<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
     xmlns:content="http://purl.org/rss/1.0/modules/content/"
     xmlns:dc="https://purl.org/dc/elements/1.1/"
     xmlns:dcterms="http://purl.org/dc/terms/"
     xmlns:media="http://search.yahoo.com/mrss/"
     xmlns:atom="http://www.w3.org/2005/Atom"
     xmlns:cf="https://www.futureplc.com/rss/content-flags"
>
    <channel>
                    <atom:link href="https://www.itpro.com/feeds/tag/investigatory-powers-bill" rel="self" type="application/rss+xml" />
                            <title><![CDATA[ Latest from ITPro in Investigatory-powers-bill ]]></title>
                <link>https://www.itpro.com/tag/investigatory-powers-bill</link>
        <description><![CDATA[ All the latest investigatory-powers-bill content from the ITPro team ]]></description>
                                    <lastBuildDate>Thu, 12 Jan 2017 09:20:00 +0000</lastBuildDate>
                            <language>en</language>
                                <item>
                                                            <title><![CDATA[ Liberty hits crowdfunding goal to take on Snooper's Charter ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/it-legislation/27900/liberty-hits-crowdfunding-goal-to-take-on-snoopers-charter</link>
                                                                            <description>
                            <![CDATA[ Campaign group raises £40,000 to finance legal challenge against the government ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">s2MFXk1tWepXw4cbSayA9w</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/xxTGqZySLMnBGSWPUXXBaT-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 12 Jan 2017 09:20:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Clare Hopping ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/xxTGqZySLMnBGSWPUXXBaT-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/xxTGqZySLMnBGSWPUXXBaT-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Civil rights group Liberty has launched a crowdfunding campaign to take on the government's Snooper Charter, saying it's against our basic human rights to be monitored on such a large scale.</p><p>The organisation is seeking to challenge the law in the High Court and is inviting the public to support the action by donating money to the campaign using the CrowdJustice platform. With a month to go before the fund-raising initiative ends, it has already hit its 40,000 target, reaching 40,162 at the time of writing.</p><p>The Snooper's Charter, formally known as the Investigatory Powers Act (IPA), was devised by Theresa May while she was still Home Secretary and will allow the government to access web history and email, text and phone records. Liberty's appeal describes these powers as the ability to "hack computers, phones and tablets on an industrial scale".</p><p>"Last year, this Government exploited fear and distraction to quietly create the most extreme surveillance regime of any democracy in history," Martha Spurrier, director of Liberty, said. "Hundreds of thousands of people have since called for this Act's repeal because they see it for what it is an unprecedented, unjustified assault on our freedom."</p><p>Although the IPA gained Royal Assent in November last year and came into force at the end of December, Liberty is seeking to have it repealed, claiming it's unlawful and puts UK citizens' basic human rights at risk.</p><p>"We hope anybody with an interest in defending our democracy, privacy, press freedom, fair trials, protest rights, free speech and the safety and cybersecurity of everyone in the UK will support this crowdfunded challenge, and make 2017 the year we reclaim our rights," Spurrier added.</p><p>Liberty's campaign comes just a few weeks after the European Court of Justice upheld a legal challenge brought by Conservative MP David Davis and Labour MP Tom Watson, which claimed the Data Retention and Investigatory Powers Act the IPA's predecessor broke the law by indiscriminately collecting and analysing citizens' internet activity and phone records. That case has now reterned to the UK court of appeal.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/government-it-strategy/26806/house-of-lords-hits-out-at-snoopers-charter" data-original-url="/government-it-strategy/26806/house-of-lords-hits-out-at-snoopers-charter">House of Lords hits out at Snooper's Charter</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/it-legislation/27590/investigatory-powers-bill-passes-through-parliament" data-original-url="/it-legislation/27590/investigatory-powers-bill-passes-through-parliament">Investigatory Powers Bill passes through Parliament</a></p></div></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Porn site xHamster protests Snooper's Charter a week too late ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/it-legislation/digital-economy-bill/27756/porn-site-xhamster-protests-snoopers-charter-a-week-too</link>
                                                                            <description>
                            <![CDATA[ xHamster pushes visitors to sign anti-surveillance petition ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">nggrtbonw1k232U4VcedEi</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/gjo9bKyzz24Lxpuh2BtHR8-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 09 Dec 2016 15:30:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Nicole Kobie ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/gjo9bKyzz24Lxpuh2BtHR8-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/gjo9bKyzz24Lxpuh2BtHR8-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Porn site xHamster is appealing to users to sign a petition against theso-called Snooper's Charter,<a href="https://www.itpro.com/security/27657/the-fight-against-the-investigatory-powers-bill-isnt-over-yet" target="_blank" data-original-url="https://www.itpro.com/security/27657/the-fight-against-the-investigatory-powers-bill-isnt-over-yet">the Investigatory Powers Act</a>that will see communications providers forced to keep records of which websites Brits visit - something viewers of adult content may prefer their ISPs not to track.</p><p>The pop-up message comes a little late, however. The <a href="https://www.itpro.com/it-legislation/27590/investigatory-powers-bill-passes-through-parliament" target="_blank" data-original-url="https://www.itpro.com/it-legislation/27590/investigatory-powers-bill-passes-through-parliament">Investigatory Powers Bill has already been signed into law</a>, gaining Royal Assent on 29 November, and the petition itself long ago topped the <a href="https://petition.parliament.uk/petitions/173199" target="_blank">100,000 mark that triggers a response from the government</a>.</p><p>That response was a refusal for another debate on the issue, pointing out that "the Investigatory Powers Bill was debated on many occasions in Parliament before it became law".</p><p>A more detailed response claims that the Snooper's Charter was "subject to unprecedented scrutiny" and brings in necessary powers for security services, and includes privacy protections - a fact digital rights campaigners dispute.</p><p>"The IP Bill was debated and passed while the public, media and politicians were preoccupied by Brexit," Open Rights Group executive director Jim Killock told <em>IT Pro</em>when the <a href="https://www.itpro.com/it-legislation/27661/investigatory-powers-bill-petition-forces-debate" target="_blank" data-original-url="https://www.itpro.com/it-legislation/27661/investigatory-powers-bill-petition-forces-debate">100,000 signature mark was passed last month</a>.</p><p>If you still want to sign the epetition - without visiting the adult site - you <a href="https://petition.parliament.uk/petitions/173199" target="_blank">can do so here</a>.</p><p>While xHamster's political posturing may be misspent in this instance, there's another target it can aim for: the Digital Economy Bill and its requirement that pornographic sites run age verification checks <a href="https://www.itpro.com/business/policy-and-legislation" target="_blank" data-original-url="https://www.itpro.com/it-legislation/27683/digital-economy-bill-moves-to-the-house-of-lords">or risk being blocked across UK networks</a>. That will mean adult sites know the real identity of those visiting it, a honey pot which may well attract hackers looking for blackmail material similar to <a href="https://www.itpro.com/data-leakage/25003/ashley-madison-hack-steals-37-million-cheaters-details" target="_blank" data-original-url="https://www.itpro.com/data-leakage/25003/ashley-madison-hack-steals-37-million-cheaters-details">the Ashley Madison affair</a>.</p><p>The Digital Economy Bill has been waved through the House of Commons without argument from Labour, but now faces the House of Lords, which has previously raised concerns about it. The second reading in the House of Lords is 13 December, one of the last chances for digital campaigners and affected sites such as xHamster to attempt to stop it becoming law or force the government to build in safeguards.</p><p>Following the second reading, there will be a report and consideration of amendments, before it's signed into law via Royal Assent, expected to happen early next year.</p><p>A petition against <a href="https://petition.parliament.uk/petitions/174544" target="_blank">age verification on the government website has just 22 signatures so far</a>, though the anti-porn rules have <a href="http://metro.co.uk/2016/10/18/lingerie-clad-activists-want-you-to-know-about-a-law-that-will-change-the-way-you-watch-porn-6199990" target="_blank">already sparked protests</a>.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/it-legislation/26034/investigatory-powers-will-cost-uk-1-billion" data-original-url="/it-legislation/26034/investigatory-powers-will-cost-uk-1-billion">Investigatory Powers 'will cost UK £1 billion'</a></p></div></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Investigatory Powers Bill passes through Parliament ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/it-legislation/27590/investigatory-powers-bill-passes-through-parliament</link>
                                                                            <description>
                            <![CDATA[ Now only Royal Assent is required to enshrine Snooper's Charter in UK law ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">9ydH4DYJqrov8sCwhPpcjG</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/YwfxxkWEFLKg9Y2pADXqmY-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 17 Nov 2016 13:21:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Joe Curtis ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/YwfxxkWEFLKg9Y2pADXqmY-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/YwfxxkWEFLKg9Y2pADXqmY-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The Investigatory Powers Bill is on track to becoming UK law after being approved by the House of Lords yesterday, despite facing strong opposition.</p><p>The controversial bill, also known as the Snooper's Charter, has now been passed by both houses of Parliament, and is expected to receive Royal Assent before the end of 2016.</p><p>It will force internet service providers (ISPs) to store people's web history data (known as Internet Connection Records, a list of websites you visit, but not the individual webpages you click on) for up to a year.</p><p>Spy agencies will also be granted the power to collect bulk personal datasets, including information of people not suspected of any criminal activity. They will also be permitted to undertake large scale hacking operations, though they must first obtain a warrant from the secretary of state.</p><p>It is set to become law before the end of the year, in order to replace the expiring Data Retention and Investigatory Powers Act (DRIPA), which came into force in 2014.</p><p><a href="https://www.itpro.com/data-protection/24998/high-court-rules-dripa-is-unlawful" target="_blank" data-original-url="https://www.itpro.com/data-protection/24998/high-court-rules-dripa-is-unlawful">DRIPA was ruled unlawful by the High Court last October</a>, which said it was incompatible with the European Human Rights Act, but the European Court of Justice subsequently issued guidance contradicting this.</p><p>While MPs and Lords have passed the Investigatory Powers Bill, privacy campaigners have railed against the would-be legislation.</p><p>Open Rights Group executive director Jim Killock said: "The IP Bill will put into statute the powers and capabilities revealed by Snowden as well as increasing surveillance by the police and other government departments. There will continue to be a lack of privacy protections for international data sharing arrangements with the US. Parliament has also failed to address the implications of the technical integration of GCHQ and the NSA.</p><p>"While parliamentarians have failed to limit these powers, the courts may succeed. A ruling by the Court of Justice of the European Union, expected next year, may mean that parts of the bill are unlawful and need to be amended."</p><p>Julian Huppert, the former Liberal Democrat MP for Cambridge, added: "Soon, a record will be kept of every website you ever go to. That should worry you."</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr"><a href="https://twitter.com/cantworkitout/status/798934011951325184"></a></p></blockquote><div class="see-more__filter"></div></div><p>Privacy action group Liberty, meanwhile, appeared to threaten court action.</p><p>Policy director Bella Sankey said: "The passage of the Snooper's Charter through Parliament is a sad day for British liberty. Under the guise of counter-terrorism, the state has achieved totalitarian-style surveillance powers the most intrusive system of any democracy in human history. It has the ability to indiscriminately hack, intercept, record, and monitor the communications and internet use of the entire population.</p><p>"Liberty has fought tooth and nail against this terrifying legislation, but the paucity of political opposition has been devastating. The fight does not end here. Our message to Government: see you in court."</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/public-sector/27017/brits-fear-snoopers-charter-powers-that-already-exist" data-original-url="/public-sector/27017/brits-fear-snoopers-charter-powers-that-already-exist">Brits fear Snooper's Charter powers that already exist</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/data-protection/26696/444-mps-push-investigatory-powers-bill-forward-into-house-of-lords" data-original-url="/data-protection/26696/444-mps-push-investigatory-powers-bill-forward-into-house-of-lords">444 MPs push Investigatory Powers Bill forward into House of Lords</a></p></div></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ GCHQ, MI5 and MI6 "unlawfully" collected data for over a decade ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/data-protection/27419/gchq-mi5-and-mi6-unlawfully-collected-data-for-over-a-decade</link>
                                                                            <description>
                            <![CDATA[ Tribunal rules GCHQ, MI5 and MI6 surveillance breached Article 8 of the ECHR ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">9pqLqQFvRR1Nj3CTxrG414</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/aCdmb3mYgH4i2NhTufZv5Z-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 17 Oct 2016 15:57:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dale Walker ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/YhUVp3rWtcZPM5XznPeTmX.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/aCdmb3mYgH4i2NhTufZv5Z-1280-80.jpg">
                                                            <media:credit><![CDATA[Ministry of Defence]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[An aerial shot of the GCHQ building]]></media:description>                                                            <media:text><![CDATA[An aerial shot of the GCHQ building]]></media:text>
