#alternate TechCrunch » Feed TechCrunch » Comments Feed TechCrunch » UK
Surveillance Bill A Risk To Data Security And Privacy, Says ICO
Comments Feed Original Stitch Raises $1.1 Million To Put The Shirt On
Your Back Microsoft Today Ends Support For Windows 8, Old Versions Of
Internet Explorer alternate alternate TechCrunch WordPress.com
Menu TechCrunch Search
* Follow Us
* Facebook
* Instagram
* Twitter
* Youtube
* Flipboard
* LinkedIn
* Google+
* RSS
* More
+ Youtube
+ Flipboard
+ LinkedIn
+ Google+
+ RSS
Got a tip? Let us know.
* News
+ Channels
+ Startups
+ Mobile
+ Gadgets
+ Enterprise
+ Social
+ Europe
+ Asia
+ Old Crunch Network
+ Unicorn Leaderboard
+ Gift Guides
All Topics All Galleries
Video
Shows
* Apps
* Breaking News
* Bullish
* Crunch Report
* CES 2016
* Gadgets
* Interviews
* Reviews
* TC Cribs
* TC Features
All Shows
All Videos
Events
* TechCrunch Events
* Disrupt
* Startup Battlefield
* Crunchies
* Meetups
* International City Events
* Hackathon
* Include
* NFL’s 1ST and Future
* TC Davos 2016
* News About
* CES
All Events
CrunchBase
* Trending
* Apple
* Google
* Samsung
* News
* Startups
* Mobile
* Gadgets
* Enterprise
* Social
* Europe
Search TechCrunch
Search TechCrunch ____________________ (BUTTON) Search (BUTTON) Search
9th Annual CrunchiesFind Out Who Will Win The Crunchie For Best Mobile
App - Citymapper, Messenger, Periscope, Robinhood or Wish Get Your
Tickets Today
Europe
* At Davos, Kevin Spacey Predicts That Tech Firms Will Follow Netflix
Into Media
At Davos, Kevin Spacey Predicts That Tech Firms Will Follow Netflix
Into Media
* MariaDB Raises $9M More, Michael Howard Named New CEO, Monty
Widenius CTO
MariaDB Raises $9M More, Michael Howard Named New CEO, Monty Widenius CTO
* Kickstarter Needs Better Ways To Sanity-Check Complex Hardware
Projects, Says Zano Review
Kickstarter Needs Better Ways To Sanity-Check Complex Hardware Projects, Says
Zano Review
*
Browse more...
surveillance
* State Lawmakers Create Coalition To Overhaul Digital Privacy Laws
State Lawmakers Create Coalition To Overhaul Digital Privacy Laws
* EU-US Safe Harbor Data Flow Talks Still Sticking On Surveillance
EU-US Safe Harbor Data Flow Talks Still Sticking On Surveillance
* Risks And Red Lines As UK Prepares To Reforge Surveillance Law
Risks And Red Lines As UK Prepares To Reforge Surveillance Law
*
Browse more...
encryption
* Why Cloud Computing Will Shake Up Security
Why Cloud Computing Will Shake Up Security
* Will 2016 See The End Of Closed-Source Politics?
Will 2016 See The End Of Closed-Source Politics?
* Risks And Red Lines As UK Prepares To Reforge Surveillance Law
Risks And Red Lines As UK Prepares To Reforge Surveillance Law
*
Browse more...
data retention
* U.K. Users’ Online Activity To Be Logged Under New Surveillance Law
U.K. Users’ Online Activity To Be Logged Under New Surveillance Law
* New U.K. Comms Data Capture Bill Incoming This Week
New U.K. Comms Data Capture Bill Incoming This Week
* EFF’s 2015 Data Privacy Report Lauds Apple, Dropbox, Slams Verizon
EFF’s 2015 Data Privacy Report Lauds Apple, Dropbox, Slams Verizon
*
Browse more...
mass surveillance
* EU-US Safe Harbor Data Flow Talks Still Sticking On Surveillance
EU-US Safe Harbor Data Flow Talks Still Sticking On Surveillance
* Risks And Red Lines As UK Prepares To Reforge Surveillance Law
Risks And Red Lines As UK Prepares To Reforge Surveillance Law
* Costs And Risks Of UK’s Draft Surveillance Powers Probed
Costs And Risks Of UK’s Draft Surveillance Powers Probed
*
Browse more...
