- In November 2016, the controversial Investigatory Powers Act 2016 reformed the legal framework governing the surveillance powers available to law enforcement and intelligence agencies, significantly undermining privacy (see Surveillance, Privacy, and Anonymity).
- The WannaCry attack was one of the first major instances of a cyberattack affecting UK public-facing health service infrastructure (see Technical Attacks).
Internet freedom declined in 2017 as the Investigatory Powers Act (IP Act) authorized a range of surveillance powers, including some bulk surveillance of individuals who are not the targets of criminal or national security investigations. The WannaCry ransomware attack also exploited vulnerabilities in national public health infrastructure to impede care for patients.
The UK has consistently been an early adopter of new information and communication technologies (ICTs). Internet coverage is almost universal, with competitive prices and generally fast speeds. Mobile devices, especially smartphones, have become the most prevalent means of internet access. However, strategies to combat extremist as well as offensive speech online periodically threaten to curb legitimate expression.
The IP Act was given royal assent on November 29, 2016. The law was devised to clarify, update, and define powers of surveillance available to intelligence, police, and security services. Though it introduced some new oversight mechanisms, it was a step back for privacy in several respects. The law authorized bulk surveillance measures that the United Nations special rapporteur on privacy called “disproportionate” and “privacy-intrusive.” It also increased requirements for internet companies to cooperate with investigations, including potentially “removing electronic protection” from encrypted communications or data where possible.
The law was passed despite ongoing findings about UK surveillance overreach. The Investigatory Powers Tribunal ruled that UK intelligence agencies had unlawfully conducted bulk data collection for 17 years before the activity was publicly disclosed in 2015. Separately, an EU court found that that data retention requirements for companies operating in the UK “cannot be considered to be justified” in a democratic society. But the IP Act codified similar practices and others that were even more concerning.
ICT infrastructure is generally strong and policies and regulation tend to favor access. The overwhelming majority of UK citizens use the internet frequently on a variety of devices, particularly smartphones, and substantial investments led by the government have led to better levels of service.
Availability and Ease of Access
Access to the internet is considered to be a key element determining societal and democratic participation in the UK. Broadband access is almost ubiquitous, and nearly 100 percent of all households are within range of ADSL connections. All national mobile network operators offer 4G mobile communication technology, with outdoor 4G coverage from at least one network accessible in over 89 percent of UK premises.1
The UK provides a competitive market for internet access, and prices for communications services compare favorably with those in other countries. Prices remain competitive as the scope of services increases. A sample mobile data plan cost around GBP 10 (US$ 12) a month in 2017; the most affordable fixed-line broadband packages were available for a little over GBP 30 (US$ 37) a month.2 The average monthly income was GBP 2,774 (US$ 3,480) in 2016.3
The Digital Economy Act 2017 provides that a minimum of 10 Mbps broadband access is effectively a legal right.4 Progress continues towards the expansion of “superfast” broadband that has an advertised speed of at least 30 Mbps.5 In 2015, 30 percent of all broadband connections were superfast, compared to 0.2 percent in 2009,6 and more than 80 percent of all UK premises have superfast broadband access availability.7 A voucher scheme covering up to GBP 3,000 (US$ 4,440) of installation costs for small and medium enterprises has been in place in 50 British cities since 2015.8
Mobile telephone penetration is extensive. In 2016, 66 percent of adults reported a smartphone was their primary device for accessing the internet,9 and reported valuing their smartphone over any other communication or media device;10 the smartphone was identified as the primary device for access in five out of nine online activities.11
People in the lowest income groups are significantly less likely to have home internet subscriptions, with the gap between socioeconomic groups remaining the same for the past few years. However, in 2016 it was found that internet use in the 65 to 74 age group has increased by nearly 70 percent since 2011.12 Of the 15 percent of adults without household internet access, 12 percent reported having no intention to obtain it.13 There is a no general gender gap in internet use, though two-thirds of women over 75 have never used the internet.14
Restrictions on Connectivity
The government does not place limits on the amount of bandwidth ISPs can supply, and the use of internet infrastructure is not subject to direct government control. ISPs regularly engage in traffic shaping or slowdowns of certain services (such as peer-to-peer file sharing and television streaming). Mobile providers have cut back on previously unlimited access packages for smartphones, reportedly because of concerns about network congestion.
The five major internet service providers (ISPs) are British Telecom (BT) with a 32 percent market share, Sky (23 percent), Virgin Media (19 percent), TalkTalk (13 percent), EE (4 percent) and others (8 percent).15 Through local loop unbundling—where communications providers offer services to households using infrastructure provided mainly by BT and Virgin—a wider number of companies provide internet access. Ninety-five percent of homes could receive unbundled telecommunications services by 2015.16
ISPs are not subject to licensing but must comply with general conditions set by Ofcom, such as having a recognized code of practice and being a member of a recognized alternative dispute-resolution scheme.17
Among mobile operators, EE leads the market with 29 percent of subscribers, followed by O2 (27 percent), Vodafone (19 percent), Three (11 percent), and Tesco (8.5 percent).18 Mobile Virtual Network Operators, including Tesco, provide service using the infrastructure of one of the other four.
Ofcom, an independent statutory body, is the primary telecommunications regulator under broad definitions of responsibility for “citizens,” “consumers,” and “communications matters” granted to it under the Communications Act 2003.19 It is responsible to Parliament and also regulates the broadcasting and the postal sectors.20 Ofcom has some content regulatory functions with implications for the internet, such as regulating video content in keeping with the European Union (EU) AudioVisual Media Services Directive.21
Nominet, a nonprofit company operating in the public interest, manages access to the .uk, .wales, and .cymru domains. In 2013, Nominet implemented a post-registration domain name screening to suspend or remove domain names that encourage serious sexual offenses.22
Other groups regulate services and content through voluntary ethical codes or co-regulatory rules under independent oversight. In 2012, major ISPs published a “Voluntary Code of Practice in Support of the Open Internet.”23 The code commits ISPs to transparency and confirms that traffic management practices will not be used to target and degrade the services of a competitor. The code was amended in 2013 to clarify that signatories could deploy content filtering or provide such tools where appropriate for public Wi-Fi access.24
Criminal online content is managed by the Internet Watch Foundation (IWF), an independent self-regulatory body funded by the EU and industry bodies (see “Blocking and Filtering”).25 The Advertising Standards Authority and the Independent Press Standards Organization regulate newspaper websites. With the exception of child abuse content, these bodies eschew pre-publication censorship and operate post-publication notice and takedown procedures within the E-Commerce Directive liability framework (see “Content Removal”).
- 1. Ofcom, The Communications Market Report 2015, p.1.
- 2. Mobile SIM-only plan from BT. BT, SIM-Only deals, Value Starter Plan https://www.productsandservices.bt.com/mobile/sim-only-deals. For fixed-lined service, see https://www.broadbandchoices.co.uk/news/broadband/bt-announces-price-in…; and https://www.productsandservices.bt.com/products/broadband-packages/. BT prices include line rental, which was GBP 18.99 in 2017.
- 3. World Bank, “GDP per capita, PPP (current international $),” International Comparison Program Database, http://data.worldbank.org/indicator/NY.GDP.PCAP.PP.CD.
- 4. s 1 Digitial Economy Act 2017; Jamie Rigg, How the Digital Economy Act will come between you and porn and everything else you need to know about the new legislation, Engaget, 5 March 2017 https://www.engadget.com/2017/05/03/digital-economy-act-explainer/
- 5. For local area progress in broadband provision, see DCMS, Table of local broadband projects, October 2014, https://docs.google.com/spreadsheet/ccc?key=0Ah3sVRjT82kKdEltX0lJNjNVWW….
- 6. Ofcom, The Communications Market Report 2015, p3.
- 7. DCMS, 2.5 million more UK homes and businesses can now go superfast, https://www.gov.uk/government/news/25-million-more-uk-homes-and-busines… .
- 8. DCMS, 2.5 million more UK homes and businesses can now go superfast note 12.
- 9. Ofcom, Adults’ media usage and attitudes, April 2016 http://stakeholders.ofcom.org.uk/binaries/research/media-literacy/adult….
- 10. Ofcom, Adults’ media usage and attitudes, April 2016 http://stakeholders.ofcom.org.uk/binaries/research/media-literacy/adult….
- 11. Ofcom, Adults’ media usage and attitudes, April 2016 http://stakeholders.ofcom.org.uk/binaries/research/media-literacy/adult….
- 12. Office for National Statistics, “Internet users in the UK 2016,” May 20, 2016, https://www.ons.gov.uk/businessindustryandtrade/itandinternetindustry/b….
- 13. Ofcom, The Communications Market Report 2015, p.352.
- 14. Office for National Statistics, “Internet users in the UK 2016,” p. 2.
- 15. Ofcom, The Communications Market Report 2016, p.152.
- 16. Ofcom, The Communications Market Report 2015, p. 282.
- 17. Ofcom, Consolidated Version of General Conditions of Entitlement (London: Ofcom), December 16, 2013, http://stakeholders.ofcom.org.uk/binaries/telecoms/ga/GENERAL_CONDITION….
- 18. Ofcom, The Communications Market Report 2016, p.153.
- 19. Communications Act 2003, Part 1, Section 3, http://www.legislation.gov.uk/ukpga/2003/21/contents.
