Tag Archives: IP Act

Does Legislation Stifle Innovation?

(From an article originally published in July 2017 on my peerlyst blog)

Does legislation stifle innovation? No. Why? Because it legislates in “catch up mode” mostly and on those rare occasions when the legislators do see something coming in advance (examples? I don’t have any actually) – then they fail to implement the legislation or put in place checks and balances to monitor compliance.

Legislators are better at legislating for the abuse of data – the IP Act in the UK – in favour of mass surveillance and warrantless omnipresent spying and eavesdropping. It’s a catch all bucket – much easier than putting your back into it and figuring it out with Privacy, Civil Liberty and Human Rights in mind.

Legislators are looking to heavily regulate IoT. One wonders what their approach will be since they have failed or chose to ignore (more likely), it would appear, to legislate and police the most basic elements of Data Protection despite some of the first statutes being enacted (in Europe) as far back as 1986.

Now we have the kerfuffle of the NIS Directive (compelling member states to “be appropriately equipped, e.g. via a Computer Security Incident Response Team (CSIRT) and a competent national NIS authority” – another agency just when we thought that the ones that we had were as bad as the disjointed un-joined up implementation of policy could get) and GDPR (which contains the bizarrely general statement in Clause 4 that “The processing of personal data should be designed to serve mankind”) – good luck implementing that.

Data Protection legislation for much of the intervening period was “lip-service” and PR driven. The DATA PROTECTION ACT, 1988 was publicised by the Irish government as an innovative “first of its kind” legislation that would set the Republic of Ireland apart and create a “privacy regulated” USP for RoI as an FDI (foreign direct investment) destination.

The IDA boasts on their website “We favour green lights over red tape, which is why we are one of the best countries in the world for ease of doing business (Forbes). New business is welcomed and supported by the flow of talent coming from our schools, universities and abroad, to work for high-performing companies across a range of cutting-edge sectors.”

What this really means is that regulation in Ireland with respect to Data Protection and Central Bank governance (both having a direct impact on the operations of the likes of EU headquartered tech giants based in Ireland – Google, eBay,Facebook, Twitter, HubSpot etc … pick a name – they are based in Ireland somewhere) was all about accommodating whatever these firms asked for, with scant or little regard to what the privacy protections in the legislation actually dictated in terms of consumer / end user protection.

Put the following statement in front of your local Data Protection commission and ask them to respond with respect to their view on the best way to protect the consumer while enabling innovation – prepare for an answer characterised by vanilla, non-committal prose peppered with out of context TLA’s.

“Dear Data Protection Commissioner, How Does Your Office Propose To Balance Classically-Conceived Privacy Concepts In Light Of The Business Imperative Of Providing The End User With Contextual Richness?”

The Office of the Data Protection Commission and the Central Bank of Ireland are widely regarded as complicit in the wholesale abuse of the data protection, privacy and tax obligations of tech companies operating in the country.

Understaffed, under-skilled and under-whelming, these outfits have presided over some of the most spectacular breaches of these obligations.

Now, they seek to add to their NP-Complete task and their ever expanding skills gap – the area of IoT regulation.

They will be tasked with creating law to govern how companies should implement security protocols and data protection measures to control the people who use the information generated by IoT (or those who seek to illegally acquire it) and the application of Big Data, IoT, AI, data analytics, and machine learning.

I have no faith that Ireland or Europe will stay on the edge of the curve of innovation in order to regulate its expansion in a controlled and understood manner. But I could be wrong. Do you think that I am wrong? I would love to hear counter arguments to my usual cynical stance on these issues.

ENDS

Official Government Response to “Repeal the new Surveillance Laws (Investigatory Powers Act)” Petition

Dear Graham Penrose,

The Government has responded to the petition you signed – “Repeal the new Surveillance laws (Investigatory Powers Act)”.

Government responded:

The Investigatory Powers Act dramatically increases transparency around the use of investigatory powers. It protects both privacy and security and underwent unprecedented scrutiny before becoming law.