                                <media:title type="plain"><![CDATA[An aerial shot of the GCHQ building]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/aCdmb3mYgH4i2NhTufZv5Z-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>UK spy agencies broke privacy rules and illegally collected data on UK citizens for over a decade without appropriate safeguards, according to a landmark ruling by the Investigatory Powers Tribunal (IBT) released today.</p><p>Complaints were brought forward in July by human rights organisation <a href="https://medium.com/privacy-international/press-release-new-court-judgment-finds-uk-surveillance-agencies-collected-everyones-e3f037a0b901#.khexdgay4" target="_blank">Privacy International</a>, claiming that GCHQ, MI5 and MI6 had breached Article 8 of the European Convention on Human Rights (ECHR).</p><p>The IBT <a href="http://www.ipt-uk.com/judgments.asp" target="_blank">ruling</a> today found that the three agencies (SIAs) had unlawfully collected communications data between 1998 and 2015. This data contains the "who, when, where and how", including telephone, internet, mobile communications and location information.</p><p>It also ruled that collections of "bulk personal data", such as "considerable volumes of biographical details, commercial and financial activities, and communications and travel", were unlawfully obtained between 2003 and 2015.</p><p>Official legislation on how to lawfully collect personal data came into force in February 2015 under the SIA Bulk Personal Data Policy. Before this however, the tribunal found that the absence of safeguards breached Article 8, making personal data collection "unlawful".</p><p>Article 8 of the ECHR guarantees the right to respect for a person's "private and family life, his home, and his correspondence" and that any attempts to breach this right should be "in accordance with law".</p><p>Security concerns were raised by the tribunal, including the discovery of an internal memo warning staff to not use the vast data systems to search for "other members of staff, neighbours, friends, acquaintances, family members and public figures".</p><p>Given the secretive nature of the data collection, it seems "difficult to conclude that the use of bulk communication data collection was foreseeable by the public when it was not explained to Parliament", according to the IBT.</p><p>GCHQ, MI6 and MI6 argued that the use of such powers is "lawful and essential for the protection of national security".</p><p>The tribunal has stated that following the additional oversight implemented in February, personal data collection is now lawfully carried out in the UK.</p><p>However Privacy International believes safeguards are still inadequate, with a spokesperson responding to the ruling by saying: "There is no requirement for judicial or independent authorization. Supervision by a member of the executive (ie a government minister) does not provide the necessary guarantees that surveillance operations that could impact on millions of people are necessary and proportionate."</p><p>Legal representative for Privacy International, Mark Scott of Bhatt Murphy solicitors, said: "This judgment confirms that for over a decade UK security services unlawfully concealed both the extent of their surveillance capabilities and that innocent people across the country have been spied on."</p><p>In response to the ruling, the Home Office stated it is "committed" to providing greater transparency and stronger safeguards.</p><p>"We are pleased the tribunal has confirmed the current lawfulness of the existing bulk communications data and bulk personal dataset regimes," said a Home Office spokesperson to the <em>BBC</em>.</p><p>The House of Lords is currently debating the final details of the Investigatory Powers Bill, aka the Snooper's Charter, which aims to create a legal framework for mass digital surveillance. This was spurred on by the Edward Snowden leaks in 2013, showing the extent of surveillance in the UK.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/government-it-strategy/25907/gchq-voip-software-can-be-used-to-eavesdrop" data-original-url="/government-it-strategy/25907/gchq-voip-software-can-be-used-to-eavesdrop">GCHQ VoIP software can be used to eavesdrop</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/26999/high-profile-individuals-targeted-by-uk-security-services" data-original-url="/security/26999/high-profile-individuals-targeted-by-uk-security-services">“High-profile” individuals targeted by UK security services</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/data-protection/26696/444-mps-push-investigatory-powers-bill-forward-into-house-of-lords" data-original-url="/data-protection/26696/444-mps-push-investigatory-powers-bill-forward-into-house-of-lords">444 MPs push Investigatory Powers Bill forward into House of Lords</a></p></div></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Brits fear Snooper's Charter powers that already exist ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/public-sector/27017/brits-fear-snoopers-charter-powers-that-already-exist</link>
                                                                            <description>
                            <![CDATA[ General public unaware of existing police powers to spy on the public ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">qWxStVrpXfMzL44ZwNRfhJ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/nmdNgk7qfudGfqRXXnsdZW-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 29 Jul 2016 13:55:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/nmdNgk7qfudGfqRXXnsdZW-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/nmdNgk7qfudGfqRXXnsdZW-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The British public does not trust the government to look after its data, and is scared the so-called Snooper's Charter will allow the police to secretly access people's computers - even though such powers already exist.</p><p>Security firm Venafi found that 69 per cent of UK citizens think the government already abuses its powers to access data on citizens, while 76 per cent are concerned the Snooper's Charter - formally known as the Investigatory Powers Bill - will increase its powers to gain access to the contents of private digital communications, such as emails and text messages.</p><p>Additionally, 70 per cent believe that powers such as those contained in the Snooper's Charter would be abused if they came into force, and the same percentage is against the government being allowed to force technology companies to put their customers' data at risk by creating encryption backdoors.</p><p>Despite this high level of mistrust, the majority of respondents (69 per cent) felt that they are better off in the UK than the US in terms of law enforcement's ability to access citizens' data.</p><p>However, this trust may be misplaced.</p><p>Under the existing UK legislation, the Regulation of Investigatory Powers Act 2000 (RIPA), law enforcement can already compel individuals, including the heads of companies that hold data on individuals, to hand over data without first having to get a warrant from a judge.</p><p>They can also isolate these people, preventing them from communicating with anyone except their solicitor. In the case of a CEO, this would include preventing them from communicating with their fellow board members.</p><p>These powers are far in excess of what US law enforcement is able to do - in <a href="https://www.itpro.com/public-sector/26057/apple-vs-fbi-nsa-reveals-why-it-couldnt-hack-san-bernardino-iphone" target="_blank" data-original-url="https://www.itpro.com/public-sector/26057/apple-vs-fbi-nsa-reveals-why-it-couldnt-hack-san-bernardino-iphone">the recent case of the San Bernardino iPhone</a>, Apple CEO Tim Cook would have been prevented from making any public statements on the demands of the FBI, or would have faced three years in jail had he done so.</p><p>Despite this, 80 per cent of respondents to the Venafi survey had never heard of RIPA and were unaware of the powers it contains.</p><p>Kevin Bocek, VP of security strategy for Venafi, said: "Governments all over the world already have the power to do what the FBI could only ask a judge to do against Apple ... especially in the UK."</p><p>"RIPA has huge implications for UK businesses and the multi-nationals that operate here; particularly individuals in more senior positions within those organisations," he added. "There is no option to hide behind the corporate veil, it is the individual that is charged, not the company, and the individual that needs to make the difficult choice between protecting customer data or their personal freedom. Most citizens have no idea these powers even exist. This is a worrying state of affairs. Our freedoms and rights are slowly being eroded: government is gaining powers to hijack the Internet."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Investigatory Powers: Expect less scrutiny now Theresa May is Prime Minister ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/public-sector/26936/investigatory-powers-expect-less-scrutiny-now-theresa-may-is-prime-minister</link>
                                                                            <description>
                            <![CDATA[ Experts predict Theresa May's rise to PM will give the Snooper's Charter an easier ride ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">63422cHMHG2dkesarPENJa</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/zv6gJJCikkHSn82qsd2n3B-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 15 Jul 2016 13:33:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Public Sector]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Rene Millman ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/vwWuTPNRCuw9vEaWzuXYnR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/zv6gJJCikkHSn82qsd2n3B-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/zv6gJJCikkHSn82qsd2n3B-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>With Theresa May becoming Prime Minister, the Investigatory Powers Bill (IP Bill), which she championed as Home Secretary, raises serious questions as it heads to becoming law.</p><p>The controversial plan to put surveillance on a stronger legal footing would compel internet service providers to store people's web browsing histories for up to one year, and force software providers to build backdoors into encryption.</p><p>The so-called 'Snooper's Charter' may be under the aegis of new Home Secretary Amber Rudd, <a href="https://www.itpro.com/it-legislation/26932/investigatory-powers-bill-s-security-backdoors-won-t-make-iphone-illegal" target="_blank" data-original-url="https://www.itpro.com/it-legislation/26932/investigatory-powers-bill-s-security-backdoors-won-t-make-iphone-illegal">but plans have changed little</a>, and with an opposition in disarray, look unlikely to be questioned as much as it should.</p><p>"Theresa May is the poster girl for UK surveillance and she will no doubt continue this approach as Prime Minister," says Brian Spector, CEO at online identity firm Miracl. "When it comes to the IP Bill, we can only hope that the peers and lawyers who have final review can scupper its passage through Parliament with more scrutiny and conviction than our MPs did back in March [<a href="https://www.itpro.com/data-protection/26696/444-mps-push-investigatory-powers-bill-forward-into-house-of-lords" target="_blank" data-original-url="https://www.itpro.com/data-protection/26696/444-mps-push-investigatory-powers-bill-forward-into-house-of-lords">when 444 MPs voted it through the House of Commons</a>]."</p><p>He says that given that most people now place all their personal data online, the IP bill would grant enormous surveillance capabilities to the government.</p><p>"If the legislation proceeds, it could undermine trust in the internet as a whole, from service providers, to device manufacturers, to the apps we use as part of our everyday lives," he adds.</p><p>Serious implications</p><p>There are also serious implications, warns Spector. "Under the proposals, [companies] would be legally bound to help UK police and security services access an individual's device. What's more, the current wording of the bill means that any software made by a British company could soon be perceived to be facilitating government spying on its customer's data."</p><p>This would have enormous repercussions by making it much harder for British technology and information security companies to compete globally, according to Spector.</p><p>Dave Levy, associate partner at IT advisory group Citihub Consulting, tells <em>IT Pro</em> that MPs were unlikely to give the bill the proper scrutiny it needs.</p><p>"I don't think the change in Prime Minister will make much difference except that May is the ex-Home Secretary and will have a much finer and more accurate judgement about the feasibility and political cost of getting the bill through," he says.</p><p>"Also, it's gone through the Commons and so it will only require to be considered again if the Lords make amendments, which given the majority it had in the Commons on the third reading because Labour supported it, I think it's unlikely."</p><p>One worrying aspect, much underestimated, is that the IP Bill proposes giving the intelligence services immunity from criminal liability for actions such as hacking that would be illegal if conducted by others, he points out.</p><p>"This throws up a civil liberties issue. Possibly, it will make IT security research harder to perform within the law. If so, researchers will move to a more conducive regulatory jurisdiction," says Levy.</p><p>Encryption issues</p><p>Jake Madders, director at managed cloud hosting company Hyve, believes the policies around data protection and encryption present particular challenges.</p><p>"Cybersecurity and data protection are core considerations for a huge range of digital businesses, with encryption of data being among the most pertinent," he says. "Removing encryption could mean that tech companies become an even bigger target for hackers. Organisations like ours adhere to the governance provided by the Data Protection Act, ISO 27001, PCI DSS standard, and via the government accreditation, G-Cloud, among others. This would all have to be reconsidered if the 'back door' to encryption the bill seeks was to appear."</p><p>Jacob Ginsberg, senior director at email encryption firm Echoworx, says that the bill undermines the fundamental right to privacy.</p><p>"There is a severe lack of clarity around encryption backdoors and bulk data collection in the bill, which will have far-reaching ramifications," he says. "Businesses need to be reassured that backdoors will not be built into encryption solutions.</p><p>"If this is not clearly defined, cloud and hosting companies will simply move their data to jurisdictions that the bill cannot influence. This could destroy the UK's data storage market, driving out over 10 billion worth of business."</p><p>Ginsberg adds that the speed at which the bill was rushed through parliament, and now through the House of Lords, undermines all of these concerns. "With Theresa May's recent appointment, further scrutiny and changes are extremely unlikely."</p><p>Handing our data to cybercriminals</p><p>Valuing anti-terrorism above encryption does not mean the government is making our data more susceptible to hacking, according to Jonathan Parker-Bray, CEO and founder of encryption app Pryvate.</p><p>"Business interests are quite selfish in this regard and will ensure that they have sufficient levels of protection in place for their customers to protect them from cyber attacks," he says.</p><p>The culpability in a breach falls on the company, not with the government, he adds, saying this means that companies have lots of incentive to defend their users from attacks or risk losing business.</p><p>"Whilst the government wishes to create a situation where data can be requested from companies with a warrant, the fact is that in many cases this won't be possible, and any attempt to weaken encryption will receive massive pushback from businesses throughout the country and their international partners," he says.</p><p>What next?</p><p>The issue of Brexit has grabbed most of the government's time now and for the foreseeable future. Lee Munson, security researcher at Comparitech.com, says he suspects that the IP Bill may not be quite as high on the agenda as it otherwise would have been.</p><p>"It may also no longer be a legacy the new PM wishes to associate with she has, after all, quickly demonstrated how she wishes to separate herself from the Cameronista policies of yesterday," he points out.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Investigatory Powers bill’s security backdoors ‘won’t make iPhone illegal’ ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/it-legislation/26932/investigatory-powers-bill-s-security-backdoors-won-t-make-iphone-illegal</link>
                                                                            <description>
                            <![CDATA[ Encryption backdoors survive proposed House of Lords amendments ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">GPVRjWoAJX3YNn2DiUvpk</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/vKHvgCVvtBkcQbBmPFkkyL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 15 Jul 2016 10:01:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Joe Curtis ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/vKHvgCVvtBkcQbBmPFkkyL-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Image of the UK houses of parliament]]></media:description>                                                            <media:text><![CDATA[Image of the UK houses of parliament]]></media:text>
                                <media:title type="plain"><![CDATA[Image of the UK houses of parliament]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/vKHvgCVvtBkcQbBmPFkkyL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Accessing people's data via security backdoors will form a key part of the Investigatory Powers Bill, despite arguments it could make the new iPhone illegal, it emerged in Parliament this week.</p><p>The government's deputy leader in the House of Lords, Earl Howe, was adamant the bill must require telecoms companies to break or remove their own encryption to give government agencies access to people's personal data.</p><p>Debating the bill, he said: "If we do not provide for access to encrypted communications when it is necessary and proportionate to do so, we must simply accept that there can be areas online beyond the reach of the law, where criminals can go about their business unimpeded and without the risk of detection."</p><p>Howe added: "Enforcement and the intelligence agencies must retain the ability to require telecommunications operators to remove encryption in limited circumstancessubject to strong controls and safeguardsto address the increasing technical sophistication of those who would seek to do us harm."</p><p>He was defending the backdoor element of the bill from proposed amendments 92, 102 and 103, which would have removed this section of the legislation.</p><p>"They are an [sic] irresponsible proposals, which would remove the government's ability to give a technical capability notice to telecommunications operators requiring them to remove encryption from the communications of criminals, terrorists and foreign spies," Howe said.</p><p>However, one proponent of the amendments, the Liberal Democrats' Lord Paul Strasburger, suggested the Investigatory Powers' backdoors are incompatible with IT companies' use of end-to-end encryption.</p><p>"The implication of what he is saying is that no one may develop end-to-end encryption," he said. </p><p>"He seems to be implying that providers can use only encryption which can be broken and therefore cannot be end to end, so the next version of the Apple iPhone would, in theory, become illegal."</p><p>Howe denied this, instead insisting that "there will be circumstances where it is reasonably practicable for a company to build in a facility to de-encrypt the contents of communication".</p><p>None of the above amendments were made to the bill. Its passage through Parliament continues with debate in the House of Lords, after <a href="https://www.itpro.com/data-protection/26696/444-mps-push-investigatory-powers-bill-forward-into-house-of-lords" data-original-url="https://www.itpro.com/data-protection/26696/444-mps-push-investigatory-powers-bill-forward-into-house-of-lords">the House of Commons voted it through with 444 MPs in favour</a>.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Police suffer 2,315 data breaches in five years ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/data-leakage/26853/police-suffer-2315-data-breaches-in-five-years</link>