- 20. https://www.ofcom.org.uk/about-ofcom/what-is-ofcom
- 21. DigitalTV Europe, “Ofcom to take over VoD regulation from ATVOD” 14 October 2015, http://www.digitaltveurope.net/443191/ofcom-to-take-over-vod-regulation….
- 22. Nominet, “Nominet to update registration policy in light of Lord Macdonald review,” 15 January 2014, http://www.nominet.org.uk/news/latest/nominet-update-registration-polic….
- 23. Broadband Stakeholder Group, “ISPs launch Open Internet Code of Practice,” July 25, 2012, http://www.broadbanduk.org/2012/07/25/isps-launch-open-internet-code-of….
- 24. Broadband Stakeholder Group, “ISPs launch Open Internet Code of Practice,” May 2013, http://www.broadbanduk.org/wp-content/uploads/2013/06/BSG-Open-Internet….
- 25. The Internet Watch Foundation, https://www.iwf.org.uk/.
Various categories of criminal content such as depictions of child sexual abuse, promotion of extremism and terrorism, and copyright infringing materials are blocked by UK ISPs. Parental controls over content considered unsuitable for children are enabled by default on mobile networks, requiring adults to opt out to access adult material. These measures can result in overblocking, and a lack of transparency persists regarding the processes involved and the kind of content affected. Allegations of online content manipulation were made during the reporting period.
Blocking and Filtering
The Digital Economy Act 2017, passed in April, introduces a number of requirements on ISPs and content providers. Section 14(1) requires content providers to verify the age of users accessing online pornography. The legislation envisions a regulator which will provide guidance on the means and mechanisms for providers to achieve compliance. The regulator may issue fines of up to GBP 250,000 (US$ 330,000) or 5 percent of the provider’s turnover, whichever is greater, for noncompliance.1 In mid-2017, the British Board of Film Certification (BBFC) signed letters of understanding with the government to take up the role.2 The legislation also generated controversy by including provisions to allow blocking of “extreme” pornographic material under standards which critics said were poorly defined and unevenly applied.3
Service providers already block and filter some illegal and some legal content in the UK, with varying degrees of transparency. Illegal content falls into three categories. First, ISPs block illegal content depicting child sexual abuse. Second, overseas-based URLs hosting content that has been reported by police for violating the Terrorism Act 2006 —which prohibits the glorification or promotion of terrorism—are included in the child filters supplied by many ISPs, and are inaccessible in schools, libraries, and other facilities considered part of the “public estate.” The list of sites in these two categories is kept from the public to prevent access to unlawful materials. Finally, ISPs are also required to block domains and URLs found to be hosting material that infringes copyright when ordered by the High Court. Those orders are not kept from the public, but can be hard to obtain.4
Separately, all mobile service providers and some ISPs providing home service filter legal content considered unsuitable for children. Mobile service providers enable these filters by default, requiring customers to prove they are over 18 to access the unfiltered internet. In 2013, the four largest ISPs agreed with the government to present all customers with an “unavoidable choice” about whether to enable parentally controlled filters.5
measures,” December 16, 2015, http://stakeholders.ofcom.org.uk/binaries/internet/fourth_internet_safe… Civil society groups say those filters lack transparency and affect too much legitimate content, making it hard for consumers to make informed choices, and for content owners to appeal wrongful blocking.
ISPs block URLs using content filtering technology known as Cleanfeed, which was developed by BT in 2004.6 In 2011, a judge described Cleanfeed as “a hybrid system of IP address blocking and DPI-based URL blocking which operates as a two-stage mechanism to filter specific internet traffic.” While the process involves deep packet inspection (DPI), a granular method of monitoring traffic that enables ISPs to block individual URLs rather than entire domains, it does not enable “detailed, invasive analysis of the contents of a data packet,” according to the judge’s description. Other, similar systems adopted by ISPs besides BT are also “frequently referred to as Cleanfeed,” the judge wrote.7
ISPs are notified about websites hosting content that has been determined to break, or potentially break UK law under different procedures:
- The Internet Watch Foundation (IWF) compiles a list of specific URLs containing photographic or computer-generated depictions of child sexual abuse or criminally obscene adult content to distribute to ISPs and other industry stakeholders who support the foundation through membership fees.8 ISPs block those URLs in accordance with a voluntary code of practice set forth by the Internet Services Providers’ Association (see “Regulatory Bodies”). IWF analysts evaluate sites hosting material that potentially violate a range of UK laws,9 in accordance with a Sexual Offences Definitive Guideline published by the Sentencing Council under the Ministry of Justice.10 The IWF recommends that ISPs notify customers why the site is inaccessible,11 but some have returned error messages instead.12 The IWF website allows site owners to appeal their inclusion on the list. Citizens can also report criminal content via a hotline. In 2008, the IWF blacklisted a Wikipedia page displaying an album cover depicting a naked girl based on a complaint. Other Wikipedia users reported that the block affected their ability to edit the site’s user-generated content,13 and the IWF subsequently removed the page from the list.14 An independent judicial review of the human rights implications of IWF's operations conducted in 2014 said the body’s work was consistent with human rights law.15 The IWF appointed a human rights expert in accordance with one of the review’s recommendations, but deferred action on another to restrict its remit to child sexual abuse.16
- The police Counter Terrorism Internet Referral Unit compiles a list of URLs hosted overseas containing material considered to glorify or incite terrorism under the Terrorism Act 2006,17 which are filtered on networks of the public estate, such as schools and libraries; they can still be accessed on private computers.18 In 2014, the four largest ISPs, BT, Virgin, Sky, and TalkTalk, said they would also include this content in parental filters.19
- The UK High Court can order ISPs to block websites found to be infringing copyright under the Copyright, Designs, and Patents Act 1988.20 The High Court has held that publishing a link to copyright infringing material, rather than actually hosting it, does not amount to an infringement;21 this approach was confirmed by the Court of Justice of the European Union.22 In 2014, a new intellectual property framework included exceptions for making personal copies of protected work for private use, as well as for “parody, caricature and pastiche.”23 Copyright-related blocking has been criticized for its inefficiency and lack of transparency.24 In 2014, after lobbying from the London-based Open Rights Group, BT, Sky, and Virgin Media began informing visitors to sites blocked by court order that the order can be appealed at the High Court.25
Mobile service providers also block URLs identified by the IWF as containing potentially illegal content. However, Mobile UK, an industry group which consists of Vodafone, Three, EE, and O2,26 introduced additional filtering of content considered unsuitable for children in a code of practice published in 2004 and updated in 2013.27
mobiles,” version 3, July 1, 2013, http://www.mobilebroadbandgroup.com/documents/UKCodeofpractice_mobile_1… These child filters are enabled by default in mobile internet browsers, though users can disable them by verifying they are over 18. Mobile Virtual Network Operators are believed to “inherit the parent service's filtering infrastructure, though they can choose whether to make this available to their customers.”28 Transparency about what content is affected depends on the provider. O2 allows its users to check how a particular site has been classified.29
The filtering is based on a classification framework for mobile content published by the BBFC.30 Definitions of content the BBFC considers suitable for adults only include “the promotion, glamorization or encouragement of the misuse of illegal drugs;” “sex education and advice which is aimed at adults;” and “discriminatory language or behavior which is frequent and/or aggressive, and/or accompanied by violence and not condemned,” among others. The BBFC adjudicates appeals from content owners about overblocking and publishes the results quarterly.31
The four largest ISPs, BT, Sky, Virgin Media and TalkTalk, offer all customers the choice to activate similar filters to protect children under categories that vary by provider, but can include social networking, games, and sex education.32 Website owners can check whether their site is filtered under one or more category, or report overblocking, by emailing the industry-backed nonprofit group Internet Matters,33 though the process and timeframe for correcting mistakes varies by provider.
These optional filters can affect a range of legitimate content about public health, homosexuality, drug awareness, and even information published by civil society groups and political parties. In 2012, O2 customers were temporarily unable to access the website of the right-wing nationalist British National Party.34 Civil society groups also have criticized the subjectivity of the content selected for filtering. A 2014 magazine article noted that all ISPs had blocked dating sites with the exception of Virgin Media, which operates one.35 During the coverage period of this report, an Ofcom report said that ISPs include “proxy sites, whose primary purpose is to bypass filters or increase user anonymity, as part of their standard blocking lists.”36 Transparency about the process remains lacking. In August 2015, when a watchmaking business complained to BT that their company website was blocked by its Parental Control software, the provider responded that the process had been outsourced to “an expert third party,” and that BT was “not involved.”37
Blocked!, a site operated by the Open Rights Group, allows users to test the accessibility of websites and report overblocking of content by both home broadband and mobile internet providers.38 In mid-2016, the website listed 11,715 sites blocked by default filters, meaning a user would have to proactively disable the filter in order to view the content affected. A further 21,239 sites were blocked by filters which users enable by choice. By early 2017, these figures have changed to 20,390 sites blocked by strict filters and 10,558 by default filters.
Content in different categories, including extremism and hate speech, may be subject to removal in the UK, though authorities often struggle to enforce the relevant laws.
During the coverage period, the government accused social media platforms of not doing enough to combat hate speech.39 In one example revealed during a trial for terrorism offenses committed online, police said their attempts to remove content published by the defendant from Twitter and YouTube had repeatedly failed, as the authorities had no powers to compel these platforms to remove the content.40 The Home Office published guidance for tackling hate speech, which included more efforts to monitor and regulate online activities.41 This should be viewed within the context of the IP Act (see “Surveillance, Privacy, and Anonymity”), which empowers law enforcement agencies to require telecommunication service providers to retain content data about users.