UK Surveillance Bill A Risk To Data Security And Privacy, Says ICO
Posted Jan 12, 2016 by Natasha Lomas (@riptari)
* 0
SHARES
*
*
*
*
*
*
*
*
*
Next Story
Original Stitch Raises $1.1 Million To Put The Shirt On Your Back
[15612583444_2f2eda913f_k.jpg?w=738]
The U.K.’s Information Commissioner’s Office has criticized the draft
Investigatory Powers bill warning about the risks of requiring
communications service providers to weaken encryption, and also
asserting that no clear case has been made for why the state should
require data on all its citizens to be retained for a full year.
The IP bill is the government’s attempt to update and extend
the surveillance capabilities of the security and intelligence agencies
— replacing the long-in-the-tooth patchwork of legislation currently
used to authorize intercepts with a clearer legal framework. It’s
aiming to have a new law passed by the end of this year when emergency
surveillance legislation, DRIPA, expires.
Giving oral evidence last week to the joint select committee currently
examining the bill, information commissioner Christopher Graham was
asked whether the bill gets the balance right, between privacy and
security. “It’s very difficult to judge whether the bill gets the
balance right,” he said. “Because the one thing we don’t have in the
voluminous material that has been put before you is any real evidence,
as opposed to the occasional anecdote, for the utility of the
information that’s sought.
“The bill proposes that data can be required to be retained for 12
months but there’s no particular explanation of why 12 months — rather
than six months or 18 months — is desirable because there is no
indication of the use that such information has been put to over many
months and years in the normal way of dealing with serious crime and
terrorism.”
ICO Christopher Graham
Parliament needs to recognize that the various data protection rights
afforded to individuals, he continued, and be wary of “signing off a
blank cheque” in regards to the security services’ appetite for
information — arguing instead there should be a system of
ongoing proportionality reviews, once the legislation has passed, to
ensure data protection obligations continue to be met.
He went so far as to suggest that a rolling sunset clause or yearly
renewal requirement be embedded within the legislation to enforce
proportionality — and avoid the risks associated with data retention
overreach. “Parliament renewed the Prevention of Terrorism Act year by
year. I can’t see why we shouldn’t have a similar arrangement for
something so fundamental as this bill,” he argued.
“Data protection is a fundamental right, under the charter of
fundamental rights of the European Union, so I don’t think it’s a
question of just signing off a blank cheque,” he added. “It is asserted
that this information is very important for the detection of crime, and
the prevention of terrorism, I think it would be sensible and wise for
parliament to review, from time to time, how it’s working in practice.
What use is being used of this great mass of data that will be required
to be retained by communications service providers?”
Graham warned specifically of the “huge risk” of vast caches of
retained information being exploited by “bad actors”, or otherwise
leaking out because of the security challenges created by an
ongoing requirement to store so much personal data.
Asked by the committee what sort of sanctions could be put in place to
mitigate the risk of misuse of retained data by “rogue” individuals,
such as within police forces or other organizations storing the
data, Graham suggested parliament could enact a more deterrent-based
penalty — such as a prison sentence, rather than the fine-only regime
afforded by current legislation that pertains to this area.
But he again emphasized that too much retained data itself can generate
too much risk. Ergo the best form of mitigation is to retain less data
in the first place. “It merely underlines the point that when you
require communications service providers to retain a massive collection
of data for a year then it creates a risk. It’s there. People may do
stupid things with it,” said Graham.
When you require communications service providers to retain a
massive collection of data for a year then it creates a risk…People
may do stupid things with it.
“[It’s] a whole pile of stuff which can get lost, inappropriately
accessed from the criminal point of view and so on — and it’s because
that risk is created by the legislation then you’ve got to have some
very powerful safeguards to make sure the legislation is regularly
reviewed, that it is being used for what it’s meant to be used for.”
On encryption, in its written evidence to the committee, the ICO also
warns that “notices requiring the removal of electronic protection
should not be permitted to lead to the removal or weakening of
encryption”, given the risk to “the security of personal data
generally”.
It specifically flags up clause 189 in the draft bill, noting that this
permits the Secretary of State to impose obligations “relating to the
removal of electronic protection applied by a relevant operator to any
communications or data”.
