18 July 2015

Kuwait's DNA Profiling

Kuwait is reported to be introducing a law that mandates on DNA registration of all 1.3 million Kuwaiti citizens and 2.9 million expatriates, with the national database expected to be complete by September next year.

Registration will be underpinned by a penalty of one-year imprisonment, a US$33,000 fine or both for those who refuse to undergo DNA testing. Provision of a fraudulent sample  will attract a penalty of seven years' imprisonment.

It is unclear whether the biological sample will involve blood or skin cells.

Registration will supposedly "contribute to increased security in the society and justice through quicker identification of culprits", apparently through quicker identification of alleged terrorists who are in custody.

A mandatory population-scale database of people who have not been convicted of a crime is problematical.

In the UK the salient judgment is S and Marper v United Kingdom [2008] ECHR 1581, in which the European Court of Human Rights ruled in 2008 that permanent retention of a non-criminal's DNA sample under the Police and Criminal Evidence Act 1984 "could not be regarded as necessary in a democratic society", was disproportionate and was contrary to Article 8 of the Convention for the Protection of Human Rights and Fundamental Freedoms. The Protection of Freedoms Act 2012 sought to limit the scope of the DNA database - in essence restriction to people convicted of serious crimes - and comply with the Marper ruling.

Morrisons

The UK Crown Prosecution Service has announced that Andrew Skelton, a former employee of the Morrisons supermarket group, has been found guilty of fraud, securing unauthorised access to computer material and disclosing personal data. Skelton was sentenced to eight years at Bradford Crown Court, in relation to stealing personal data belonging to nearly 100,000 Morrisons employees.

The CPS announcement states
Andrew Skelton was in a position of considerable trust with access to confidential personal information as Senior Internal Auditor at Morrisons. 
He abused this position by uploading this information - which included employees' names, addresses and bank account details - onto various internet websites. 
He then attempted to cover his tracks and implicate a fellow employee by using this colleague's details to set up a fake email account. 
Andrew Skelton's motive appears to have been a personal grievance over a previous incident where he was accused of dealing in legal highs at work. 
The potential loss to his victims and the sheer quantity of potentially compromised data was very significant and could have resulted in employees' identities being stolen. 
Currently Morrison's has incurred costs of almost £2 million as a result of this fraud, costs have included professional fees, legal fees and fees incurred through attempts to safeguard their employees.
The CPS alleged Skelton uploaded personal information — including employees’ names, addresses and bank details — to various websites and then attempted to cover his tracks.

Darwin Restitution

The UK Crown Prosecution Service has announced that it has recovered £40,000 from John Darwin, who attracted attention by faking his own death in one of the more colourful insurance frauds.

Darwin was found guilty of deception in 2008, having been reported missing in a canoe in the sea off Seaton Carew in March 2002. (Selected similar scams are noted here.) "Meanwhile, his wife collected hundreds of thousands of pounds in life insurance payouts, with John Darwin hiding in the marital home".

 The CPS comments that
The recent payment of £40,000 brings the total amount paid in confiscation orders by the Darwins to £541,762 and 39 pence. The £40,000 was paid on 28 July 2014 from John Darwin's pension, which he had deferred until the same time his licence preventing him for leaving the country was about to run out. 
Following his conviction, the court found that John Darwin had benefited by £679,194.62, but having pretended to be dead, all assets were in his wife's name. The court therefore made an order for £1 allowing the CPS to amend the order should any assets, such as this pension, become available. 
The Darwins now have no known assets remaining for confiscation.

DRIPA

In the UK the High Court has ruled in Davis & Ors v Secretary of State for the Home Department [2015] EWHC 2092 (Admin) [PDF] that the Data Retention and Investigatory Powers Act 2014 (DRIPA) - the UK mandatory metadata retention scheme - is “inconsistent with European Union law”.

The UK legislation requires requires telcos and ISPs  to retain traffic  data for a year, ie a shorter period than retention under the Australian regime introduced earlier this year.

It was challenged by Labour MP Tom Watson and the Conservative MP David Davis. The Government has announced that  it would appeal against the ruling and has - no surprises - offered the standard rationale that the absence of mandatory retention may result in police and investigators losing data that could save lives.

The Court declared that section 1 of the Act “does not lay down clear and precise rules providing for access to and use of communications data” and should be “disapplied”. DRIPA does not provide for independent court or judicial scrutiny to ensure that only data deemed “strictly necessary” is examined; and that there is no definition of what constitutes “serious offences” in relation to which material can be investigated.