Different regulations affect content removal. Material blacklisted by the IWF because it constitutes a criminal offense (see “Blocking and Filtering”) can also be subject to removal. When the content in question is hosted on servers in the UK, the IWF coordinates with police and local hosting companies to have it taken down. For content that is hosted on servers overseas, the IWF coordinates with international hotlines and police to get the offending content taken down in the host country. Similar processes are in place for the investigation of online materials inciting hatred under the oversight of TrueVision, a site that is managed by the police.42
The Terrorism Act calls for the removal of online material hosted in the UK if it “glorifies or praises” terrorism, could be useful for terrorists, or incites people to carry out or support terrorism. A Counter Terrorism Internet Referral Unit (CTIRU) was set up in 2010 to investigate internet materials and take down instances of “jihadist propaganda.”43 The CTIRU compiles lists of URLs hosting such material outside its jurisdictions, which are then passed on to service providers for voluntary filtering (see “Blocking and Filtering”). In June 2015, then-Home Secretary Theresa May said the unit was taking down “about 1,000 pieces of terrorist-related material per week.”44
Website owners and companies who knowingly host illicit material and fail to remove it may held liable, even if the content was created by users, according to EU Directive 2000/31/EC (the E-Commerce Directive).45 Subsequent updates to the Defamation Act effective since 2014 limited companies’ liability for user-generated content that is considered defamatory. However, the Defamation Act offers protection to website operators from private libel suits based on third-party postings only if the victim alleging defamation can find the user responsible.46 The act does not specify what sort of information the website operator must provide to plaintiffs, but raised concerns that unauthenticated ID or anonymous internet use may prevent the operator from benefiting from the act’s liability protections, thus encouraging website operators to register users to avoid civil liability.47
In May 2014, the European Court of Justice gave search engines the task of removing links from their search results at the request of individuals if the stories in question were deemed to be inadequate or irrelevant. The so-called “right to be forgotten” ruling has had an impact on the way content is handled in the UK. Google reported receiving 70,498 requests involving the UK, requesting the removal of 272,570 URLs from its search results by July 2017, and complied in 39 percent of cases.48 The BBC publishes regular lists of its news stories which have been delisted by search engines.49 In 2016, Google expanded the right to be forgotten by removing links from all versions of its search engine.50 Despite the UK ending its EU membership, the government and the data protection regulator, the Information Commissioner’s Office (ICO), have committed to implementing EU guidance on data protection, the General Data Protection Regulation,51 which comes into force in May 2018. Under this guidance, the right to be forgotten will continue to apply in the UK.
Media, Diversity and Content Manipulation
Self-censorship is difficult to measure in the UK, but not a grave concern. After the January 2015 attack on the French publication Charlie Hebdo some news outlets refrained from publishing the magazine’s controversial cartoons of the prophet Muhammad,52 but the decision was not government influenced or mandated.
Due to the UK’s extensive surveillance practices (see “Surveillance, Privacy and Anonymity”), it is possible that certain online groups self-censor to avoid potential government interference. Media and civil society groups filed legal challenges after former National Security Agency (NSA) Edward Snowden made public the surveillance practices of the Government Communications Headquarters (GCHQ), indicating heightened concern about the privacy of their communications. In September 2014, the London-based Bureau for Investigative Journalism filed an application with the European Court of Human Rights to rule on whether UK legislation properly protects journalists’ sources and communications from government scrutiny and mass surveillance.53 In January 2015, the European Court of Human Rights prioritized the case,54 but in mid-2017 it remained pending.
There is no evidence of widespread government manipulation of online content, though a secretive unit of GCHQ, the Joint Threat Research Intelligence Group, is reported to have pseudonymously created content and social media accounts as part of an online propaganda strategy designed to “discredit, promote distrust, dissuade, deter, delay, or disrupt” targets, among other goals. The unit’s operations were publicized in a 2011 document leaked by Snowden, and apparently targeted individuals or specific organizations “who pose criminal, security, and defense threats” rather than a general readership. It’s not clear if the unit remains active.55
There were allegations that the quality of media made available of social networks was manipulated around the 2016 referendum and the 2017 election, adding to the polarization of political discourse online. The main beneficiary of such activities was not immediately clear.
In the lead up to the June 2016 referendum on UK membership of the European Union, the political discourse was largely conducted online. Both sides of the referendum had their messages artificially amplified by social media bots, or automated accounts.56 But hashtags associated with the leave side dominated on Twitter, with research demonstrating that bots played a “small but strategic” role.57 Quantitative analysis of other social media sites found more posts sympathetic to the leave campaign;58 the same was found in independent research on Instagram users.59 Racially motivated online abuse was also documented around the Brexit vote (see “Digital Activism” and “Intimidation and Violence”).
In May 2017, Facebook reported it had removed tens of thousands of fake accounts to limit the impact of deliberately misleading information disguised to look like news reports, which spread online prior to the June election.60 It was not clear if actors circulating these fake reports had a coherent agenda or how big their influence was. One group accused Facebook and Twitter of failing to curb disinformation depicting Muslims and migrants in a bad light.61 The government initiated a Parliamentary inquiry on fake news during the reporting period, but the inquiry was automatically concluded by the general election before it had published any findings.62
Online media outlets face economic constraints that negatively impact their financial sustainability, but these are due to market forces, not political intervention. Publications have struggled to find a profitable system for digital platforms, though more than half the population report consuming news online. Diverse views are present online, but may not be widely read. In 2014, 59 percent of people said they obtain news from the BBC website or app, 18 percent through Google, and 17 percent on Facebook.63
The UK lacks explicit protections for net neutrality, the principle that ISPs should not throttle, block or otherwise discriminate against internet traffic based on content. Ofcom called for a self-regulatory approach to the issue in 2011,64 describing the blocking of services and sites by ISPs as “highly undesirable” but subject to self-correction based on market forces.65 Developments at EU level could have an impact on net neutrality provisions in the UK, after agreement has been reached to ban paid prioritization—content owners being able to pay to ISPs to push their content first—across the EU as part of the Digital Single Market policy package, which seeks to strengthen the digital economy through increased support and access.66 As the United Kingdom is ending its membership of the European Union, it remains to be seen whether the government will adopt another position or maintain its current approach.
Online political mobilization continues to grow both in terms of numbers of participants and numbers of campaigns, and some groups used digital tools to document and combat racist abuse during the reporting period, including TellMAMA (Measuring Anti-Muslim Attacks), a group which tracked reports of attacks or abuse submitted by British Muslims online.67
Petition and advocacy platforms such as 38 Degrees and AVAAZ continue to grow, and civil society organizations view online communication as an indispensable part of a wider campaign strategy, though efficacy of online mobilization remains subject to debate and it is generally impossible to explain success with reference to online campaigns alone.
- 1. s 20(2) of the Digital Economy Act 2017
- 2. British Board of Film Classification. Digital Economy Bill Letters of Understanding http://www.bbfc.co.uk/media-centre/digital-economy-bill-letters-of-unde…
- 3. Damien Gayle, “What, how and why? The UK’s new online porn restrictions explained” The Guardian 25 November 2016 https://www.theguardian.com/culture/2016/nov/25/what-how-and-why-the-uk…
- 4. 451 Unavailable, “UK Blocking Orders,” https://www.451unavailable.org/uk-blocking-orders/.
- 5. Ofcom, “Ofcom report on internet safety
- 6. Martin Bright, “BT puts block on child porn sites,” The Guardian, June 6, 2004, https://www.theguardian.com/technology/2004/jun/06/childrensservices.ch…; "TCP Reset is sent back to the customer instead of content," The Guardian, December 8, 2008, https://www.theguardian.com/technology/blog/2008/dec/08/internet-censor…; Open Rights Group Wiki, “Cleanfeed,” https://wiki.openrightsgroup.org/wiki/Cleanfeed.
- 7.  EWHC 1981 (Ch), accessible: http://news.bbc.co.uk/2/shared/bsp/hi/pdfs/28_07_11_bt_newzbin_ruling.p….
- 8. Internet Watch Foundation, “URL List Policy,” https://www.iwf.org.uk/members/member-policies/url-list.
- 9. Internet Watch Foundation, “Laws Relating to the IWF's Remit,” https://www.iwf.org.uk/hotline/the-laws.
- 10. Sentencing Council, Sexual Offences Definitive Guideline, https://www.sentencingcouncil.org.uk/wp-content/uploads/Final_Sexual_Of….
- 11. Internet Watch Foundation, “Blocking: Good Practice,” https://www.iwf.org.uk/members/member-policies/url-list/blocking-good-p….
- 12. Open Rights Group Wiki, “Cleanfeed,” https://wiki.openrightsgroup.org/wiki/Cleanfeed.
- 13. BBC News, “Wikipedia child image censored,” December 8, 2008, http://news.bbc.co.uk/2/hi/uk_news/7770456.stm.
- 14. ISP Review, “Internet Watch Foundation U-Turns on Wikipedia Block,” December 10, 2008, http://www.ispreview.co.uk/news/EkkllAlVuVbKzPsVgN.html.
- 15. “IWF audited on human right,” January 27, 2014, https://www.iwf.org.uk/about-iwf/news/post/380-iwf-audited-on-human-rig….
