Internet Surveillance in Brazil (2)

I’ve been catching up with what has been going on in Brazil in terms of Internet surveillance over the past few months. The good news is that the opposition has had some success in persuading several members of Brazil’s lower house, the Chamber of Deputies, to take their criticisms seriously.

Sérgio Amadeu, who is an Professor at the Faculade Cásper Líbero in São Paulo, a self-described ‘militant for free software’, and one of the originators of the ‘NÃO’ campaign against the proposed bill of Senator Azeredo, reported in December on the outcome of a public consultation on the bill and a flashmob protest against it in São Paulo in November. The outcome has been that a new counter-proposal is being developed by various activist organisations and individuals together with Deputy Julio Semeghini favouring Internet freedom. In fact, the proposal would recast Azeredo’s proposed law on the basis of net citizenship rather than cybercrime.

Professor Amadeu claims that now the Ministry of Justice is in contact with the campaign and that the Secretary for Legislative Affairs at the Ministry, Pedro Abramovay, has apparently shown that he is rather more interested in an appropriate balance between Internet freedom and security. I am always rather suspicious about talk of ‘balance’ in these contexts, and we still don’t know who these impressions will be transformed into action or how many lower house legislators share Deputy Semeghini’s view, but it sounds like there is some reason to be positive – that and the fact that as of today, 134494 people have signed the petition against Azeredo’s bill.

New UK government attack on information rights

… a blatant attempt to gut the already inadequate safeguards in the Data Protection Act…

Time for some news from back home in Airstrip One… I’ve argued since our Report on the Surveillance Society came out back in 2006, that two of the biggest problems with information rights in Britain are:

  1. the lack of any constitutional protection for personal information and the consequent contingency of any laws on data protection; and
  2. the apparent belief on the part of the state that it has information rights over the personal information of citizens (or subjects, in reality).

Thus the state can demand information for the ID card scheme under threat of fines or even imprisonment, yet it is entirely the individual’s fault if information is incorrect.

Now, the ever-vigilant NO2ID campaign has noticed something that few others have, that hidden in a new criminal justice bill, the Coroners and Justice Bill is a measure to amend the Data Protection Act to enable government ministers to issue so-called ‘Information Sharing Orders’.

The clause (152, in Part 8, if you’re interested) reads as follows:

152 Information sharing

(1) After section 50 of the Data Protection Act 1998 (c. 29) insert—

“Part 5A Information Sharing

50A Power to enable information sharing

(1) Subject to the following provisions of this Part, a designated authority may by order (an “information-sharing order”) enable any person to share information which consists of or includes personal data.

(2) For the purposes of this Part—

“designated authority” means—

(a) an appropriate Minister,

(b) the Scottish Ministers,

(c) the Welsh Ministers, or

(d) a Northern Ireland department;

“appropriate Minister” means—

(a) the Secretary of State,

(b) the Treasury, or

(c) any other Minister in charge of a government department.

(3) For the purposes of this Part a person shares information if the person—

(a) discloses the information by transmission, dissemination or otherwise making it available, or

(b) consults or uses the information for a purpose other than the purpose for which the information was obtained.

(4) A designated authority may make an information-sharing order only if it is entitled to make the order by virtue of section 50C and it is satisfied—

(a) that the sharing of information enabled by the order is necessary to secure a relevant policy objective,

(b) that the effect of the provision made by the order is proportionate to that policy objective, and

(c) that the provision made by the order strikes a fair balance between the public interest and the interests of any person affected by it.

(5) An information-sharing order must—

(a) specify the person, or class of persons, enabled to share the information;

(b) specify the purposes for which the information may be shared;

(c) specify the information, or describe the class of information, that may be shared.

(6) An information-sharing order may not enable any sharing of information which (in the absence of any provision made by the order)”

Whilst this is not necessarily “as grave a threat to privacy as the entire ID Scheme” as NO2ID claim, the clause is written so broadly (a characteristic of New Labour’s approach to legislating) that it could mean that a Minister with the will could authorise any kind of personal information from any source to be used for as yet unspecified purposes for which it was never intended to be used. It is a blatant attempt to gut the already inadequate safeguards in the Data Protection Act, albeit in particular (ill-defined) instances and at Ministerial level, rather than a blanket provision applying to almost all public authorities (like say, the Regulation of Investigatory Powers Act(RIPA) which enabled local authorities to spy on people for tiny suspected infractions).

However, we shouldn’t allow the precedent to be set at any level…

Check the No2ID site for what you can do to stop this clause.