U.K.’s Snooper Charter. The British parliament approved a law that gives bulk surveillance powers to police and intelligence agencies that are more far-reaching than anything else in the west. Titled the Investigatory Powers Bill (but commonly referred to as the Snooper Charter), the new law grants new powers to law enforcement agencies.
For example, it provides a legal basis to hack computers and mobile phones from afar to see what they contain, without a warrant. It gives law enforcement broad powers to access and retain emails, telephone calls, texts and web browsing activity. The law also requires telecom companies to unencrypt messages and devices where ‘practicable’, a fight that we are also seeing in the US.
Critics say the law doesn’t have any checks on government power and are challenging it in the European Court of Justice. They argue that the rights afforded to governments – and the demands made on large ISPs to cooperate – go too far and violate a number of existing privacy laws.
New European Privacy Laws. At the other end of the scale, the EU passed new privacy rules referred as the EU Data Protection Regulations. The purpose of the directive is to harmonize the various data protection rules already in place in various member countries of the EU. As a regulation the new rules supercede any specific national privacy rules. There are specific rules being created to implement the directive and are expected to be effective in May of 2018.
The underlying principles of the new rules are that customers have a fundamental right to privacy and will retain effective control over their personal data. This means that anybody wanting to use your data must explain in a clear manner how that data is to be used, and must obtain permission from each person to use it.
The new rules also create something new – the ability of citizens to access and review data that companies have about them. The vision is that this will create one set of data about each person and will allow for ‘data portability’ such that the same data about somebody can be used everywhere they give permission. The new rules also strengthen the right to be forgotten, something that was created a few years ago as a result of a lawsuit.
The EU believes that these laws will foster trust from the public for online activities and will alleviate the growing concern that companies are using information about people in ways people don’t approve or understand. The rules are clearly going to cause a lot of changes for ISPs and online providers like social networks. It will be interesting to see how they cope with the changes.
Australian Piracy Ruling. A court in Australia is being asked by content owners to develop specific procedures to require that ISPs and search engines block piracy sites on the web that are being used to illegally distribute music, video and other content.
The specific case involves the attempt by several content providers like Universal Music, Sony, and Warner Music to stop ISPs and search engines from providing access to Kickass Torrents. That particular service has subsequently gone out of business when the owner was arrested in the US and the various Tor sites were shut down. But the case continued since there are numerous other piracy sites springing up all of the time.
The interesting point in the case is the presumption by the state and the content owners that it is a willful violation of copyright laws for a search engine or ISP to allow access to piracy sites. A ruling siding with that idea would effectively mean that ISPs and search engines are in criminal violation of the law every time they allow a customer to gain access to a piracy site.
In the US we handle this issue by allowing content providers to ask that illegal content be ‘taken down’ from the web. The only time an ISP can have any liability in the US is if they ignore take down requests – something that Cox was accused of in 2016.