Friday, 24 March 2017

Senate votes to let ISPs sell your Web browsing history to advertisers | Ars Technica

Senate votes to let ISPs sell your Web browsing history to advertisers | Ars Technica: "The rules were approved in October 2016 by the Federal Communications Commission's then-Democratic leadership, but are opposed by the FCC's new Republican majority and Republicans in Congress. The Senate today used its power under the Congressional Review Act to ensure that the FCC rulemaking "shall have no force or effect" and to prevent the FCC from issuing similar regulations in the future.

 The House, also controlled by Republicans, would need to vote on the measure before the privacy rules are officially eliminated. President Trump could also preserve the privacy rules by issuing a veto. If the House and Trump agree with the Senate's action, ISPs won't have to seek customer approval before sharing their browsing histories and other private information with advertisers." 'via Blog this'

Free Speech and Protected Privacy: Balancing Two Human Rights 5 April 1pm

Free Speech and Protected Privacy: Balancing Two Human Rights : News and events : ... : Law : University of Sussex: "Free Speech and Protected Privacy: Balancing Two Human Rights
Wednesday 5 April 13:00 until 14:30
Ashdown House, Room 101

Speaker: Hugh Tomlinson QC, Matrix Chambers

Part of the series: Sussex Centre for Human Rights Research

Hugh Tomlinson QC, a member of Matrix Chambers, is a noted specialist in media and information law including defamation, confidence, privacy and data protection. " 'via Blog this'

Thursday, 23 March 2017

Thank heavens the wrangling over BT's Openreach separation has ended • The Register

Thank heavens the wrangling over BT's Openreach separation has ended • The Register: "What hasn’t changed under the legal separation, as opposed to a structural one, is where Openreach’s profits go, with Shurmer noting they "will flow back to the BT Group”. The group's budget will also be controlled by BT.  In terms of investment, the announcement will make no difference to BT’s current broadband roll-out plans. “This agreement is based on the guidance we have already given the city around our investment plans, so there is no change there."

The biz is currently connecting 10 million customers to its ultrafast hybrid fibre and copper G.Fast and 2 million "pure fibre" connections by 2020. Critics have said the biz is relying too much on G.Fast over full fibre.

 However, Shurmer hinted the new structure could help boost further investment. "But what we do have now with this new consultation process is this new approach to developing a business case for future network investment." 'via Blog this'

Home Office admits it's preparing to accept EU ruling on surveillance • The Register

Home Office admits it's preparing to accept EU ruling on surveillance • The Register: "Other than the notable omission of a draft code of practice on communications data alongside the other draft codes published last month, it has been unclear whether the Home Office had paid any attention to the ruling at all – until last Friday, when an IT tender relating to the Investigatory Powers Act made mention of a "a new communications data independent authorising body", which was spotted by the Open Rights Group.

 Regarding the new authorising body, a Home Office spokesperson repeated to The Register that it was "disappointed" and "carefully considering [the ruling's] implications".

"The government will vigorously defend the fundamental powers in the Investigatory Powers Act because they are vital to the police and intelligence agencies in arresting criminals, prosecuting paedophiles and preventing terrorist attacks," the spokesperson added. "We will provide Parliament and the courts with an update on our response to the judgment in due course."

 While the ambiguity of "in due course" has become something of a running joke for those asking questions of the department, it did also inform us that although the CJEU ruling was specifically directed at a previous bit of legislation which the Investigatory Powers Act replaced, DRIPA, it was currently considering how the ruling would affect the new Snoopers' Charter. 'via Blog this'

Wednesday, 22 March 2017

The world's leading privacy pros talk GDPR with El Reg • The Register

The world's leading privacy pros talk GDPR with El Reg • The Register: "The European Court of Justice ultimately conceded that Safe Harbor was indeed invalid, and suddenly there was no legal basis for American megacorps to continue quaffing Europeans' data. Not that those companies cared, or agreed even. Facebook, Microsoft, and Salesforce have continued to shuttle Zuckabytes back home through "model clauses" contracts, a measure which is again being challenged by Schrems.

