Saturday, 29 March 2014
Principles of Reform for Govt Data and Internet Providers
Several key and transnational organisations have joined together to create a need for Governments to work together to improve their respective surveillance capabilities. With an element of common sense they have asked Governments to work together to create a single system that creates consistency and transparency.
It is hard to argue from a commercial basis with these principles. In fact many in law enforcement would love to have common systems operating across borders making it easier for them to tackle crime.
However at this stage these principles ignore the sanctity of Nation States and the complexity of politics and diplomacy required to make it work
That said they are nonetheless issues of great concern to people, particularly as the signatory organisations have "populations" that far exceed many States. In fact the finances of some would far exceed the collective wealth of many States.
So whilst transnational organisations such as Interpol and The EU should strive for consistency the principles described should also reflect principles for industry. I have made some additional suggestions below
"The Global Government Surveillance Reform
The undersigned companies believe that it is time for the world’s governments to address the practices and laws regulating government surveillance of individuals and access to their information.
While the undersigned companies understand that governments need to take action to protect their citizens’ safety and security, we strongly believe that current laws and practices need to be reformed.
Consistent with established global norms of free expression and privacy and with the goals of ensuring that government law enforcement and intelligence efforts are rule-bound, narrowly tailored, transparent, and subject to oversight, we hereby call on governments to endorse the following principles and enact reforms that would put these principles into action."
1 Limiting Governments’ Authority to Collect Users’ Information
Governments should codify sensible limitations on their ability to compel service providers to disclose user data that balance their need for the data in limited circumstances, users’ reasonable privacy interests, and the impact on trust in the Internet. In addition, governments should limit surveillance to specific, known users for lawful purposes, and should not undertake bulk data collection of Internet communications.
Industry should fully commit to working together regardless of commercial sensitivities to fight crime that occurs through or within their networks. Further they should commit to create a single access points that is joined up. So an investigation that covers both MS and Google for example there should be a One Stop Shop. Whilst industry expects nation states to work outside of territorial cultural and economic differences, so should they.
2 Oversight and Accountability
Intelligence agencies seeking to collect or compel the production of information should do so under a clear legal framework in which executive powers are subject to strong checks and balances. Reviewing courts should be independent and include an adversarial process, and governments should allow important rulings of law to be made public in a timely manner so that the courts are accountable to an informed citizenry.
Industry should agree a common application process that transcends all companies and helps to standardise requests for information. Equally in order to deliver the approach, once agreed, Industry should provide suitable training. Civil and criminal law rulings made concerning all industry members should be made public.
3 Transparency About Government Demands
Transparency is essential to a debate over governments’ surveillance powers and the scope of programs that are administered under those powers. Governments should allow companies to publish the number and nature of government demands for user information. In addition, governments should also promptly disclose this data publicly.
Governments should disclose how much industry contributes to detecting and preventing crime or otherwise. Industry should work together to identify good practice amongst its members and ensure that all effort is made to reduce opportunities for crime.
4 Respecting the Free Flow of Information
The ability of data to flow or be accessed across borders is essential to a robust 21st century global economy. Governments should permit the transfer of data and should not inhibit access by companies or individuals to lawfully available information that is stored outside of the country. Governments should not require service providers to locate infrastructure within a country’s borders or operate locally.
Industry operating across national boundaries should identify the simplest and most effective method for law enforcement to access data and should create an agreed process to enable the crime to be effectively investigated. Where industry operates across borders, as all the signatories do, they should be committed to creating a single access point irrespective of country origin and agree a single method of request across industry.
5 Avoiding Conflicts Among Governments
In order to avoid conflicting laws, there should be a robust, principled, and transparent framework to govern lawful requests for data across jurisdictions, such as improved mutual legal assistance treaty — or “MLAT” — processes. Where the laws of one jurisdiction conflict with the laws of another, it is incumbent upon governments to work together to resolve the conflict.
MLAT can always be improved. Where industry identifies any inconsistency in it they also have an obligation to raise that concern and seek an effective method of resolution with the core objective of reducing and detecting crime.
The principles suggested are laudable and would be hard to challenge from a commercial basis working in isolation. However they do not reflect the historic, cultural, legal and economic differences between States. They are however principles and they should be based on a willingness to make the use of internet services safer and more reliable to the benefit of humanity in all it's guises.
Expecting States to transform into one large Global unit is somewhat challenging to accept. However a joint commitment to work together for a common purpose will test the strength and reasoning of the barriers and confusion the principles seek to address. For that reason they are a good starting point. But they must be part of a two way process not a one way valve. Industry should use the strength of its power and influence to improve and work for a safer digital world. The commitment by much of industry is evident and it has shown the value of a safer digital world.
Law Enforcement and Governments need to respond to these principles by reflecting how they can overcome unnecessary barriers but also create the effective dynamic relationships with industrial partners that will result in a safer digital world for all. Ambitious and possibly too egalitarian? but worth fighting for. I suspect that most front line cops and tax paying citizens would expect it.
Popular Posts in last 7 Days
This week I attended a seminar on how to be a SIRO, Senior Information Risk Owner In other words how to protect the organisation from data a...
Today HRH Prince Charles visited Cumbria and was given the opportunity to meet a range of people, businesses and buildings across the county...
So Saturday was the Big March. Anywhere between 300 and 500,000 peaceful protesters protesting. All magnificently managed by the Met suppo...
Ransomware Seminar 19th May 09.30-11.30 Ransomware is now one of the biggest threats to industry, charities, health and citizens. Fin...
GetSafeOnline Some thoughts Today we saw the start of GetSafeOnline week commencing with a short summit in London a range of partners wer...
The Apple FBI saga The disagreement over Apple and the FBI has become a microcosm of the world of cyber and digital crime. Warrant...
I am helping Leeds University with a business Cybercrime Survey go to www.bit.do/cybersurvey to complete it or use the QR code. Many tha...
Many people are told when they call the police to report a fraud, especially a cyber based one that they should call ActionFraud or report ...
Following last week’s launch of The Cyber Security Breaches Survey which found that one in four large firms are experiencing a cyber br...
Having experienced a range of public violence in Btistol Bradford Birmingham and Harmondsworth I feel enabled to comment in support of the v...