                                                                            <description>
                            <![CDATA[ Big Brother Watch argues police cannot be trusted with more personal data ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">pyDaCL8jEPw2b6X27v9hpJ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/c2i2QxZxdxqBVNnKMxE8LS-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 05 Jul 2016 10:44:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Joe Curtis ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/c2i2QxZxdxqBVNnKMxE8LS-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Police]]></media:description>                                                            <media:text><![CDATA[Police]]></media:text>
                                <media:title type="plain"><![CDATA[Police]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/c2i2QxZxdxqBVNnKMxE8LS-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Police have suffered 2,315 data breaches in the last five years, Big Brother Watch revealed today, leading it to question whether forces can be trusted to look after increasing amounts of people's personal data.</p><p>The privacy campaign group's <a href="https://www.bigbrotherwatch.org.uk/wp-content/uploads/2016/07/Safe-in-Police-Hands.pdf" target="_blank"><em>Safe in Police Hands?</em></a> report details UK police force data breaches from June 2011 to December 2015, sourced from Freedom of Information requests.</p><p>More than 800 members of police staff accessed people's personal information "without a policing purpose", adding that data was "inappropriately shared" with third parties 877 times.</p><p>However, police took no disciplinary action in 55 per cent of all breaches, Big Brother Watch found, and just 11 per cent ended in a verbal or written warning.</p><p>The data led Big Brother Watch to question whether police should have access to people's Internet Connection Records (ICRs), records of websites people visit, <a href="https://www.itpro.com/government-it-strategy/26806/house-of-lords-hits-out-at-snoopers-charter" target="_blank" data-original-url="https://www.itpro.com/government-it-strategy/26806/house-of-lords-hits-out-at-snoopers-charter">as proposed by the Investigatory Powers Bill</a>.</p><p>Internet service providers would have to hold onto people's ICRs for up to a year, and decrypt it if law enforcement agencies request it.</p><p>But Big Brother Watch argued the ICR proposal should be removed from the bill, writing: "Police forces are already struggling to keep the personal information they can access secure. It is clear that the addition of yet more data may just lead to the risk of a data breach or of misuse."</p><p>The report added: "The power to collect, store and for the police to subsequently seek a warrant to access our online activity would create another vulnerability to our personal data and personal lives. The failure of the Government to demonstrate the need for the power means that there are no tangible benefits to set against the negative impact the power would have on our privacy."</p><p>Other recommendations made by the organisation included criminal records for those responsible for serious breaches, as well as the introduction of prison sentences, saying that existing penalties are not strong deterrants.</p><p>Police should also notify people whose data is leaked within 90 days of the breach being investigated, said Big Brother Watch.</p><p>West Midlands police force suffered by far the highest number of data breaches, at 488, with the next nearest being Surrey Police with 202.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ House of Lords hits out at Snooper's Charter ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/government-it-strategy/26806/house-of-lords-hits-out-at-snoopers-charter</link>
                                                                            <description>
                            <![CDATA[ Privacy and practicality worries could give the IP Bill a rough ride through the upper house ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">41UdTwCb1FdLCMTcDKhH2u</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Sf28yd9wKrzpojuifa6hAB-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 28 Jun 2016 09:58:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Public Sector]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Sf28yd9wKrzpojuifa6hAB-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Houses of Parliament]]></media:description>                                                            <media:text><![CDATA[Houses of Parliament]]></media:text>
                                <media:title type="plain"><![CDATA[Houses of Parliament]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Sf28yd9wKrzpojuifa6hAB-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Members of the House of Lords have raised concerns about the content of the Investigatory powers Bill, known also as the Snooper's Charter, which started being debated in the House yesterday.</p><p>Particular concerns have been raised around the protections for journalists and their sources, as well as the privacy of the general public.</p><p><a href="http://www.pressgazette.co.uk/fight-to-secure-better-source-safeguards-in-snoopers-charter-bill-moves-to-house-of-lords-this-is-about-protecting-the-public" target="_blank"><em>Press Gazette</em></a> reports that Lords Rosser and Strasburger spoke out against the bill's current wording.</p><p>Lord Rosser said: "We have already secured amendments to the bill providing that judicial commissioners, when considering a warrant, must give weight to the overriding public interest in a warrant being granted for the use of investigatory powers against journalist ... however, there are still matters outstanding on this point, including the extent to which the bill does or does not provide for the same level of protection for journalists as is currently the case under the Police and Criminal Evidence Act."</p><p>"There is also the question of the definition of who is and who is not a journalist now that we are in the digital world," he added. "This is not about preserving the special status of individuals who work in journalism or the legal profession, or indeed as parliamentarians, but about protecting the public and their ability to raise issues through these channels on a secure and confidential basis."</p><p>Lord Strasberger, meanwhile, said: "There needs to be much better protection in the Bill, as we have already heard, for privileged communications such as those between lawyers and their clients, journalists and their sources and MPs and their constituents."</p><p>He added that the provision for the indiscriminate bulk collection of data from internet users is "highly intrusive, difficult and expensive to implement".</p><p>He also pointed out that reviews of such policies in Denmark and the USA have revealed they had no significant impact on detecting and preventing crime. The former country therefore abandoned the practice in 2014, although the latter has not formally undertaken any such measures yet.</p><p>Lord Paddick sounded a similar note, with both him and Strasberger pointing out that the security services, who are supposed to benefit from this clause, had not actually asked for it.</p><p>Strasberger also hit out at the continued threat to encryption contained in the Bill, saying that it needs to be removed in its entirety, for both security and democratic reasons.</p><p>"Strong encryption, as the Government have recognised in this House, is vital to our personal security and the integrity of our finance and commerce sectors. If [the bill] were enacted unchanged, innocent UK citizens would not be far behind their North Korean and Chinese counterparts in a contest to be the most spied-on population in the world. The powers in the Bill are very broad and very intrusive--more so than in any of our democratic allies."</p><p>Although the House of Commons <a href="http://www.pressgazette.co.uk/fight-to-secure-better-source-safeguards-in-snoopers-charter-bill-moves-to-house-of-lords-this-is-about-protecting-the-public" target="_blank">has voted to pass</a> the IP Bill, the Lords could defeat it, particularly as there is a Conservative minority in the house.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Privacy International challenges Snooper's Charter blanket hacking warrants in High Court ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/it-legislation/26505/privacy-international-challenges-snoopers-charter-blanket-hacking-warrants-in</link>
                                                                            <description>
                            <![CDATA[ Campaign group files for judicial review of Investigatory Powers Bill's cornerstone policy ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">jSnEFKBdy2wfB4wGnNyhjp</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/EBJ5KbtbbaQH8TEPyhRcha-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 10 May 2016 09:27:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/EBJ5KbtbbaQH8TEPyhRcha-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Statue of a woman holding the scales of justice]]></media:description>                                                            <media:text><![CDATA[Statue of a woman holding the scales of justice]]></media:text>
                                <media:title type="plain"><![CDATA[Statue of a woman holding the scales of justice]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/EBJ5KbtbbaQH8TEPyhRcha-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Privacy International has appealed to the High Court to strike down a key part of the Investigatory Powers Bill that allows the government to issue blanket hacking warrants to GCHQ.</p><p>The so-called "thematic warrants" contained in the so-called Snooper's Charter allow the spy agency to hack into the computers and phones of people both inside and outside the UK.</p><p>Unlike normal warrants, they do not require a single target to be named and can instead be used to cover an entire class of unnamed property or persons, such as "all mobile phones in Nottingham" in the example given by the campaign group.</p><p>Privacy International initially raised a complaint about these general warrants in 2014, when it took its case to the Investigatory Powers Tribunal (IPT), which oversees agencies including GCHQ.</p><p>The campaign group had argued that such blanket warrants have no basis in UK law and also violate Articles 8 and 10 of the European Convention on Human Rights (ECHR) - the rights to privacy and freedon of speech. However, the IPT ruled in favour of the government in February this year.</p><p>Consequently, the organisation has taken its case to the High Court, seeking to overturn the IPT's ruling. As well as its claims that thematic warrants violate the ECHR, the group is also claiming that it undermines 250 years of English common law, which it claimed "has long rejected general warrants".</p><p>"The IPT's decision grants the government carte blanche to hack hundreds or thousands of people's computers and phones with a single warrant," said Privacy International's legal officer, Scarlet Kim. "General warrants permit GCHQ to target an entire class of persons or property without proving to a judge that each person affected is suspected of a crime or a threat to national security."</p><p>"By sanctioning this power, the IPT has upended 250 years of common law that makes clear such warrants are unlawful. Combined with the power to hack, these warrants represent an extraordinary expansion of state surveillance capabilities with alarming consequences for the security of our devices and the internet," Kim added.</p><p>Saying that these thematic warrants are a keystone of the Snooper's Charter, Privacy International claimed the entire bill could be called into question should it win its case in the High Court.</p><p>The group is not the only body to express concern over the inclusion of the warrants in the IP Bill. In February, <a href="https://www.itpro.com/public-sector/26015/snooper-s-charter-fails-to-protect-privacy-warn-mps" target="_blank" data-original-url="https://www.itpro.com/public-sector/26015/snooper-s-charter-fails-to-protect-privacy-warn-mps">the Intelligence and Security Committee (ISC) recommended "substantive amendments"</a> to the wording of the bill, adding that it was unconvinced by some of the legal frameworks for its implementation, including various hacking warrants.</p><p>The lawfulness of bulk data collection under DRIPA - the emergency stop-gap regulation the government hopes will be replaced by the Investigatory Powers Bill - has also been challenged by MPs Tom Watson and David Davis, with <a href="https://www.itpro.com/public-sector/26269/home-office-faces-eu-court-battle-over-snooper-s-charter" target="_blank" data-original-url="https://www.itpro.com/public-sector/26269/home-office-faces-eu-court-battle-over-snooper-s-charter">the case currently progressing through the European Court of Justice (ECJ)</a>.</p><p>If DRIPA is found to break the rights to private and family life as defined in the Charter of Fundamental Rights of the European Union, it could scupper many of the plans laid out in the Snooper's Charter as well.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Campaigners reveal government's secret spying regime ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/government-it-strategy/26403/campaigners-reveal-governments-secret-spying-regime</link>
                                                                            <description>
                            <![CDATA[ Intelligence services have had access to people's health, financial and communication data for 15 years ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">9sPQnNFGYUCn8NBLARH93d</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/zv6gJJCikkHSn82qsd2n3B-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 21 Apr 2016 14:29:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Public Sector]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/zv6gJJCikkHSn82qsd2n3B-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/zv6gJJCikkHSn82qsd2n3B-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The scale of mass data surveillance in the UK is far more sweeping than the government's official proposals currently being considered by Parliament, documents have revealed.</p><p>Security services MI5, MI6 and GCHQ have used Section 94 of the Telecommunications Act 1984 to justify gathering hundreds of millions of records onBritish citizens and other UK residents for the last 15 years, Privacy International found.</p><p>Spy agency analysts can then link together these records using filters such as telephone numbers or other values, the campaign group said, after receiving the documents as it prepares for a tribunal ontheInvestigatory Powers Bill.</p><p>Section 94 has also enabled them to access data outside the protection of the existing Regulation of Investigatory Powers Act (RIPA), and even goes beyond the powers proposed in the Investigatory Powers Bill,the government's proposed legislation that would force internet service providers to collect and hold certain data on people's web browsing histories for up to a year.</p><p>This is because section 94potentially allowed for the collection of medical and biometric data, such as blood type and hair and eye colour, though there is no indication that these kinds of information have been collected.</p><p>The existence of Bulk Personal Datasets (BPDs), as they are called, was first revealed in March 2015 in an Intelligence & Security Committee (ISC) report, however, they have existed for the past 15 years without the knowledge of the public or Parliament.</p><p>Millie Graham Wood, legal officer at Privacy International said: "The information revealed by this disclosure shows the staggering extent to which the intelligence agencies hoover up our data.</p><p>"This can be anything from your private medical records, your correspondence with your doctor or lawyer, even what petitions you have signed, your financial data, and commercial activities."</p><p>"The agencies have been doing this for 15 years in secret and are now quietly trying to put these powers on the statute book for the first time, in the Investigatory Powers Bill," she added.</p><p>Jacob Ginsberg, senior director of encryption software company Echoworx and outspoken opponent of Investigatory Powers, said: "The UK government and its intelligence agencies are watching UK citizens as if they were criminals."</p><p>"The government should not be allowed to circumvent existing laws that have been put in place to protect law-abiding citizens from potentially harmful intrusion. Having the power to sweep someone's phone records, financial data, medical records and internet communications without a warrant during bulk data collection is morally wrong," he added.</p><p>The details of the case and associated documents can be read <a href="https://privacyinternational.org/node/843" target="_blank">here</a>.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Investigatory Powers 'will cost UK £1 billion' ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/it-legislation/26034/investigatory-powers-will-cost-uk-1-billion</link>