 Even if this workaround is shot down during the ongoing court case in Dublin, however, both the EU and US share much about privacy in terms of cultural values regarding privacy, suggested Hughes." 'via Blog this'

Monday, 20 March 2017

Selling your soul while negotiating the conditions: from notice and consent to data control by design | SpringerLink

Selling your soul while negotiating the conditions: from notice and consent to data control by design | SpringerLink: "This article claims that the Notice and Consent (N&C) approach is not efficient to protect the privacy of personal data. On the contrary, N&C could be seen as a license to freely exploit the individual’s personal data. For this reason, legislators and regulators around the world have been advocating for different and more efficient safeguards, notably through the implementation of the Privacy by Design (PbD) concept, which is predicated on the assumption that privacy cannot be assured solely by compliance with regulatory frameworks. In this sense, PbD affirms that privacy should become a key concern for developers and organisations alike, thus permeating new products and services as well as the organisational modi operandi.

Through this paper, we aim at uncovering evidences of the inefficiency of the N&C approach, as well as the possibility to further enhance PbD, in order to provide the individual with increased control on her personal data. The paper aims at shifting the focus of the discussion from “take it or leave it” contracts to concrete solutions aimed at empowering individuals. As such, we are putting forth the Data Control by Design (DCD) concept, which we see as an essential complement to N&C and PbD approaches advocated by data-protection regulators. The technical mechanisms that would enable DCD are currently available (for example, User Managed Access (UMA) v1.0.1 Core Protocol).

We, therefore, argue that data protection frameworks should foster the adoption of DCD mechanisms in conjunction with PbD approaches, and privacy protections should be designed in a way that allows every individual to utilise interoperable DCD tools to efficiently manage the privacy of her personal data. After having scrutinised the N&C, PbD and DCD approaches we discuss the specificities of health and genetic data, and the role of DCD in this context, stressing that the sensitivity of genetic and health data requires special scrutiny from regulators and developers alike. In conclusion, we argue that concrete solutions allowing for DCD already exist and that policy makers should join efforts together with other stakeholders to foster the concrete adoption of the DCD approach." 'via Blog this'

Co-regulation in EU personal data protection: the case of technical standards and the privacy by design standardisation 'mandate' | Kamara | European Journal of Law and Technology

Co-regulation in EU personal data protection: the case of technical standards and the privacy by design standardisation 'mandate' | Kamara | European Journal of Law and Technology: "The recently adopted General Data Protection Regulation (GDPR), a technology-neutral law, endorses self-regulatory instruments, such as certification and technical standards. Even before the adoption of the General Data Protection Regulation, standardisation activity in the field of privacy management and data security had emerged.

In 2015, the European Commission issued the first standardisation request to the European Standardisation Organisations to develop privacy management standards based on art. 8 of the EU Charter of Fundamental Rights.

There is a rising shift from command-and-control regulation to the inclusion of co-regulation tools in the EU data protection legislation. The aim of this article is to provide insights on the role of standardisation as a form of co-regulation in the data protection context. " 'via Blog this'

Cyberleagle: The Investigatory Powers Act - swan or turkey?

Cyberleagle: The Investigatory Powers Act - swan or turkey?: "Over 300 pages make up what then Prime Minister David Cameron described as the most important Bill of the last Parliament. When it comes into force the IP Act will replace much of RIPA (the Regulation of Investigatory Powers Act 2000), described by David Anderson Q.C.’s report A Question of Trust as ‘incomprehensible to all but a tiny band of initiates’. It will also supersede a batch of non-RIPA powers that had been exercised in secret over many years - some, so the Investigatory Powers Tribunal has found, on the basis of an insufficiently clear legal framework. 
 

None of this would have occurred but for the 2013 Snowden revelations of the scale of GCHQ’s use of bulk interception powers. Two years post-Snowden the government was still acknowledging previously unknown (except to those in the know) uses of opaque statutory powers. 
 

Three Reviews and several Parliamentary Committees later, it remains a matter of opinion whether the thousands of hours of labour that went into the Act have brought forth a swan or a turkey. If the lengthy incubation has produced a swan, it is one whose feathers are already looking distinctly ruffled following the CJEU judgment in Watson/Tele2, issued three weeks after Royal Assent. That decision will at a minimum require the data retention aspects of the Act to be substantially amended. " 'via Blog this'

YouTube Censors Everyone: Feminists, LGBT Vloggers, Pundits and Gamers | Heat Street

YouTube Censors Everyone: Feminists, LGBT Vloggers, Pundits and Gamers | Heat Street: "YouTube has caved in to calls for content restrictions and censorship on its platform, implementing an optional new feature called “restricted mode”.

