Monday, 27 July 2015

£100 & £500 fees for DP & FOI Tribunal appeals

With little fanfare, and at the start of the summer holiday season, the Ministry of Justice has published its response to an earlier consultation paper on enhanced fees for divorce proceedings, possession claims, general applications in civil proceedings and is now consulting on proposals for further fees.


Until you realise that, tucked away in paragraphs 124-127, is the proposal to introduce fees for proceedings in the First-tier Tribunal (General Regulatory Chamber).

This chamber deals with a range of regulatory matters, eg those concerning charities, consumer credit, gambling, transport and appeals from decisions of the Information Commissioner.  Currently the only fee income is generated from appeals in relation to gambling licences.

In 2013-14 the estimated cost of the General Regulatory Chamber was £1.6m. The fee income generated from gambling licence appeals was £11,600. The MoJ plans to increase the Chamber's fee income to £350,000 by levying new fees.

The proposal is to charge a fee of £100 to issue proceedings, which would entitle the claimant to a decision based on a review of the papers. The claimant may alternatively elect for an oral hearing, in which case a further fee of £500 would be payable. Based on current volumes, the MoJ estimates that this proposal would generate a cost recovery percentage of around 17% after remissions.

The fees will also apply to “reference” cases where cases are started in the first-tier Tribunal but have to be referred directly to the Upper Tribunal for a first instance hearing.

What is not known is what impact this will have on justice. When fees for referrals to employment tribunals were introduced, the volume of referrals to the tribunals collapsed. Will this move deter a similar percentage of unhappy DP complainants? Given the extremely low volume of DP cases that are currently referred to the Tribunal, it may be some time before this becomes evident.

I suspect that, given the relatively high number of FOI cases that are referred to the Tribunal, we’ll soon learn what effect the introduction of fees will have here.

Will fees really deter claimants who passionately believe in the strength of their case, but lack the funds to place their £100 / £500 punt? I doubt it. Already I’ve seen one consultant tweeting that he’ll stump up the £100 fee for four cases himself – so if the market wants it, there ought to be a safety valve for complainants who are financially stretched.

But fewer appeals to the Tribunal would mean less work for the ICO (with a consequential impact on staffing levels) and on the demand for highly skilled legal advice from our chums at 11 Kings Bench Walk.

The MoJ is inviting comments on this proposal by the end of the summer holiday season (15 September).

So, take a break from your well-earned summer holiday write to the MoJ if you really feel passionately about the matter.



Friday, 24 July 2015

How can we can WhattsApp spam?

I’ve just started to receive emails from an organisation that develops WhattsApp marketing campaigns for data controllers. They’re so keen to explain that it's the latest cost-effective way to drive more business. With 96% open rate and 10 times response rate than emails, WhatsApp marketing appears as the new game changer.  WhatsApp is the best mode for text messaging because: WhatsApp is free, runs on any mobility platform, is used by millions worldwide, and supports text, audio and video.”

The blurb breathlessly continues: “Our WhatsApp marketing campaigns are customized as per your business needs. You can now broadcast your business text message to your targeted customer base wherever they are. Direct and efficient messaging like never before. Whether you want to increase your business or willing to attract new prospects, our WhatsApp marketing plan will help you to do so. Let's develop a professional brand identity with WhatsApp.”

The blurb almost mentions the privacy issue: “Our WhatsApp bulk messaging plans are meant to communicate your business message to highly targeted group who are interested in your business. Our bulk messaging plans are backed with range tools to track and manage your message campaigns.”

But, given the extremely low cost of sending WhattsApp messages, I wonder how long it will be before the less privacy-minded organisations embark on direct and intrusive marketing campaigns that will make me question the utility  of the WhattsApp platform for messaging in general.

Given the wide range of other communication platforms in current use, our WhattsApp chums are going to need to monitor these WhattsApp marketing initiatives pretty carefully, in case they irreparably tarnish WhattsApp’s (current) great image.

Monday, 20 July 2015

Peeping into secret directions

In his latest report, the Interception of Communications Commissioner has shed more light on the workings of a secret piece of legislation than has any other public official at any time during the past 30 years.

