that I was rather apprehensive about the Magyar case, but I’m glad to report that the ECHR has produced a more nuanced decision that fits better with existing practice and law." 'via Blog this'

CSEC commissioner calls for safeguards on Five Eyes data sharing

CSEC commissioner calls for safeguards on Five Eyes data sharing - Politics - CBC News: "The watchdog that keeps an eye on Canada's electronic spy agency says it cannot be sure the intelligence service's Five Eyes partners abide by promises to properly protect information about Canadians.

A newly declassified report shows the federally appointed watchdog has recommended that Defence Minister Rob Nicholson issue a directive to Communications Security Establishment Canada that sets out expectations for safeguarding Canadians' privacy when CSEC shares information with its key allies. " 'via Blog this'

Society for Computers and Law: Free Access for university students

SCL University Ambassadors: "Free Benefits for Students in full-time education 

 Free student access to the entire content of this site: This includes our considerable archive of news items, articles, blogs, event podcasts, CPD and more. 

Students can also gain free access the ePub version of the C&L Magazine – this is published 6 times a year exclusively for SCL members. 

 Students are also able to attend all SCL events at concessionary rates. We have an exciting range of seminars, meetings and conferences covering all the key IT Law topics with prestigious speakers and the opportunity to meet potential future employers and thought-leaders in the IT Law sector." 'via Blog this'

SCL Student Essay Prize 2016

SCL Student Essay Prize 2016: "SCL Student Essay Prize 2016

 Stand out from the crowd!

You will stand out from the crowd. You will add credibility and marketability to your profile. And you will win access to the biggest and best IT law event of 2016.

That's why you want to write the essay that wins the SCL Essay Prize 2016.

With a range of highly current topics to choose from, you surely cannot resist the temptation to prove that you have that little bit extra. The little extra that will make law firms or other employers bow down before you with the sort of offers that you can only dream about.

It is a situation where circa 2,000 carefully chosen words might change your life for the better. Those chances don't come often. Enter the SCL Essay Prize competition and take the opportunity that beckons

 The prize:

A free place at the IFCLA Conference (including the gala dinner) which will be hosted by SCL on Thursday 9 and Friday 10 June 2016 in London

Publication in the SCL's Computers & Law magazine and on this website

£250 cash

 Who can enter
You are eligible to enter this competition if you are a student (undergraduate, taught postgraduate, or research postgraduate) currently registered at an accredited academic institution or legal practitioner training course (e.g. to become a barrister, solicitor or advocate).

'via Blog this'

UK’s Investigatory Powers Bill: Loopholes Within Loopholes Will Lead to Unbridled Surveillance | Electronic Frontier Foundation

UK’s Investigatory Powers Bill: Loopholes Within Loopholes Will Lead to Unbridled Surveillance | Electronic Frontier Foundation: "The Investigatory Powers Bill, as written, is so vague as to permit a vast range of surveillance actions, with profoundly insufficient oversight or insight into what Britain’s intelligence, military and police intend to do with their powers. It is, in effect, a carefully-crafted loophole wide enough to drive all of existing mass surveillance practice through.

Or, in the words of Richard Clayton, Director of the Cambridge Cloud Cybercrime Centre at the University of Cambridge, in his submissions to the committee:

“the present bill forbids almost nothing ... and hides radical new capabilities behind pages of obscuring detail.”

 The bill is 192 pages long, excluding over 60 pages of explanatory notes. Our comments to the committee focused on just one aspect of the bill, what they call “equipment interference.” " 'via Blog this'

Tuesday, 2 February 2016

California judge reaches decision in PETA’s monkey selfie case

California judge reaches decision in PETA’s monkey selfie case – TechnoLlama:

"A judge in California has dismissed a copyright case brought by People for the Ethical Treatment of Animals (PETA), where the animal rights organisation claimed that it represented the monkey that took the famous selfie depicted above.

The case is that of Naruto v Slater, where PETA sued British photographer David Slater for copyright infringement, claiming to be acting on behalf of Naruto the monkey.

I had written an opinion about the case when it was first filed, and I am glad to report that the decision has not produced any surprises.

As most legal analysts predicted, the judge dismissed the case based on the fact that the monkey has no standing, as it cannot be considered an author for the purposes of the law and therefore it does not have copyright, so PETA cannot act on behalf of the monkey." 'via Blog this'

Monday, 1 February 2016

Hungary: Court judgement to place spotlight on ISPs’ rights and liabilities

Hungary: Court judgement to place spotlight on internet service providers’ rights and liabilities | HUMANERIGHTSEUROPE: "Magyar Tartalomszolgáltatók Egyesülete and Index.hu Zrt v. Hungary (no. 22947/13)

The case concerns the liability of a self-regulatory body of Internet content providers and an Internet news portal for vulgar and offensive online comments posted on their websites.

The applicants are two legal entities registered under Hungarian law, Magyar Tartalomszolgáltatók Egyesülete (“MTE”) and Index.hu Zrt (“Index”), both based in Budapest. MTE, an association, is the self-regulatory body of Hungarian Internet content providers, and Index, a company, is the owner of one of the major Internet news portals in Hungary.

 On 5 February 2010, MTE published an opinion on its webpage criticising the business practice of two real estate websites for misleading their clients into using a 30-day advertising service free of charge, which on expiry became subject to a fee without prior notification. Index subsequently wrote about the opinion, publishing the full text on its website. The opinion attracted offensive and vulgar comments both on the websites of MTE and Index.

 On 17 February 2010 the company operating the real estate websites brought a civil action against the applicants, complaining that the opinion and subsequent comments had damaged its reputation.

On learning of the court action, the applicants immediately removed the comments in question.

In their counterclaims they argued that, as intermediary publishers, they were not liable for the user comments, and that, in any event, their criticism was justified given the numerous consumer complaints and proceedings which had been brought against the plaintiff’s business practices." 'via Blog this'