                                                                            <description>
                            <![CDATA[ Setting up the Snooper's Charter will dwarf government estimates of £174m, warn campaigners ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">wKUkQ9oCD24PUavoXvYQiT</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/K6eiJDRoxdY3RY4QZkKPW8-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 30 Mar 2016 15:17:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/K6eiJDRoxdY3RY4QZkKPW8-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Ethernet plug with fiber optic wire]]></media:description>                                                            <media:text><![CDATA[Ethernet plug with fiber optic wire]]></media:text>
                                <media:title type="plain"><![CDATA[Ethernet plug with fiber optic wire]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/K6eiJDRoxdY3RY4QZkKPW8-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The Investigatory Powers Bill could end up costing the UK government more than 1 billion, according to campaigners.</p><p>While the Home Office has set aside 174 million over 10 years to reimburse internet service providers required to collect the web browsing histories of all UK citizens, one of the bill's proposals, the Don't Spy On Us coalition said today that the cost will exceed 1 billion.</p><p>Basing its figures on a similar scheme that was recently rejected on cost grounds in Denmark, the coalition scaled up the costs proportionally for the UK.</p><p>The Danish Government decided to scrap the monitoring plans when Enrst & Young confirmed it would cost 105 million to set up the necessary infrastructure to support the scheme.</p><p>With Denmark's population numbering 5.6 million, Don't Spy On Us pegged the costs for the UK's 64 million population at 10 times that figure.</p><p>Director of the campaign group, Eric King, called on the government to get an independent cost analysis, saying: "The government is trying to force internet service providers to collect all of our internet connection records but refuses to listen when they express concerns about the cost and feasibility of their proposals.</p><p>"As in Denmark, the government should commission an independent cost analysis to clarify the true cost of collecting Internet Connection Records (ICRs). There is no evidence that collecting ICRs makes us safer." </p><p>BT Security president Mark Hughes told the Joint Committee of Parliament looking into the Investigatory Powers Bill last December that the 174 million earmarked by the government would only cover BT's costs of creating the infrastructure necessary to comply with the bill, also dubbed the Snooper's Charter.</p><p>Virgin Media believes its owns costs will hit tens of millions of pounds.</p><p>Lord Paddick, Liberal Democrats spokesman on Home Affairs in the House of Lords, said: "Now that we have a professional estimate that it would cost well over 1 billion in set-up costs alone and could be easily circumvented by criminals for just a few pounds a week, apart from anything else, this represents appallingly bad value for money."</p><p>A Home Office spokesman said: ""There are a number of fundamental differences between our Bill and the Danish model, and the independent Joint Committee of Parliament acknowledged this. It is absolutely incorrect to suggest we are implementing the Danish model.</p><p>"We have worked closely with communications service providers (CSPs) to carefully estimate the cost of implementing a system to retain internet connection records. And we will continue to work with CSPs to refine that cost as the Bill progresses. </p><p>"We are determined to implement the legislation in a way that will deliver the maximum operational benefit for the police and law enforcement agencies. Our proposals provide a comprehensive and comprehensible framework for investigatory powers, with robust safeguards and world-leading oversight."</p><p><strong>01/03/2016: Home Office introduces Investigatory Powers bill to Parliament</strong></p><p>The Home Office introduced its controversial <a href="https://www.gov.uk/government/collections/investigatory-powers-bill" target="_blank">Investigatory Powers Bill</a> to Parliament today with a number of amendments, amid fears that it is trying to rush the bill through the House without subjecting it to democratic scrutiny.</p><p>The government claimed the latest version of the bill, also known as the Snooper's Charter, addresses concerns raised by three separate committees, the last of which, the Joint Select Committee, called it "flawed" and recommended 86 amendments.</p><p>"This is vital legislation and we are determined to get it right. Our proposals have been studied in detail by a Joint Committee of both Houses of Parliament established to provide rigorous scrutiny, and two further committees," <a href="http://www.parliament.uk/business/publications/written-questions-answers-statements/written-statement/Commons/2016-03-01/HCWS568" target="_blank">said Home Secretary Theresa May</a>.</p><p>"The revised bill we introduced today reflects the majority of the committees' recommendations we have strengthened safeguards, enhanced privacy protections and bolstered oversight arrangements.</p><p>"Terrorists and criminals are operating online and we need to ensure the police and security services can keep pace with the modern world and continue to protect the British public from the many serious threats we face."</p><p>However, the majority of the amendments do not change the bill itself, rather creating additional oversight for the proposed legislation.</p><p><strong>Key changes include:</strong></p><p>- The security agencies will be required to reapply for equipment interference warrants the power to hack computers and telephones every three days, rather than every five days.</p><p>- UK security and intelligence agencies cannot request foreign agencies to conduct intelligence for the UK government unless they have a warrant from a Secretary of State and judicial commissioner.</p><p>- The government will work with the tech industry to implement the retention of internet connection records (ICRs) by telecoms companies. Six draft statutory codes of practice related to "bulk powers" have also been published alongside the bill.</p><p>- It will allow for ICRs gathered by ISPs to be used in "the pursuit of investigative leads".</p><p>- Companies will be asked to remove encryption they have applied themselves and "where it is practical to do so".</p><p>- Extra protection for journalists' sources</p><p>- The Lord Chief Justice will have the power to inform people who have suffered as a result of the inappropriate use of powers.</p><p>The government claimed that recommendations that were not implemented were turned down because they "would compromise the capabilities of law enforcement and the security and intelligence agencies".</p><p><strong>Reaction</strong></p><p>Following the bill's publication this afternoon, Nigel Hawthorn, European spokesperson for cloud software company Skyhigh Networks, accused the government of risking the wellbeing of British businesses.</p><p>"Using the argument of national security as a battering ram, the government is once again taking an approach that will cause more harm than good for businesses," he said. "Encryption is a key capability that makes business traffic safe from prying eyes, and asking companies to weaken, restrict or introduce backdoors is a sure fire way to ensure that sensitive data will find its way into the wrong hands.</p><p>"Everyone has a right to privacy, but the government is doing its utmost to take that away."</p><p>Antony Walker, deputy CEO of business association TechUK, called for assurances that MPs would have enough time to debate the bill, saying: "The test now is to understand if this bill addresses the very serious concerns that have been laid out by the tech industry and three Parliamentary committees.</p><p>"This is a complex bill, with significance for all of us. Parliamentarians must have time necessary to subject it to the maximum parliamentary scrutiny' the Home Office has promised.</p><p>"As more details emerge, tech companies are urgently seeking to understand what is being asked of them and the implications for their business, their customers and the security of our digital economy."</p><p><strong>29/02/2016:</strong> <strong>Gov 'rushing Investigatory Powers bill through Parliament'</strong></p><p>The government is set to officially introduce the Investigatory Powers bill in Parliament tomorrow, amid claims it is rushing the bill through in order to avoid scrutiny.</p><p>The news comes just two weeks after the Joint Select Committee ripped apart the proposed Snooper's Charter, calling it "flawed" and recommending 86 changes to the legislation.</p><p>Were it passed in its latest form, the bill would require ISPs to hold details on people's web browsing history for up to 12 months, and force companies to build backdoors into their encryption to give spies access to users' data.</p><p>Despite the criticism the bill has received, Home Secretary Theresa May plans to publish it tomorrow, according to the <a href="http://www.independent.co.uk/news/uk/politics/investigatory-powers-bill-theresa-may-accused-of-rushing-snoopers-charter-into-law-to-avoid-scrutiny-a6900566.html"><em>Independent</em></a>.</p><p>A line-by-line debate will then take place on 14 March before the committee scrutinises it on 22 March. A final vote is expected by the end of April.</p><p>However, Tory backbencher David Davis accused the government of rushing the legislation through Parliament, giving MPs little time to properly debate the bill.</p><p>He told the <em>Independent</em>: "When you work it out, it's a 300-page bill so that's something like five seconds to consider each line on second reading.</p><p>"It all keeps with their strategy, which is to rush everything through. They know when they engage with experts they lose. This is the way they will try to get this through on the rush. There's no doubt about it."</p><p>The Joint Select Committee has delivered three damaging reports on the bill, criticising a perceived lack of clarity on key issues including encryption, internet connection records, bulk equipment interference powers and extraterritorial reach.</p><p>Chairman of the committee, Lord Murphy of Torfaen, said earlier this month: "The Home Office has a significant amount of further work to do before Parliament can be confident that the provisions have been fully thought through."</p><p><strong>11/02/2016: "Significant changes" needed in Investigatory Powers Bill</strong></p><p>The Investigatory Powers Bill needs a significant amount of work before it can become law, the Joint Select Committee set up to review the proposed legislation has found.</p><p>In <a href="http://www.publications.parliament.uk/pa/jt201516/jtselect/jtinvpowers/93/9302.htm">its report on the bill</a> he committee has made 86 detailed recommendations to the government for revisions to the bill "aimed at ensuring that the powers within [it] are workable, can be clearly understood by those affected by them and have proper safeguards"</p><p>These include making it clearer in the text of the bill that companies will not be required to install 'backdoors' in their encryption to enable law enforcement automatic access, which had been a major concern amongst technology firms and civil liberties groups alike.</p><p>Other key recommendations include fuller justification of bulk collection of data - an issue that was also raised by the Intelligence and Security Select Committee in its report at the beginning of February - and the need to properly define the Internet Connections Record provision as well as determining if it is, in its current form, actually feasible.</p><p>The Joint Select Committee also said it should be illegal for the UK to ask foreign intelligence agencies, such as the NSA, to undertake intrusion they do not have permission to do.</p><p>ISPs should also be given financial support by the government to safeguard the security of the data they are forced to retain, however, this should not cover 100 per cent of all the costs data storage.</p><p>"There is much to be commended in the draft Bill, but the Home Office has a significant amount of further work to do before Parliament can be confident that the provisions have been fully thought through," said Lord Murphy of Torfaen, the chairman of the Committee.</p><p>"In some important cases, such as the proposal for communications service providers to create and store users' internet connection records, the Committee saw the potential value of the proposal but also that the cost and other practical implications are still being worked out," he added.</p><p>The industry reaction has largely reacted positively to the report and the recommendations contained within it.</p><p>Antony Walker, deputy CEO of industry body techUK said: "We've now had three Parliamentary reports raising serious concerns with this draft Bill. On vital issues like encryption, internet connection records, bulk equipment interference powers and extraterritorial reach all three reports have said that there are still too many aspects that are unclear, poorly defined or just wrong. The Home Office must recognise this and address the fundamental concerns raised by expert witnesses, MPs and Lords."</p><p>"We fully support the concerns and recommendations raised by the Joint Committee in the latest parliamentary report. There is a severe lack of clarity around encryption and bulk data collection in the current proposal," said Jacob Ginsberg, senior director of security firm Echoworx.</p><p>He reiterated <a href="http://www.cloudpro.co.uk/leadership/risks/5761/cloud-firm-plans-to-leave-uk-if-snoopers-charter-is-passed">comments made to <em>Cloud Pro</em></a> earlier in the year that a lack of clarity around backdoors in end-to-end encryption could drive businesses, particularly those involved in storage and the cloud, from the UK, costing the Treasury tens-of-millions of pounds.</p><p>Mike Weston, CEO of data science consultancy Profusion also welcomed the report but ultimately said the government "should tear up the IP Bill and start again, developing new legislation in partnership with the tech industry and privacy bodies" adding that the proposed legislation "is in stark contrast with the approach taken by the EU's new data protection legislation".</p><p>"While imperfect, [the EU legislation: is, at least, a step towards reinforcing data privacy tor European citizens," said Weston. "The Bill is in closer standing with America's approach to data protection, which is extremely worrying."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Home Office faces EU court battle over Snooper’s Charter ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/public-sector/26269/home-office-faces-eu-court-battle-over-snooper-s-charter</link>
                                                                            <description>
                            <![CDATA[ ECJ emergency hearing could shoot down Investigatory Powers Bill ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">jLARq6eVpxiPvuCLbhmY7c</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/o9vpe4waR3GntsjrQnjCn7-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 29 Mar 2016 13:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Public Sector]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/o9vpe4waR3GntsjrQnjCn7-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/o9vpe4waR3GntsjrQnjCn7-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The European Court of Justice (ECJ) is set to scrutinise the UK government's plans for bulk data collection and retention at an emergency hearing on 12 April.</p><p>Its intervention was demanded by the Court of Appeal of England and Wales to <a href="http://curia.europa.eu/juris/document/document.jsf?text=&docid=175038&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=450816" target="_blank">help decide</a>whether existing government spying measures are incompatible withthe Charter of Fundamental Rights of the European Union.</p><p>Depending on the outcome of the hearing, the ECJ could scupper the government's plans to pass the Investigatory Powers Bill into law.</p><p>The Court of Appeal asked the ECJ to examine a casebrought by MPs Tom Watson and David Davis and their co-claimants, Peter Brice and Geoffrey Lewis, against Home Secretary Theresa May'sData Retention and Investigatory Powers Act 2014 (DRIPA).</p><p>DRIPA is a piece of emergency legislation that came into force in July 2014 and expires on 31 December 2016 that governs the interception of electronic communications data.</p><p>Watson, Davis, and their fellow claimants argued that two sections of DRIPA - Section 1 (powers for retention of relevant communications data subject safeguards) and Section 2 (definitions of the terms used in section one) -<a href="https://www.itpro.com/data-protection/24998/high-court-rules-dripa-is-unlawful" target="_blank" data-original-url="https://www.itpro.com/data-protection/24998/high-court-rules-dripa-is-unlawful">were unlawful</a>because they are incompatible with EU Charter articles outlining respect for private and family life and the protection of personal data.</p><p>In mid-2015, the High Court of England and Wales ruled in the claimants' favour.The Home Secretary appealed this decision, which would have seen a time limit for the enforcement of the unlawful sections run out on Thursday of this week.</p><p>The government hopes that the Investigatory Powers Bill, which would compelinternet service providers to keep aspects of people's web browsing histories for 12 months, will replace DRIPA, but if the ECJ upholds the High Court's ruling, it could mean that the Investigatory Powers Bill is also incompatible with people's rights to privacy and data protection.</p><p>The bill <a href="https://www.itpro.com/it-legislation/26034/investigatory-powers-will-cost-uk-1-billion" target="_blank" data-original-url="https://www.itpro.com/it-legislation/26034/investigatory-powers-will-cost-uk-1-billion">is currently making its way through Parliament</a>, under accusations that the government is trying to rush it into law.</p><p>It is now a three-way race to see which will happen first: Investigatory Powers receiving Royal Assent and becoming law, the ECJ issuing its ruling on the DRIPA case, or the EU referendum to decide whether or not the UK remains in the EU.</p><p><em><strong>Read more about the Investigatory Powers Bill and its potential effect on businesses, the tech industry and privacy.</strong></em></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Encryption is a touchy subject for the Home Office ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/26266/encryption-is-a-touchy-subject-for-the-home-office</link>