The judgment in Davis states -
The challenge is to the validity of s 1 of DRIPA and the Regulations made under it as being contrary to European Union law, as expounded in the decision of the Grand Chamber of the Court of Justice of the European Union (“the CJEU”) in Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources and others and the conjoined case of Kärntner Landesregierung, Michael Seitlinger, Christof Tschohl and others delivered on 8th April 2014 and reported at [2015] QB 127. We shall refer to this decision as “Digital Rights Ireland”.
At common law, Acts of the United Kingdom Parliament are not open to challenge in the courts. But the position under EU law is different. Decisions of the CJEU as to what EU law is are binding on the legislatur es and courts of all Member States. The subtleties of the relationship between UK domestic courts and the European Court of Human Rights at Strasbourg arising, since 2000, from the duty under s 2(1) of the Human Rights Act 1998 to “take account” of the jurisprudence of that court, do not arise. The claimants (as a fallback to their EU law arguments) have pleaded an alternative claim for a declaration under s 4 of the HRA 1998 that s 1 of DRIPA is incompatible with their Convention rights; but this was scarcely mentioned in oral argument. Indeed, as will be seen later in this judgment, it was mainly counsel for the Home Secretary, not counsel for the claimant s, who asked us to take account of the jurisprudence of the Strasbourg c ourt in support of his arguments.
The present claims involve, as did Digital Rights Ireland, the CJEU’s interpretation of Articles 7 and 8 of the Charter of Fundamental Rights of the EU. Article 7 provides: “Everyone has the right to resp ect for his or her private and family life, home and communications.” Article 8 provides:
“1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 3. Compliance with these rules shall be subject to control by an independent authority.”
The first of these Articles is in identical terms to Article 8(1) of the ECHR, except that the word “correspondence” is replaced by “communications”. The second has no counterpart in the ECHR. ...
The extent of the State’s powers to require the retention of communications data and to gain access to such retained data are matters of legitimate political controversy both in the UK and elsewhere. The Queen’s Speech opening the new Parliament on 27 May 2015 indicated that “new legislation will modernise the law on communications data”. To take one example from abroad, on 2 June 2015 the US Congress passed one statute (the USA FREEDOM Act) restricting the data re tention powers previously conferred by another statute passed in 2001 (the USA PATRIOT Act). It is not our function to take sides in this continuing debate, nor to say whether in our opinion the powers conferred by DRIPA are excessive or not. We have to decide the comparatively dry question of whether or not they are compatible with EU law as expounded by the CJEU in Digital Rights Ireland.
The Court concludes - 
The application for judicial review succeeds. The Claimants are entitled to a declaration that section 1 of the Data Retention and Investigatory Powers Act 2014 is inconsistent with European Union law in so far as:
a) it does not lay down clear and precise rules providing for access to and use of communications data retained pursuant to a retention notice to be strictly restricted to the purpose of preventing and detecting precisely defined serious offences or of conducting criminal prosecutions relating to such offences; and
b) access to the data is not made dependent on a prior review by a court or an independent administrative body whose decision limits access to and use of the data to what is strictly necessary for the purpose of attaining the objective pursued.


FOI Commission in UK

A Hawke Review on steroids?

The UK Government has announced a Commission on Freedom of Information to review the FOI regime.

The statement to parliament indicates
We fully support the Freedom of Information Act but after more than a decade in operation it is time that the process is reviewed, to make sure it’s working effectively. The government has therefore today established an independent, cross-party Commission on Freedom of Information.
The Commission’s terms of reference are as follows:
The Commission will review the Freedom of Information Act 2000 (‘the Act’) to consider whether there is an appropriate public interest balance between transparency, accountability and the need for sensitive information to have robust protection, and whether the operation of the Act adequately recognises the need for a ‘safe space’ for policy development and implementation and frank advice.
The Commission may also consider the balance between the need to maintain public access to information, and the burden of the Act on public authorities, and whether change is needed to moderate that while maintaining public access to information.
The Commission will be chaired by Lord Burns, and will comprise the Rt Hon Jack Straw, Lord Howard of Lympne, Lord Carlile of Berriew and Dame Patricia Hodgson.
The Commission will report to the Minister for the Cabinet Office and will publish its findings by the end of November.
The statement features the usual rhetoric, with the Government claiming "We are committed to being the most transparent government in the world".
Our next Open Government National Action Plan will develop an offer on transparency that further strengthens this government’s commitment to open government. Our aim is to be as open as possible on the substance, consistent with ensuring that a private space is protected for frank advice. To that end as a government we must maintain the best environment for policy-makers to think freely and offer frank advice to decision-makers. The most effective system is when policy makers can freely give advice, whilst citizens can shine a light into government.