- 16. https://www.iwf.org.uk/what-we-do/who-we-are/human-rights-audit
- 17. Open Net Initiative, “United Kingdom,” December 18, 2010, https://opennet.net/research/profiles/united-kingdom#footnote47_syc8fbo; Terrorism Act 2006, http://www.legislation.gov.uk/ukpga/2006/11/pdfs/ukpga_20060011_en.pdf.
- 18. What do they Know, attachment to the Freedom of Information request “Current status of terrorist internet filtering,” June 28, 2013, https://www.whatdotheyknow.com/request/160774/response/404100/attach/ht…
- 19. Patrick Wintour, “UK ISPs to introduce jihadi and terror content reporting button,” The Guardian, November 13, 2014, https://www.theguardian.com/technology/2014/nov/14/uk-isps-to-introduce…
- 20. Sections 17 and 18 of the Digital Economy Act (DEA) of 2010 separately allowed for the courts to order websites containing “substantial” violations of copyright to be blocked. In August 2011, the government announced that the DEA’s blocking provisions would be dropped, in part because it was already authorized under another law. BBC News, “Government drops website blocking,” August 3, 2011, http://www.bbc.com/news/technology-14372698.
- 21. Paramount Home Entertainment International Ltd v British Sky Broadcasting Ltd  EWHC 3479 (Ch). For instances where the individual is merely browsing the content, the Supreme Court has held that this does not amount to an infringement. PRCA v The Newspaper Licensing Agency Limited  UKSC 18.
- 22. Case C-466/12 Svensson and others v Retreiver Sverige, full judgement at: http://curia.europa.eu/juris/document/document.jsf?docid=147847&doclang…
- 23. “Major reform of intellectual property comes into force,” UK Department for Business, Innovation and Skills, September 30, 2014, https://www.gov.uk/government/news/major-reform-of-intellectual-propert….
- 24. Ofcom, “Site blocking” to reduce online copyright infringement,” May 27, 2010 http://stakeholders.ofcom.org.uk/binaries/internet/site-blocking.pdf.
- 25. Jim Killock, “Website blocking orders made more transparent,” Open Rights Group, December 5, 2014, https://www.openrightsgroup.org/blog/2014/website-blocking-orders-made-….
- 26. Mobile UK was formerly the Mobile Broadband Group. Mobile UK, “Who we are,” http://www.mobilebroadbandgroup.com/about-mobile-uk.html
- 27. Mobile Broadband Group, “UK Code of practice for the self-regulation of content on
- 28. Blocked! “Frequently Asked Questions,” https://www.blocked.org.uk/faq.
- 29. O2, “Site Checker,” http://urlchecker18plus.o2.co.uk/.
- 30. BBFC, “Mobile Content: Framework,” http://www.bbfc.co.uk/what-classification/mobile-content/framework. In 2013, the British Board of Film Classification took over this function from the Independent Mobile Classification Body. See, BBFC, “BBFC replaces the Independent Mobile Classification Board (IMCB) as the regulation framework provider for mobile internet content,” July 1, 2013, http://www.bbfc.co.uk/about-bbfc/media-centre/bbfc-replaces-independent….
- 31. BBFC, “Quarterly Report,” http://www.bbfc.co.uk/what-classification/mobile-content/quarterly-repo….
- 32. Ofcom, “Ofcom report on internet safety measures.”
- 33. https://www.internetmatters.org/parental-controls/info-site-owners/
- 34. Thomas Brewster, O2 blocks BNP website as ‘hate site’, Tech Week Europe, May 18, 2012, http://www.techweekeurope.co.uk/workspace/o2-blocks-bnp-website-as-hate….
- 35. Steven Mackenzie, “Internet Access: Are You Being Subjected To 'Private Sector Censorship?'” The Big Issue, September 10, 2014, http://www.bigissue.com/features/4323/internet-access-are-you-being-sub….
- 36. Ofcom, “Ofcom report on internet safety measures.”
- 37. Blocked! “The personal cost of filters,” https://www.blocked.org.uk/personal-stories.
- 38. Blocked! “Are you being blocked?” https://www.blocked.org.uk/.
- 39. Helen Warrell and Madhumita Murgia, ‘Social media groups accused of terror fight failings’ Financial Times, August 26, 2016 https://www.ft.com/content/5d608f40-6a16-11e6-ae5b-a7cc5dd5a28c
- 40. ‘Twitter and YouTube would not remove Anjem Choudary’s posts, court told’ The Guardian, August 16, 2016 https://www.theguardian.com/media/2016/aug/16/twitter-youtube-anjem-cho….
- 41. Home Office, Hate crime action plan 2016, https://www.gov.uk/government/publications/hate-crime-action-plan-2016
- 42. True Vision, “Internet Hate Crime,” http://www.report-it.org.uk/reporting_internet_hate_crime.
- 43. “2010 to 2015 government policy: counter-terrorism,” Gov.UK, May 8, 2015, https://www.gov.uk/government/publications/2010-to-2015-government-poli…; National Police Chiefs Council, “The Counter Terrorism Internet Referral Unit,” http://www.npcc.police.uk/NPCCBusinessAreas/PREVENT/TheCounterTerrorism….
- 44. They Work For You, House of Commons Debate, June 11, 2015, c1367, https://www.theyworkforyou.com/debates/?id=2015-06-11c.1353.0#g1367.1.
- 45. Legislation at: http://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX%3A32000L0031.
- 46. Mike Masnick, “Did UK Gov’t Already effectively Outlaw Anonymity Online With Its New Defamation Law?,” TechDirt, August 11, 2014, https://www.techdirt.com/articles/20140807/17234928145/did-uk-govt-alre….
- 47. Eric Goldman, “UK’s New Defamation Law May Accelerate The Death of Anonymous User-Generated Content Internationally,” Forbes, Sept. 9, 2014, http://www.forbes.com/sites/ericgoldman/2013/05/09/uks-new-defamation-l…; Mike Masnick, “Did UK Gov’t Already effectively Outlaw Anonymity Online With Its New Defamation Law?,” TechDirt, Aug. 11, 2014, https://www.techdirt.com/articles/20140807/17234928145/did-uk-govt-alre….
- 48. Google Transparency Report, “European privacy requests for search removals,” https://www.google.com/transparencyreport/removals/europeprivacy/.
- 49. Kevin Rawlinson, Google in ‘right to be forgotten talks with regulator’, BBC News, 13 May 2015 http://www.bbc.co.uk/news/technology-32720944.
- 50. It had previously removed them only on the local version in the country where the request originated, such as Google.co.uk, leaving them accessible to UK-based users searching international versions like Google.com. The change applies only to users with IP addresses indicating they are located within the jurisdiction of the removal request. The links remain available in searches conducted outside that jurisdiction. ‘Google takes wider action on 'right to be forgotten' BBC News, February 11 2016, http://www.bbc.co.uk/news/technology-35548532.
- 51. Max Metzger, “ICO sets out international vision and route to GDPR compliance”, SC Media, 5 July 2017 https://www.scmagazineuk.com/ico-sets-out-international-vision-and-rout….
- 52. “News orgs censor Charlie Hebdo cartoons after attack,” Politico, January 7, 2015, http://www.politico.com/blogs/media/2015/01/news-orgs-censor-charlie-he….
- 53. A summary of the Bureau’s application to the European Court of Human Rights: https://www.thebureauinvestigates.com/2014/09/14/a-summary-of-the-burea….
- 54. Melanie Newman, “Surveillance state Boost for press freedom campaign as European court prioritises Bureau’s legal challenge to UK snooping laws,” Bureau of Investigative Journalism website, January 20, 2015, https://www.thebureauinvestigates.com/2015/01/20/boost-press-freedom-eu….
- 55. “Invasion of the troll armies: from Russian Trump supporters to Turkish state stooges,” https://www.theguardian.com/media/2016/nov/06/troll-armies-social-media…; https://theintercept.com/2015/06/22/controversial-gchq-unit-domestic-la…; https://theintercept.com/document/2015/06/22/behavioural-science-suppor….
- 56. Caitlin Dewey, ”How online bots conned Brexit voters,” Washington Post, June 27, 2016, https://www.washingtonpost.com/news/the-intersect/wp/2016/06/27/how-onl….
- 57. Howard, Wooley, “Computational Propaganda Worldwide,” University of Oxford, working paper 2017, http://comprop.oii.ox.ac.uk/wp-content/uploads/sites/89/2017/06/Casestu…
- 58. John Hermann, “‘Brexit’ Talk on Social Media Favored the ‘Leave’ Side,” New York Times, June 24, 2016, http://www.nytimes.com/2016/06/25/business/brexit-talk-on-social-media-….
- 59. Vyacheslav Polonski, “Social media voices in the UK’s EU referendum,” Mashable, May 15, 2016 https://medium.com/@slavacm/social-media-voices-in-the-uks-eu-referendu….
- 60. Mark Scott, “Facebook Aims to Tackle Fake News Ahead of U.K. Election,” New York Times, MAY 8, 2017, https://www.nytimes.com/2017/05/08/technology/uk-election-facebook-fake…
- 61. AOL, “Facebook and Twitter fail to remove misleading Britain First videos,” June 7, 2017,” http://www.aol.co.uk/news/2017/06/07/facebook-and-twitter-fail-to-remov…
- 62. UK Parliament, Digital, Culture, Media and Sport Committee, Fake news inquiry, https://www.parliament.uk/business/committees/committees-a-z/commons-se…
- 63. Ofcom, “News Consumption in the UK,” June 2014, http://stakeholders.ofcom.org.uk/binaries/research/tv-research/news/201….
