Tag Archives: democracy

The Investigatory Powers Bill: An Uncertain Future

Investigatory Powers Bill passed by parliament
What can we do to tackle the consequences of the Investigatory Powers Bill passing into law? (Image c/o Maurice on Flickr.)

Many thanks to Nik Williams of Scottish PEN for the following article on the Investigatory Powers Bill.

So there we have it. After a year of discussion and debate, the 1000+ pages of documents outlining the role of surveillance in a modern democracy has passed through both Houses of Parliament. After a bloated few weeks, with discussion monopolised by an ill-placed amendment on press regulation, the Investigatory Powers Bill will soon be an act of parliament. Here at Scottish PEN this occasion can only be met with resignation and deeply held reservations.

The nature of the closing weeks’ discussion in both houses should depress even the chambers’ most ardent supporters. With Baroness Hollins’ proposed amendment to extend exemplary damages to victims of phone hacking from newspapers not signed up to an approved regulator, the debate drifted away from the surveillance powers in the bill that will distinguish the UK from every established democracy in the world, towards a rehash of a discussion that has been left unfinished following the Leveson enquiry in 2011/12.

This did the bill and our civil liberties a disservice. When was the last time we heard the MPs and Peers use the words ‘bulk’, ‘communications data’, ‘request filter’, ‘interception’ or ‘civil liberties’? While phone hacking and press regulation commandeered space reserved for surveillance powers, these issues were ignored, scrutiny was frozen and forsaken and consensus across the house was assumed.

So now we are left with powers that enable our web records to be stored by public bodies on every British citizen for 12 months; the capacity of intelligence agencies to hack and potentially destroy devices, systems or networks; powers that collect data on the many to find the few and obligations that can be foisted on technology companies to undermine encryption. This is a crude summary of the powers – the sheer scale and the impact of the bill will only be fully realised when the bill is enacted.

So what do we do now? We mobilise, we secure, we seek to frustrate those who watch over us, we get smart. Interrogating what platforms we use and their privacy agreements are not luxuries afforded to the serial paranoiacs or techies alone, they are the actions we all need to take – they represent the markers on a roadmap we must all use to navigate our way through a narrowing and treacherous landscape.

These are obligations that fall to all of us; whether we write, research, communicate or shop online, whether we offer digital services to others, we all need to position privacy at the heart of our thinking, not as a peripheral second-thought. This is never truer than the situation public, academic and specialist libraries now find themselves in. Crudely defined as a telecommunication provider, as the IP Bill lacks any lower threshold to who can be obliged to store data and other requests from the state, the already precarious existence of libraries in the UK is further placed in jeopardy. But can libraries, seen by many as a refuge or sanctuary, be places that invite surveillance and consolidate our private information?

Following a pilot workshop at Glasgow Women’s Library in July, Scottish PEN is rolling out a series of workshops in Edinburgh, Orkney and Perth to build the capacity of libraries across these regions to protect the digital security and privacy of both their institutions and patrons. With libraries operating for many as the portal to the online word to facilitate communication, research, shopping and applying for jobs or benefits, how libraries can continue to offer these services in good faith in light of these new obligations is something we need to address now.

We do not believe in the principle that the collection of private data of innocent citizens will guarantee our safety or security (a belief mirrored by the intelligence agencies who fear, according to a confidential M15 report, that collecting too much data “creates a real risk of ‘intelligence failure’ i.e. from the Service being unable to access potentially life-saving intelligence from data that it has already collected”). But it appears that we all, including the intelligence agencies, need to strap in and assume nothing is sacred, nothing is beyond the reach of the voraciously hungry state.

But we need not be resigned to this fate. We need to know these powers inside and out, what they cover, what they don’t, and what they may enable through vague wording and overly broad interpretations. We need to listen to those who have things to say about encryption, threat modelling and zero-knowledge systems, and perhaps most importantly, we need to feel confident to reach out to others to ask questions and share knowledge, and this is where libraries can truly shine. The idea of a library being a repository of collective knowledge and endeavour is not new, but why can’t this approach be used to see libraries as spaces within which we can explore privacy enabling technologies, discuss the role of surveillance in our modern and digital democracy and learn more.

Perhaps then we can renew privacy’s position as a fundamental right, perhaps then we can reclaim the Internet as a space for exploration as opposed to a space of observation, perhaps then we will know how much of us is up for grabs.

These are a great deal of perhaps, but it gives us a place to start and that is better than nothing.

Ten years of freedom of information – what does the future hold?

