Digital after death: A grave concern

This is another area to consider, after death, what about what one has stored on the internet (photos, emails, information in the cloud and social medias,..etc)?

Interesting area that may require a uniform law, what do you think?

full text here. 

Edmondson: [2013] EWCA Crim 1026

If you have not already seen it, you might find this case interesting, as it advances the interpretation of what is considered to be “in the course of transmission”, for the purposes of RIPA. It’s a “voicemail hacking” case, focussing on whether the actions of Rebekah Brooks, Andy Coulson and others could fall within the ambit of unlawful interception of communications.

Focussing particularly on voicemail, although making some interesting comments about email too, the case holds that, where a communication is stored on the infrastructure of a communications provider, access to that stored communication is an act of interception even where it has already been accessed or collected by the intended recipient. In other words, it provides some clarity on where the endpoint of a communication is for a hosted message service, for interception purposes.

New directive on attacks against information systems

The new directive against attacks on information systems was published in the Official Journal yesterday.

Not much of the content seems particularly new, especially in terms of the law in the UK at the moment.

The only area where I see some potential challenges, and the potential need for a sensible discussion between member states and industry relates to article 7 of the directive, “tools used for committing offences.” 

The drafting has clearly attempted to delineate that difficult boundary between a “hacking tool” and a tool which is useful testing the security of a network or computer system – which, in all likelihood, is the same software - and, to ensure that businesses and individuals remain able to test the security of their own infrastructure, implementing legislation must tread a fine line to ensure that this distinction is recognised.

Ofcom "Study into the Implications of Smartphone Operating System Security"

It's long, it's detailed, and it might just be up your street:

Goode Intelligence was commissioned by Ofcom to prepare an independent expert report into emerging risks to users of Smartphones and to further Ofcom's understanding of how these risks are addressed in this highly dynamic and nascent environment. 

 You can download all 130+ pages here.

US politicians quiz Google on Glass privacy

This is another example on privacy/ data and identity protection implications, when Google Glass potentially  gather images, video and other data about almost anything a user sees.

Full text here.

Tracking phones in shopping centres — how do you feel?

I was in a shopping centre in Reading today, and this notice caught my eye:

Despite the protestation that "no personal data is recorded," it's quite clear that information about me — or, perhaps, my phone — are being used to provide information to the shopping centre, and perhaps used in other ways.

It was a system I had heard of before, from a company called Path Intelligence. It does not work by using data from the mobile operators, but by careful monitoring of certain frequencies used by mobile phones, to detect phones as their users move around. There was quite some controversy around Path Intelligence in 2011, with the system being labelled as "secretly tracking" and "snooping," but it seems to have gone quiet since then.

I did come across this Freedom of Information Act request, made by Eric King at Privacy International, asking the Information Commissioner to produce any materials resulting from a discussion with Path Intelligence, and the results make for quite interesting reading.

How do you feel about this? Sufficiently invasive to be in need of regulatory attention, or a trivial and inherently harmless use of information gathered from the airwaves? Would it make a difference if you could opt out (something Path Intelligence does not offer)?

"Google chief urges action to regulate mini-drones"

Computers, of course, stretch far beyond boxes sitting in your study or on your desk — but how do you feel about computers, or sensors attached to remote computers, in the sky? How would you feel about an unmanned aircraft hovering over you, watching your every move and reporting it back to some unknown base station? Or are drones — even mini-drones — a good idea?

The BBC has an interesting piece about Eric Schmidt's views on mini-drones: Schmidt, of course, might be seen as an odd person to give pro-privacy advice, particularly after Google's StreetView project.

Data protection

Data protection issues have long been a source of controversy. The proliferation of global Internet companies such as Google, Facebook and Twitter have crystallised conflicts between the privacy interests of individuals and commercial aspirations.

 In 2012 the European Commission published a draft Regulation that, if adopted, will replace the current Data Protection Directive. The measure appears to  attracted both support and opposition. A group of European academicshttp://euobserver.com/justice/119365 have launched an on-line petition supporting the Commission’s proposals. The European Parliament’s Justice Committee has adopted a report which calls for the Commission’s proposals to be strengthened still further.

 This might be contrasted with the UK Parliament’s Justice Committee which has described some of the Commission’s proposals – including the so called ‘right to be forgotten’ as unworkable.  Concerns are shared by some data protection authorities  as this report in the Financial Times indicates. It is perhaps not surprising that the UK is mentioned. We abstained in the final vote on the existing  Directive on the basis that the measure went too far. More surprising is that we have been joined by countries such as Germany who 18 years ago were concerned that the Directive did not go far enough.