                                                                            <description>
                            <![CDATA[ Theresa May's Modern Crime Prevention Strategy: strong on rhetoric, light on security measures ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">9QvVot4GHaHTqjmqr5kdHn</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/28cc5pC9jCkXSFbkgD54WP-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 24 Mar 2016 14:43:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Davey Winder ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/qKL6BZiS7oo9Hmyy2yd3WJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/28cc5pC9jCkXSFbkgD54WP-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Magnifying glass inspecting computer code]]></media:description>                                                            <media:text><![CDATA[Magnifying glass inspecting computer code]]></media:text>
                                <media:title type="plain"><![CDATA[Magnifying glass inspecting computer code]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/28cc5pC9jCkXSFbkgD54WP-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The publication of the Modern Crime Prevention Strategy by the Home Office yesterday was meant to make clear how the government will tackle crime. Actually, it just knocked another couple of nails into the privacy coffin.</p><p>You can read the whole depressing thing <a href="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/509831/6.1770_Modern_Crime_Prevention_Strategy_final_WEB_version.pdf" target="_blank">here</a>, though you can skip to chapter eight, about using data and tech to prevent crime.</p><p>This got off to a bad enough start with the opening paragraph, which read: "Data and technology are not drivers of crime in themselves. Rather, they are tools that are critical to successfully preventing crime."</p><p>Erm, really? So hackers are not driven to access databases in order to profit from the information contained within them then? The fact that we nearly all have mobile devices which unlock our bank accounts, for example, does not drive hackers to develop methods of attacking them?</p><p>Seriously, who wrote this drivel? "Finding and correcting weak spots in online banking systems will make fraud less profitable to organised criminals", they insist. Actually, patching vulnerabilities makes accessing those systems harder but it does not make successful fraud any less profitable.</p><p>The real driver behind the strategic thinking of the government is revealed soon enough in chapter eight though. "We need a culture change in which everyone recognises that, in a more connected society, we all have a part to play in preventing crime", it says.</p><p>Translated from spin to reality that would read: all your data belongs to us'.</p><p>How so? The Home Office is implementing the National Law Enforcement Data Programme, which is collecting all data from the Police National Computer, Police National Database and Automatic Number-Plate Recognition systems and putting it onto a single platform.</p><p>The ANPR datacentre has information on more than 22 billion car journeys, the vast majority of which will have been perfectly legal and not involved in any criminal activity at all, even after the Surveillance Camera Commissioner called into question the legality of collecting data on vehicles not known to be of interest to law enforcement last year.</p><p>It's all part of the predictive policing concept that sits at the heart of the strategy when it comes to the use of technology and data. Data that will be used to map criminal networks, identify trends, patterns and relationships. Remember that if you've done nothing wrong, you have nothing to fear, as you watch Minority Report once more.</p><p>The biggest load of drivel to emerge from chapter eight, however, is probably summed up in the paragraph that insists "members of the public... have a responsibility to follow some basic rules" such as "choosing the more secure products, installing security software on all our devices, downloading software updates (particularly on our smartphones) and using strong passwords".</p><p>No mention of using strong encryption on our smartphones, I note. Nor any mention of the government's desire to build backdoors into such encryption via the <a href="https://www.itpro.com/data-protection/25968/snoopers-charter-could-destroy-customer-trust-in-uk-products" target="_blank" data-original-url="https://www.itpro.com/data-protection/25968/snoopers-charter-could-destroy-customer-trust-in-uk-products">Investigatory Powers Bill</a>, should spies need to access people's data.</p><p>Businesses, the report says, need to "take responsibility for ensuring their products and services don't create opportunities for criminals", which is as clear as very murky mud. So is the next line, which states they must do this "as well as protecting their own networks and making it as easy as possible for customers to avoid unnecessary risks".</p><p>The government fails to elaborate here on what kind of steps businesses should take outside of this vague guidance, steps as simple and necessary as encryption, for example.</p><p>Not that the strategy document ignores encryption altogether. It does recognise that it presents "opportunities for the public to protect their information from cyber criminals, and also for protecting government data, and making public services and communications with citizens secure" all of which is a good thing.</p><p>However, this is immediately followed by the big but: "Encryption also can present challenges, such as when the authorities want access to data that indicates criminal activity. We are monitoring the increasing sophistication of encryption techniques." </p><p>What it doesn't do, of course, is make any mention of the Investigatory Powers Bill and how the exact same government plans to weaken encryption so that actually <a href="https://www.itpro.com/firewalls/25818/investigatory-powers-bill-hackers-could-access-security-backdoors" target="_blank" data-original-url="https://www.itpro.com/firewalls/25818/investigatory-powers-bill-hackers-could-access-security-backdoors">it's of absolutely no use to anyone</a>.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ IPB still not fit for purpose, say tech firms ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/government-it-strategy/26213/ipb-still-not-fit-for-purpose-say-tech-firms</link>
                                                                            <description>
                            <![CDATA[ Companies and trade bodies reiterate their concerns on day of Second Reading ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">6iFjPBbAX5rdat6aMRThao</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Sf28yd9wKrzpojuifa6hAB-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 15 Mar 2016 10:04:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Sf28yd9wKrzpojuifa6hAB-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Houses of Parliament]]></media:description>                                                            <media:text><![CDATA[Houses of Parliament]]></media:text>
                                <media:title type="plain"><![CDATA[Houses of Parliament]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Sf28yd9wKrzpojuifa6hAB-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The tech industry has once again hit out at the UK's Investigatory Powers Bill (IPB), ahead of its Second Reading in the House of Commons today.</p><p>The proposed legislation, <a href="https://www.itpro.com/data-protection/25968/snoopers-charter-could-destroy-customer-trust-in-uk-products" data-original-url="https://www.itpro.com/data-protection/25968/snoopers-charter-could-destroy-customer-trust-in-uk-products">also known as the Snooper's Charter</a>, has come in for heavy criticism from tech companies and civil rights campaigners alike, who have claimed its powers are too broad, it is an invasion of privacy and that what it requires is not technically feasible.</p><p>While the Bill was revised following extensive investigations by two select committees, which heard from numerous witnesses across these groups, many are still unhappy with the current wording.</p><p>John Shaw, VP of product management at Sophos, said that while his company is supportive of the concept of the IPB, he and his colleagues are "disappointed to see that in the revised Investigatory Powers Bill, although the government has made some small improvements, all our fundamental concerns remain".</p><p>Shaw listed these concerns as weak definitions, leading to very broad interpretations of the bill; putting data at risk; the tech credentials of the proposed Judicial Commissioners; a continued potential for backdoors into encryption; and putting UK content service providers at a disadvantage, as the law will only apply to them.</p><p>"We agree it is critical that the government get this bill right. Rushing it through in its current form will be a mistake. We fear the Bill will be rejected, causing even greater delay to getting a proper regulatory framework in place, or even worse it will be passed into legislation. If it does become law, it will undermine both the security and privacy of UK citizens and impact the competitiveness of UK Internet Service Providers," said Shaw.</p><p>ISPA, the trade body representing ISPs in the UK, sounded a similar note of concern.</p><p>Chairman, James Blessing, said: "ISPA supports reform of investigatory powers through a new Bill, but we are a long way from having a Bill that is clear and workable.</p><p>"Government needs to address concerns around its intentions, definitions and costs to enable industry to make a proper assessment of the Bill and help Parliament scrutinise the complex proposals. Getting this right is essential for the UK digital economy and user trust in services."</p><p>ISPA said that, as it stands, the current bill "does not do what the Home Office says it does".</p><p>"On numerous occasions, there is a disconnect between what can be found on the face of the Bill and what the Government says the Bill will be used for. Given that the Bill is highly intrusive, the Government must put all of its intentions for how it plans to use the powers on to the face of the Bill," the organisation said.</p><p>"Reliance on speeches and non-legislative documents, such as codes of practice, to make clear what the Bill explicitly intends is unsatisfactory," it added.</p><p>ISPA also said significant questions remain over costs, definition of key terms and concepts, including Internet Connection Records and even data, how ISPs can recover costs from the government -- if, indeed, they can at all.</p><p>Parliament should be given sufficient time to scrutinise the Bill, ISPA said, as it is, in the words of the Prime Minister, "one of the most important bills [the House of Commons] will discuss".</p><p>Erka Koivunen, security advisor at F-Secure, took an even stronger tone, saying: "Let us be clear on the British Government's intentions and the consequences of those actions. 'Equipment interference' is hacking. There is a reason there is a very large security industry dedicated to protecting businesses and their digital assets -- because hacking damages businesses."</p><p>"No company wants their own government or government of a friendly partner to break into their systems or undermine the security of their services. We would encourage the Government to pause and consider the implications of its intentions before it irreparably damages British businesses," Koivunen concluded.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ GCHQ boss denies Snooper’s Charter will weaken encryption ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/government-it-strategy/26182/gchq-boss-denies-snooper-s-charter-will-weaken-encryption</link>
                                                                            <description>
                            <![CDATA[ Head of GCHQ claims encryption is not under attack, but urges tech industry co-operation ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">scMaMnQJuyXfBmBpC5dwcQ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/nDtCmjHmnhZpaxHRJWa3wc-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 08 Mar 2016 11:14:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Encryption]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/nDtCmjHmnhZpaxHRJWa3wc-1280-80.jpg">
                                                            <media:credit><![CDATA[Ministry of Defence]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[An aerial shot of the GCHQ building]]></media:description>                                                            <media:text><![CDATA[An aerial shot of the GCHQ building]]></media:text>
                                <media:title type="plain"><![CDATA[An aerial shot of the GCHQ building]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/nDtCmjHmnhZpaxHRJWa3wc-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Robert Hannigan, the director of UK spy agency GCHQ, has hit out at claims his agency and its counterparts in the USA are attempting to break strong encryption.</p><p>Speaking at MIT, Hannigan called the use of the term 'backdoor' in reference to encryption an overused and misapplied metaphor that "illustrates the confusion of the ethical debate in what is a highly-charged and technically complex area".</p><p>"I am not in favour of banning encryption. Nor am I asking for mandatory backdoors," he added. "I am puzzled by the caricatures in the current debate, where almost every attempt to tackle the misuse of encryption by criminals and terrorists is seen as a 'backdoor'."</p><p>Hannigan called on the memory of Turing and his Bletchley Park team who cracked the German enigma code during World War II to support his point.</p><p>"The exploitation of a few key flaws in the otherwise brilliant design of the commercial Enigma machine ... enabled Allied victory, and not only, as Eisenhower acknowledged, saved thousands of Allied lives, but also brought the Holocaust to an end before the Nazis could complete their task," said Hannigan.</p><p>"Even though it was very large scale, it would be hard to argue that this was not proportionate, particularly in wartime," he added.</p><p>Hannigan also denied that <a href="https://www.itpro.com/it-legislation/26034/investigatory-powers-will-cost-uk-1-billion" target="_blank" data-original-url="https://www.itpro.com/it-legislation/26034/investigatory-powers-will-cost-uk-1-billion">the Investigatory Powers Bill, also known as the Snooper's Charter</a>, would give any new encryption-busting powers to intelligence agencies, which has been one of the key criticisms of the legislation.</p><p>Instead, he said it "tries to put in one place powers which were spread across numerous statutes".</p><p>"On encryption, it simply repeats the position of earlier legislation: where access to data is legally warranted, companies should provide data in clear where it is practicable or technically feasible to do so," said Hannigan. "No-one in the UK government is advocating the banning or weakening of encryption."</p><p>Hannigan did suggest, however, that the tech industry and the intelligence community should be working more closely together and try to find a workable solution to their differences.</p><p>"We need a new relationship between the tech sector, academia, civil society and government agencies. We should be bridging the divide, sharing ideas and building a constructive dialogue in a less highly-charged atmosphere," said Hannigan.</p><p>Stating that the UK government is "fully committed" to such a collaborative approach, Hannigan added: "This will be a dialogue that starts from the position I've set out today - that the government and its agencies support, and want to actively promote, effective encryption."</p><p>"For my part my promise today is to engage in that process with the tech industry openly, respectfully, and in good faith," he concluded.</p><p><em><strong>Read Next: <a href="https://www.itpro.com/public-sector/26057/apple-vs-fbi-nsa-reveals-why-it-couldnt-hack-san-bernardino-iphone" target="_blank" data-original-url="https://www.itpro.com/public-sector/26057/apple-vs-fbi-nsa-reveals-why-it-couldnt-hack-san-bernardino-iphone">Apple vs FBI</a></strong></em></p><p><em>Image Credit: By Ministry of Defence (http://www.defenceimagery.mod.uk/) [<a href="http://www.nationalarchives.gov.uk/doc/open-government-licence/version/1">OGL</a>], <a href="https://commons.wikimedia.org/wiki/File%3AGCHQ-aerial.jpg">via Wikimedia Commons</a></em></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Snooper's Charter could lead to Apple vs FBI-style case in UK ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/government-it-strategy/26117/snoopers-charter-could-lead-to-apple-vs-fbi-style-case-in-uk</link>
                                                                            <description>