Image c/o v1ctory_1s_m1ne on Flickr.

To celebrate 10 years of the Freedom of Information Act, Bilal Ghafoor (FOI Kid) reflects on its impact and ponders what the future holds for this important Act of parliament.

If you go onto the website or read the official publications of any government department, local council, NHS organisation, the one thing that almost all of the information will have in common is that it has been volunteered. And while the communications and press teams in many organisations do a great job, ultimately they are a prism through which an organisation shines out what light it wishes to. Most press releases or official statements do not contain raw data. Most organisations do not publish email trails that they are even slightly uncomfortable about.

The Freedom of Information Act 2000 came into force on 1 January 2005 and it has, in the words of the Justice Select Committee, which undertook a post legislative review of the Act, been “a significant enhancement of our democracy.”[1] However, it went on to note that “we are not surprised that the unrealistic secondary expectation that the Act would increase public confidence in Government and Parliament has not been met.”[2] This was, after all, while the fire of the MPs’ expenses scandal was still smouldering.

I continue to be struck by an observation I heard when I attended a Request Initiative event on FOI that all the complaints about the burden of FOI are irrelevant – public authorities hire FOI officers and spend money not on releasing information but on withholding it. Aside from personal data, which must be guarded, there is more truth to this idea than I would like.

I remember when I worked in FOI in a central government department, a Labour Secretary of State visited us. The first thing he did was apologise to us for bringing in the Act. It was not just Tony Blair who later thought it foolish. We in the FOI team (it seemed to be the natural home of a couple of a Marxists who had somehow joined the civil service), thought it to be utterly bizarre. How was it not a good thing (and not just because it kept us in employment)?

It is our tax, it is our society, these institutions are ours, the work they do belongs to us. It almost seems like a naïve assertion, but perhaps that is because it is so true. If we live in a democracy.

But there are dangers. The FOI Act, which was heroically worked on by the Campaign for Freedom of Information (which just celebrated its 30th birthday party – 20 years older than the legislation itself), came into force over a long period of time and the dangers are similarly slow but sure.

The Government’s response to the post legislative review[3] highlighted that it wanted allow organisations to refuse multiple requests from the same person or organisation. At first glance, this might be ok – why should one person be allowed to harass an organisation with lots of requests? But what about a local newspaper wanting to make lots of requests to local organisations? How is a local newspaper  supposed to survive on being able to make only a small number of requests in any one year to the local council?

There is a suggestion that ‘thinking time’ be included in cost limits for responding to a FOI. This means that any request of a new kind or for new types of information or invoking a new exemption will start to breach the cost limits and be refused. This encourages organisations to hire non-specialists. Or to copy in 15 members of staff into emails about FOI requests and to count thinking time 15 times over.

The chronic under-funding of the Information Commissioner’s Office (ICO) is another terrible problem. While the ICO’s basic stance seems to be to advocate the release of information and accessibility for all, in the latest triennial review of the ICO, its own submission to the Ministry of Justice[4] proposed a charge for requestors wanting to use its services. This would be appalling. But I can see that the ICO is constantly frustrated by its tiny grant in aid (the organisation runs its entire FOI operation for less than many central government department’s communications and spin budgets) and that this proposal is a sign of its desperation.

Application of the Act has become complicated – most ICO decision notices and Tribunal judgments add nuances onto how we should apply exemptions. I love the complication, but I am also very drawn to an idea that was kicked around by others on Twitter that perhaps all of the exemptions should be discarded and everything become subject to a plain public interest test. This would include cost limits – if you ask for a lot of information, if it is in the public interest to provide it, it should be provided. Thanks to relatively recent developments in understanding of ‘vexatious requests’), where a request would be significantly disruptive, the Act allows for a refusal.

The FOI Act is not perfect. But I am still of the generation that compares it to Yes Prime Minister days of secrecy and am thankful to the Campaign for Freedom of Information and other advocates that we can now ask the people who formerly felt like our masters for our own information.

[1] Post legislative scrutiny of the Freedom of Information Act 2000 – Justice Committee Para 241, http://www.publications.parliament.uk/pa/cm201213/cmselect/cmjust/96/9602.htm.

[2] ibid

[3] http://www.justice.gov.uk/downloads/publications/policy/moj/gov-resp-justice-comm-foi-act.pdf

[4] https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2014/11/ico-response-to-the-ministry-of-justice-s-announcement-of-their-triennial-review-of-the-information-commissioner-s-office/