17 July 2015

Australian Credit Reporting Regime

The Australian Competition and Consumer Commission has announced that it proposes to grant a five year authorisation to the Australian Retail Credit Association Ltd (ARCA) regarding "principles for exchanging comprehensive consumer credit data between signatory credit reporting bodies and lenders".

Those 'Principles of Reciprocity and Data Exchange (PRDE). In February this year ARCA sought
authorisation in relation to provisions of the PRDE that fall into the following categories: Reciprocity Obligations, Consistency Obligations and Enforceability Provisions. ARCA has developed these principles following amendments to the Privacy Act which allow a much broader range of consumer credit information to be collected and exchanged. The PRDE only applies to consumer credit information and credit reporting information.
Authorisation provides statutory protection from court action for conduct that might otherwise raise concerns under the competition provisions of the Competition and Consumer Act 2010. Broadly, the ACCC may grant an authorisation when it is satisfied that the public benefit from the conduct outweighs any public detriment.
 The ACCC considers that the provisions will help overcome a reluctance in the industry to share consumer credit information, facilitating a more complete exchange between credit providers and each credit reporting body. This will lead to increased competition both between credit reporting bodies and between lenders and assist lenders to comply with their responsible lending obligations at less cost.” 
The ACCC states that
Veda, a leading credit reporting body, has raised concern that the provisions are unduly prescriptive and that there will be adverse consequences for competition. Consumer advocacy bodies have also raised concerns about recording repayments under financial hardship arrangements. 
“The ACCC accepts that there are some potential public detriments arising from the costs imposed by the provisions. However, these costs appear to be relatively small and offset by the cost savings and other benefits of these provisions,” 
The ACCC is seeking submissions (by 14 August 2015) regarding the draft determination.

