Data protection has become a hot topic recently with new laws in Australia that ensure ISPs (Internet Service Providers) and telecommunication companies store all customer metadata for two years so authorities can review if required. Previously, the only data you might have been worried about the wrong people seeing was the masses of information we hand over daily to giant internet companies who, you would hope, look after and protect this information. Sadly, there are people out there who are hell bent on accessing this information and sharing it with the world. Depending on your viewpoint, sometimes a mass release of data can save lives and change the course or duration of wars, or it can potentially endanger lives and personal or even national security.

What follows are five incidents where both accidentally and intentionally leaked data caused chaos:

Edward Snowden – 1.7 million confidential NSA files leaked

Edward Snowden was a junior level systems administrator for multiple branches of the intelligence service in the US, as well as other companies working on contracts for the CIA and NSA. Disillusioned with the work he was carrying out, Snowden decided to leak documents on NSA. programmes and capabilities. These programmes have been, and continue to be, used to collect and store personal communications both within the US and abroad.

The documents leaked by Snowden were examples of America’s intelligence agencies and other countries equivalent unlawful mass surveillance, including political, industrial and counter-terrorism espionage that the public were unaware of. It’s estimated that Snowden could have downloaded and taken in excess of 1.7 million files from the NSA database for distribution to journalists. Snowden is currently seeking refuge in Russia, the only country that would grant him asylum, whilst fighting an expected 30-year prison term for crimes under the US Espionage Act.

Ashley Maddison – 37 million user account details leaked

With the slogan ’Life’s short. Have an affair’, AshleyMadison.com (AM) was marketed as a dating website specifically targeted to men and women seeking action and romance outside of their relationship. In July 2015 a group who called itself ’The Impact Team’ stole masses of user data from AM with the intention of releasing it if the site wasn’t shut down immediately.

Their initial demands were ignored and 25 gigabytes of stolen personal data was released. This mass release included data that users had paid an additional cost to have ’permanently deleted’, proving that their data had been handled inefficiently prior to the hack. The remaining stolen data was eventually released on the dark web and is still up there to this day.

Yahoo – 1 billion user account details leaked

In 2016, Yahoo announced that it had been hacked and that the customer data of over one billion of its users had been stolen. What makes this leak even more interesting is that they announced it a full three years after the event. They claimed that in 2013 an ’unauthorised party’ broke into the accounts and accessed the data using forged cookies – bits of code that stay in the user’s browser cache so that a website doesn’t require a login with every visit. The cookies ‘could allow an intruder to access users’ accounts without a password’ by misidentifying anyone using them as the owner of an email account.

The perpetrators were never found and nobody has even been convicted for the hack. It’s officially the biggest leak in the history of consumer data and it happened at a time when Yahoo was scaling down its data security.

PlayStation Network – 77 million accounts compromised

In 2011, the PlayStation Network (PSN) experienced an outage as a result of what they called an ’external intrusion’. It was revealed a few days later that the outage was caused by a hack on the network and that over 77 million user account details and payment details had been compromised. Sony took well over a week to inform its customers of the nature of the leak, earning condemnation from governments the world over. The outage lasted a total of 23 days until PSN were satisfied with their security upgrades.

Australian journalists’ metadata accessed illegally

A new law in Australia requires internet service providers and telecommunications companies to hold 2 years’ worth of customers’ metadata for law enforcement agencies should it be needed to investigate a crime. On the back of this, the Australian Federal Police attempted to gain access by force to a journalist’s metadata and were later found to have done this illegally.

The journalist’s data was accessed without him being under investigation for a crime, directly contravening the rules of the Act. This incident is currently being investigated by the Australian Federal Police commissioner, Andrew Colvin. It’s not illegal to hide or even permanently delete your metadata – and you can manage this type of data using software such as cleandocs or by masking your computer using a VPN – but any metadata taken can be used against you in a criminal investigation.

The Bar Standards Board (BSB) has introduced new rules that will enable self-employed barristers to benefit from equal parental leave entitlements provided by chambers, regardless of how their partners use theirs.