                            <![CDATA[ Electronic Frontier Foundation warns of backdoor provisions in IPB ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">qLs8sQaUTcNWAEXaoBhgVu</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/w3LpY94RhY5XWRsHmBDKbH-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 26 Feb 2016 14:35:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Apple]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/w3LpY94RhY5XWRsHmBDKbH-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/w3LpY94RhY5XWRsHmBDKbH-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The Electronic Frontier Foundation (EFF) has warned the Snooper's Charter contains three clauses that could compel companies to hack their own technology while preventing them from revealing to the public what is going on.</p><p>The campaign group's comments come in the midst of <a href="https://www.itpro.com/public-sector/26057/apple-vs-fbi-nsa-reveals-why-it-couldnt-hack-san-bernardino-iphone" data-original-url="https://www.itpro.com/public-sector/26057/apple-vs-fbi-nsa-reveals-why-it-couldnt-hack-san-bernardino-iphone">an ongoing court battle in the US between Apple and the FBI</a>, where the law enforcement agency is trying to force the company to build custom code to bypass security measures on an iPhone.</p><p>The EFF, however, has warned that the Investigatory Powers Bill (IPB), as the Snooper's Charter is properly called, could be even more of a threat to privacy and security than what is being asked of Apple by the FBI.</p><p>In a blog post, EFF's international director Danny O'Brien claimed the IPB already contains clauses that could force tech companies to re-engineer their own technology, as the FBI is requesting of Apple, and that these would be accompanied by a gag order.</p><p>"If the law passes ... not only would Apple be expected to comply, but the IPB would insist that Tim Cook could not tell the public what was going on without breaking UK law," said O'Brien. "At least in the current fight between Apple and the US government, we're having the debate out loud and in public."</p><p>O'Brien has identified three parts of the Snooper's Charter that could allow what he has described at "unchecked hacking powers".</p><p>The first of these is the Technical Capability Notice, which O'Brien describes as "a secret order that the UK would be able to serve on a telecommunications operator ... to force it to 'remov[e] electronic protection applied ... to any communications or data [and] provide facilities or services of a specified description'."</p><p>According to O'Brien, the wording of the bill is currently so broad that the term telecommunications operator "would include companies like Apple".</p><p>O'Brien also draws attention to the provision for the issuing of a National Security Notice, which he claims is "another secret instrument, even more vaguely drawn, that would require operators to 'carry out any conduct, including the provision of services of facilities,' which the British government 'considers necessary in the interests of national security'." Once again, this element includes a gag order.</p><p>His third and final point of contention is equipment interference orders, which he said "would allow the UK to break into private devices and insert new code for the purposes of surveillance or extracting data ... [including] a requirement (S.101) that <em>any</em> communications provider (again, this includes Apple) take <em>any</em> 'reasonably practicable' steps in effecting a hacking warrant".</p><p>Referencing <a href="http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/draft-investigatory-powers-bill-committee/draft-investigatory-powers-bill/written/26341.html">the company's submission to the Draft Investigatory Powers Bill Committee</a>, O'Brien said: "Apple saw in the IPB's provisions exactly what it now sees in the FBI's demands: the government asking it to undermine the trust of its own customers."</p><p>"The IPB needs to be taken back to the drawing board, and rewritten to limit these blanket powers - and to give companies and technologists a chance to speak up, and fight back," he concluded.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Snooper’s Charter fails to protect privacy, warn MPs ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/public-sector/26015/snooper-s-charter-fails-to-protect-privacy-warn-mps</link>
                                                                            <description>
                            <![CDATA[ Intelligence and Security Committee criticises Investigatory Powers Bill ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">bWrbPj89NLKMRbGJ5MvNik</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/vKHvgCVvtBkcQbBmPFkkyL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 09 Feb 2016 13:46:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Rene Millman ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/vwWuTPNRCuw9vEaWzuXYnR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/vKHvgCVvtBkcQbBmPFkkyL-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Image of the UK houses of parliament]]></media:description>                                                            <media:text><![CDATA[Image of the UK houses of parliament]]></media:text>
                                <media:title type="plain"><![CDATA[Image of the UK houses of parliament]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/vKHvgCVvtBkcQbBmPFkkyL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The Investigatory Powers Bill would fail to protect UK citizens from mass surveillance, according to a Parliamentary committee's damning <a href="https://b1cba9b3-a-5e6631fd-s-sites.googlegroups.com/a/independent.gov.uk/isc/files/20160209_ISC_Rpt_IPBill%28web%29.pdf?attachauth=ANoY7cr97obVXAd3SqbB6sWimG0Veq8z5i_MhcrV2fUS9_7lGK7x4dO1Lmm6yCn_yXa1WWgjqoFHMsI6oMR0Ys1i4rLkrrXToKOWThieYnDbMxBlya8g8DnTfa4-_Wp0JRRB80dTfO3ShijCCU29aHwPoFoa6GxUM9GidePi6i0AvUwFXpmHbTR19Vuobi3atEyQx7sGdLK5IUc1DgX4gZV5gqjEzWDBoDPGmskLXarM2jTWBPepcDqYrwc_t3BmExo-XJmuSIxR&attredirects=0" target="_blank">report</a> on the government's proposed new law.</p><p>The Intelligence and Security Committee (ISC) today demanded "substantive amendments" to the bill, also known as <a href="https://www.itpro.com/data-protection/25968/snoopers-charter-could-destroy-customer-trust-in-uk-products" target="_blank" data-original-url="https://www.itpro.com/data-protection/25968/snoopers-charter-could-destroy-customer-trust-in-uk-products">the Snooper's Charter</a>.</p><p>If passed in its current guise, the bill would see internet service providers forced to store people's internet connection records (ICRs) for 12 months, while security products would have compulsory backdoors built in for government spies to access data.</p><p>MPs and peers on the committee claimed that those behind the legislation appeared not to know what the bill is meant to achieve.</p><p>"Overall, the privacy protections are inconsistent and in our view need strengthening," said the report, adding that the bill itself was a "significant missed opportunity" and took a "piecemeal" approach to protecting privacy.</p><p>The committee said that privacy should be "an integral part of the legislation rather than an add-on".</p><p>It added that checks and balances must be set up to oversee security services' powers to collect bulk data from internet users. </p><p>The report also focused on rules that force companies to build backdoors into encrypted services, saying the bill was unclear on how warrants to access the backdoors might work, and that the committee was "not convinced as to the requirement for them".</p><p>Dominic Grieve, the Conservative chairman of the ISC, said: "Taken as a whole, the draft bill fails to deliver the clarity that is so badly needed in this area."</p><p>"The issues under consideration are undoubtedly complex, however, it has been evident that even those working on the legislation have not always been clear as to what the provisions are intended to achieve."</p><p>He added: "The draft bill appears to have suffered from a lack of sufficient time and preparation."</p><p>Antony Walker, deputy CEO of industry trade body techUK, said that the bill lacks clarity on fundamental issues, such as core definitions of key terms, encryption, and equipment interference.</p><p>"Our members are unsure exactly what is meant by internet connection records (ICRs), how they will be gathered, stored and accessed. This kind of detail is crucial to understanding the impact of the proposed bill," he said.</p><p>Walker said anything that forces companies to create or allow vulnerabilities in their systems is a huge concern and could damage public trust and have a direct impact on global perception of the UK as a home for innovation and investment.</p><p>"These concerns are reinforced by the ISC report, which calls for clarity on the effect on end to end encryption, and we urge the Home Office to take its findings on board," he added.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Snooper's Charter 'could destroy customer trust in UK products' ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/data-protection/25968/snoopers-charter-could-destroy-customer-trust-in-uk-products</link>
                                                                            <description>
                            <![CDATA[ Investigatory Powers Bill would taint UK firms with security backdoor fears, say experts ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">4CXTpfPR3uqYXzaqRJRb4G</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/vKHvgCVvtBkcQbBmPFkkyL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 01 Feb 2016 15:08:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/vKHvgCVvtBkcQbBmPFkkyL-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Image of the UK houses of parliament]]></media:description>                                                            <media:text><![CDATA[Image of the UK houses of parliament]]></media:text>
                                <media:title type="plain"><![CDATA[Image of the UK houses of parliament]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/vKHvgCVvtBkcQbBmPFkkyL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The Investigatory Powers Bill risks destroying UK technology firms' reputations on cybersecurity and privacy, according to experts, civil liberties campaigners and industry trade bodies.</p><p>The bill, also known as the Snooper's Charter, could have a serious negative effect on UK business and the economy, in addition to potentially damaging the country's reputation for democracy and human rights, various parties warned <em>IT Pro</em>.</p><p>Proposals included in the bill range from compelling internet service providers to hold onto users' website data for 12 months, to forcing cybersecurity firms to build backdoors into their encryption, but making it illegal for them to warn customers of such backdoors.</p><p>Erka Koivunen, a cybersecurity advisor at security firm F-Secure, said this would mean that customers of his company's Freedome VPN who accessed the internet via a UK exit node "would know that somebody else, and in this context it would be the UK government, is doing their utmost to undermine that privacy promise that we as a company try to provide".</p><p>"That itself should be a strong argument for the UK government to consider, because this same smell, if you will, will stick to other businesses that operate from the UK," added Koivunen. "If you are providing cryptography products and you say that the company originated in the UK, nobody in the future is going to believe that this is not backdoored."</p><p>Chris Boyd, malware intelligence analyst at security firm Malwarebytes, added: "Asking companies to ensure they can 'remove electronic protection' is going to cause a huge rift between product makers and consumers. They may feel that the tools they trust and use on a daily basis are somehow booby-trapped in a way that potentially works against their best interests."</p><p>Koivunen and Boyd's comments come after the publication of the House of Commons Science and Technology Committee's third report on the bill, this time addressing technological issues.</p><p>Nicola Blackwood MP, the chair of the Science & Technology Committee, said the UK's growing tech sector would be stifled by the cost burden of meeting such demands.</p><p>She said: "We need our security services to be able to do their job and prevent terrorism, but as legislators we need to be careful not to inadvertently disadvantage the UK's rapidly growing Tech sector."</p><p>"The current lack of clarity within the draft Investigatory Powers Bill is causing concern amongst businesses. There remain questions about the feasibility of collecting and storing Internet Connection Records (ICRs), including concerns about ensuring security for the records from hackers.</p><p>"The Bill was intended to provide clarity to the industry, but the current draft contains very broad and ambiguous definitions of ICRs, which are confusing communications providers. This must be put right for the Bill to achieve its stated security goals."</p><p>Similar concerns were raised by numerous other bodies who spoke with <em>IT Pro</em>.</p><p>Antony Walker, deputy CEO of trade body techUK, said: "There are several important recommendations in this report that we urge the Home Office to take on board. In particular we need more clarity on fundamental issues, such as core definitions, encryption and equipment interference.</p><p>"Without that additional detail, too much of the bill will be open to interpretation, which undermines trust in both the legislation and the reputation of companies that have to comply with it."</p><p>Jim Killock, executive director of civil liberties organisation the Open Rights Group, added: "David Cameron needs to consider whether he wants to be the Conservative Prime Minister that jeopardised the success of the UK tech industry. As it stands, the Investigatory Powers Bill will be bad for business, bad for citizens and bad for UK democracy."</p><p>Lack of trust in the UK tech industry is only one way in which the Snooper's Charter could damage the UK economy, <em>IT Pro</em> has been told.</p><p><a href="http://www.cloudpro.co.uk/leadership/risks/5761/cloud-firm-plans-to-leave-uk-if-snoopers-charter-is-passed" target="_blank">Speaking to sister title <em>Cloud Pro</em></a>, Michael Ginsberg, CEO of cloud-based encryption service Echoworx, said his company is ready to abandon its UK datacentres and move to Ireland if the bill becomes law.</p><p>He added that his business is not unique in this regard and that the Snooper's Charter could cost the UK $15 billion a year by driving hosting businesses abroad.</p><p>"Apart from any moral problems about snooping on its citizens and enterprises, there's some real financial risk," he said. "It has already activated us so we can imagine what larger hosting companies plans are [doing] in anticipation of this legislation, and once that data moves it won't come back. That's a real problem."</p><p><strong>Security concerns</strong></p><p>One of the most serious concerns around the Snooper's Charter, is the possibility that the massive amounts of data ISPs will be required to hold onto could be a very attractive target for cyber criminals.</p><p>In its report, the Commons Science and Technology Committee said: "It is essential that the integrity and security of legitimate online transactions is maintained if we are to trust in, and benefit from, the opportunities of an increasingly digital economy."</p><p>But Matthew Rice, advocacy officer at civil rights organisation Privacy International, warned: "The committee's report shows that the safety and security of users' data may be threatened."</p><p>"The draft Bill must be substantially revised or it will put the UK economy, as well as our privacy and security, at risk," he added.</p><p>Putting a finer point on the matter, Malwarebytes' researcher, Boyd, told <em>IT Pro</em>: "I would be very concerned that a large dump of internet records would be an immediately attractive proposition for those with the talent to compromise a database. The only real question is who would get there first - someone who did it for bragging rights and no real interest in the data, or somebody with more malicious intent."</p><p><strong>Counting the cost</strong></p><p>Much has been made of the potential cost ISPs would face by having to store the vast amounts of data required by the Snooper's Charter.</p><p>But the Committee's report said that the government should bear these costs.</p><p>It read: "While we well understand the security challenges of communications data, we strongly believe UK businesses must not be placed at a commercial disadvantage by measures to tackle security risks and that the full costs of implementing the additional measures in the draft bill should be met by government."</p><p>"Given that the cost of being able to do this is directly related to any future changes or developments in technology, we recognise this makes predicting accurately the cost of these measures difficult," it added. "This therefore raises concerns over any assessment of the costs of this scheme, which could increase or decrease, and so the value for money of this proposed legislation."</p><p>While the government pegs the cost of meeting the bill's requirements in the range of 250,000, previous attempts at this type of dragnet surveillance, such as the now abandoned Draft Communications Data Bill (also known as the Snooper's Charter), have carried an estimated cost of 2 billion.</p><p>Requiring that the government foot the bill for ISPs' costs could significantly increase this figure, particularly because ISPs such as BT have claimed in evidence submitted to the committee that it would cost "many tens of millions of pounds" to implement the technology.</p><p>The committee's latest report about the Investigatory Powers Bill <a href="http://www.publications.parliament.uk/pa/cm201516/cmselect/cmsctech/573/573.pdf" target="_blank">can be read in full here (PDF)</a>.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Privacy and security clash on Data Protection Day ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/25949/privacy-and-security-clash-on-data-protection-day</link>
