ORG, along with human rights organisation Liberty, was a supporter of Labour Party deputy leader Tom Watson’s challenge to the Government’s Data Retention and Investigatory Powers Act 2014 (DRIPA).
The Appeal Court ruled on Tuesday that DRIPA had been used to collect data for the wrong purposes, and without proper sign-off — in contravention of EU law.
DRIPA was replaced in 2016 by the Investigatory Powers Act 2016 (IPA) — the so-called Snoopers’ Charter.
But many elements of DRIPA were incorporated into IPA, in some cases in expanded form. ORG and other campaigners say this means significant parts of IPA are also unlawful and must therefore be urgently changed.
The work of Open Rights Group on this legal challenge was one of four key areas of current activity outlined at a London meeting of the group last Wednesday (January 24).
The principal speaker was to have been Myles Jackman, ORG’s legal director and a hero on the fetish scene for his work defending members of the community who have found themselves up against the law.
Unfortunately, owing to illness, neither Myles nor ORG executive director Jim Killock were able to attend.
But ORG legal intern Alex Haydock stepped into the breach, and proved to be an effective guide through the legal challenges on the evening’s agenda.
One of four current challenges was, unsurprisingly, the DRIPA appeal (above) which the Appeal Court has just ruled on.
Another challenge, also related to the Snoopers’ Charter, concerns mass surveillance operations conducted by GCHQ.
ORG is contesting the use of the GCHQ Tempora program which trawls the content of the UK’s transatlantic fibre-optic cables, and the similar NSA programs Upstream and Prism.
This case has gone straight to the European Court of Human Rights (ECHR) and a result is expected later this year. “This is a really big one for us,” said Haydock.
A third area of Open Rights Group activity concerns its current appeal to the UK Supreme Court over web blocking. Some powerful global commercial interests want to protect their brands by forcing ISPs to block websites they say are violating trademarks.
“ORG does not condone counterfeiting,” said Haydock, “but this is a lazy solution to the problem. It puts a cost burden onto ISPs which will ultimately be borne by their customers.
“Also, the blocks apply only to the major ISPs, so anyone who is determined can get around them. And if a counterfeiter’s site is blocked, it may deny justice to customers who have been ripped off, as they will have no way to access the site to pursue a complaint.”
Unfortunately, Alex added, the UK Courts have agreed in principle that this kind of blocking is OK. But ORG is appealing that ISPs should not be made responsible for the costs of doing it.
The fourth challenge ORG is currently signed up to revolves around the issue of Microsoft e-mail privacy.
Microsoft is resisting an attempt by the US Department of Justice to make it hand over e-mails, on the grounds that the Microsoft server is in Ireland and therefore subject to Irish, not US laws.
The DOJ doesn’t agree, and is arguing that the e-mails in question are Microsoft business records, to which it must provide access. The company counters that the e-mails are not its business records, but communications owned by third parties.
If the US Government wins this, says Haydock, the US DOJ could demand access to anything from any company with a US base.
The meeting’s speaker then went on to outline some future challenges Open Rights Group expected to be dealing with. Several of these will be of particular interest to the fetish community.
The first (hopefully not a fetish issue!) concerned keeping up pressure on the Met Police for more transparency on Counter Terrorism Internal Referral Unit (CTIRU) internet takedowns.
Impressive claims have been made for the number of takedowns achieved by the unit — more than 100,000 since 2010. But despite numerous Freedom of Information requests, no evidence has been provided to back up these claims, on grounds of national security.
There are also concerns at ORG about the willingness of UK domain administrator Nominet to suspend domains flagged up as having a illegal content. To date Bominet has suspended some 8,000 domains on these grounds.
“Again, we don’t support illegal domains,” Alex assured the meeting. “But this is being done completely informally, without any transparency or any announcement that a domain has been removed because it was deemed illegal.
“Less than one percent of such requests received by Nominet were rejected. We want a legislative framework in place, proper accountability and proper notification. This is a process that should happen through the courts.”
Final focus of the meeting was directed towards the thorny subject of age verification as a requirement of the Digital Economy Act 2017 (DEA).
This act contains several provisions detrimental to the digital rights of British residents, of which age verification as a condition of accessing adult websites is probably the most contentious.
The legislation, which is already in force, specifies that by April this year, all commercial porn sites accessible from the UK must operate approved age verification methods.
The British Board of Film Classification (BBFC) is the regulator-in-waiting, its task to ensure that each porn site has approved age verification in place. Sites that don’t comply will be subject to blocking orders.
And it currently looks like the default verification gateway will be one developed by MindGeek, which owns about 90 percent of the free adult ‘tube’ sites on the internet, such as PornHub.
A member of the ORG audience commented on the irony of the British Government “getting into bed” with one of the world’s largest online porn organisations in order to protect children and young people from accessing porn.
However, Open Rights Group’s major concern is the massive risk to privacy and data security inherent in having to provide your personal details to a commercial organisation like MindGeek.
MindGeek estimates that 20 to 25 million adults in the UK will sign up to its age verification software “within the first month”.
Given that MindGeek has, according to Haydock, already suffered five significant data breaches, this may not be totally reassuring. Just think of the value of all that new UK data to the people who hacked Ashley Madison!
Although the deadline for website compliance is this April, a lot of the detail has still not been worked out, ORG’s man added. Codes of practice are only in draft form, and while the BBFC is set to be the regulator, it has yet to decide how to perform that task.
“We suspect age verification will fail to guarantee privacy,” Haydock said. “Even if it does comply with data protection law, we can still challenge it. And if it doesn’t comply, then it’s wide open for challenge.”
And the current Government proposals don’t even take into account that anyone who is reasonably net savvy can circumvent such measures with a virtual private network (VPN) or other workarounds.
Published February 1, 2018