The proposed rule changes, which were the subject of a BSB consultation that closed in February and are yet to be approved by the Legal Services Board, would mean that:

• Parental leave would be made available to every member of chambers who becomes a parent or a carer of a child preceding or following birth or adoption;
• A parental leave entitlement should constitute, as a minimum, a period of one year away from practice (though a barrister would not be obliged to take the full entitlement);
• The rule should apply to all mothers, fathers, and adoptive parents, as well as the married, civil, and de facto partners of biological or adoptive parents;
• Chambers' parental leave policies should allow parental leave to be taken flexibly, to enable barristers to maintain their practice and support their income while on leave; and
• The BSB would not prescribe what form this flexibility takes, however suggestions will be included in guidance.

Responding to the BSB announcement, Chair of the Bar Andrew Langdon QC said:

“This is a watershed moment which challenges the assumption that one parent should have to take more time out of their career, and take on more caring responsibilities, than the other.

“The Bar Council has been lobbying for rule changes since the introduction of Shared Parental Leave in 2015 because we want parents to have a more equal role and because we want to see more equal numbers of men and women at the Bar.

“We know that women who leave the Bar for extended periods of time, such as for maternity, find it hard to come back. This move will help to place both parents on a more equal footing.”

Bar Council Head of Policy for Equality and Diversity Sam Mercer said: “The Bar is serious about supporting parents in the profession. This is an important moment in the journey towards a more equal profession and society.

“The Bar Council will provide full support to chambers to ensure this change is managed effectively. New guidance will be issued shortly.”

(Source: BSB + The Bar Council)

Consumer Watchdog recently called on tech companies including Google, Facebook, Twitter, Facebook, Amazon and Microsoft, to support amending a key Internet law so websites like Backpage.com that facilitate child sex trafficking can be held accountable by victims and state attorneys general.

Consumer Watchdog's call came at the start of what Congress has called "Combatting Trafficking and Child Protection Week." Rep. Ann Wagner's (R-Mo.)  has introduced H.R. 1865, Allow States and Victims to Fight Online Sex Trafficking Act of 2017 that would amend Section 230 of the Communications Decency Act – the law that shields Backpage from accountability for its ongoing abuses. Other bills focusing on the trafficking issue are expected to come to the floor Tuesday.

Consumer Watchdog's call came after a news conference last week with anti-trafficking groups where a mother of a victim of Backpage-facilitated child sex trafficking, Nacole S., called on Facebook CEO Mark Zuckerberg, who is engaged in a "listening tour," to meet with her family so she could explain the harm his support of Section 230 causes.

Section 230 of the CDA provides that a website can't be held liable for what's posted on its site by third parties. Tech companies and other defenders of CDA Section 230 claim it promotes and protects free expression on the Internet.

"Internet freedom must not come at the expense of children who are sex trafficked," said John M. Simpson, Consumer Watchdog Privacy Project Director. "Just as the First Amendment does not allow you to shout fire in a crowded movie house, or to assist hit men and drug dealers in their criminal activity, CDA Section 230 must not be allowed to protect an exploitative business that is built on child sex trafficking. It's past time for tech companies to step up and act to narrowly amend this law."

Backpage's victims have filed multiple lawsuits and brought legal actions against Backpage, which has also been the target of government investigations. Among victims bringing suit are  a 13-year-old girl in Miami whose pimp tattooed his name on her eyelids and a 15-year-old in Seattle who was sold for sex more than 150 times. A new documentary film I Am Jane Doe, which chronicles the struggles of child sex victims, is now available on iTunes, Google Play, and Amazon, and will be available on Netflix beginning May 26th.

Last week a coalition of anti-child sex trafficking and public interest groups and the mother of a trafficking victim released a report detailing Backpage's abuses. It documented how Google has funded efforts to defend Sec. 230.

"For years, one company—Backpage.com—has dominated online trafficking in minors for sex. The advertising giant's reach is vast, with sites catering to 437 locations in the U.S. and 506 overseas. So is its impact: By one count, 73% of all suspected child trafficking reports in the U.S. involve Backpage," the report said.

In letters to the tech companies Consumer Watchdog's Simpson wrote: "We call on you to support a narrow amendment to Section 230 of the Communications Decency Act -- H.R. 1865, the 'Allow States and Victims to Fight Online Sex Trafficking Act' could be the vehicle -- that would allow Backpage to be held accountable for its ongoing facilitating of child sex trafficking."