It’s designed to censor indecent material — the kind that advertisers do not wish to be associated with.

According to Google, the optional feature “uses community flagging, age-restrictions, and other signals to identify and filter out potentially inappropriate content.”

It’s a feature that’s been around for at least a year, but YouTube producers haven’t been feeling the hurt until now.

Since YouTube ramped up the mode’s restrictions, several LGBT bloggers discovered that their content was blocked, and accused the platform of hiding their videos." 'via Blog this'

Friday, 17 March 2017

Algorithms in decision-making inquiry launched - UK Parliament

Algorithms in decision-making inquiry launched - News from Parliament - UK Parliament: "The Committee would welcome written submissions by Friday 21 April 2017 on the following points:

 The extent of current and future use of algorithms in decision-making in Government and public bodies, businesses and others, and the corresponding risks and opportunities;

Whether 'good practice' in algorithmic decision-making can be identified and spread, including in terms of:
—  The scope for algorithmic decision-making to eliminate, introduce or amplify biases or discrimination, and how any such bias can be detected and overcome;


Whether and how algorithmic decision-making can be conducted in a ‘transparent’ or ‘accountable’ way, and the scope for decisions made by an algorithm to be fully understood and challenged;


The implications of increased transparency in terms of copyright and commercial sensitivity, and protection of an individual’s data;

Methods for providing regulatory oversight of algorithmic decision-making, such as the rights described in the EU General Data Protection Regulation 2016.

The Committee would welcome views on the issues above, and submissions that illustrate how the issues vary by context through case studies of the use of algorithmic decision-making." 'via Blog this'

DeepMind AI faces privacy questions about its data deal with the NHS | WIRED UK

DeepMind faces privacy questions about its data deal with the NHS | WIRED UK: "The mostly-silent centre of arguments is the Information Commissioner's Office (ICO), which oversees data protection issues in the UK. The body has been investigating the DeepMind and NHS deal since initial complaints were made.

The ICO confirmed to WIRED that its investigations into the sharing of patient information was close to finishing.

"We continue to work with the National Data Guardian and have been in regular contact with the Royal Free and Deep Mind who have provided information about the development of the Streams app," the ICO said. "This has been subject to detailed review as part of our investigation. It’s the responsibility of businesses and organisations to comply with data protection law.”" 'via Blog this'

Thursday, 16 March 2017

Advertisers look forward to buying your Web browsing history from ISPs | Ars Technica

Advertisers look forward to buying your Web browsing history from ISPs | Ars Technica: "If no agency enforces privacy rules, "consumers will have no ability to stop Internet service providers from invading their privacy and selling sensitive information about their health, finances, and children to advertisers, insurers, data brokers or others who can profit off of this personal information, all without their affirmative consent," Sen. Edward Markey (D-Mass.) said last week.

 Acting FTC Chairwoman Maureen Ohlhausen said last year that the FTC recommends getting opt-in consent for "unexpected collection or use of consumers’ sensitive data such as Social Security numbers, financial information, and information about children," and an opt-out system for other data, she wrote. Under that scenario, ISPs apparently would not need opt-in consent from customers before sharing Web browsing history." 'via Blog this'

Wednesday, 15 March 2017

Data hungry gov’t vows to eyeball data offences in woolly digital pledge | Ars Technica UK

Data hungry gov’t vows to eyeball data offences in woolly digital pledge | Ars Technica UK: "Digital minister Matt Hancock has previously said that the government would implement the GDPR "in full"—a vow repeated in the DCMS' digital strategy, which highlights concerns about the transfer of data between the UK and European Union once Brexit kicks in.

"As part of our plans for the UK’s exit from the EU, we will be seeking to ensure that data flows remain uninterrupted, and will be considering all the available options that will provide legal certainty for businesses and individuals alike," it said.

 Britain's data watchdog, the Information Commissioner's Office, told Ars that the DCMS was leading a review of data protection offences. It declined to comment, however, on how such a review might affect the controversial Part 5 of the Digital Economy Bill." 'via Blog this'

Tuesday, 14 March 2017

GDPR, the proposed Copyright Directive and intermediary liability: one more time! | Peep Beep!