“This could be a far reaching measure with detrimental consequences to
the security of data and safeguards which are essential to the public’s
continued confidence in the handling and use of their personal
information,” the ICO writes, adding: “The practical application of
such requirement in the draft is unclear in the draft bill and the
accompanying Guide to Powers and Safeguards does not provide specific
details to enable the full extent of the provision to be assessed.”
Last month Apple also raised concerns about the IP bill’s implications
for encryption, writing in its own submission to the committee that:
“The best minds in the world cannot rewrite the laws of mathematics.
Any process that weakens the mathematical models that protect user data
will by extension weaken the protection. And recent history is littered
with cases of attackers successfully implementing exploits that nearly
all experts either remained unaware of or viewed as merely
theoretical.”
Five other Internet companies — Google, Microsoft, Twitter, Facebook
and Yahoo — have also raised concerns about the implications of the
proposed legislation on encryption, calling for more clarity in the
language used in the bill in their own joint written submission.
“We reject any proposals that would require companies to deliberately
weaken the security of their products via backdoors, forced decryption,
or any other means. We therefore have concerns that the Bill includes
“obligations relating to the removal of electronic protection applied
by a relevant operator to any communication or data” and that these are
explicitly intended to apply extraterritorially with limited
protections for overseas providers,” they write.
“We appreciate the statements in the Bill and by the Home Secretary
that the Bill is not intended to weaken the use of encryption, and
suggest that the Bill expressly state that nothing in the Bill should
be construed to require a company to weaken or defeat its security
measures.”
The government has been accused of putting out mixed messages when it
comes to its legislative intentions around encryption, with the Prime
Minister last year appearing to suggest he wanted to ban encryption,
before apparently backpedaling. The Home Secretary also subsequently
appeared to make comments in support of encryption yet the wording of
the legislation remains vague enough that concerns about
its implications for encrypted services persist.
For example, many speakers at an event held to discuss various aspects
of the IP bill last week expressed similar worries about vague language
in the draft legislation leaving too much “open to interpretation”.
The joint select committee is continuing to take evidence from
witnesses, and will hear from Home Secretary Theresa May tomorrow. It’s
expected to file a report with recommendations by the middle of next
month — suggestions that will doubtless feed into the coming months of
debate as MPs and Peers in parliament and the House of Lords chew over
the bill’s detail and try to achieve that sought for balance between
security and privacy.
Featured Image: r. nial bradshaw/Flickr UNDER A CC BY 2.0 LICENSE
* 0
SHARES
* 0
Share
* 0
Tweet
* 0
Share
* 0
* 0
* 0
*
*
Advertisement
Advertisement
TechCrunch Newsletters
[ ] TechCrunch Daily Our top headlines Delivered daily
[ ] TC Week-in-Review Top stories of the week Delivered weekly
[ ] CrunchBase Daily The latest startup funding announcements Delivered
daily
[ ] TC Europe The top European tech stories Delivered weekly
[ ] TC Gadgets Top stories about gadgets Delivered weekly
[ ] TC Mobile & Apps Top stories about apps Delivered weekly
[ ] TC Startups Top stories about startups Delivered weekly
[ ] TC Social Media Top stories about social Delivered weekly
[ ] TC Asia The top Asian tech stories Delivered weekly
[ ] Crunch Network The best from our contributors Delivered weekly
View More
Enter Address ____________________ (BUTTON) Subscribe
Latest Crunch Report
* Facebook Sports Stadium Wants to Be Your New Sports Hub | Crunch
Report