(Source: Consumer Watchdog)

A mass action lawsuit has been filed, under the Magnuson Moss Warranty Act, against Ford Motor Company claiming a defective PowerShift transmission in Ford Focus models from 2012-2015 and Ford Fiesta models from 2011-2015. Currently, there are more than 4,000 past or current owners who have joined the lawsuit.

Thousands of Ford Focus and Ford Fiesta owners have reported consistent jerking and shuddering while driving these vehicles, and many have experienced delayed acceleration and deceleration. In some instances, drivers reported unintended acceleration when stopped at traffic lights, and other times the cars would roll backwards on an incline.

"A friend had a Ford Fiesta, and when he started experiencing problems with the transmission and the dealership was unable to come up with a solution, we looked in to it and found that thousands of people across the country were experiencing the same issues," said Ken Stern, founder and principal of Stern Law PLLC. "Ford must be held accountable for design and manufacturing defects of the PowerShift transmission that has compromised the safety of the vehicles and cost owners significant loss in vehicle value, reliable transportation and time," Stern said.

Ford has issued more than 20 Technical Service Bulletins (TSB) on these models to alert dealership service technicians about known mechanical issues. A TSB is not public and dealers are not mandated to contact owners to complete the repairs. The most common course of dealer action has been to re-flash the transmission control module (TCM) and replace clutches, but the transmission problems persist.

Many customers have taken their vehicles to dealerships for repairs and spent hundreds of dollars, but the vehicles continued shudder. Often customers were told that the problems weren't real, but were part of normal operation. Feeling their cars were unsafe and unreliable, some customers ultimately sold them at a loss."

According to Kelley Blue Book, the resale value of Ford Focus and Ford Fiestas with the PowerShift transmission is $3,000 – 4,000 less than Focus and Fiesta models without it.

In 2014, Ford extended the powertrain warranty on the vehicles from five years and 60,000 miles to seven years and 100,000 miles to cover the clutch shudder on cars built before June of 2013, but no consistently reliable repair has been provided.

(Source: Stern Law, PLLC)

EY has announced that it is collaborating with Microsoft on a broad approach to help address many of the challenges clients are facing around the EU General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018.

The GDPR applies to all businesses offering goods or services to the EU and aims to protect the privacy and security of EU residents' personal data through the imposition of numerous requirements impacting the entire data lifecycle within most organizations.

The jointly-developed service will use existing and new capabilities from both EY firms and Microsoft to offer the technology and processes that help support compliance and risk management.

Using Microsoft's Secure Productive Enterprise initiatives inclusive of Microsoft Azure, Microsoft Office 365 and Windows, companies will be able to use their existing investments in technology to comply with GDPR regulations. The new initiative can expand EY compliance, privacy and data protection offerings, and augments an existing portfolio jointly developed by EY and Microsoft, including services to help organizations sense, resist, react and recover from cyberattacks.

Angela Saverice-Rohan EY Americas Privacy Leader, Advisory, says: "The GDPR is unlike any other privacy regulation to date. It impacts businesses around the world, and creates challenges that won't be solved by policy and procedures alone. Additionally, the GDPR presents a tremendous opportunity for companies to strategically manage their compliance in a way that achieves other important value propositions; specifically data enablement, process optimization and risk reduction. Technology is at the heart of this, and the joint initiative by EY and Microsoft will help to create value for clients at all stages of their GDPR journey, beginning at the data discovery phase and all the way through to automation of many aspects of GDPR compliance."

Paul van Kessel, EY Global Cybersecurity Leader, says: "The GDPR is a major disruptor to our clients as well as our own industries, in both technology and consulting. It will transform how companies manage personal data and is already creating an industry of new point solution providers. But, our clients are looking for a holistic way to address the regulation, from initial assessment, through implementation planning and operationalization. They are looking for approaches that integrate privacy and security and that also manage risk across the three lines of defence namely, business operations, risk and compliance and internal audit. Working on the Microsoft Azure cloud platform will enable us to create options that flexibly support clients through the GDPR compliance journey."

