Wednesday, 16 March 2016

#IPBill - Next Step the public bill committee

Well, I had my say on RT yesterday.



The next stage is for written (and maybe oral) submissions to the public bill committee. I think I need to do some work on this over the weekend and next week and get it in early.

And if you are writing to them or your MP, feel free to quote me when I say that we used to be proud of saying Made in UK on our products and now that could become a badge of concern.

22 comments:

  1. I am furious with my MP for completely disregarding how I pointed out how trivial it is to avoid monitoring, and voting to go along with the scheme. I will be writing to him shortly pointing out that I will be providing nothing more than a VPN node to Ms. May, and demanding he explain his reason for voting.

    I will be also writing to the public bill committee.

    Adrian if you do happen to give oral evidence again, can you please explain to these idiots how everyone can get around it in seconds with TOR or a VPN? They clearly need it hammered into their heads that a child could break their scheme worth millions in seconds.

    A disgrace and waste of money, all due to incompetent morons who don't understand anything about technology.

    Politics and Ms. May's beliefs have no influence on facts. That's one reason why network engineers build networks, not politicians.

    ReplyDelete
  2. Ignorant Q: when will the snoopers' charter succeed or die? Can they keep on tweaking the wording and bringing it back again and again?

    ReplyDelete
    Replies
    1. If we can get this bill to pass with significant watering down of the problem areas, then maybe it will stop there. Or, if(when) this act has the major problem areas quashed properly by Human Rights courts.

      Delete
  3. I have just read an article at the register regarding a case in the european court against a german citizen held liable by Sony, for copyright infringment due to running an open, passwordless, WiFi hotspot.

    The attorney general advisor to the european court has stated that his opinion is that there is no liability as the WiFi network operator is protected under the same 'Mere Conduit' legislation under article 12 of the e-commerce directive.

    Full text here:
    Reg article:
    http://www.theregister.co.uk/2016/03/16/cjeu_mcfadden_vs_sony/

    Directive 2000/31/EC
    http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32000L0031:en:HTML

    The specific paragraph would appear to be

    "2. The acts of transmission and of provision of access referred to in paragraph 1 include the automatic, intermediate and transient storage of the information transmitted in so far as this takes place for the sole purpose of carrying out the transmission in the communication network, and provided that the information is not stored for any period longer than is reasonably necessary for the transmission."

    Could this requirement potentially de-rail the IP bill?

    (Not a lawyer, blah blah)

    ReplyDelete
    Replies
    1. Well, lack of liability is not the issue really. IIRC Germany wanted wifi to be liable, and mere conduit stops that. It is worth checking though.

      Delete
    2. "Member States are prevented from imposing a monitoring obligation on service providers only with respect to obligations of a general nature; this does not concern monitoring obligations in a specific case and, in particular, does not affect orders by national authorities in accordance with national legislation." but that last bit means they can monitor if there is a law!

      Delete
    3. Article 15 may help though...

      Delete
    4. Deploying an Article 15 argument here would be interesting — I suspect that the Home Office's answer would be "we're not getting powers to ask ISPs to monitor, just to log".

      (PS — one lawyer's take on the free, open Wi-Fi opinion: http://www.scl.org/site.aspx?i=ne46936. Key point is that it was not a private user sharing their Wi-Fi, but a shop.)

      Delete
    5. Well, except, one of the purported reasons for the logging (which requires monitoring before one can log what is monitored) is to detect access to illegal web sites - the very thing article 15 bans!

      Delete
    6. Art. 15 bans the imposition of a general obligation to monitor on ISPs, not the use of retained data by law enforcement. I could see some mileage in an argument that "logging" is the same as "monitoring" but, overall, I wouldn't expect it to win.

      Delete
    7. Well, sort of - if we logged stuff, asking us to retain that for longer is probably OK, but surely asking us to make some monitoring so that we can make some logging (after all, what is monitoring without logging) to then be retained, has to be "monitoring"?

      Delete
    8. I've not read the legislation, but I'd assume that "monitoring" means actively doing something (i.e. actively looking to see if someone is accessing illegal websites and then taking action such as cutting off their connection if they are). This is very different to collecting some data and logging it into a black hole where no one will ever look.

      Delete
    9. Except it is not in a black hole where nobody will look at it - it is somewhere where police can specifically look for someone accessing illegal content - that was one of the specific reasons for access to the data and one of the justifications for the monitoring in the first place.

      Delete
    10. There is no definition of "monitoring" in the directive.

      The prohibition is forcing the ISP to monitor generally, not against third party monitoring.

      Delete
    11. I appreciate that we are talking round in circles and there may be no "right answer" until a judge decides, but I fail to see how being forced to collect and record data so that illegal activity can be detected would not be "monitoring" somehow.

      Delete
    12. I've just had the briefest of looks at the CJEU's case law in the area, and it is closely linked to obligations placed on ISPs / website operators to detect copyright infringement - it all goes beyond mere logging of data, into looking within the data streams or stored data to try to spot infringement. This, the CJEU has held, is a "general obligation to monitor" - an "active" monitoring - and is prohibited.

      See, for example, para 139 of http://curia.europa.eu/juris/document/document.jsf?text=&docid=107261&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=964812

      I am not aware of anything on the point of whether merely logging for subsequent access by law enforcement is "generally monitoring". It was not advanced in the Digital Rights Ireland case, which resulted in the data retention directive being struck down on other grounds.

      Delete
    13. Ok, I should've said "a blackhole where no one at the ISP will look at it" - i.e. I feel that from the ISP's point of view there is a distinction between "monitoring" (doing something with the collected data, such as reacting to it to enforce some rules), and "logging" (sticking data somewhere without the express intention of actually using it themselves).

      Delete
  4. Following that mail I sent you, you'll be glad to know that my MP was one of the few who voted against and I've thanked her very much for that. Now the public are being called upon to comment so I'll be doing that for sure.

    I really didn't expect this bill to get such an easy ride and with time running out, I am seriously worried. I was thinking about who else I could speak to. I know that Amnesty International have raised the issue and I thought perhaps they should join forces with the EFF to form a united front and really get the message out there. I then stumbled across dontspyonus.org.uk and signed the petition there. It's great that this petition exists but if I only just managed to stumble across it by accident then they clearly aren't shouting loudly enough.

    I think they've also focused too much on the privacy issue as they haven't said anything about what a hugely ineffective waste of taxpayers money it is. I suppose it's difficult to warn about the privacy issues whilst simultaneously stating that the spying won't even work that well anyway.

    ReplyDelete
  5. MPs need to understand that this mass monitoring simply won't deliver much because criminals and terrorists won't comply. The bad guys will be using encryption anyway, so the only people who can be effectively spied upon to any degree will be those ordinary users who are not both clued-up and concerned about their privacy. Perhaps a demo would help them understand and get them to believe that the flaws in the proposed measures are crippling. RevK did a good video.

    ReplyDelete
    Replies
    1. Given that it's blindlingly obvious to anybody with a gram of common sense that the legislation won't apply to criminals/terrorists, isn't it just possible that the MPs do understand this and that, instead, they have other motives in pushing this law?

      Delete
    2. Not just possible but certain to my mind. I've said this from day one. Their sole reason is to create a surveillance state and it won't end with this particular bill. How else are they going to be able to prosecute 'thought crime'?

      Delete
  6. MPs ought to be able to understand a slippery slope type argument. They will need reminding about this, which in my view is the biggest danger in the bill, not what it proposes, but the precedent it sets and the direction it defines which is towards ever more detailed and intrusive future snooping.

    ReplyDelete