- 64. Ofcom, Ofcom’s approach to net neutrality, November 11, 2011, http://stakeholders.ofcom.org.uk/consultations/net-neutrality/statement/.
- 65. European Commission, ‘Digital Single Market’, http://ec.europa.eu/digital-agenda/en/eu-actions; Andrus Ansip, “Making the EU work for people: roaming and the open internet,” blog, European Commission, July 8, 2015, https://ec.europa.eu/commission/2014-2019/ansip/blog/making-eu-work-peo….
- 66. European Commission, ‘Digital Single Market’, http://ec.europa.eu/priorities/digital-single-market_en
- 67. CBS/AP, “Worrying rise in racist abuse linked to Brexit?” June 29, 2016, http://www.cbsnews.com/news/brexit-increase-racist-anti-immigrant-musli…
The government has placed significant emphasis on stopping the dissemination of terrorist and hate speech online and on protecting individuals from targeted harassment on social media. User rights are undermined by extensive surveillance measures used by the government to monitor the flow of information for law enforcement and foreign intelligence purposes. These were expanded upon in the Investigatory Powers Act that passed during the reporting period. Technical attacks also exposed vulnerabilities in public infrastructure.
The UK does not have a written constitution or other omnibus legislation detailing the scope of governmental power and individual rights. Instead, these constitutional powers and individual rights are encapsulated in various statutes and common law. The provisions of the European Convention on Human Rights (ECHR) were adopted into law via the Human Rights Act 1998. In 2014, Conservative Party officials announced intentions to repeal the Human Rights Act in favor of a UK Bill of Rights in order to give British courts more control over the application of human rights principles.1 During the 2017 election campaign, Prime Minister Theresa May had initially scaled back those ambitions.2 However, in June 2017, she reopened the possibility of significantly amending human rights legislation in order to more aggressively target terrorists in light of high profile attacks in Manchester and London.3
The UK has stringent hate speech offenses encapsulated in a number of laws (see Table 1). Some rights groups say they are too broadly worded. Defining what constitutes an offense has been made more difficult by the development of communications platforms, and prosecutions are becoming more common (see “Prosecutions and Detentions for Online Activities”).
Table 1: List of Legislation Regarding Offensive Speech
The Crown Prosecution Service (CPS) publishes specific guidelines for the prosecution of crimes “committed by the sending of a communication via social media.”8 Updates in 2014 put digital harassment offenses committed with the intent to coerce the victims into sexual activity under the Sexual Offences Act 2003, which carries a maximum of 14 years in prison.9 Revised guidelines issued in March 2016 identified four categories of communications subject to possible prosecution: credible threats; communications targeting specific individuals; breach of court orders; and grossly offensive, false, obscene, or indecent communications.10 They also advised prosecutors to consider the age and maturity of the poster. Some observers said this could criminalize the creation of pseudonymous accounts, although only in conjunction with activity considered abusive.11 In October 2016, the CPS updated its guidelines to cover more abusive online behaviors, including organized harassment campaigns or “mobbing,” and doxxing, the deliberate publication of personal information online without permission to facilitate harassment.12
The Copyright, Designs, and Patents Act 1988 carries a maximum two-year prison sentence for offenses committed online. In July 2015, the government held a public consultation regarding a proposal to increase the sentence to 10 years. Of the 1,011 responses, only 21 supported the proposal,13 but a 2016 government consultation paper announced plans to submit an amendment to include the 10-year maximum sentence to parliament “at the earliest available legislative opportunity,”14 and it was incorporated into law with the passage of the Digital Economy Act 2017.
Libel laws that tended to favor the plaintiff had previously led to a large number of libel suits with only tenuous connection to the UK being brought in its courts, a phenomenon known as “libel tourism.” This has had a chilling effect on free speech in the UK, which the Defamation Act 2013 intended to reduce. Sections which took effect in January 2014 require claimants to prove that England and Wales is the most appropriate forum for the action, set a serious harm threshold for claims, and codify certain defenses such as truth and honest opinion. The overall number of defamation cases in the UK had fallen by 40 percent in 2015, according to the latest available data.15
Prosecutions and Detentions for Online Activities
Police frequently arrest individuals for posts promoting terrorism, issuing threats, or containing racist abuse, and have been accused of overreaching in the past. However, jail sentences for speech that is protected under international human rights norms remain rare. Criminal charges publicized in the past year involved violent threats; some are included here for reference, not because free speech advocates in the UK have challenged the prosecutions.
Guidelines clarifying the scope of offenses involving digital communications may be helping to cut down on the more egregious speech-related prosecutions observed in the past (see “Legal Environment”). But the scale of prosecutions remain a concern. According to a Freedom of Information (FOI) request in October 2014,16 12,000 people were prosecuted for offensive speech on social media between 2008 and 2013. Another FOI request made to the Metropolitan Police in London revealed 3,669 arrests for online communications were made in the city between 2010 and 2015.17 There remains scope for local police departments to pursue complaints that many democracies would view as civil cases. In early 2016, for example, police in Scotland detained 28-year-old Markus Meechan overnight after he uploaded a video of himself teaching his girlfriend’s dog to perform a Nazi salute on YouTube as a prank.18 The trial was set for the end of 2017.
Other cases involve terrorism offenses. In September 2016, for example, an extremist Muslim cleric was sentenced to five and a half years out of a maximum ten years in prison for urging support of the Islamic State militant group in YouTube videos and other social media posts. Addressing the defendant, the judge said “you knowingly crossed the line between the legitimate expression of your own views and the criminal act of inviting support for an organisation which was at the time engaged in appalling acts of terrorism,” according to news reports.19
Other criminal cases publicized in the past year involved threats of violence:
- In December 2016, police in East London arrested a man in relation to a post on Twitter asking someone to “Jo Cox” Anna Soubry MP. Cox, also a member of Parliament, was murdered in June 2016 while intervening in a fight during the Brexit campaign.20 The man was given a suspended jail sentence of 10 weeks under section 127 of the Communications Act in June 2017.21
- In March 2017, police charged 50-year-old Rhodri Philipps on three counts of sending racially aggravated malicious communications. He had been arrested in January and released on bail. News reports said he was accused of publishing “menacing” Facebook posts, including one offering anyone GBP 5,000 (US$ 6,560) to run over Gina Miller, the principle claimant in a legal case which led to a Supreme Court ruling that the government must seek approval from parliament before starting the process for the UK to leave the EU. He pleaded not guilty in May, and the charges were pending at the end of the coverage period. 22 Another man arrested in a separate case involving online threats against Miller was released without charge in December 2016. Police also issued eight cease and desist orders warning other individuals to stop threatening Miller or face police action.23 In the wake of the Supreme Court’s ruling, some social media users called for Miller to be hung, hunted, and shot.24
Personal slurs, on the other hand, were punished with community orders:
- A father in Essex county was required to complete unpaid community service under a one-year community order for calling staff of his son’s school “child abusers” on Facebook; he was barred from posting on the school’s Facebook page under a restraining order in June 2016.25
- In September 2016, a man in Sunderland was sentenced to an 18 month community order, including hours of rehabilitation activities and supervision, for two offenses—posting a “gross racial slur” about a nurse who was treating him in hospital on Facebook, and an unrelated assault.26
Other arrests for online content are periodically reported:
- In June 2017, just outside the coverage period of this report, a man and a woman were arrested on suspicion of inciting racial hatred in connection with online videos depicting a man burning a Koran.27
- Also in June, police in London arrested a man on suspicion of sending malicious communications and obstructing a coroner. News reports said he had posted pictures of the body of one of the victims of a fatal fire in a west London tower block on social media.28
A high profile libel verdict was issued during the reporting period. The case was the first high profile case of defamation on Twitter, and the media personalities involved attracted intense media scrutiny. Jack Monroe, a food blogger and social activist, successfully sued columnist Katie Hopkins for the latter’s insinuation on Twitter that Monroe had defaced or condoned the defacement of a World War II memorial during May 2015 protests in response to the Conservative Party general election victory. Hopkins had confused Monroe with another commentator who defended the protesters’ actions,29 and Monroe filed suit after Hopkins refused her offer to accept a public apology along with a GBP 5,000 (USD 6,600) donation to charity. The judge held that two tweets by Hopkins contained “meanings with a defamatory tendency which were published to thousands,” causing Monroe “substantial distress, but also harm to her reputation which was serious, albeit not “very serious” or “grave.”” He ordered Hopkins to pay GBP 24,000 (USD 31,700) in damages and an estimated GBP 107,000 (USD 141,400) in costs. 30
Surveillance, Privacy, and Anonymity
The Investigatory Powers Act 2016 (IP Act) was signed into law during the reporting period, even while provisions it was based on were ruled unlawful. It attracted criticism from a wide range of political perspectives.