Brendon Lynch, Chief Privacy Officer, Microsoft Corp. says: "The European Union's GDPR represents a significant shift in the way personal data is regulated and it is having global impact. It places more obligations on organizations to take a comprehensive approach to respecting and protecting the personal data they control – no matter where it is stored, processed or sent. Microsoft cares deeply about privacy and takes a principled approach to safeguarding personal information. Our strong commitments to privacy, security, compliance and transparency ensure you can trust the digital technology that we provide and you rely on. Microsoft's broad portfolio of enterprise cloud services and endpoint solutions has many robust and certified security and privacy capabilities to help companies meet their GDPR obligations and we're committed to being GDPR compliant across our cloud services when enforcement begins on May 25, 2018. Our technology capabilities combined with EY's process transformation, compliance audit experience and people-oriented approaches will enable us to develop innovative solutions that together drive greater value for our customers."

The alliance between EY and Microsoft, announced in 2015, leverages the combined strengths of both organizations for jointly-developed offerings. Recently, EY announced new joint offerings with Microsoft on cyber managed services and a service to help companies run their SAP® software environments securely on the Microsoft Azure cloud platform.

(Source: EY)

In recent news we saw that Noel Edmonds is seeking more that £50m in compensation over the HBOS fraud scandal. Here Stuart Benzie, civil fraud barrister at 2 Temple Gardens, talks to Lawyer Monthly in regard to Edmonds’ argument that HBOS and its former employee Mark Dobson destroyed his business, and the possible legal remedies in place for such damages.

Noel Edmonds, best known for hosting Deal or No Deal?, has now found himself taking on the banker. Unique, his previously successful media business, became a victim of the widespread fraud perpetrated by employees of HBOS Reading branch and a corporate turnaround company called Quayside Corporate Services, during the period of 2002-2007.

Lloyds Banking Group, which acquired HBOS in 2008, has assured the 64 fraud victims that they will receive compensation by the end of June, having set aside £100m for that distinct purpose.  However, Noel Edmonds alone values his claim for significant economic losses and damage to his reputation at £73 million.   Not leaving a lot for the remaining 63 victims

Before making any specific offers of compensation, Lloyds has stated that it is conducting a customer review. The term “customer review” may not generate happy memories for victims of the earlier interest rate swap misselling scandal. This process allowed Lloyds (and other banks) to assess the amount of compensation due to the victims of that scandal, overseen by an independent reviewer. Many customers were left disappointed as a result. The compensation offers made were often low and below what the customers believed they had lost.  Perhaps inevitably, when faced with a choice of accepting an inadequate compensation offer, or litigating against a major bank, many decided that they preferred the former.

Given the figures put forward and the comparative rarity of claims for loss of reputation (sometimes called “stigma damages”), it seems unlikely that Lloyds has any intention of paying significant compensation for the loss of Edmonds’ business reputation.  Consequently, the question arises: can a claim for loss of reputation result in a payment of damages before the courts?

The protection of damage to reputation is normally considered to be the role of defamation, but as no HBOS employee appears to have said anything that directly defamed or tarnished Edmonds’ reputation, such an action would be unsustainable. Nevertheless, it is clearly arguable that being snared in this fraud might well damage the business reputation of any of its victims.  The good news (for Edmonds) is that the application of normal contractual principles may afford a route to recovery of losses sustained in circumstances where he can prove and quantify the loss of reputation claimed.

In Wilson v. United Counties Bank,[1] a bankrupt customer brought a successful action for breach of contract against a bank: the House of Lords unanimously upheld recovery of damages for consequential loss of personal reputation. Accordingly, it appears that where damage to reputation, of a sort that would not give a right to recovery in defamation, has been caused by a breach of contract, damages for that breach should be recoverable.

The leading modern case in this area is the House of Lords decision in Malik v. BCCI[2]. The Bank, BCCI, was found to have been involved with a large-scale fraud and other criminal acts, as a result of which the claimants, both employees of the bank, lost their jobs. The employees brought successful actions against the bank for breach of their employment contracts. In the course of judgment, the House of Lords unanimously upheld the pleaded head of loss for “stigma damages”, under which the claimants claimed that their future employability had been handicapped by reason of the stigma attaching to the bank’s activities and their innocent association with them.