The Government is clear that, at a time of heightened security threat, it is essential our law enforcement, security and intelligence services have the powers they need to keep people safe.

The Investigatory Powers Act transforms the law relating to the use and oversight of Investigatory powers. It strengthens safeguards and introduces world-leading oversight arrangements.

The Act does three key things. First, it brings together powers already available to law enforcement and the security and intelligence agencies to obtain communications and data about communications. It makes these powers – and the safeguards that apply to them – clear and understandable.

Second, it radically overhauls the way these powers are authorised and overseen. It introduces a ‘double-lock’ for the most intrusive powers, including interception and all of the bulk capabilities, so warrants require the approval of a Judicial Commissioner. And it creates a powerful new Investigatory Powers Commissioner to oversee how these powers are used.

Third, it ensures powers are fit for the digital age. The Act makes a single new provision for the retention of internet connection records in order for law enforcement to identify the communications service to which a device has connected. This will restore capabilities that have been lost as a result of changes in the way people communicate.

Public scrutiny

The Bill was subject to unprecedented scrutiny prior to and during its passage.

The Bill responded to three independent reports: by David Anderson QC, the Independent Reviewer of Terrorism Legislation; by the Royal United Services Institute’s Independent Surveillance Review Panel; and by the Intelligence and Security Committee of Parliament. All three of those authoritative independent reports agreed a new law was needed.

The Government responded to the recommendations of those reports in the form of a draft Bill, published in November 2015. That draft Bill was submitted for pre-legislative scrutiny by a Joint Committee of both Houses of Parliament. The Intelligence and Security Committee and the House of Commons Science and Technology Committee conducted parallel scrutiny. Between them, those Committees received over 1,500 pages of written submissions and heard oral evidence from the Government, industry, civil liberties groups and many others. The recommendations made by those Committees informed changes to the Bill and the publication of further supporting material.

A revised Bill was introduced in the House of Commons on 1 March, and completed its passage on 16 November, meeting the timetable for legislation set by Parliament during the passage of the Data Retention and Investigatory Powers Act 2014. Over 1,700 amendments to the Bill were tabled and debated during this time.

The Government has adopted an open and consultative approach throughout the passage of this legislation, tabling or accepting a significant number of amendments in both Houses of Parliament in order to improve transparency and strengthen privacy protections. These included enhanced protections for trade unions and journalistic and legally privileged material, and the introduction of a threshold to ensure internet connection records cannot be used to investigate minor crimes.

Privacy and Oversight

The Government has placed privacy at the heart of the Investigatory Powers Act. The Act makes clear the extent to which investigatory powers may be used and the strict safeguards that apply in order to maintain privacy.

A new overarching ‘privacy clause’ was added to make absolutely clear that the protection of privacy is at the heart of this legislation. This privacy clause ensures that in each and every case a public authority must consider whether less intrusive means could be used, and must have regard to human rights and the particular sensitivity of certain information. The powers can only be exercised when it is necessary and proportionate to do so, and the Act includes tough sanctions – including the creation of new criminal offences – for those misusing the powers.
The safeguards in this Act reflect the UK’s international reputation for protecting human rights. The unprecedented transparency and the new safeguards – including the ‘double lock’ for the most sensitive powers – set an international benchmark for how the law can protect both privacy and security.

Home Office

Click this link to view the response online:

https://petition.parliament.uk/petitions/173199?reveal_response=yes

This petition has over 100,000 signatures. The Petitions Committee will consider it for a debate. They can also gather further evidence and press the government for action.

