With increased vigilance, bans and restrictions on internet use, is this something the public should be opposing, and what are the legalities behind it? Also, what is and isn’t legal for the public nowadays? Awareness of what is restricted has become confusing and with the Investigatory Powers Act coming into force, what does this mean for internet surveillance and what is just?
Back in January the European Court of Justice ruled that “General and indiscriminate retention” of emails and electronic communications by governments is illegal, which very much challenges the remit of the UK’s so-called snooper’s charter, the Investigatory Powers Act.
In the US, for years the public has been confronting the NSA’s alleged internet spying, and the legal fight on is ongoing on that front, as recent news reveals the security agency failed to manage monitoring programs and to abide by its own rules, from one Presidency in to the next.
This week Lawyer Monthly has heard from several sources with expertise in cyber privacy and government policy, voicing Your Thoughts on the matter.
Shanti Salas, Vice President, Strategy, Exiger Diligence:
‘The Right to be Forgotten’ has put a wrinkle in the free flow of information needed to conduct thorough due diligence.
For businesses and regulatory authorities interested in rooting out corruption and money laundering, online investigative due diligence has become a crucial step – often a necessary first step – in understanding the reputations of individuals and companies involved in business transactions. As the demand for ever-deeper analysis of customer and third-party business relationships has grown, so too has the ability to use technology to gather information—particularly from unstructured data sources—to build a picture of an individual’s or company’sreputation.
In the European Union, Google alone has removed more than 700,000 search results since May 2014 under the “right to be forgotten”, often on content related to high-profile individuals who might be subject to due diligence for legitimate business reasons. The number of removals is higher when considering other common search engines.
This can create real challenges—not only for due diligence investigators who rely on web-based search tools as a first line of screening for exactly this type of information, but also for the growing ecosystem of automated investigative technologies that use search engines.
Perhaps for these reasons, the European Union has begun to put some limits on the right to be forgotten. Still, despite resistance, the ‘right to be forgotten’ has started to spread beyond European borders, and a cottage industry of consultants and attorneys have since sprung up to assist individuals petitioning to delist unflattering content.
Sindi Mules, Partner, Balfour+Manson LLP:
According to YouGov statistics a sizeable proportion of UK citizens is not opposed to surveillance and favours increased level of surveillance. As we struggle to come to terms with the barbarity of the event in Manchester, the question of the need for increased vigilance is sharply brought into focus.
Vigilance comes in many shapes and sizes. What about internet surveillance and bans and restrictions on internet use?
The introduction of The Investigatory Powers Act 2016, termed the ‘Snooper’s Charter’, has thrust this debate into the limelight. The Act came into force on 30 December 2016 as an emergency replacement for expiring previous legislation. It was passed despite objections from a host of major technology players, privacy advocates and academics.
The provisions of the Act extend the powers available beyond the ability to retain data. It provides powers to access and control electronic devices, intercept electronic communications, listen in on calls, retain and hand over records of such online activity, e-mails and calls to other agencies and link these databases between bodies. These actions do not require suspicions of involvement in crimes and can be utilised against any ordinary member of the public.
It is seen as an attempt to bolster security forces and protect the public but it has also been described by its critics as “the most extreme surveillance in the history of western democracy.”
The public appears to be confused about the powers the Government and associated bodies may or may not have to monitor online activity and to store information gleaned. Statistics, provided by an online technology player, show that 76% of those interviewed are unaware of the powers available, with 33% believing that the Government has no powers to monitor online activity. When people are informed of the powers which the Government can utilise, the reaction is negative and one of shock.
It is often said that if you are doing nothing wrong and have nothing to hide then you have nothing to worry about, nonetheless 59% of people interviewed said that they would not provide consent to the Government or associated third parties to view their digital activity.
There is a balance to be struck between the need for protection and the rights to privacy. If the operation of the legislation aimed to protect the public is found to be oppressive by those it aims to protect, then has the balance not been lost?
Jennifer Agate, Head of Media, Foot Anstey:
The Investigatory Powers Act has been nicknamed the Snoopers’ Charter and labelled the end of privacy. Yet we do need a solution to the increasing abuse of the influential power of the internet.