Noel Edmonds may well have good grounds to bring a contractual claim for loss of reputation. While establishing a breach in the face of egregious fraud might not be a great hurdle, proving actual financial loss may be a bigger obstacle to a successful claim of this type.  The difficulties with a claim of this nature may make it less likely that Lloyds will be willing to provide compensation for damage to reputation so the question is whether Noel wants to take the risk of litigation against one of the UK’s largest financial institutions.

[1] [1920] 1 AC 102

[2] [1998] 1 AC 20

Retail Industry Leaders Association Executive Vice President for Government Affairs Jennifer Safavian recently issued the following statement as the House Ways and Means Committee began its hearing examining the economic and consumer impact of a border adjustable tax:

"As the nation's largest private-sector employer, retailers support pro-growth tax reform that lowers corporate rates, scrutinizes all deductions and credits in the code, and creates a level playing field among industries.

"Retailers will continue to aggressively oppose any plan that attempts to shift the nation's tax burden from certain corporations that currently are subject to low effective tax rates onto America's working families. The border adjustment tax would jeopardize 42 million jobs retailers currently support, and would put an undue burden onto millions of American families that are struggling.

Retailers are confident that tax reform can be a win-win for job creators and American families. We urge lawmakers to scrap the controversial and divisive border adjustment tax and focus on crafting a tax reform plan that benefits all Americans."

RILA provided a statement for the record during today's hearing in support of pro-growth tax reform without a harmful border adjustment tax. In her statement, Safavian reiterated the fact that a BAT picks winners and losers and gives an unfair, anti-competitive advantage to companies already paying much lower effective tax rates.

"American companies are at a huge competitive disadvantage with our international competitors," Safavian told the Committee. "This is not because of a mythical "Made in America" tax. Instead it is a result of the US statutory corporate tax rate being extremely high by international standards…The border adjustable tax would not improve US competitiveness. Instead, the border adjustable tax would impose price increases on American families, while also causing a devastating financial impact on the retail sector – so much so that the financial viability of many companies would be put into question."

Safavian also focused on the impact to American consumers.

"The border adjustable tax, which would in effect place a new 20% tax on imports while completely eliminating the tax on exports, will force retailers to significantly raise prices on everyday consumer staples such as food, medicine, clothing, electronics, and home improvement items. Many personal necessities like life-saving drugs and items essential to the operation of US small businesses, such as cell phones, have no domestically manufactured equivalent and will not in the foreseeable future. While margins on retail goods are already low, adding the border adjustable tax on top of the cost of those goods means that retailers have no other choice than to pass this additional tax onto American families."

Safavian shared findings from a survey of American retailers conducted earlier this year on the impact of the border adjustable tax and the provisions of the House Republican Tax Reform Blueprint in their entirety (i.e. 20% rate, full expensing, territorial tax system). The results were uniformly devastating for the retail industry.

Examples of the representative responses include:

• One retailer stated that their historic effective tax rate is 39%. Based on a three-year analysis, their effective tax rate would be between 140-288%.
• Another retailer found that their effective tax rate would go from 37% to 102% as a result of the border adjustable tax.
• Still another retailer's analysis showed their effective tax rate would go from 38% to between 84-94%.
• Beyond the increase in effective tax rates, one retailer explained that overall, they would go from a $1.5 billion net income to a $3.5 billion loss.

Safavian concluded her statement by reiterating the fact that should Congress impose a BAT, American consumers and retail jobs will be at risk.

"The border adjustable tax would disproportionately impact the retail sector because we import many products that are not able to be sourced domestically. Such a drastic new tax would undermine the benefits of a corporate tax rate reduction, precluding the industry from realizing potential economic growth. A border adjustable tax will lead to higher prices for American families and put many retail businesses at risk."

(Source: Retail Industry Leaders Association)

The Labour Party has promised to tackle the gender pay gap, regardless of being criticised in the past for not having enough women within the party. They have assured the public that they would match the Tories’ policy of providing 30 free hours of childcare weekly for working mothers, with children aged 2-4 year olds.