The Committee is made up of 11 MPs, from political parties in government and in opposition. It is entirely independent of the Government. Find out more about the Committee: https://petition.parliament.uk/help#petitions-committee

Thanks,
The Petitions Team
UK Government and Parliament

My Privacy Lobotomy or How I Learned to Stop Worrying & Love the IP Act

(Please Note: This post is a partial reblog. The re-blogged bits are all the bits under the Malcolm Tucker “grenade app” GIF – Featured Image “Bring me Corbyn, Solo & the Wookie” (Credit to @Trouteyes on Twitter))

After weeks of posting hysterical objections to and concerns about the Investigatory Powers Act I now realise that I was worrying needlessly. It suddenly occurred to me that the Investigatory Powers Act is nothing that I should worry about at all. This radical change of heart came as a result of the following statement from the Home Office which Dave Howe on Peerlyst kindly sent to me:

“The safeguards in this Act reflect the UK’s international reputation for protecting human rights. The unprecedented transparency and the new safeguards – including the ‘double lock’ for the most sensitive powers – set an international benchmark for how the law can protect both Privacy and security.”

This is the civil servant who issued the statement:

author

The patronisingly misleading statement has caused me to make an immediate and unconditional U-Turn on my previous opinion of the legislation.

I am now immensely grateful to Theresa May and everyone who had a part in authoring this document. Hopefully it will soon take it’s rightful place alongside the Magna Carta and the Bill of Rights as milestones in the relentless march toward a privacy protected, liberty guaranteed and freedom based utopia.

tucker

Hardly Anyone Has Access To All My Data

Access to my internet connection records is set out in Schedule 4 of the Act and it only says that the following forty plus departments and about 600,000 government employees can mine my private life:

  • Metropolitan Police force
  • City of London Police force
  • Police Forces maintained under section 2 of the Police Act 1996
  • Police Service of Scotland
  • Police Service of Northern Ireland
  • British Transport Police
  • Ministry of Defence Police
  • Royal Navy Police
  • Royal Military Police
  • Royal Air Force Police
  • Security Service
  • Secret Intelligence Service
  • GCHQ
  • Ministry of Defence
  • Department of Health
  • Home Office
  • Ministry of Justice
  • National Crime Agency
  • HM Revenue & Customs
  • Department for Transport
  • Department for Work and Pensions
  • NHS trusts and foundation trusts in England that provide ambulance services
  • Common Services Agency for the Scottish Health Service
  • Competition and Markets Authority
  • Criminal Cases Review Commission
  • Department for Communities in Northern Ireland
  • Department for the Economy in Northern Ireland
  • Department of Justice in Northern Ireland
  • Financial Conduct Authority Fire and rescue authorities under the Fire and Rescue Services Act 2004
  • Food Standards Agency
  • Food Standards Scotland
  • Gambling Commission
  • Labour Abuse Authority
  • Health and Safety Executive
  • Independent Police Complaints Commissioner
  • Information Commissioner
  • NHS Business Services Authority
  • Northern Ireland Ambulance Service Health and Social Care Trust
  • Northern Ireland Fire and Rescue Service Board
  • Northern Ireland Health and Social Care Regional Business Services Organisation
  • Office of Communications Office of the Police Ombudsman for Northern Ireland
  • Police Investigations and Review Commissioner
  • Scottish Ambulance Service Board
  • Scottish Criminal Cases Review Commission
  • Serious Fraud Office
  • Welsh Ambulance Services National Health Service Trust

Hackers

Bulk surveillance of the population and dozens of public authorities with the power to access your internet connection records is a grim turn of events for a democracy.

Unfortunately, bulk collection and storage will also create an irresistible target for malicious actors, massively increasing the risk that your personal data will end up in the hands of:

  • People able to hack / infiltrate your ISP
  • People able to hack / infiltrate your Wi-Fi hotspot provider
  • People able to hack / infiltrate your mobile network operator
  • People able to hack / infiltrate a government department or agency
  • People able to hack / infiltrate the government’s new multi-database request filter

If the events of the past few years are anything to go by, it won’t take long for one or more of these organisations to suffer a security breach. Assuming, of course, that the powers that be manage not to just lose all of your personal data in the post.

So – nothing to worry about at all.

END