The new law authorizes law enforcement and intelligence agencies’ surveillance powers in a single omnibus act.31 Surveillance became a major point of contention in the UK following revelations about the mass, or bulk surveillance activities of GCHQ and its international counterparts in documents leaked by Edward Snowden and published in the Guardian and other outlets since June 2013. Bulk surveillance poses a challenge to maintaining the integrity of civil rights as it affects individuals who are not considered of interest to intelligence and security services, without those individuals being informed about it. Subsequent independent reviews of law enforcement and intelligence agencies’ investigatory powers found surveillance regulation in need of reform. But Guardian journalist Ewan MacAskill, who helped publish the Snowden leaks, said the IP Act had introduced “the most sweeping surveillance powers in the western world.”32
The Investigatory Powers Act, which passed on November 29, 2016, covers interception, equipment interference, and data retention, among other areas.33 Equipment interference ranges “from remote access to computers, to downloading covertly the contents of a mobile phone during a search.”34
The act distinguishes between domestic and overseas targets. It specifically enables the bulk interception and bulk acquisition of communications data sent or received by individuals outside the British Isles, as well as bulk equipment interference involving “overseas-related” communications, information, and equipment data defined under Section 176. Communications where both the sender and the receiver are in the United Kingdom are subject to targeted warrants, though several individuals, groups, or organizations may be covered under a single warrant in connection with a single investigation.
However, the internet’s distributed architecture renders privacy protections based on the physical location of the subject of interception highly porous. Communications exchanged within the UK may be rerouted overseas, a fact that intelligence agencies have exploited in secret to conduct bulk surveillance programs like Tempora (see below).
Part 7 of the IP Act introduces warrant requirements for intelligence agencies to retain or examine “personal data relating to a number of individuals” where “the majority of the individuals are not, and are unlikely to become, of interest to the intelligence service in the exercise of its functions.”35 Datasets may be “acquired using investigatory powers, from other public sector bodies or commercially from the private sector.”36 Time limits for the initial examination of bulk datasets are set at three months “where the set of information was created in the United Kingdom” and six months otherwise (Section 220).
The IP Act establishes a new commissioner appointed by the prime minister to oversee investigatory powers under Section 227. Lord Justice Fulford, an appeal court judge, was appointed to the role in Mach 2017.37 The law also includes some other safeguards like “double-lock” interception warrants. These require approval from the Secretary of State (meaning the Home Secretary in security and terrorism investigations) or the Scottish Ministries in Scottish cases. The warrants must then be independently approved by a judge, although the Secretary alone approves urgent warrants. Under Section 32, urgent warrants last five days; others expire after six months unless renewed under the same double-lock procedure. The act allows authorities to prohibit telecommunications providers from disclosing the existence of a warrant.
Intercepting authorities authorized to apply for targeted warrants include police commissioners, intelligence service heads, and revenue and customs commissioners.38 Applications for bulk interception, bulk equipment interference, and bulk personal dataset warrants can only be made to the Secretary of State “on behalf of the head of an intelligence service by a person holding office under the Crown” and must be reviewed by a judge.
Provisions under Part 3 of the act allow the Secretary of State to issue data retention notices requiring telecommunications providers to capture information about user activity, including browser history, and retain it for up to 12 months. Providers of front-end communications platforms and cybercafe operators could also be required to comply. DRIPA, the law this requirement is modelled on, has been ruled unlawful in the UK and the EU (see below). The law defines the telecommunications operators who comply with warrants and requests as anyone who “offers or provides a telecommunications service to persons in the United Kingdom.”
These records or metadata reveal anything about a communication except the actual content,39 and a range of bodies can access them. Any “relevant public authorities” may request communications data with the approval of a designated senior official of a relevant public authority. This appears to cover practically any public body, though Section 62 attaches conditions to requests for internet-specific connection records, like limiting them to investigations of crimes punishable by more than one year in prison.40 Local authorities must also obtain a magistrate’s approval. Applications to view data “for the purpose of identifying or confirming a source of journalistic information” are explicitly allowed, with judicial review, under Section 77.
Public authorities already access communications data with some frequency. The 2012 Protection of Freedoms Act also requires local authorities to obtain the approval of a magistrate to access communications data.41 In 2015, 761,702 items of communications data were acquired by public authorities, according to the Interception of Communications Commissioner, who acts as a reviewer and ombudsman for surveillance and data collection. Of these data, about 94 percent were acquired by police and a little over 5 percent by intelligence services. The remaining 0.5 percent of requests were made by other public bodies such as local authorities.42 About half the data requested was subscriber information.
But Sections 67-69 of the IP Act added a “request filter” maintained by the Home Office to the existing process for accessing communications data, which the government characterized as a safeguard to minimize access to “irrelevant data.”43 The Open Rights Group said the filter would automate cross-referencing of complex data sets, pointing out that Parliament had described a similar provision in an earlier bill as “essentially a federated database of all UK citizens’ communications data.”44
In one problematic provision, the IP Act enables the government to order companies to decrypt content, though how far companies will be willing or able to comply remains unclear.45 Under Section 253, technical capability notices could be used to impose obligations on telecommunications operators both inside and outside the country “relating to the removal…of electronic protection applied by or on behalf of that operator to any communications or data,” among other requirements. The approval process for issuing a technical capability notice is similar to that of an interception warrant.46 Further regulations governing the notices were under consultation in mid-2017.47
David Anderson, an independent expert appointed by the home secretary to evaluate the operation of counterterrorism law,48 said the IP Act had “world-leading” oversight features, though he characterized the double-lock procedure as cumbersome, and recommended that the government publish its own interpretation of technical concepts within the act.49
In general, however, the IP Act has been subject to criticism from industry, civil rights groups, and the wider public. Multiple stakeholders had taken issue when it was still a draft bill. Apple argued that weakening encryption would weaken individual security.50 More than 200 lawyers called the bill “not fit for purpose.”51 The United Nations’ Special Rapporteur for Privacy, Joseph Cannataci, recommended that “disproportionate, privacy-intrusive measures such as bulk surveillance and bulk hacking as contemplated in the Investigatory Powers Bill be outlawed.”52 Criticisms continued to be reported in the media after the bill became law, particularly regarding the range of powers authorized and the legalization of bulk surveillance.53
Bulk surveillance is a particular issue in the UK context because intelligence agencies developed secret bulk programs under other laws that bypassed oversight mechanisms and means of redress for affected individuals. These programs have affected an untold number of people within the UK, even if they were meant to have only foreign targets.
Tempora, a secret surveillance project documented in the Snowden leaks, is one example. A number of other legislative measures authorize surveillance,54 including the Regulation of Investigatory Powers Act 2000 (RIPA).55 (RIPA was not repealed by the IP Act, though many of RIPA’s competences are now transferred to the newer legislation.) A clause within Part I allowing the foreign or home secretary to sign off on bulk surveillance of communications data arriving from or departing to foreign soil provided the legal basis for Tempora.56 Since the UK’s fiber-optic network often routes domestic traffic through international cables, this provision legitimized widespread surveillance over UK citizens.57 Working with telecom companies, GCHQ installed intercept probes at the British landing points of undersea fiber-optic cables, giving the agency direct access to data carried by hundreds of cables, including private calls and messages.58 The arrangement allowed GCHQ to pass on information to its US counterparts in the NSA regarding U.S. citizens, thereby bypassing American restrictions on domestic surveillance.59 Documents leaked by Snowden and published by The Intercept in 2015 revealed that systems set up to process that information in the UK included an operation designed to record the website browsing habits of “every visible user on the internet.”60
A government tribunal has ruled that sharing of information intercepted from internet communications between GCHQ and the NSA was lawful after some of the procedures were publicly disclosed, but that the activity violated European human rights standards prior to that public disclosure, between 2007 and 2014.61 The Investigatory Powers Tribunal was established under RIPA to adjudicate issues regarding government surveillance. It also found procedural irregularities in the retention of communications intercepted from Amnesty International and the South Africa-based Legal Resources Center, though it found that the interception itself was lawful.62 In early 2016, the Tribunal ruled that computer network exploitation carried out by GCHQ was in principle lawful within the limitations in the European Convention of Human Rights.63 The tribunal also noted that network exploitation is legal if the warrant is as specific and narrow as possible.
Other issues relating to bulk surveillance were still being adjudicated during the reporting period. In July 2016, the Investigatory Powers Tribunal gave a partial ruling that bulk data collection by Britain’s three intelligence agencies GCHQ, MI5, and MI6, was unlawful from March 1998 until the practice was avowed in November 2015.64 That practice had been authorized under Section 94 of the Telecommunications Act 1984, which the Interception of Communications Commissioner described in June 2016 as lacking “any provision for independent oversight or any requirements for the keeping of records.”65 The Tribunal also said that the use of bulk personal datasets by GCHQ and MI5, commencing from 2006, were likewise unlawful until avowed in March 2015. The datasets contained personal information that could include financial, health, and travel information as well as communications details.66 A hearing on the legality of foreign access to such information was still pending in mid-2017.
In December 2016, a European court separately ruled against one of the laws which preceded the IP Act. The government passed the temporary UK Data Retention and Investigatory Powers Act (DRIPA) in July 2014, requiring telecommunication companies to retain users’ metadata for up to 12 months.67 The legislation was a hurried response to a ruling by the Court of Justice of the European Union (CJEU) which struck down a European data retention directive68 requiring providers to retain user metadata for 18 months.69 Its scheduled expiration at the end of 2016 was part of the impetus for the swift passage of the IP Act, which mirrors much of the powers encapsulated by DRIPA, and in certain instances goes further than its predecessor.