                                                                            <description>
                            <![CDATA[ Security experts say UK is in conflict over GDPR and Snooper's Charter ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">3S84ghMwWumtVp2nppPNoU</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Gh6hE9roTRxfbJgFgX8etW-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 28 Jan 2016 14:45:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Gh6hE9roTRxfbJgFgX8etW-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A map of Europe with nodes to represent data hotspots]]></media:description>                                                            <media:text><![CDATA[A map of Europe with nodes to represent data hotspots]]></media:text>
                                <media:title type="plain"><![CDATA[A map of Europe with nodes to represent data hotspots]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Gh6hE9roTRxfbJgFgX8etW-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>As the world marks Data Protection Day, privacy experts say the UK is stuck in a state of conflict over personal data.</p><p>Data Privacy Day, as it is known outside Europe, is meant to raise awareness among businesses and individuals of the importance of protecting personal information online.</p><p>Butprivacy and security professionals have criticised the UK government's wish to introduce the <a href="https://www.itpro.com/firewalls/25818/investigatory-powers-bill-hackers-could-access-security-backdoors" target="_blank" data-original-url="https://www.itpro.com/firewalls/25818/investigatory-powers-bill-hackers-could-access-security-backdoors">Snooper's Charter</a>, saying it stands at cross-purposes with incoming EU legislation, the General Data Protection Regulation (GDPR), that is designed to strengthen people's rights over their personal data.</p><p>Nigel Hawthorn, chief European spokesman at cloud security company Skyhigh Networks, accused the UK of "failing to put privacy rhetoric into practice" with regard to the draft Investigatory Powers Bill, which wants to force ISPs to collect people's online browsing data for up to 12 months.</p><p>He said: "28 January is an iconic date because it marks the anniversary of the opening for signature of the Council of Europe's Convention 108 for the protection of individuals with regard to automatic processing of personal data.</p><p>"For 35 years the treaty has been considered the cornerstone of data protection. Yet, with a draft surveillance bill that doesn't specifically state that companies won't have to weaken their encryption for the authorities, consumers arguably have even less say today about how their data is being used."</p><p>For Raj Samani, EMEA CTO of Intel Security, the question is not just about data control, but also how well informed consumers are.</p><p>"As a society, we continue to be in a state of conflict when it comes to data. On the one hand, we're often outraged over regular news around <a href="https://www.itpro.com/security/24136/talktalk-hack-two-men-plead-guilty-to-talktalk-hack" target="_blank" data-original-url="https://www.itpro.com/security/24136/talktalk-hack-two-men-plead-guilty-to-talktalk-hack">data breaches</a>, while on the other hand we think nothing about trading our identities for a chocolate bar or less," said Samani.</p><p>He also warned that people should be wary of giving up their data to companies.</p><p>"We need to be even more cautious and hard-nosed about entering into data transactions by driving harder bargains and asking ourselves smart questions such as 'who our data will be shared with and how it's going to be protected'," he said.</p><p>Lawrence Munro, director of EMEA and APAC at Trustwave, meanwhile, said Data Protection Day serves of a reminder this year of the incoming European General Data Protection Regulation(GDPR).</p><p>"Following on from a year of high profile security breaches ... there could hardly be a more pressing time for organisations to pay attention to Data Protection Day," said Munro.</p><p>"The mounting number of breaches involving consumer financial and private data means the public is increasingly aware of their information being at risk, and much less willing to forgive businesses who betray their trust. The upcoming regulations from the EU will also see harsh punishments for companies failing to protect customer data, with fines of up to four per cent of global revenue in some cases. With so much at stake, no organisation can afford to take any chances," he added.</p><p>The GDPR is expected to some into force within the coming weeks and months, while the Draft Investigatory Powers Bill, <a href="https://www.gov.uk/government/publications/draft-investigatory-powers-bill" target="_blank">which can be read in full here</a>, is <a href="http://www.parliament.uk/business/committees/committees-a-z/joint-select/draft-investigatory-powers-bill/timeline">currently under consideration by the Joint Committee on the Draft Investigatory Powers Bill</a>, which is preparing its report on the matter.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ WhatsApp will add encryption indicators so you know your chats are safe ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/mobile/25928/whatsapp-will-add-encryption-indicators-so-you-know-your-chats-are-safe</link>
                                                                            <description>
                            <![CDATA[ WhatsApp battles security fears as governments plan crackdown on messaging services ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">nRkwchKi1ovB2dCof7uoUp</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/N8B2T7rWeumat7ruF429Vc-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 26 Jan 2016 10:41:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Business Apps]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Adam Shepherd ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/3n2BoLAtRj8Z5eRfxtwyK8.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/N8B2T7rWeumat7ruF429Vc-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[WhatsApp, Web app, Messaging]]></media:description>                                                            <media:text><![CDATA[WhatsApp, Web app, Messaging]]></media:text>
                                <media:title type="plain"><![CDATA[WhatsApp, Web app, Messaging]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/N8B2T7rWeumat7ruF429Vc-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>WhatsApp is adding indicators to show users when end-to-end encryption is being used to secure their conversations.</p><p>Screenshots of the beta version of an upcoming release, leaked on the Google Plus page of <a href="https://plus.google.com/+JavierSantos/posts/PEdTLRS8DgK" target="_blank">developer Javier Santos</a>, show the indicators in action.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="nEfjvHc5onE25pUeakRgXS" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/nEfjvHc5onE25pUeakRgXS.png" mos="https://cdn.mos.cms.futurecdn.net/nEfjvHc5onE25pUeakRgXS.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>The service already uses end-to-end encryption by default, but will now proactively show users that their messages are being protected.</p><p>It comes after Prime Minister David Cameron appeared to suggest last year that <a href="https://www.itpro.com/security" target="_blank" data-original-url="https://www.itpro.com/security/23840/whatsapp-imessage-face-uk-ban-on-anti-terrorism-grounds">secure messaging services could be banned in the UK</a>, and encrypted messaging services have also been flagged as <a href="https://www.itpro.com/security/24943/fbi-encryption-helps-isis-recruit-new-members" target="_blank" data-original-url="https://www.itpro.com/security/24943/fbi-encryption-helps-isis-recruit-new-members">potential terrorist recruiting tools</a>.</p><p>Additionally, the <a href="https://www.itpro.com/it-legislation/25554/investigatory-powers-bill-a-snoopers-charter-in-all-but-name-alone" target="_blank" data-original-url="https://www.itpro.com/it-legislation/25554/investigatory-powers-bill-a-snoopers-charter-in-all-but-name-alone">Investigatory Powers Bill</a> would demand that vendors give the government backdoors into their encrypted services.</p><p>But while WhatsApp wants users to know they are not being spied on, it has also included a tool to share users' data with its parent company, Facebook.</p><p>Users can check a box labelled "share my WhatsApp account information with Facebook to improve my Facebook experiences".</p><p>It is currently unknown exactly what account information will be shared, but based on the information Facebook mines from its Messenger app, it is likely to be contact lists and phone numbers, rather than chat histories.</p><p>The setting is also opt-in rather than opt-out, meaning it is disabled by default.</p><p>After scrapping the semi-optional subscription charge earlier this month, this is possibly one of the ways that Facebook plans on monetising its acquisition.</p><p>Also on the cards for future updates are more sophisticated document sharing tools and video calling functionality.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Investigatory Powers Bill: Hackers could access security backdoors ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/firewalls/25818/investigatory-powers-bill-hackers-could-access-security-backdoors</link>
                                                                            <description>
                            <![CDATA[ Why David Cameron is wrong about backdoors, and the Netherlands is right ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">jMHXh3hkyJq5bUZrVpT7Qo</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/WkbhCzKhvM3wNpHyoq7Lza-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 07 Jan 2016 14:18:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Davey Winder ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/qKL6BZiS7oo9Hmyy2yd3WJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/WkbhCzKhvM3wNpHyoq7Lza-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/WkbhCzKhvM3wNpHyoq7Lza-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>While the UK government continues to push forward with the notion that encryption backdoors are a good thing and encryption is bad because terrorists and paedophiles use it, others have a slightly more informed opinion.</p><p>Take, for example, the Dutch government, which this week declared something approaching a passion for strong encryption.</p><p>In <a href="https://blog.cyberwar.nl/2016/01/full-translation-of-the-dutch-governments-statement-on-encryption" target="_blank">an English translation of the Dutch government's statement</a>, Dutch security and justice minister Ard van der Steur is clearly shown to have a much better understanding of technology than either Prime Minister David Cameron or Home Secretary Theresa May.</p><p>Arriving at the conclusion that "it is currently not appropriate to adopt restrictive legal measures against the development, availability and use of encryption" within the Netherlands, van der Steur shows that he gets how backdoors would make encrypted data vulnerable to not only criminals and foreign intelligence services but, yes, also to the very terrorists that Cameron and his cohorts argue they would protect us from.</p><p>Backdoor access is, simply put, not a one-way street. You cannot introduce such a weakness into a security product and expect it to only be exploitable by yourself. Well, Cameron obviously does expect exactly that, which means that he's either an idiot or has been getting very poor technical advice: most likely a bit of both, if you ask me.</p><p>Van der Steur, meanwhile, appears to be spot on when he notes that backdoors "could have undesirable consequences for the security of information communicated and stored" as well as the core integrity of IT systems which are "increasingly of importance for the functioning of the society".</p><p>We cannot forget, however, that this Dutch government statement is put together by politicians and so the language used is all important. Language such as "is currently not desirable" which implies that it could become so if there's a political will to change things.</p><p>What I do know is that, currently, the UK and US governments appear to be on a collision course with IT and I suspect will continue to use terrorist atrocities as emotional leverage to drive badly thought out, commercially damaging and privacy-harming policies as far as weakening encryption usage is concerned.</p><p>Cameron appears to have more of an appetite for this than President Obama, and while the draft Investigatory Powers Bill may have stopped short of banning end-to-end encryption services, it does require backdoor access for law enforcement officials.</p><p>If this becomes law, then I guarantee that UK PLC will suffer as business moves data out of the country and to locations where strong encryption without backdoors is available.</p><p>UK companies who make secure products have also spoken of relocating outside of the UK rather than have to bow to legal moves to build backdoors into them.</p><p>Of course, whether the UK stays in the EU could impact upon all of this: Privacy of communication is a fundamental right that the European Convention on Human Rights (and Charter of Fundamental Rights of the EU) protects.</p><p>The 'security soundbite' may win the popular vote among some, but the economy will surely suffer just as much as our right to privacy. Once the masses realise that any law weakening encryption is actually taking us down the exact same road as regimes with poor human rights records, then even the 'nothing to hide, nothing to fear' right-leaning brigade might start thinking twice...</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Apple mauls UK government over online surveillance ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/it-legislation/25767/apple-mauls-uk-government-over-online-surveillance</link>
                                                                            <description>
                            <![CDATA[ Cupertino urges changes to “Snooper’s Charter” ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">9CWygxYnz7xeTSRaEEzZLq</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/CbRtGYHhhckqk5tCPB2NKd-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 22 Dec 2015 11:48:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Rene Millman ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/vwWuTPNRCuw9vEaWzuXYnR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/CbRtGYHhhckqk5tCPB2NKd-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Snooping - confidential data]]></media:description>                                                            <media:text><![CDATA[Snooping - confidential data]]></media:text>
                                <media:title type="plain"><![CDATA[Snooping - confidential data]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/CbRtGYHhhckqk5tCPB2NKd-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Apple has called on the UK government to make changes to the Investigatory Powers Bill as the iPhone maker fears that if the law was enacted in its present state it would radically alter customers' security and privacy.</p><p>The bill is currently being scrutinised by a parliamentary committee. In a submission to the committee, Apple said that it believed "it would be wrong to weaken security for hundreds of millions of law-abiding customers so that it will also be weaker for the very few who pose a threat."</p><p>"In this rapidly evolving cyber threat environment, companies should remain free to implement strong encryption to protect customers," it added.</p><p>Apple underlined a number of areas where it wants to see changes. It said the bill would grant the government powers to demand Apple change the way iMessages works and this, the company claimed, would weaken its encryption and allow security services to eavesdrop on the service for the first time. At present, iMessage is set up so that even Apple cannot decrypt messages passing through the system. </p><p>The tech giant also claimed that the language in the bill could be interpreted widely and force it to create backdoors to allow security agencies access. Such a backdoor would make users' data less secure, Apple argued. </p><p>"The government does not know in advance which individuals will become targets of investigation, so the encryption system necessarily would need to be compromised for everyone," the statement said.</p><p>It continued: "The bill threatens to hurt law-abiding citizens in its effort to combat the few bad actors who have a variety of ways to carry out their attacks. The creation of backdoors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers. A key left under the doormat would not just be there for the good guys. The bad guys would find it too."</p><p>Home Secretary Theresa May's bill would legally require companies, such as Apple, to hand over data on devices. Security agencies would also be allowed to tamper with equipment to extract data from a device.</p><p>Apple said that if companies were forced to comply with warrants for information, or snoop on their customers on behalf of governments, other countries would demand the same.</p><p>It added that the law would "force non-UK companies to take actions that violate the laws of their home countries".</p><p>Apple continued: "This would immobilise substantial portions of the tech sector and spark serious international conflicts. It would also likely be the catalyst for other countries to enact similar laws, paralysing multinational corporations under the weight of what could be dozens or hundreds of contradictory country-specific laws.</p><p>"Those businesses affected will have to cope with a set of overlapping foreign and domestic laws. When these laws inevitably conflict, the businesses will be left having to arbitrate between them, knowing that in doing so they might risk sanctions. That is an unreasonable position to be placed in."</p><p>Apple CEO Tim Cook last month warned that the bill would do nothing to stop criminals.</p><p>"We believe very strongly in end-to-end encryption and no back doors," Cook told The <em><a href="http://www.telegraph.co.uk/technology/apple/11984806/Apples-Tim-Cook-declares-the-end-of-the-PC-and-hints-at-new-medical-product.html">Telegraph</a></em>. "We don't think people want us to read their messages. We don't feel we have the right to read their emails."</p><p>Cook continued: "Any back door is a back door for everyone. Everybody wants to crack down on terrorists. Everybody wants to be secure. The question is how. Opening a back door can have very dire consequences."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Experts question sheer scale of data storage required by Snooper's Charter ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/data-centers/25555/experts-question-sheer-scale-of-data-storage-required-by-snoopers-charter</link>