Additionally, Theresa May has sworn to continue efforts to close the gender pay gap, by requiring companies with more than 250 employees to publish data on their gender pay gap. Many have argued that the pay gap exists due to a shortage of jobs men and women go into, demonstrating a ‘segregation in the labour market’.

These issues have never been more prevalent in society, and so Savoystewart.co.uk explored the pay gap further, by analysing recent Office of National Statistics (ONS) data. ONS has found that the wage gap is at its lowest since records began at 18.1%. Research has highlighted that despite 80% of UK industries guilty of a gender pay gap, beneath the scrutiny there are industries that actually represent a narrower pay gap, with some of the highest paid jobs in the UK, possessing a less than 10% pay gap difference.

The industries below represent the highest paid jobs for women to pursue, with the smallest pay gap known in the UK:

Interestingly, 40% of these industries, (IT and telecommunication directors, electronical engineers, purchasing managers and directors and taxation experts) require an educational background that involved a STEM subject.

Organisations are continuingly campaigning for girls to study STEM subjects (science, technology, engineering and maths) after the age of 16, as a way of narrowing the gender workforce gap in such industries.

Analysis from the top 10 highest paid jobs for women, with less than a 10% wage gap has revealed that jobs in the IT sector, are the best paid jobs for women, with a staggering yearly salary of £67,767. However, female employment is less than 25%. What’s more, despite such little representation, the wage gap is 6.7% less than men. Moreover, just 27% of those employed in Britain’s digital industries are women, and the UK Commission for mEmployment and Skills has predicted that by 2022, the figure will have only risen to 30%, signifying a less than typical gender pay gap.

Despite women in digital professions still at a low level, the industry has grown 2.8 times faster than overall employment in the UK throughout the past decade. Cindy Rose, the UK CEO of Microsoft, reiterates that keeping girls engaged in these roles, is key for a boost in the UK economy; it is important for these industries to narrow the gender gap.

Interestingly, legal professionals have a wage gap of 10.3% in favour of men, yet 53% of women hold roles in these key professions; once again shutting down a justification for a gender pay gap, when in reality more women take ownership of the industry. Train and tram drivers, are another key industry to assess, where average yearly earnings can be £48,537, where women only make up 5.4% of 19,000 train drivers in the country. Thus, you would expect a drastic wage gap difference. However, ONS has outlined women can earn 0.7% more than their male counterparts.

Justine Greening, the Minister for women and equalities spoke about the gender pay gap in a statement: “Britain has the lowest gender pay gap on record, there are more women in work than ever before, more women-led businesses than ever before and there are now women on every board in the FTSE 100. “But if we are to help women to reach their potential and eliminate the gender pay gap, we need to shine a light on our workplaces to see where there is more to do to. This tool will empower both men and women to challenge this issue in their profession and help people to make more informed decisions about their career.”

(Source: Savoy Stewart)

With increased vigilance, bans and restrictions on internet use, is this something the public should be opposing, and what are the legalities behind it? Also, what is and isn't legal for the public nowadays? Awareness of what is restricted has become confusing and with the Investigatory Powers Act coming into force, what does this mean for internet surveillance and what is just?

Back in January the European Court of Justice ruled that “General and indiscriminate retention” of emails and electronic communications by governments is illegal, which very much challenges the remit of the UK’s so-called snooper’s charter, the Investigatory Powers Act.

In the US, for years the public has been confronting the NSA’s alleged internet spying, and the legal fight on is ongoing on that front, as recent news reveals the security agency failed to manage monitoring programs and to abide by its own rules, from one Presidency in to the next.

This week Lawyer Monthly has heard from several sources with expertise in cyber privacy and government policy, voicing Your Thoughts on the matter.

Shanti Salas, Vice President, Strategy, Exiger Diligence:

‘The Right to be Forgotten’ has put a wrinkle in the free flow of information needed to conduct thorough due diligence.

For businesses and regulatory authorities interested in rooting out corruption and money laundering, online investigative due diligence has become a crucial step – often a necessary first step – in understanding the reputations of individuals and companies involved in business transactions. As the demand for ever-deeper analysis of customer and third-party business relationships has grown, so too has the ability to use technology to gather information—particularly from unstructured data sources—to build a picture of an individual’s or company’sreputation.