Coercion and privacy in prisons

'Regulating Prison Sexual Violence' by Gabriel Arkles in (2015) 7(1) Northeastern University Law Journal 71-130 argues
An end to sexual violence requires bodily autonomy, sexual self- determination, redistribution of wealth and power, and an end to subordination based on gender, race, disability, sexuality, nationality, and class. Because the project of incarceration does not align with bodily autonomy, sexual self- determination, redistribution, or anti-subordination, tensions arise within areas of law that purport to prohibit sexual violence in or through prisons. This article examines these tensions, analyzing the ways in which constitutional, statutory, and administrative law permit or require correctional staff, medical personnel, and law enforcement officers to control, view, touch, and penetrate bodies in nonconsensual, violent, and intimate ways—sometimes while using the rhetoric of ending sexual violence. In particular, the article focuses on searches, nonconsensual medical interventions, and prohibitions of consensual sex as ways that prison systems perpetrate sexual violence against prisoners while often complying with First, Fourth and Eighth Amendment law and the Prison Rape Elimination Act. While these practices harm all prisoners, they can have particularly severe consequences for prisoners who are transgender, women, queer, disabled, youth, or people of color. This article raises questions about the framing of sexual violence as individual acts that always take place outside or in violation of the law, suggesting that in some contexts the law still not only condones sexual violence, but also acts as an agent of sexual violence. 
Arkles states
 In 2012, the Supreme Court’s decision in Florence v. Burlington permitted agents of the government to conduct strip searches of misdemeanor arrestees without reasonable suspicion. Within a month, the Department of Justice (DOJ) promulgated federal regulations for the Prison Rape Elimination Act (PREA), providing guidance to federal, state, and local carceral agencies pursuant to a statutory mandate to detect, prevent, reduce, and punish prison rape. The PREA regulations purport to—and to some extent do— limit circumstances where prisoners experience touching, viewing, or other manipulation of their genitals, anus, buttocks, or breasts against their will. Florence, on the other hand, expands circumstances where prisoners undergo searches of their naked bodies. These contemporaneous legal developments reveal doctrinal and normative questions about the nature of sexual violence and the role of the government in preventing, perpetrating, and punishing it. 
In this article, I argue that a fundamental tension arises in efforts to curb carceral sexual violence. Preventing sexual violence requires an expansion of bodily autonomy for prisoners, in that to be free from sexual violence one must have at least the ability to prevent certain nonconsensual acts upon the body. Also, sexual self-determination, including not only the freedom to say “no,” but also to say “yes,” is an integral part of preventing sexual violence. And as many women-of-color feminists and critical theorists have established, freedom from sexual violence requires redistribution of wealth and power6 and an end to gender, racial, class, sexuality, nationality, and disability-based subordination.
However, imprisonment demands major infringements on the bodily autonomy and self-determination of prisoners that courts, regulators, and legislatures frequently hesitate to curtail. For example, carceral agencies routinely require their staff and contractors to perform strip searches, body cavity searches, and nonconsensual medical interventions on prisoners: acts that have much in common with other forms of sexual violence. Carceral agencies and their staff control the movements, activities, clothing, sexual expression, basic hygiene, nutrition, and virtually every other aspect of the biological and social lives of prisoners. As Alice Ristroph argues, incarceration is inherently a sexual punishment, because of the extent of corporal control that carceral systems exert over prisoners. Incarceration cannot be fully desexualized. Carceral mechanisms also aggravate inequitable distribution of wealth and power, as well as subordination on the basis of race, gender, class, disability, nationality, religion, and sexuality. 
A reluctance to frankly confront the tension between protection of autonomy and maintenance of control has diminished possibilities for meaningfully and transparently addressing carceral sexual violence. In this article, I begin that frank confrontation. 
In Part I, I examine how we identify certain acts as sexual violence or not-sexual violence. Race, gender, the motivation of the perpetrator, and the role of law and government have an enormous, and unjustifiable, impact on which acts U.S. legal systems and the public consider sexually violent. I then discuss certain forms of official carceral sexual violence, particularly searches, certain nonconsensual medical interventions, and prohibitions on consensual sex, explaining why we should consider them forms of sexual violence. Lawmakers have made most, but not all, of these forms of official carceral sexual violence lawful. The claim that searches, in particular, are a form of sexual violence is not new, but it remains controversial, and therefore worth elaborating.
Next, in Part II, I explain maneuvers that lawmakers, including legislatures, courts, agencies, and individuals who work for these parts of the government, use to promote forms of carceral sexual violence. Lawmakers do not necessarily form a specific conscious intent to defend sexual violence; they may believe their own rationalizations. Nonetheless, these maneuvers support sexual violence. 
With one key maneuver, they create legal schemes that prevent prisoners from having the power or money to effectively contest what happens to them. This maneuver reduces the chance not only that prisoners will successfully challenge which acts are defined as lawful, but also that they will have meaningful recourse regarding the many acts of sexual violence that are already defined as unlawful. Another maneuver manipulates definitions of sexual violence to create exclusions for acts that would otherwise fall into those definitions, but which lawmakers wish to protect or promote. This maneuver is what makes so much official carceral sexual violence lawful. The last maneuver I examine involves defending forms of sexual violence in the name of ending sexual violence, a particularly contradictory but peculiarly powerful way to diffuse opposition to carceral sexual violence and to maintain the appearance of legitimacy for sexually violent government actions. 
Finally, I offer an imagined alternative statutory scheme that would contest these maneuvers. Instead of manipulating definitions, this scheme would candidly address both lawful and unlawful sexual violence. Instead of keeping power and money away from prisoners, it would create a compensation scheme and empower a committee elected by prisoners to make further changes. Instead of pretending that sexual violence could help prevent sexual violence, it would address prevention of sexual violence by reducing incarceration. I offer this alternative more as a thought experiment than as a serious proposal to work toward for policy reform; I cannot defend it against a host of constitutional and moral objections, except to say that it is somewhat better than what we have now. However, I think it helps to open up thinking about what it would mean to be honest about what we do with our carceral systems, and what we could do with attempts to reform them.

16 July 2015

Cyclist Photo-ID

Mandatory registration of cyclists and use of a cyclist photo-ID?

The SMH reports that "Bike riders in NSW may soon be legally required to carry photo identification", with a proposal being discussed at a roundtable convened by the state Roads Minister to discuss cycling safety issues. The Minister last year stated that he was "increasingly persuaded" that a cyclist licensing system was needed.

The SMH notes
The policy being canvassed at the roundtable could be a softening of that idea, requiring cyclists to only carry existing forms of identification, such as a driver's licence. But it would still be a novel concept. 
As Mr Gay himself wrote to the Member for Vaucluse, Gabrielle Upton, "there are no precedents for mandatory bicycle registration or cyclist licensing in Australia".  ... 
Advocacy group Bicycle Network told its members on Tuesday that it would not support laws requiring cyclists to carry ID in NSW. 
One source at Monday's meeting said the government acknowledged it would not be feasible to introduce registration for cyclists, nor new licences, but was keen to require cyclists to carry regular identification. 
"That's the agenda," the source said. "There would be exemptions for people under 18 and things like that." 
Harold Scruby, the chairman of the Pedestrian Council, said there was a "consensus" that, at $69, fines for cyclists were too low. "We all agreed that registration is going to be difficult but perhaps anyone over the age of 18 should be required to carry some form of ID".