Those powers have already been ruled as overreaching by the UK courts.70 In 2015, the High Court found that Sections 1 and 2 of DRIPA are unlawful, as they fail to provide clear and concise rules for ensuring that data is accessed for the purpose of serious offenses, and that access is not authorized by a court or other independent body.71 The government appealed the ruling, and the Court of Appeal referred to the CJEU for clarification.72
On December 21, 2016,73 the CJEU held that DRIPA “exceeds the limit of what is strictly necessary and cannot be considered to be justified, within a democratic society.“74 The court stated unequivocally that indiscriminate mass surveillance contravenes EU law, especially the European Charter of Fundamental Rights.75 It remains to be seen how the judiciary will use the judgement of the CJEU as the UK negotiates its exit from the EU.
Intimidation and Violence
There were no reported incidences of violence against internet users for online activities over the coverage period, though cyberbullying, particularly targeting women, is widespread.76 Many reported threats in the past year, including some with political implications; some assailants were prosecuted (see “Prosecutions and Detentions for Online Activities”).
One study reported an increase in abusive comments targeting politicians on Twitter, peaking on the day of the EU referendum.77 News reports said hate crime against minorities increased after the vote to leave, which was driven in part by campaigns which depicted immigration as a threat to the British way of life. One analysis of cyberbullying in different parts of the UK found that regions with high levels of online hate speech or racial intolerance did not necessarily vote with the Leave campaign, and said other issues were also driving the trend.78
Nongovernmental organizations, media outlets, and activists are not generally targeted for technical attacks by government or nonstate actors. Financially motivated fraud and hacking continue to present a challenge to authorities and the private sector. Incidents of cyberattacks have increased in recent years. Observers also question the security of devices connected to the network, known as the Internet of Things.79
One technical attack affecting public infrastructure had a significant impact on citizens. In May 2017, the National Health Service suffered a ransomware attack in 40 organizations, effectively barring workers from patient case files.80 The ransomware encrypts a device, making any files that are not backed up unavailable, and demands payment to restore access. In this case, the attackers demanded GBP 233 (USD 300) per infected machine, with the price doubling in three days, and all files being lost after seven.81 The ransomware did not target the NHS, but exploited a vulnerability in Microsoft’s implementation of the Server Message Block protocol, which manages communications through a network. The attack had severe consequences, with delays and disruption to NHS services, denying essential services to vulnerable individuals.82
- 1. Oliver Wright, “David Cameron to ‘scrap’ Human Rights Act for new ‘British Bill of Rights,’” The Independent, Oct. 1, 2014, http://www.independent.co.uk/news/uk/politics/conservative-party-confer….
- 2. Samuel Obsborne, http://www.independent.co.uk/news/uk/politics/conservative-manifesto-uk….
- 3. BBC News, “Theresa May: Human rights laws could change for terror fight” BBC News, June 7, 2017, http://www.bbc.co.uk/news/election-2017-40181444.
- 4. Adam Wagner, “Public insults to be legalised but grossly offensive messages still criminal”, The UK Human Rights Blog, https://ukhumanrightsblog.com/2013/01/15/public-insults-to-be-legalised…; See also CPS guidance on the offence: http://www.cps.gov.uk/legal/p_to_r/public_order_offences/#Section_5.
- 5. Ministry of Justice and The Rt Hon Chris Grayling MP, “Internet trolls to face 2 years in prison,” Gov.uk, Press Release, Oct. 20, 2014, https://www.gov.uk/government/news/internet-trolls-to-face-2-years-in-p….
- 6. These offenses were previously confined to the magistrates' courts, but the new law, effective in England and Wales as of April 13, 2015, allows the crown court to hear the more serious offenses, since it can issue higher prison sentences. The changes also extended the time limit to bring charges for these offenses to three years from the date of the offense. See, “’Revenge porn’ illegal under new law in England and Wales,” BBC, February 12, 2015, http://www.bbc.co.uk/news/uk-31429026; “Internet trolls face up to two years in jail under new laws,” BBC, October 19, 2014, http://www.bbc.co.uk/news/uk-29678989; Ministry of Justice and The Rt Hon Chris Grayling MP, “Internet trolls to face 2 years in prison,” Gov.uk, Press Release, October 20, 2014, https://www.gov.uk/government/news/internet-trolls-to-face-2-years-in-p….
- 7. Claire Overman and Andrew Wheelhouse, “Papa Don’t Preach (You May be Found Guilty of Hate Speech),” Oxford Human Rights Hub, March 22, 2016, http://ohrh.law.ox.ac.uk/papa-dont-preach-you-may-be-found-guilty-of-ha….
- 8. CPS, “Guidelines on prosecuting cases involving communications sent via social media,” http://www.cps.gov.uk/legal/a_to_c/communications_sent_via_social_media/.
- 9. “Guidelines on prosecuting cases involving communications sent via social media,” Crown Prosecution Service, amended October 2014, www.parliament.uk/documents/lords-committees/communications/socialmedia…; Owen Bowcott, “Revenge porn could lead to 14-year-sentence, new guidelines clarify,” The Guardian, October 7, 2014, www.theguardian.com/law/2014/oct/07/revenge-porn-14-year-sentence-cps-g….
- 10. CPS, “New guidelines published on the prosecution of those who abuse victims online,” March 3, 2016, http://www.cps.gov.uk/news/latest_news/new_guidelines_published_on_the_….
- 11. David Barrett, “Faking social media accounts could lead to criminal charges” The Telegraph, March 3, 2016 http://www.telegraph.co.uk/news/uknews/crime/12180782/Faking-social-med….
- 12. Crown Prosecution Service, “CPS publishes new social media guidance and launches Hate Crime consultation,” 10 October 2016, www.cps.gov.uk/news/latest_news/cps_publishes_new_social_media_guidance…
- 13. Intellectual Property Office, “Summary of responses: Consultation on changes to the penalties…,” http://bit.ly/2fzuCGw.
- 14. Intellectual Property Office, “Criminal Sanctions for Online Copyright Infringement: Government Consultation Response,” http://bit.ly/1putial.
- 15. Judicial Statistics, 2015: Issued defamation claims down by 40%, the second lowest number since 1992, https://inforrm.wordpress.com/2016/06/04/judicial-statistics-2015-issue….
- 16. What Do They Know, “Social Media Abuse,” https://www.whatdotheyknow.com/request/social_media_abuse#incoming-5792….
- 17. http://www.met.police.uk/foi/pdfs/disclosure_2016/may_2016/201603000136…
- 18. In the clip, Meecham states that “My girlfriend is always ranting and raving about how cute her dog is so I thought I would turn her into the least cute thing you could think of which is a Nazi.” http://www.dailyrecord.co.uk/news/scottish-news/police-arrest-nazi-dog-…
- 19. Vikram Dodd, “Anjem Choudary jailed for five-and-a-half years for urging support of Isis,” The Guardian, September 6, 2016, https://www.theguardian.com/uk-news/2016/sep/06/anjem-choudary-jailed-f….
- 20. Press Association, “Man arrested over tweet urging someone to 'Jo Cox' MP Anna Soubry”, The Guardian, December 4, 2016, https://www.theguardian.com/uk-news/2016/dec/04/man-arrested-over-tweet…
- 21. “Anna Soubry: Man sentenced for Jo Cox tweet,” BBC News, June 7, 2017, http://www.bbc.com/news/uk-england-nottinghamshire-40171681; Isaac Ashe, “Man convicted for sending Twitter threat to Anna Soubry,” Nottingham Post, June 7, 2017, http://www.nottinghampost.com/man-convicted-for-sending-twitter-death-t….
- 22. Adam Lusher, “Aristocrat in court accused of threatening Gina Miller and calling her a 'troublesome first generation immigrant,'”The Independent, May 2, 2017, http://www.independent.co.uk/news/uk/home-news/aristocrat-viscount-st-d….
- 23. Gordan Rayner, “Second man arrested over alleged racist abuse of Brexit court challenger Gina Miller,” The Telegraph, January 25, 2017, http://www.telegraph.co.uk/news/2017/01/25/second-man-arrested-alleged-….
- 24. James Temperton, “Second arrest made in the online abuse case of Brexit campaigner Gina Miller,” Wired, January 25, 2017, http://www.wired.co.uk/article/gina-miller-abuse-twitter-facebook-arres….
- 25. Will Lodge, “Dad who called Walton headteacher ‘child abuser’ on Facebook given a restraining order,” East Anglian Daily Times, June 17, 2016, http://www.eadt.co.uk/news/dad-who-called-walton-headteacher-child-abus…
- 26. Rob Kennedy, “Man in hospital posts racist Facebook messages about nurse treating him - during his stay,” Daily Mirror, September 19, 2016, http://www.mirror.co.uk/news/uk-news/man-hospitalised-overdose-posts-ra….
- 27. Nick Enoch and Rachael Burford, “Two arrested over Facebook and YouTube video of Koran burning amid spate of race attacks in wake of London and Manchester terror attacks,” Daily Mail, June 8, 2017, http://www.dailymail.co.uk/news/article-4583850/Two-arrested-shocking-v….
- 28. “Man arrested after posting pictures of Grenfell Tower 'body' on social media,” The Telegraph, June 15, 2017, http://www.telegraph.co.uk/news/2017/06/15/man-arrested-posting-picture….
- 29. Steekpike, Laurie Penny defends war memorial vandalism at anti-Tory march, The Spectator, https://blogs.spectator.co.uk/2015/05/laurie-penny-defends-war-memorial…
- 30. Monroe v Hopkins  EWHC 433 (QB) https://www.judiciary.gov.uk/judgments/judgment-monroe-v-hopkins/
- 31. UK Home Office, “Investigatory Powers Bill,” March 1, 2016, https://www.gov.uk/government/collections/investigatory-powers-bill.