In the European Union, Google alone has removed more than 700,000 search results since May 2014 under the “right to be forgotten”, often on content related to high-profile individuals who might be subject to due diligence for legitimate business reasons. The number of removals is higher when considering other common search engines.

This can create real challenges—not only for due diligence investigators who rely on web-based search tools as a first line of screening for exactly this type of information, but also for the growing ecosystem of automated investigative technologies that use search engines.

Perhaps for these reasons, the European Union has begun to put some limits on the right to be forgotten. Still, despite resistance, the ‘right to be forgotten’ has started to spread beyond European borders, and a cottage industry of consultants and attorneys have since sprung up to assist individuals petitioning to delist unflattering content.

Sindi Mules, Partner, Balfour+Manson LLP:

According to YouGov statistics a sizeable proportion of UK citizens is not opposed to surveillance and favours increased level of surveillance. As we struggle to come to terms with the barbarity of the event in Manchester, the question of the need for increased vigilance is sharply brought into focus.

Vigilance comes in many shapes and sizes. What about internet surveillance and bans and restrictions on internet use?

The introduction of The Investigatory Powers Act 2016, termed the ‘Snooper’s Charter’, has thrust this debate into the limelight. The Act came into force on 30 December 2016 as an emergency replacement for expiring previous legislation. It was passed despite objections from a host of major technology players, privacy advocates and academics.

The provisions of the Act extend the powers available beyond the ability to retain data. It provides powers to access and control electronic devices, intercept electronic communications, listen in on calls, retain and hand over records of such online activity, e-mails and calls to other agencies and link these databases between bodies. These actions do not require suspicions of involvement in crimes and can be utilised against any ordinary member of the public.

It is seen as an attempt to bolster security forces and protect the public but it has also been described by its critics as “the most extreme surveillance in the history of western democracy.”

The public appears to be confused about the powers the Government and associated bodies may or may not have to monitor online activity and to store information gleaned. Statistics, provided by an online technology player, show that 76% of those interviewed are unaware of the powers available, with 33% believing that the Government has no powers to monitor online activity. When people are informed of the powers which the Government can utilise, the reaction is negative and one of shock.

It is often said that if you are doing nothing wrong and have nothing to hide then you have nothing to worry about, nonetheless 59% of people interviewed said that they would not provide consent to the Government or associated third parties to view their digital activity.

There is a balance to be struck between the need for protection and the rights to privacy. If the operation of the legislation aimed to protect the public is found to be oppressive by those it aims to protect, then has the balance not been lost?

Jennifer Agate, Head of Media, Foot Anstey:

The Investigatory Powers Act has been nicknamed the Snoopers' Charter and labelled the end of privacy. Yet we do need a solution to the increasing abuse of the influential power of the internet.

The Act legitimises powers which the security services were already exercising, as we saw when the Investigatory Powers Tribunal ruled in October 2016 that the collection of confidential personal data by the security services had breached human rights laws. By introducing formalised checks and safeguards, the Act should in theory help to ensure that the powers are used responsibly. A significant proportion of the Act is dedicated to prohibitions against unlawful interception and, importantly, exceptions for journalistic material (although there are concerns that these exceptions are insufficient).

The Act represents just another example of the way law is racing (and struggling) to keep up with and effectively regulate technology. In recent years we have seen Sections 5 and 8 of the Defamation Act 2013 address internet publication; the Digital Economy Act 2017 address copyright and online pornography; and Section 33 of the Criminal Justice and Courts Act 2015 create a specific offence of disclosing private sexual photographs and films with intent to cause distress (the so called 'revenge porn' law).

Against this backdrop of legislation, the lawful use of the internet remains, unsurprisingly, lawful. It is only criminal or other wrongful conduct that is prohibited.

However, a central problem remains at the heart of the internet: anonymity. Whether it is the posting of revenge porn, hate speech, or incitement to terrorism, those who abuse the opportunities provided by the internet must be capable of being identified, in order that they can be stopped. Yet technology all too often allows users to post damaging content without registering identifiable details, or by using software to block their IP address.

The internet creates great freedom. With that freedom must come responsibility and ultimately, accountability.