                                                                            <description>
                            <![CDATA[ Who will foot bill for physical infrastructure to house UK's browsing histories? ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">kVvHkQVEWfLQEsz1NLVNBn</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/hidEKzwyeRp7wN8LRCWarD-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 05 Nov 2015 16:42:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Centres]]></category>
                                                    <category><![CDATA[Infrastructure]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/hidEKzwyeRp7wN8LRCWarD-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Data industry]]></media:description>                                                            <media:text><![CDATA[Data industry]]></media:text>
                                <media:title type="plain"><![CDATA[Data industry]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/hidEKzwyeRp7wN8LRCWarD-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Requirements in <a href="https://www.itpro.com/security/25550/snoopers-charter-puts-data-at-risk-even-with-encryption" target="_blank" data-original-url="https://www.itpro.com/security/25550/snoopers-charter-puts-data-at-risk-even-with-encryption">the proposed Investigatory Powers Bill, unveiled yesterday</a>, for ISPs to store the history of every website visited by every individual on every device in the UK have been called into question at a technical level.</p><p>Under the proposed law, ISPs and mobile networks would have to retain what the government has termed "Internet Connection Records", or "ICRs" for up to 12 months.</p><p>ICRs comprise details, including IP addresses, of the websites that individuals visit, although not necessarily what content they access there, nor what actions they perform.</p><p>While this has <a href="https://www.itpro.com/it-legislation/25554/investigatory-powers-bill-a-snoopers-charter-in-all-but-name-alone" target="_blank" data-original-url="https://www.itpro.com/it-legislation/25554/investigatory-powers-bill-a-snoopers-charter-in-all-but-name-alone">caused concerns among privacy and security professionals and campaigners</a>, the practicality of this requirement is also now being called into question.</p><p>"Unfortunately, this legislation unlocks more questions than it answers," said Bharat Mistry, a cybersecurity consultant with Trend Micro.</p><p>"If a Communications Service Provider (CSP) is required to capture this data and store it, there is a question around who is going to fund the infrastructure costs? This isn't just about the physical infrastructure assets but environmental sucha as power, cooling and physical security costs have to be considered," Mistry said.</p><p>"CSPs are already saying that data storage repositories are growing at an unmanageable rate - so how can this quantity of data be managed and securely transferred and stored?" he added.</p><p>Tarkan Maner, CEO of software-defined storage firm Nexenta, struck a similar note.</p><p>"While politicians and privacy campaigners are likely to continue to debate the ethical implications of the findings, and subsequently the terms of the bill, the big question that the IT industry is asking is how will this add to the already unsolved challenge of Big Data collection," said Maner.</p><p>"From a business perspective, we already find ourselves in a position where data collection is overwhelming the technology being used to collect and store is - and storage is emerging as a bottleneck to address. The industry, and bodies affected by the draft charter must move now and prepare their infrastructure to cope with this explosion of data," he added.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Investigatory Powers Bill: A Snooper's Charter in all but name alone ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/it-legislation/25554/investigatory-powers-bill-a-snoopers-charter-in-all-but-name-alone</link>
                                                                            <description>
                            <![CDATA[ Edward Snowden is right to call this bill our biggest threat to freedom of speech ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">bACjiBLeUA354ietgTrRDW</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Q2DWY5QeitXRHabHgB99DS-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 05 Nov 2015 14:29:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Davey Winder ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/qKL6BZiS7oo9Hmyy2yd3WJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Q2DWY5QeitXRHabHgB99DS-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Q2DWY5QeitXRHabHgB99DS-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The Snooper's Charter, and despite all the efforts to try and distance it from that label by the government that is precisely what it remains, has finally been revealed in the form of the <a href="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473770/Draft_Investigatory_Powers_Bill.pdf" target="_blank">Draft Investigatory Powers Bill</a>.</p><p>The big question is, should we be worried?</p><p><a href="https://www.itpro.com/security/25550/snoopers-charter-puts-data-at-risk-even-with-encryption" target="_blank" data-original-url="https://www.itpro.com/security/25550/snoopers-charter-puts-data-at-risk-even-with-encryption">Industry reaction</a> so far has been alarmingly supportive. I was particularly concerned by the comments from Nicholas Lansman, general secretary of ISP industry body ISPA, who said it was preparing to work with the government to ensure the bill provides a framework that "balances necessary powers with oversight whilst minimising the impact on business." How about the impact on freedom, and the necessary power to go about our personal business without being spied upon?</p><p>I say 'our' but obviously I do not include MPs in that description as the draft bill clearly omits them from being subject to the surveillance that they would have us under; it will write 'the Wilson doctrine' into law, preventing surveillance of their communications. Journalists, who you might think require similar protection if they are to do their job of ensuring freedom of speech is a reality in the UK, don't get the same pass - police will be able to access their sources with the nod of a friendly judge.</p><p>There will be no requirement for the likes of Google to code backdoors into their services or <a href="https://www.itpro.com/security" target="_blank" data-original-url="https://www.itpro.com/security/23840/whatsapp-imessage-face-uk-ban-on-anti-terrorism-grounds">WhatsApp to stop runnign end-to-end encryption</a>, as has been feared.That is a good thing, obviously. That said, if you truly believe that this bill will prevent the security services from doing whatever they think is in the national interest, which may often translate into being their own interest, then you've obviously not taken an interest in Edward Snowden.</p><p>The lawyers, politicians, civil servants and spy masters who have drafted this latest proposed incarnation of the Snooper's Charter quite obviously do know all about Snowden. In fact, it reads like a direct response to his whistleblowing. When it comes down to it, after all, what this bill will do is give legal validity to most of the stuff that the security services were already doing secretly and without that legitimacy: the bulk collection of personal communication data, the hacking into computers and smartphones, the blanket storage of internet usage data.</p><p>The legal responsibility for storing such data is to be handed over to internet service providers (ISPs) rather than law enforcement and security agencies; they will just get the right to demand to see it. In fact the bill will require ISPs to store this data, of every internet user in the UK (apart from MPs of course), detailing every site that they visit, for a full 12 months. It's okay though, because a judge will have to sign off any request to access it as well as the Home Secretary herself. Unless it's urgent, in which case all bets are off and the data is revealed without the judge's nod or knowledge.</p><p>This is probably the most worrying aspect of the bill for me, quite apart from the privacy implications. Simply put, it leaves the door open for all kinds of insecurity scenarios. Home secretary Teresa May herself apparently failed to see the irony in her statement suggesting that high profile hacking attacks were one reason the bill needs to be introduced.</p><p>Put all that user data in one place, at every ISP, and it becomes a huge target. Let's hope there is a clause added to exclude TalkTalk from having to do this, <a href="https://www.itpro.com/security/24136/talktalk-hack-two-men-plead-guilty-to-talktalk-hack" target="_blank" data-original-url="https://www.itpro.com/security/24136/talktalk-hack-two-men-plead-guilty-to-talktalk-hack">given its record</a>. Seriously though, can you imagine what will happen when this kind of data is hacked for the first time? And it is a matter of when, not if - of that you can be sure.</p><p>Hopefully this bill, or at least the browser history retention part of it, can follow DRIPA (the Data Retention and Investigatory Powers Act) into the unlawful bin. Earlier this year the High Court ruled that <a href="https://www.itpro.com/data-protection/24998/high-court-rules-dripa-is-unlawful" target="_blank" data-original-url="https://www.itpro.com/data-protection/24998/high-court-rules-dripa-is-unlawful">parts of DRIPA were not compatible</a> with EU rights on privacy and the protection of personal data. I fail to see how the proposed new bill is any different, and would hope that the judiciary feels the same and follows the same route to throwing it out should it ever make it into law.</p><p>If not then I fear that Snowden was right when he tweeted that the "I don't need privacy, I've nothing to hide" line equates to "I don't need free speech, I've nothing to say". At the end of the day, as Snowden also noted, "your web records are not like an itemised phone bill, they're like a list of every book you've ever opened...".</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Snooper's Charter puts data at risk even with encryption ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/25550/snoopers-charter-puts-data-at-risk-even-with-encryption</link>
                                                                            <description>
                            <![CDATA[ The more data ISPs must store, the more there is to steal, warn experts ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">vcsULdvrMjnKVvvUhaQxiX</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/xxTGqZySLMnBGSWPUXXBaT-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 04 Nov 2015 17:18:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/xxTGqZySLMnBGSWPUXXBaT-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/xxTGqZySLMnBGSWPUXXBaT-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The Investigatory Powers Bill could leave UK citizens at risk of data theft even though end-to-end encryption has not been banned.</p><p>Home Secretary Theresa May presented the proposed legislation, known colloquially as <a href="https://www.itpro.com/data-protection/24685/snoopers-charter-returns-as-the-investigatory-powers-bill" target="_blank" data-original-url="https://www.itpro.com/data-protection/24685/snoopers-charter-returns-as-the-investigatory-powers-bill">the Snooper's Charter</a>, to Parliament today, and if passed, it would require ISPs to store Internet Connection Records (ICRs - which domains people visit) for up to 12 months.</p><p>This includes details of which services a device has connected through, such as a website or instant messaging (IM) platform.</p><p>"An ICR is not a person's full internet browsing history," the preamble to <a href="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473770/Draft_Investigatory_Powers_Bill.pdf" target="_blank">the bill</a> reads. "It is a record of the services that they have connected to, which can provide vital investigative leads. It would not reveal every web page that they visit or anything that they do on that web page."</p><p>However, the data in question, which communications service providers will be required to store in bulk, is still sensitive, as pointed out by NSA whistleblower <a href="https://twitter.com/Snowden" target="_blank">Edward Snowden</a>.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="Fj4UKofBQG9qVVZSzLvuMh" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/Fj4UKofBQG9qVVZSzLvuMh.png" mos="https://cdn.mos.cms.futurecdn.net/Fj4UKofBQG9qVVZSzLvuMh.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>One tech vendor, Dell, warned that such a requirement opens up the risk that ISPs will leak sensitive user data.</p><p>"We have countless examples of how organisations' security systems have failed in the past as a result of insufficient security and access procedures, and [as] a result sensitive data has been misused," said Timothy Brown, executive director of security with Dell Software Group.</p><p>"If organisations are required to store more information on their customers for longer periods of time, there must be appropriate controls and audit measures in place. People consider their telecommunications and internet activity to be private and If ISPs and wireless providers are required to store data on their customers, this only creates larger and more attractive targets for hackers and leaks."</p><p>Jonathan Parker-Bray, CEO of Criptyque, which owns secure messaging platform Pryvate, voiced a similar concern, saying: "Threat actors will always find nefarious ways of using good-intentioned technology for their own means, and this law is a potential license for the invasion of the right to privacy on a scale this country cannot allow."</p><p>"Whilst we would agree strongly that there does need to be an updating and an expansion of legislation to account for the digital age, this should not override the hard-fought right to privacy that is owned by every citizen in the UK," he added.</p><h2 id="it-could-be-worse">It could be worse</h2><p>While there have been strong negative reactions, the draft of the bill published today does not include two of the clauses that had caused most concern: a ban on end-to-end encryption and the bypassing of the judiciary when issuing warrants to retrieve ICR data.</p><p>Instead for the first time in history, a judge must approve such warrants after the Home Secretary has signed off them, and the government will not require technology companies to weaken or water down encryption outside of RIPA's requirement for companies to be able to unencrypt communications data when authorities make such a request.</p><p>Mark Taylor, a partner with international law firm Osborne Clarke, said: "In regards to the authorisation of warrants, it's good to see that the Home Secretary has respected some separation of powers, with a degree of oversight from the judiciary as well as an independent commissioner."</p><p>"Businesses will breathe a sigh of relief that end-to-end encryption has not been banned. Many of their business models - and in particular payment transactions - are based on the trust that consumers place in their end-to-end encryption," he added.</p><h2 id="industry-reaction">Industry reaction</h2><p>It has also received qualified support from some quarters of the tech and telecoms industry.</p><p>Antony Walker, deputy CEO of techUK said: "On first impressions [the bill] looks like a step in the right direction to creating what is required here - a world-leading legal framework that balances the security needs with democratic values.</p><p>"Parliament must now judge whether the powers government is seeking, such as internet connection records, equipment interference and bulk collection, are necessary and proportionate and whether the safeguards being proposed to govern their use are sufficient. The importance of the task ahead of the Joint Parliamentary Scrutiny Committee cannot be overstated."</p><p>Nicholas Lansman, general secretary of ISP industry body ISPA, was more enthusiastic, adding: "ISPA welcomes the attempt to modernise and clarify the law. We will work with government to ensure that the bill provides ISPs with a clear and stable legal framework that balances necessary powers with oversight whilst minimising the impact on business."</p><p>The bill will now be scrutinised by the Lords and the Commons.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
            </channel>
</rss>