Students of telecommunications law will scan with considerable interest the few pages he’s devoted to Section 94 of the Telecommunications Act 1984, which enables ministers to give secret directions to Communication Service Providers.

Section 94 provides that the Secretary of State shall lay before each House of Parliament a copy of every direction given under this section unless he is of opinion that disclosure of the direction is against the interests of national security or relations with the government of a country or territory outside the United Kingdom, or the commercial interests of any person. Section 94(5) states that a person shall not disclose, or be required by virtue of any enactment or otherwise to disclose, anything done by virtue of this section if the Secretary of State has notified him that the Secretary of State is of the opinion that disclosure of that thing is against the interests of national security or relations with the government of a country or territory outside the United Kingdom, or the commercial interests of some other person.”

No details on what directions have been issued, or indeed if any have ever been withdrawn, are publicly available. For the first time, Sir Anthony May explains that his office had previously provided limited oversight in respect of one set of Section 94 directions, but the report offers no indication as to whether other sets of directions still exist.

Sir Anthony’s comments are helpful in that the public now knows that directions can: be given by any Secretary of State and do not automatically expire after a certain period. There does not appear to be a comprehensive central record of the directions that have been issued by the various Secretaries of State.”

Accordingly, Sir Anthony recommends that future legislation should require his office (or successor oversight body) to be informed about all existing directions in order that they can be properly overseen. While law students may have assumed that Home Office ministers would have been aware of all directions that had been imposed on Communication Service Providers, Sir Anthony’s comment raises the intriguing possibility that, say, Foreign Office ministers might well have issued directions to assist the work of MI6, without necessarily telling the Home Office ministers who were responsible for overseeing the work of MI5.

The relevant Communication Service Providers could then have been placed in the invidious position of providing various services for different intelligence agencies, trying really hard not to tip each agency off about what they were doing for another agency. If this sounds like the plot of a French farce, you’re not mistaken.

I suggest that, in addition to the comprehensive central record of all directions being held by the Interception of Communications Commissioner, all directions should also be formally reviewed at 6 monthly intervals. This would at least remind ministers that they were accountable for ensuring that is was still necessary for the directions to be in place, and for their existence to remain a secret.

As this is Sir Anthony’s last report before stepping down, I want to record my appreciation for the way he has permitted his officials to put their heads above the IOCCO parapet and engage with the public in a much more open manner than was considered appropriate by previous Commissioners. I do hope that his successor will have a similar view as to the public role his officials should play. The IOCCO is seen as an effective regulator, winning respect from a wide range of privacy champions.

Let’s wish that the good work will continue, by the IOCCO or whatever successor organisation is created to oversee the surveillance community. 



Friday, 17 July 2015

Publishing pictures of celebrities - the paparazzi have more rights than the police

When is it (generally) inappropriate to publish pictures of celebrities in public places? It's fine to publish them if you’re a media organisation, but not if you’re a law enforcement body.


Because the DPA requires data controllers to restrict their processing activities to those activities that the data controller has registered with the ICO. Newspapers, by their very nature, process personal data for journalistic purposes. This is not a purpose that law enforcement bodies have previously declared.

In accordance with our data protection laws, it can be appropriate for newspapers to publish pictures of celebrities in public places, particularly when the celebrities are currently promoting shows that feature themselves. So, the recent pictures of Messrs Clarkson, Hammond & May, currently touring Australia with their motor show, leaving an Australian Airport, are fair game because they were taken by the paparazzi. But, recent pictures of Michael Mcintyre, currently promoting his UK comedy tour, leaving the Capital Radio studios in London’s Leicester Square, are not fair game, because they were taken and published by the police.

It's a funny old world. I assume the officer who thought it would be fun to publish Michael Mcintyre’s picture on the National Police Air Support Unit’s Twitter account had no idea how the privacy Taliban would react. Well, that officer does, now.

The Surveillance Camera Commissioner and the Information Commissioner have both waded into the debate, so we can be confident that the National Police Air Support Unit will be tweeting fewer pictures of celebrities in future.

But all is not lost. The paparazzi will continue to be out in force, and a grateful public will still be able to feast their eyes on snaps of celebrities who, often working hand-in-hand with the paps, provide arresting images of themselves.