The GDPR, the proposed Copyright Directive and intermediary liability: one more time! | Peep Beep!: "One way to make sense of the GDPR could be to say that it implicitly acknowledges that the E-Commerce Directive liability exemptions should apply even in situations in which the service provider is (primarily) liable as a data controller.

 Note that the Court of Appeal in Northern Ireland did not wait for the GDPR to hold that Facebook, as a data controller and an information society provider, could avail itself of the national transposition of Article 14 of the E-Commerce Directive in CG v Facebook Ireland Ltd & Anor [2016] NICA 54 (21 December 2016).

 Such an interpretation is sensible, although if the characterisation of data controller is retained it would seem logical [but who is interested in logic?] to conclude after Google Spain that the processing performed by Facebook should therefore be distinct from the processing performed by the uploader of the information.

 However because Articles 12-14, strictly speaking, only target one specific situation: liability for the (unlawful) information transmitted or stored by their users, a cumulative application of EU data protection law and e.g. Article 14 of the E-Commerce Directive could appear odd in some instances, e.g. in the case of a search engine referencing content lawfully published." 'via Blog this'

AI, machine learning and personal data | ICO Blog

AI, machine learning and personal data | ICO Blog: "When the General Data Protection Regulation (GDPR) comes into force in 2018, the regulatory toolkit will be sharpened. Some key changes will be:



  1.  more powerful rights for individuals, including rights in relation to automated decisions and profiling; 
  2. new accountability provisions, including the implementation of codes of conduct and certification mechanisms that will help to improve standards and hold organisations to account in areas such as automated decision making; 
  3. and
    increased enforcement powers for the ICO, including the ability to issue fines of up to €20,000,000 or 4% of annual worldwide turnover for infringements of the of the regulation. 


These changes, and more, will contribute towards a relevant and effective regime for the regulation of personal data in the world of big data, AI and machine learning." 'via Blog this'

Monday, 13 March 2017

I invented the web. Here are three things we need to change to save it: Tim Berners-Lee

I invented the web. Here are three things we need to change to save it | Tim Berners-Lee | Technology | The Guardian: "Through collaboration with – or coercion of – companies, governments are also increasingly watching our every move online and passing extreme laws that trample on our rights to privacy. In repressive regimes, it’s easy to see the harm that can be caused – bloggers can be arrested or killed, and political opponents can be monitored. But even in countries where we believe governments have citizens’ best interests at heart, watching everyone all the time is simply going too far. It creates a chilling effect on free speech and stops the web from being used as a space to explore important topics, such as sensitive health issues, sexuality or religion." 'via Blog this'

ICO Upholds £1,000 Fine Against TalkTalk for Personal Data Breach

ICO Upholds £1,000 Fine Against TalkTalk for Personal Data Breach - ISPreview UK: "ICO then raised the issue with TalkTalk on 20th November and the ISP confirmed reception of that letter. However it then took until 27th November before TalkTalk’s Information Security Officer, Mike Rabbitt, was able to confirm that an investigation had been started, although they didn’t officially confirm that a data breach had occurred until 1st December.

TalkTalk claims that the delay in reporting the breach was because “the incident had not been reported to either [TalkTalk’s] Information Security or Fraud team.”

In February 2016 the ICO informed TalkTalk that they intended to impose a fine for the reporting failure, which TalkTalk opposed and ultimately the case went to appeal.

 Suffice to say that the Tribunal was unanimous in dismissing TalkTalk’s appeal." 'via Blog this'

Sunday, 12 March 2017

Video of ICO Elizabeth Denham discusses GDPR | ICAEW

Information commissioner Elizabeth Denham discusses GDPR | ICAEW: "In a wide-ranging speech, the commissioner noted that however fast regulation moves, technology moves faster. She outlined the new General Data Protection Regulation (GDPR) which will be with us in May 2018 and the important role that ICAEW members have to play in spreading the word about the new requirements" 'via Blog this'

CJEU judgment in Watson « Independent Reviewer of Terrorism Legislation

CJEU judgment in Watson « Independent Reviewer of Terrorism Legislation: "The CJEU considered that DRIPA 2014 “exceeds the limit of what is strictly necessary and cannot be considered to be justified, within a democratic society“: para 107.  But it referred the case back to the English Court of Appeal for a decision on the extent to which UK law is consistent with EU requirements (para 124).  The  battle will resume there in the New Year.

