Privacy News Roundup 7 November 2016

UK Investigatory Powers Bill passes House of Lords

The House of Lords has passed the controversial Investigatory Powers Bill in the UK, better known as the Snoopers’ Charter. There will be 12 months of debate surrounding the bill though it is likely to come into practice at the end of the year when existing surveillance laws expire. The bill passed the House of Commons back in March.

The final draft of the bill still faces a round of possible amendments whereby both the House of Lords and House of Commons will vote on the other house’s suggested changes. Before being made law, the bill will need to get the Queen’s stamp of approval.

The Snoopers’ Charter was introduced by the now-Prime Minster – Theresa May based on the government’s argument that it needed extra protections for national security. Part of this approach, it is argued, involves being able to retrieve information from computer devices and from various networks and servers.

May plans to appoint an Investigatory Powers Commissioner (IPC) who will convene with high court judges. “The IPC will audit compliance and undertake investigations,” said a government spokesperson. “The Commissioner will report publicly and make recommendations on what he finds in the course of his work.”

There are concerns among privacy rights activists and net neutrality advocates that the bill is deeply intrusive and draconian in its approach. There are also concerns that hackers and more serious criminals would be able to exploit the pathways used by the government.

A draft of the bill reads: “More complex equipment interference operations may involve exploiting existing vulnerabilities in software in order to gain control of devices or networks to remotely extract material or monitor the user of the device.”

Snoopers' Charter UK
The controversial UK Snoopers’ Charter has passed through the House of Lords.

Turkey blocks access to Facebook, WhatsApp, Twitter and YouTube during government coup

On 4 November Turkey‘s government blocked access to several social media websites. ISPs across the country were required to shutdown connections to Facebook, WhatsApp, Twitter and YouTube.

It’s reported that the shutdown is a political response by president Tayyip Erdogan’s increasingly authoritarian government when 11 pro-Kurdish members of Parliament were arrested.

Another mass shutdown occurred just a week before the most recent anti-coup block on Friday, reportedly restricting deliveries of medical supplies to patients.

A month ago, the government blocked access to Google Drive, Dropbox, OneDrive and GitHub in an attempt to cover up an email leak from the Minister of Energy and Natural Resources, as well as social media censorship back in July. Both in 2015 and 2014, access to Twitter and YouTube had been restricted alongside numerous short-lived shutdowns over the last two years.

As part of the government’s attempts to restrict access to social networks, Erdogan established the Telecommunication and Transmission Authority (TTA). The TTA established a blacklist for websites that transgress certain conditions, including materials that insult the president, report news on southeastern Turkey and Kurdish issues as well as posts that defame certain individuals.

Turkey blocks social media
Turkey has once again blocked access to several major social media networks following the arrest of pro-kurdish MPs.

China set to pass highly intrusive cybersecurity law

China’s government is intent on passing a new cybersecurity law that will extend its reach to further exercise online censorship and surveillance.

The National People’s Congress Standing Committee, the country’s top legislative body, held its third and final reading on the bill on 31st October, 2016, and it is expected to be passed by 7th November.

“Despite widespread international concern from corporations and rights advocates for more than a year, Chinese authorities pressed ahead with this restrictive law without making meaningful changes,” said Sophie Richardson, China Director at Human Rights Watch.

“The already heavily censored Internet in China needs more freedom, not less.”

The final draft of the bill contains the following provisions:

  • Companies are required to censor “prohibited” information while restricting anonymity while providing personal information.
  • Infrastructure operators are required to store personal information on users. Data transfers outside of the country will have to pass a security assessment.
  • Companies are required to monitor and report to the government any undefined “network security incidents”. They will also be required to provide “technical support” to security agencies to aid in investigations. Network operators will also be required to retain logs for a minimum of six months.
  • The bill provides a legal basis for potentially large-scale shutdowns in response to “major security incidents”.

Compared with the first draft, there are two important changes. According to the phrasing, individuals are prohibited from using the Internet to “endanger national security, advocate terrorism or extremism, [or] propagate ethnic hatred and discrimination.” Article 12 of the second draft also prohibits individuals from “overthrowing the socialist system” and “fabricating or spreading false information to disturb economic order.” The final draft includes the prohibition of using the Internet “to incite separatism or damage national unity.”

“If online speech and privacy are a bellwether of Beijing’s attitude toward peaceful criticism, everyone – including netizens in China and major international corporations – is now at risk,” said Richardson. “This law’s passage means there are no protections for users against serious charges.”

national-congress-china
China’s government is proposing an intrusive cybersecurity bill that will drastically extend state power to collect data and censor online content. Source: Wikipedia.

Leave a Comment