The Act legitimises powers which the security services were already exercising, as we saw when the Investigatory Powers Tribunal ruled in October 2016 that the collection of confidential personal data by the security services had breached human rights laws. By introducing formalised checks and safeguards, the Act should in theory help to ensure that the powers are used responsibly. A significant proportion of the Act is dedicated to prohibitions against unlawful interception and, importantly, exceptions for journalistic material (although there are concerns that these exceptions are insufficient).
The Act represents just another example of the way law is racing (and struggling) to keep up with and effectively regulate technology. In recent years we have seen Sections 5 and 8 of the Defamation Act 2013 address internet publication; the Digital Economy Act 2017 address copyright and online pornography; and Section 33 of the Criminal Justice and Courts Act 2015 create a specific offence of disclosing private sexual photographs and films with intent to cause distress (the so called ‘revenge porn’ law).
Against this backdrop of legislation, the lawful use of the internet remains, unsurprisingly, lawful. It is only criminal or other wrongful conduct that is prohibited.
However, a central problem remains at the heart of the internet: anonymity. Whether it is the posting of revenge porn, hate speech, or incitement to terrorism, those who abuse the opportunities provided by the internet must be capable of being identified, in order that they can be stopped. Yet technology all too often allows users to post damaging content without registering identifiable details, or by using software to block their IP address.
The internet creates great freedom. With that freedom must come responsibility and ultimately, accountability.
Andrew Gilbert, Barrister, One Pump Court Chambers:
Pluralists democracies typically shy away from the censorship of the Internet, a modus operandi of states which stifle public dissent and political discussion. Once powers are in place to remove material deemed by the State to be adverse to the public interest, our society and individual citizens become extremely vulnerable to the gross abuse of these powers, regardless of how well-meaning our current leadership may be now. In 2007, the secular democracy of Turkey cited the need to protect children from grooming and pornography and passed laws effecting government of the Internet, which by 2013 were used by an increasingly autocratic regime to destroy organised dissent which arose around the Gezi Park peaceful protests.
The UK Government already has a broad set of existing powers to punish and deter the communication of explicit or extremist material: under The Terrorism Act 2000 Sections 57 and 58, which prohibits possession or communication to assist would-be terrorists, alongside sending emails which are indecent, grossly offensive, which are false, or which the sender believes to be false, and is nonetheless distributing it to cause distress.
Under the European Convention of Human Rights the freedom of expression and the right to receive and impart information, as well as the right to enjoy private life, are not absolute rights. They may be restricted, but only where a restriction can be shown to be both: Necessary, and Proportionate. The CJEU, considering a referral by the UK Administrative Court concerning the compatibility of the 2014 DRIP Act, ruled on 21 December 2016 that any mass retention of data is illegal, and that only targeted surveillance of “serious crimes” is permitted under the law.
The 2016 IP Act also provides a power require ISPs to lift electronic encryption. This attacks the ability of users to conceal web activity in Virtual Private Networks or end-to-end encrypted communications. The erosion of encryption sets a dangerous precedent which may well have wider effects – undermining user confidence in the internet as a means of communication of sensitive material, whether that be personal medical and banking records or commercial negotiations.
Further muddying the waters, is the General Data Protection Regulation, in force in summer 2018 across the EU’s member states, which will effectively establish a right to privacy (as opposed to the right to ‘private life’), with extra territorial effect: countries which exchange data with EU residents must abide by its fundamental principles, in line with the CJEU’s guidance as to the proportionate approach to be taken by our societies in relation to our increasing data production. A truly enormous amount of activity is caught within its protections: guaranteeing minimum standards of data retention by both public and corporate bodies. However, its terms sit in opposition to those enshrined in the UK’s IP Act.
Snowden’s revelations have arguably chilled free speech. The power of the Security Services to steam open the paper mail of targeted suspects has been swapped for the steaming open and retention of digital communications of all us, regardless of suspicion. In the wrong hands, this ever-growing mountain of personal data could undermine our very democracy. One only has to refer to the record keeping on citizens by which the Stasi maintained their power in East Germany.
We would also love to hear more of Your Thoughts on this, so feel free to comment below and tell us what you think!