The case (Case C-698/15) was joined with a Swedish case brought by Tele2 Sverige AB (Case C-203/15)." 'via Blog this'

Wednesday, 8 March 2017

Dubliner who is the CIA's go-to smart guy for cyber security tech start-ups

Meet the Dubliner who is the CIA's go-to smart guy for cyber security tech start-ups - Independent.ie: "Paladin is focused on several aspects of cyber security, he says. "If you think about it, we've benefited enormously from the internet in a very short space of time, and as cyber security threats grow, we're only perhaps now realising the true cost of that. The Internet of Things brings a whole new set of security concerns, so that's one obvious area we're looking at. Blockchain - a system for permanently storing transaction records on networks of unrelated computers permanently and verifiably - is another area of interest, particularly for 'know your client' functions and how it may provide greater security for customers.

"Enterprise IT and its operation of secure transactions is another one. A key one is threat analysis - the use of data to understand what's going on that might threaten a company's IP and operations. It's about how data is analysed, used and protected; how do transactions take place, is it seamless and who is storing data. The final one is how secure information interfaces with genomic or gene sequencing in the diagnostics and therapeutics functions related to health.

 "What we know for certain is that there's a constantly evolving set of threats against our personal data and that of corporates and governments. The reaction to that is a set of innovations, we want to invest in that innovation and the market is large and growing. The threat faced by businesses is often existential. This isn't just an IT problem, it's one of which a CEO is now constantly aware."" 'via Blog this'

Wikileaks 'reveals CIA hacking tools' - BBC News

Wikileaks 'reveals CIA hacking tools' - BBC News: "There is a huge amount of information in the CIA data dump but a lot of it, such as its apparent success in compromising smart TVs, is not that surprising. Lone researchers have managed similar hacks, so smart government agents were always going to be able to go further.
Plus, we kind of know that a lot of the modern internet-of-things gear is broken as all kinds of holes have been found in all kinds of gadgets - including cars.

What's more interesting is the work said to have been done on iPhone and Android handsets. That's because Apple works hard to make sure iOS is secure and Google has made a real effort lately to secure its operating system. For a spy agency, access to those gadgets is key because they travel everywhere with a target.
What is likely to hit the CIA the hardest is losing control of all the zero day exploits and malware detailed in the papers." 'via Blog this'

Monday, 6 March 2017

Copyright and Open Access: A Sussex Humanities Lab Lunchtime Debate : Sussex Humanities Lab : University of Sussex

Copyright and Open Access: A Sussex Humanities Lab Lunchtime Debate : Sussex Humanities Lab : University of Sussex: "In light of the changing policy on copyright being pursued by the University, and the changing IP environment for higher education, the Sussex Humanities Lab is hosting a debate between Prof David Berry and Prof Tim Hitchcock" 'via Blog this'

About Internet of Things research: PETRAS

About | PETRAS: "The PETRAS Internet of Things Research Hub is a consortium of nine leading UK universities which will work together over the next three years to explore critical issues in privacy, ethics, trust, reliability, acceptability, and security." 'via Blog this'

Master spy behind Snoopers’ Charter wants to gag leakers, journalists | Ars Technica UK

Master spy behind Snoopers’ Charter wants to gag leakers, journalists | Ars Technica UK: "Hancock, these days, is the government's cheerleader for the Digital Economy Bill—which is currently winging its way with ease through parliament. However, controversial provisions within Part 5 of the draft law fail to offer any safeguards for plans to share citizen data more widely. And everyone from privacy campaigners to doctors are deeply concerned about the government's plans.

The draft law is name-checked a number of times in the Law Commission's Protection of Official Data review, where it explores the wobbly "legislative landscape" on personal information disclosure offences in the UK. "The provisions contained in the Digital Economy Bill do not streamline the legislative landscape, but rather add to it. From a theoretical perspective the legislative landscape looks irrational, dispersed, and lacking in uniformity," it said.
It went on to discuss the "practical implications" by arguing that "the potential for the offences to overlap is likely to be increased when the Digital Economy Bill receives the Royal Assent," seemingly in a clear acknowledgement that more leaks of sensitive government information will take place.