Andrew Gilbert, Barrister, One Pump Court Chambers:

Pluralists democracies typically shy away from the censorship of the Internet, a modus operandi of states which stifle public dissent and political discussion. Once powers are in place to remove material deemed by the State to be adverse to the public interest, our society and individual citizens become extremely vulnerable to the gross abuse of these powers, regardless of how well-meaning our current leadership may be now. In 2007, the secular democracy of Turkey cited the need to protect children from grooming and pornography and passed laws effecting government of the Internet, which by 2013 were used by an increasingly autocratic regime to destroy organised dissent which arose around the Gezi Park peaceful protests.

The UK Government already has a broad set of existing powers to punish and deter the communication of explicit or extremist material: under The Terrorism Act 2000 Sections 57 and 58, which prohibits possession or communication to assist would-be terrorists, alongside sending emails which are indecent, grossly offensive, which are false, or which the sender believes to be false, and is nonetheless distributing it to cause distress.

Under the European Convention of Human Rights the freedom of expression and the right to receive and impart information, as well as the right to enjoy private life, are not absolute rights. They may be restricted, but only where a restriction can be shown to be both: Necessary, and Proportionate. The CJEU, considering a referral by the UK Administrative Court concerning the compatibility of the 2014 DRIP Act, ruled on 21 December 2016 that any mass retention of data is illegal, and that only targeted surveillance of “serious crimes” is permitted under the law.

The 2016 IP Act also provides a power require ISPs to lift electronic encryption. This attacks the ability of users to conceal web activity in Virtual Private Networks or end-to-end encrypted communications. The erosion of encryption sets a dangerous precedent which may well have wider effects - undermining user confidence in the internet as a means of communication of sensitive material, whether that be personal medical and banking records or commercial negotiations.

Further muddying the waters, is the General Data Protection Regulation, in force in summer 2018 across the EU’s member states, which will effectively establish a right to privacy (as opposed to the right to ‘private life’), with extra territorial effect: countries which exchange data with EU residents must abide by its fundamental principles, in line with the CJEU’s guidance as to the proportionate approach to be taken by our societies in relation to our increasing data production. A truly enormous amount of activity is caught within its protections: guaranteeing minimum standards of data retention by both public and corporate bodies. However, its terms sit in opposition to those enshrined in the UK’s IP Act.

Snowden’s revelations have arguably chilled free speech. The power of the Security Services to steam open the paper mail of targeted suspects has been swapped for the steaming open and retention of digital communications of all us, regardless of suspicion. In the wrong hands, this ever-growing mountain of personal data could undermine our very democracy. One only has to refer to the record keeping on citizens by which the Stasi maintained their power in East Germany.

We would also love to hear more of Your Thoughts on this, so feel free to comment below and tell us what you think!

The UK Government has refused to publish a report on whether the rules about pensionable age are appropriate. Section 27(2) of the Pensions Act 2014 required them to publish it "before 7^th May 2017."

Government lawyers acting on behalf of the Department for Work and Pensions said they won't publish it, and that even if a Judge ordered them to publish it, they could simply publish a one word report that said, "yes" or "no". Despite this, they won't say "yes" or "no" now.

A letter from the Government's lawyers dated 26^th May 2017 was written in response to a Judicial Review Letter Before Claim sent by Signature Litigation on behalf of Joanne Welch on 19^th May 2017.

Joanne Welch is a supporter of "Back to 60", a campaign group that advocates reform of the rules on pensionable age.

Joanne Welch commented: "The Government has completely ignored a High Court case which states that the fact that an election is due to be held on 8 June 2017 does not allow a minister to breach his statutory duty. The Government also refused to answer our questions about why the Department for Work and Pensions failed to issue a press release about its decision not to publish the report, or who took the decision and when it was taken. This is yet another example of the Government's arrogant and unfair approach to pensions. If Mr Green thinks that a one word answer would be enough for his "report", why doesn't he publish it?"

A link to the Crowdfunding page for the Pensions Legal Challenge Fund can be found here. It is part of the #BackTo60 campaign, working to reverse the increased state pension age for women from 66 back to 60.

(Source: Back to 60)