 The next year promises to be an interesting period for data protection. I suspect the saga still has a way to go.

End of an Era

I've just been informed of the death of Alan Westin.

Professor Westin was one of the pioneers in the modern debate about privacy and the law and his writings certainly influenced much of my early academic work. His book, Privacy and Freedom was published in 1967 and is still worth reading. I doubt whether the same will be said of my books 50 years from now.

There is an obituary in the New York Times which you can link to from here

Ian

"EU Cybersecurity plan to protect open internet and online freedom and opportunity"

"The European Commission, together with the High Representative of the Union for Foreign Affairs and Security Policy, has published a cybersecurity strategy alongside a Commission proposed directive on network and information security (NIS).

The cybersecurity strategy – "An Open, Safe and Secure Cyberspace" - represents the EU's comprehensive vision on how best to prevent and respond to cyber disruptions and attacks. This is to further European values of freedom and democracy and ensure the digital economy can safely grow. Specific actions are aimed at enhancing cyber resilience of information systems, reducing cybercrime and strengthening EU international cyber-security policy and cyber defence."

The full press release is here, along with links to the proposed directive and to strategy documents.

From my perspective, this looks like a good thing, both for increasing the scope of what is considered to be critical national infrastructure in a digital age, and also to bring up the overall level of cybersecurity, and particularly to level the playing field: over the top communications providers should, I hope, be brought up to the same level as traditional telcos here.

Future Challenges to Identity

How will changes in the next ten years affect notions of identity?’

This is the big question addressed by a new report today by the UK Department for Innovation, Business & Skills (BIS), which sets out set out to explore how changes in technology will affect our notions of identity.

The report identifies key challenges for effective policy-making and implementation in a rapidly changing, globalised, technology-rich, and densely networked society. Amongst other areas, it focuses on implications for crime prevention and criminal justice in a chapter called, ‘The Future Challenges of Identity Crime in the UK’ by Professor David Wall.

For more information, see: http://www.bis.gov.uk/foresight/our-work/policy-futures/identity/Copy%20of%20reports-documents and today’s introductory comment by the BBC: http://www.bbc.co.uk/news/technology-21084945.

If anyone has research interests touching on identity and law (for example, from a different cultural perspective than the UK), please feel free to email me: amk1g10@soton.ac.uk. It will be great to share ideas!

Best wishes,
Alison


 

European Cybercrime Centre

Hello,

I'm a new member of your blog and a few others. I've just started a PhD in IT law (specially on legal issues surrounding digital identity) at Southampton. Thanks for letting me join!

Another one on cybercrime: today, the European Commissioner for Home Affairs  will present the European Cybercrime Centre to the media on 9 January 2013 after which the Centre will be officially inaugurated on 11 January 2013. In 2010, the European Council had tasked the Commission with verifying the feasibility of establishing a European Cybercrime Centre that would become Europe's focal point in the fight against cybercrime.

 

The establishment of the EC3 is a result of the Commission Communication, Tackling Crime in our Digital Age: Establishing a European Cybercrime Centre (EC3), which was adopted on 28 March 2012. This Communication stated that the fight against cybercrime, for which the main legal instrument is the Council of Europe Cybercrime Convention, continues to be a top priority for the EU.

The Centre will develop a common standard for cybercrime reporting so that serious cybercrime can be reported to national law enforcement authorities in a uniform way; respond to queries from and train cybercrime investigators, prosecutors and judges as well as the private sector on specific technical and forensic issues; and:

 

"assume the collective voice of European cybercrime investigators, providing a platform to develop common positions of Union law enforcement authorities on key issues, for example on Internet governance structures or in building trusted networks with the private sector and non-governmental organisations, and providing the natural interface for international initiatives to curb cybercrime, such as Interpol's work in this domain".

For more details, see:

• European Commission: Press release, European Cybercrime Centre (EC3) opens on 11 January (IP/13/13) (9 January 2012).
• European Commission: Memo, Frequently asked questions: The European Cybercrime Center EC3 (MEMO/13/6) (9 January 2012).

Cyber Security

"The cyber threat is, like some other emerging threats, one which has the capacity to
evolve with almost unimaginable speed and with serious consequences for the
nation’s security. The Government needs to put in place – as it has not yet done –
mechanisms, people, education, skills, thinking and policies which take into account
both the opportunities and the vulnerabilities which cyber  presents. It is time the
Government approached this subject with vigour"

thus speaks the Defence Select Committee of the House of Commons. A PDF version of its report can be downloaded from this link. The report has received extensive publicity and you can find a BBC report here

Another Parliamentary Committee, the Home Appairs Select Committee is conducting an investigation into e-crime and you can find its ongoing work via this link