Notably, the Law Commission failed to once mention the EU's upcoming General Data Protection Regulation, which Hancock has said will be implemented in full in 2018—in part to allow online businesses to continue to transfer data between the UK and the soon-to-be 27-member state bloc." 'via Blog this'

Understanding the Consumer Review Fairness Act of 2016 by Eric Goldman :: SSRN

Understanding the Consumer Review Fairness Act of 2016 by Eric Goldman :: SSRN: "Anti-review clauses distort the marketplace benefits society gets from consumer reviews by suppressing peer feedback from prospective consumers, which in turn helps poor vendors stay in business and diminishes the returns that good vendors get from investments in quality (thus degrading their willingness to make those investments).

 Recognizing the threats posed by anti-review clauses, Congress banned them in the Consumer Review Fairness Act of 2016 (the CRFA). As the House Report explains, the law seeks “to preserve the credibility and value of online consumer reviews by prohibiting non-disparagement clauses restricting negative, yet truthful, reviews of products and services by consumers.” By doing so, the CRFA helps advance the effective functioning of marketplaces." 'via Blog this'

Privacy: Ten More Questions for President Trump-Lawfare

Ten More Questions for President Trump - Lawfare:

"You say that you “bet a good lawyer could make a great case out of the fact that President Obama was tapping my phones in October, just prior to Election!” Are you planning to bring suit against Obama or anyone else under either 50 U.S.C. § 1810—which provides for civil remedies for “[a]n aggrieved person, other than a foreign power or an agent of a foreign power . . . who has been subjected to an electronic surveillance”—or under 18 U.S.C. § 2520—which provides that “any person whose wire, oral, or electronic communication is intercepted . . . in violation of [criminal wiretap law] may in a civil action recover from the person or entity, other than the United States, which engaged in that violation”?

To the extent no such surveillance took place or you have grossly mischaracterized it, do you have any concerns that you might have imputed grave misconduct to your predecessor—in the language of New York Times v. Sullivan—with “‘actual malice’—that is, with knowledge that it was false or with reckless disregard of whether it was false or not”?" 'via Blog this'

Google’s Artificial Brain Learns to Find Cat Videos: WIRED

Google’s Artificial Brain Learns to Find Cat Videos | WIRED: "Since coming out to the public in 2011, the secretive Google X lab — thought to be located in the California Bay Area — has released research on the Internet of Things, a space elevator and autonomous driving.

 Its latest venture, though not nearing the number of neurons in the human brain ( thought to be over 80 billion), is one of the world’s most advanced brain simulators. In 2009, IBM developed a brain simulator that replicated one billion human brain neurons connected by ten trillion synapses.

 However, Google’s latest offering appears to be the first to identify objects without hints and additional information. " 'via Blog this'

Sunday, 5 March 2017

U.S. Government’s Privacy Watchdog Is Basically Dead, Emails Reveal

The U.S. Government’s Privacy Watchdog Is Basically Dead, Emails Reveal: "One key item on PCLOB’s agenda for the near future was helping ensure that privacy rights were protected in the course of implementing a pact called Privacy Shield, which would allow corporate information transfers to the U.S. from within the European Union. The U.S. government reassured Europeans, fearful of American surveillance programs, that PCLOB would be involved in overseeing such transfers.

But with only one member, that’s unlikely, says Jake Laperruque, senior counsel at the legal think tank The Constitution Project. “PCLOB falling away may be another nail in the coffin for the US-EU Privacy Shield unless Congress gets serious” about reforming other areas of surveillance policy, he wrote in an email to The Intercept." 'via Blog this'

Wednesday, 1 March 2017

ACS:Law: When bad things happen to bad people – TechnoLlama

ACS:Law: When bad things happen to bad people – TechnoLlama: "This being the Internet, the first thing some enterprising souls did was to copy the data and to start sharing it online immediately through torrent sites (as of writing, the file is still there, but I will not link to it for reasons that will become obvious).

The emails contained some potentially embarrassing details about the practice at ACS:Law, particularly some indication that the firm targeted married men and pensioners with the gay porn allegations, hoping that it would prompt unquestioning payment from the accused. In other words, blackmail and extortion, using copyright as an excuse to obtain easy money from unsuspecting victims." 'via Blog this'