Wednesday, 15 July 2015

RUSI’s surveillance report

Following the publication of reports into surveillance recently carried out by Parliament’s Intelligence & Security Committee and David Anderson, the Independent Review of Terrorism, RUSI have now delivered their verdict on the current situation.  RUSI’s 20 recommendations broadly support those made in the previous reports, and they complement many of the recommendations made by the Joint Parliamentary Committee on the draft Communications Data Bill, back in 2012.

Little new material has been unearthed – which is not surprising, as all three bodies basically took evidence from the same group of witnesses. The witnesses included Caspar Bowden, who sadly died last week.Few people are likely to take the opportunity to read this particular report – after all, its not calling for a change in surveillance outcomes, but more of a tweak to the procedures that deliver these outcomes. Law enforcement investigators are likely to continue to be able to get what they currently get, although the they may be required to go through a different legal and supervisory regime to get it.

For those of us with really short attention spans, here are a few of the highlights that caught my eye as I read the report:
  • Privacy policies can be really wordy, especially when compared to the works of Shakespeare. Hamlet has 30,066 words, Macbeth 18,110. Long privacy policies have been published by PayPal (36,275); Apple iTunes (19,972), Windows Live (14,714), Apple iOS 5 (13,366), Facebook (11,195), Google All-inclusive (10,640), Apple iCloud (10,742), Twitter (4,445). [2.42]
  • In the past, neither the government nor the overseers had felt it necessary to provide information about how the law regarding interception was actually being applied in practice. As a result, these processes were not well understood by politicians or the wider public, which made the media’s allegations of wrongdoing (ie the Snowden allegations) all the more powerful. [3.5]
  • The current Home Secretary Theresa May has said that warrantry decisions occupy ‘more of my time ... than anything else’. [3.40]
  • Rather than provoking a fundamental shift in CSP and target behaviour, the disclosures by Edward Snowden have accelerated existing trends. For example, as targets are more security-aware, it has become much harder to intercept communications and to counter encryption. Of real concern is that co-operation from CSPs has reduced – a key issue for the police and the National Crime Agency as well. [3.47]
  • During the Panel’s visit to the NCA, officers appeared satisfied with the current limit of twelve months for data retention. Any longer becomes unnecessary, as there are diminishing returns on data retained beyond this period; any shorter, however, would be problematic. Details from Operation Notarise – a substantial operation targeting people allegedly accessing child abuse images online – were used by the NCA to illustrate this. After 4,000 requests for communications data to trace who these individuals were, 92 per cent of suspects were identified, ultimately leading to 660 arrests. However, if the data retention period limit had been less than the current twelve-month period, the outcome would have been very different:

    • Only 13 per cent of suspects would have been identified had the data-retention period been three months
    • Thirty-nine per cent would have been identified had the data-retention period been six months
    • Sixty-six per cent would have been identified had the data-retention period been nine months. [3.63]
  • RUSI is particularly concerned that levels of technical understanding among policy-makers and legislators are seriously deficient and the best use is not being made of the technical expertise already available. Support and advisory bodies, such as the Technical Advisory Board and Communications Data Steering Group, are not being exploited to their full potential. Government officials must have sufficient understanding of relevant technical issues to both assess the needs of the agencies and provide credible oversight of their activities. [5.47]
  • The [oversight] commissioners do not have a significant public profile. Despite providing substantial oversight of warrants and the activities of the agencies, the work of the commissioners does not currently translate into greater levels of public understanding. Their annual reports place a great deal of information in the public domain on the work of the agencies and their compliance with legal regulations, but these are not widely read or publicly debated. [5.64]
  • The offices of some of the commissioners are very proficient (especially IOCCO). It is important to ensure that all commissioners are supported by sufficient resources to ensure the breadth and depth of investigations. These resources should comprise a breadth of expertise (to be able to consider broad, thematic issues), a depth of knowledge in certain areas (including technical knowledge of coding and algorithms to inspect methods of data collection and analysis, for example) and individuals from a variety of backgrounds (including those with technical, legal, investigative and NGO experience).
Lets see what legislative changes the Home Office now proposes, given the publication of these three reports.