Facebook Sports Stadium Wants to Be Your New Sports Hub | Crunch Report
Watch More Episodes
* surveillance
* encryption
* data retention
* mass surveillance
* Europe
* Popular Posts
Featured Stories
* UK Surveillance Bill A Risk To Data Security And Privacy, Says ICO
Don Baer On Politician's Approach To Technology
VIDEO | 12:03 | Breaking News
* Werner Herzog On His Documentary Lo And Behold, Cockroach Movies
And Moving To Mars
Werner Herzog On His Documentary Lo And Behold, Cockroach Movies And Moving
To Mars
1 hour ago | Matthew Panzarino
* Get Ready For A Smaller iPhone 6s Mini
Get Ready For A Smaller iPhone 6s Mini
4 hours ago | Romain Dillet
* Netflix Makes Good On Promises To Crack Down On VPNs, But Blocks
Are Short-Lived
Netflix Makes Good On Promises To Crack Down On VPNs, But Blocks
Are Short-Lived
5 hours ago | Sarah Perez
* Forthcoming Samsung Galaxy S7 Benchmarks Leak
Forthcoming Samsung Galaxy S7 Benchmarks Leak
11 hours ago | Natasha Lomas
Latest From Europe
* At Davos, Kevin Spacey Predicts That Tech Firms Will Follow Netflix
Into Media
At Davos, Kevin Spacey Predicts That Tech Firms Will Follow Netflix
Into Media
yesterday | Mike Butcher
* MariaDB Raises $9M More, Michael Howard Named New CEO, Monty
Widenius CTO
MariaDB Raises $9M More, Michael Howard Named New CEO, Monty Widenius CTO
yesterday | Ingrid Lunden
* Kickstarter Needs Better Ways To Sanity-Check Complex Hardware
Projects, Says Zano Review
Kickstarter Needs Better Ways To Sanity-Check Complex Hardware Projects, Says
Zano Review
yesterday | Natasha Lomas
* PieSync, The Belgium Startup That Syncs Contacts Across Cloud Apps,
Raises $1.6M
PieSync, The Belgium Startup That Syncs Contacts Across Cloud Apps,
Raises $1.6M
yesterday | Steve O'Hear
Up Next
Original Stitch Raises $1.1 Million To Put The Shirt On Your Back
Posted Jan 12, 2016
CrunchBoard
Job Listings
*
Principal Analyst - Marketing Technology
CarMax
*
Architect - Enterprise Information
CarMax
*
Senior Software Developer - Web Development
CarMax
*
Online Systems Platform Manager
CarMax
*
Team Manager- CRM
CarMax
More from CrunchBoard
Advertisement
TechCrunch
[crunch-network.jpg]
* News
* TCTV
* Events
* CrunchBase
About
* Staff
* Contact Us
* Advertise With Us
* Send Us A Tip
International
* China
* Europe
* Japan
Follow TechCrunch
* Facebook
* Twitter
* Google+
* LinkedIn
* Youtube
* Pinterest
* Tumblr
* Instagram
* StumbleUpon
* Feed
TechCrunch Apps
* iOS
* Android
* Windows 8
Subscribe to TechCrunch Daily
Latest headlines delivered to you daily
[X]
Subscribe to Subscribe to TechCrunch
Daily
Enter Email Address ____________________ (BUTTON) Subscribe
© 2013-2016 AOL Inc. All rights reserved. Aol Tech Privacy Policy About
Our Ads Anti Harassment Policy Terms of Service
Powered by WordPress.com VIP
Fonts by
[b?c1=2&c2=6036210&c3=&c4=&c5=&c6=&c15=&cv=1.3&cj=1]
* TechCrunch (BUTTON)
*
News
+ Startups
+ Mobile
+ Gadgets
+ Enterprise
+ Social
+ Europe
+ Asia
+ Old Crunch Network
+ Unicorn Leaderboard
+ Gift Guides
+ All Galleries
Videos
* Apps
* Breaking News
* Bullish
* Crunch Report
* CES 2016
* All Shows
* All Videos
Events
* Disrupt
* Startup Battlefield
* Crunchies
* Meetups
* International City Events
* Hackathon
* Include
* NFL’s 1ST and Future
* TC Davos 2016
* All Events
CrunchBase
____________________ (BUTTON)
(BUTTON)
Most Popular
Get Ready For A Smaller iPhone 6s Mini
4 hours ago by Romain Dillet
A Day After Launch, “Exploding Kittens” Tops The App Store
1 hour ago by Sarah Perez
Forthcoming Samsung Galaxy S7 Benchmarks Leak
11 hours ago by Natasha Lomas
Netflix Makes Good On Promises To Crack Down On VPNs, But Blocks
Are Short-Lived
5 hours ago by Sarah Perez
Why Cloud Computing Will Shake Up Security
2 hours ago by Tom Gillis
Apple Has A New Apple TV Ad, And It’s All About Apps
1 hour ago by Romain Dillet
SpaceX Tested Its Capsule That Will Send Humans To Space
1 hour ago by Emily Calandrelli
These Are The Most-Watched Vines Of The Year
5 hours ago by Jordan Crook
Google Reportedly Paid Apple $1B In 2014 To Remain Default Search
Engine On iOS
17 hours ago by Jon Russell