- 32. Ewan MacAskill, 'Extreme surveillance' becomes UK law with barely a whimper, The Guardian, November 19, 2016 https://www.theguardian.com/world/2016/nov/19/extreme-surveillance-beco…
- 33. The legislation may be viewed in full at: http://www.legislation.gov.uk/ukpga/2016/25/contents/enacted.
- 34. Equipment Interference Factsheet, https://www.gov.uk/government/uploads/system/uploads/attachment_data/fi…
- 35. Part 7, http://www.legislation.gov.uk/ukpga/2016/25/part/7/enacted
- 36. Bulk Personal Datasets, Factsheet, https://www.gov.uk/government/uploads/system/uploads/attachment_data/fi…
- 37. Prime Minister’s Office, “Investigatory Powers Commissioner appointed: Lord Justice Fulford,” press release, https://www.gov.uk/government/news/investigatory-powers-commissioner-ap….
- 38. Section 18, http://www.legislation.gov.uk/ukpga/2016/25/section/18/enacted.
- 39. Communications data is “attached to or logically associated with” a communication, “but does not include any content.” See Section 261, http://www.legislation.gov.uk/ukpga/2016/25/section/261/enacted.
- 40. The Act defines an “internet connection record” as communications data which “(a) may be used to identify, or assist in identifying, a telecommunications service to which a communication is transmitted by means of a telecommunication system for the purpose of obtaining access to, or running, a computer file or computer program, and (b)comprises data generated or processed by a telecommunications operator in the process of supplying the telecommunications service to the sender of the communication (whether or not a person).”
- 41. Protection of Freedoms Act 2012, http://www.legislation.gov.uk/ukpga/2012/9/enacted.
- 42. Rt Hon Sir Anthony May, 2014 Annual Report of the Interception of Communications Commissioner (London: House of Commons), March 201,5 http://www.iocco-uk.info/docs/IOCCO%20Report%20March%202015%20%28Web%29….
- 43. Request Filter Factsheet, https://www.gov.uk/government/uploads/system/uploads/attachment_data/fi…; http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidenc… .
- 44. Javier Ruiz, “The Request Filter will turn your personal records into a police database,” Open Rights Group, June 03, 2016, https://www.openrightsgroup.org/blog/2016/the-ipb-request-filter-needs-….
- 45. Natasha Lomas, “Could the UK be about to break end-to-end encryption?” TechCrunch, May 27, 2017, https://techcrunch.com/2017/05/27/could-the-uk-be-about-to-break-end-to….
- 46. Section 253, http://www.legislation.gov.uk/ukpga/2016/25/section/253/enacted
- 47. Open Rights Group, “Home Office Consultation: Investigatory Powers (Technical Capability) Regulations 2017,” https://www.openrightsgroup.org/ourwork/reports/home-office-consultatio….
- 48. David Anderson, “A Question of Trust,” June 11, 2015, https://terrorismlegislationreviewer.independent.gov.uk/wp-content/uplo….
- 49. David Anderson QC, The Investigatory Powers Act 2016 – an exercise in democracy, December 3, 2016 https://terrorismlegislationreviewer.independent.gov.uk/the-investigato…. Anderson was succeeded by Max Hill, QC, in March 2017.
- 50. Apple Inc and Apple Distribution International – Written Evidence (IPB0093) accessed at http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidenc….
- 51. “Investigatory powers bill not up to the task”, The Guardian, March 14, 2016, http://www.theguardian.com/law/2016/mar/14/investigatory-powers-bill-no…; https://www.theguardian.com/world/2016/mar/14/investigatory-powers-bill….
- 52. Joseph Cannataci, “Report of the Special Rapporteur on the right to privacy,” OHCHR, March 8, 2016, http://www.ohchr.org/Documents/Issues/Privacy/A-HRC-31-64.doc at para. 39.
- 53. Andrew Griffin, Investigatory Powers Act goes into Force, Putting UK Citizens under Intense New Spying Regime The Independent, December 31, 2016 https://www.independent.co.uk/life-style/gadgets-and-tech/news/investig…
- 54. “Surveillance Road Map: A Shared Approach to the Regulation of Surveillance in the United Kingdom,” ICO, February 14, 2014, http://ico.org.uk/~/media/documents/library/Corporate/Practical_applica….
- 55. RIPA, http://www.legislation.gov.uk/ukpga/2000/23/contents; “Explanatory Notes” to RIPA, http://www.legislation.gov.uk/ukpga/2000/23/notes/contents.
- 56. Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davies & James Ball, “GCHQ taps fibre‐optic cables for secret access to world’s communications,” The Guardian, June 21, 2013, http://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-comm….
- 57. Nick Hopkins, “NSA and GCHQ spy programmes face legal challenge,” The Guardian, July 8, 2013, http://www.theguardian.com/uk-news/2013/jul/08/nsa-gchq-spy-programmes-….
- 58. Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davies and James Ball, “GCHQ taps fibre-optic cables for secret access to world's communications,” The Guardian, June 21, 2013, https://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-com….
- 59. Nick Hopkins & Luke Harding, “GCHQ accused of selling its services after revelations of funding by NSA,” The Guardian, August 2, 2013, http://www.theguardian.com/uk-news/2013/aug/02/gchq-accused-selling-ser….
- 60. https://theintercept.com/2015/09/25/gchq-radio-porn-spies-track-web-use…
- 61. Owen Boycott, “UK-US surveillance regime was unlawful ‘for seven years,’” The Guardian, February 6, 2015, http://www.theguardian.com/uk-news/2015/feb/06/gchq-mass-internet-surve….
- 62. Investigatory Powers Tribunal, “IPT to Liberty and Others,” July 1, 2015, http://www.ipt-uk.com/docs/IPT_to_Liberty_Others.pdf; Owen Bowcott, “GCHQ's surveillance of two human rights groups ruled illegal by tribunal,” The Guardian, June 22, 2015, http://www.theguardian.com/uk-news/2015/jun/22/gchq-surveillance-two-hu….
- 63.  UKIP Trib 14_85-CH Privacy International v. Secretary of State for the Foreign and Commonwealth Office et al.
- 64. Privacy International v Secretary of State of Foreign and Commonwealth Affairs  UKIPTrib 15_110-CH. Available at: http://www.ipt-uk.com/docs/Bulk_Data_Judgment.pdf
- 65. http://www.iocco-uk.info/docs/56208%20HC33%20WEB.pdf
- 66. Matt Burgess, “,MI6, MI5 and GCHQ 'unlawfully collected private data for 10 years'” Wired, October 17, 2016, http://www.wired.co.uk/article/uk-collect-data-unlawful
- 67. Andrew Grice, “Emergency data law: David Cameron plots to bring back snoopers’ charter,” The Independent, July 11, 2014, http://www.independent.co.uk/news/uk/politics/emergency-data-law-govern….
- 68. C-293/12, Digital Rights Ireland v Minister for Communications.
- 69. The Retention of Communications Data (Code of Practice) Order 2003: http://www.legislation.gov.uk/uksi/2003/3175/made; The Data Retention (EC Directive) Regulations 2009 (SI 2009 No. 859), April 2, 2009, http://www.legislation.gov.uk/ukdsi/2009/9780111473894.
- 70. Liberty, Campaigning for No Snoopers’ Charter, https://www.liberty-human-rights.org.uk/campaigning/no-snoopers-charter.
- 71.  EWHC 2092 (Admin)
- 72. Secretary of State v Davis & Watson  EWCA Civ 1185
- 73. Joined Cases C-203/15 and C-698/15 Tele2 Sverige AB v Post- och telestyrelsen and Secretary of State for the Home Department v Tom Watson http://curia.europa.eu/juris/liste.jsf?num=C-203/15
- 74. Para 107.
- 75. Para 97.
- 76. Sandra Laville, “Top tech firms urged to step up online abuse fightback,” The Guardian, April 11, 2016, https://www.theguardian.com/technology/2016/apr/11/facebook-twitter-goo….
- 77. William Eichler, “Brexit vote marked ‘high point’ of online abuse to MPs, research reveals,” LocalGov, May 23, 2017, https://www.localgov.co.uk/Brexit-vote-marked-high-point-of-online-abus….
- 78. Ditch The Label, “,Cyberbullying and Hate Speech” https://www.ditchthelabel.org/research-papers/cyberbullying-and-hate-sp….
- 79. Andrew Meola, “How the Internet of Things will affect security & privacy,” Business Insider, August 24, 2016, http://www.businessinsider.com/internet-of-things-security-privacy-2016….
- 80. BBC News, NHS cyber-attack: GPs and hospitals hit by ransomware, 13 May 2017, http://www.bbc.co.uk/news/health-39899646.
- 81. Damien Gayle, Alexandra Topping, Ian Sample, Sarah Marsh and Vikram Dodd, “NHS seeks to recover from global cyber-attack as security concerns resurface”, The Guardian, May 13, 2017, https://www.theguardian.com/society/2017/may/12/hospitals-across-englan….
- 82. Shireen Khalil, WannaCrypt cyber-attack continues to impact NHS trusts Digital Health, May 19, 2917, https://www.digitalhealth.net/2017/05/wannacry-impact-ongoing-one-week/.
On United Kingdom
See all data, scores & information on this country or territory.See More
Global Freedom Score94 100 free
Internet Freedom Score78 100 free