Thursday, July 20, 2017

CJEU AG opinion in Peter Nowak v Data Protection Commissioner

Students are going to like this one. Lily livered, liberal, commie, Brexit hating, elitist, expert, EU & CJEU & human rights loving, ivory towered, [insult of choice] academics, a constituency the scars of which yours truly can display two decades plus residency of, possibly not quite so much. Educational bureaucrats may well spurt their morning tea into their cornflakes on noticing tomorrow morning's headlines relating the news.

The Advocate General of the European Court of Justice has decided, in Case C‑434/16, Novak v Irish Data Protection Commissioner, that exam scripts are classifiable as personal data under the data protection directive 95/46/EC.

Mr Novak failed the Strategic Finance and Management Accounting examination of the Chartered Accountants of Ireland (CAI) on four occasions. In the end he decided to submit a subject access request for all personal data held by the CAI, with the intention of getting hold of his exam scripts. CAI refused to hand over the scripts, so he complained to the data protection commissioner. The commissioner declared the scripts to be outside the scope of what constituted personal data.

And so it was onward to the courts and eventually the Irish Supreme Court referred the matter to the Court of Justice, requesting a response to the following questions:
‘(1)      Is information recorded in/as answers given by a candidate during a professional examination capable of being personal data within the meaning of Data Protection Directive?
(2)      If the answer to Question 1 is that all or some of such information may be personal data within the meaning of the Directive, what factors are relevant in determining whether in any given case such script is personal data, and what weight should be given to such factors?’
In accordance with Article 2(a) of the data protection directive, ‘personal data’ means any information relating to an identified or identifiable individual. So it has a very wide scope.

In paragraphs 19 to 28 of her opinion, AG Kokott today clearly disagrees with the decision of the Irish Data Protection Commissioner not to support Mr Novak's perspective. The logic underpinning that opinion is clear from paragraph 24:
"24.      However, in every case, the aim of an examination — as opposed, for example, to a representative survey — is not to obtain information that is independent of an individual. Rather, it is intended to identify and record the performance of a particular individual, i.e. the examination candidate. Every examination aims to determine the strictly personal and individual performance of an examination candidate[emphasis added] There is a good reason why the unjustified use in examinations of work that is not one’s own is severely punished as attempted deception. 
25.      Consequently, an examination script incorporates information about the examination candidate and is in that sense a collection of personal data. [emphasis added]
26.      That this is the correct conclusion is also shown, moreover, in the fact that an examination candidate has a legitimate interest, based on the protection of his private life, in being able to object to the processing outside the examination procedure of the examination script ascribed to him. An examination candidate does not have to accept that his script can be disclosed to third parties or published without his permission.
27.      Contrary to the argument of the Irish Data Protection Commissioner, the personal data incorporated in an examination script is not confined to the examination result, the mark achieved or even points scored for certain parts of an examination. That marking merely summarises the examination performance, which is recorded in detail in the examination script itself.

28.      The classification of an examination script as incorporating personal data is not affected if, instead of bearing the examination candidate’s name, the script has an identification number or bar code. Under Article 2(a) of the Data Protection Directive, it is sufficient for the existence of personal information that the data subject may at least be indirectly identified. (6) Thus, at least where the examination candidate asks for the script from the organisation that held the examination, that organisation can identify him by means of the identification number."
AG Kokott is very clear that exam scripts are personal data. She also notes the importance of handwriting:
"29.      Mr Nowak, Poland and the Czech Republic also rightly argue that answers that are handwritten contain additional information about the examination candidate, namely about his handwriting. A script that is handwritten is thus, in practice, a handwriting sample that could at least potentially be used at a later date as evidence to determine whether another text was also written in the examination candidate’s writing. It may thus provide indications of the identity of the author of the script.
30.      The question whether such a handwriting sample is a suitable means of identifying the writer beyond doubt is of no importance for its classification as personal data. Many other items of personal data are equally incapable, in isolation, of allowing the identification of individuals beyond doubt. For that reason, neither is it necessary to determine whether the handwriting should be regarded as biometrical information."  
I'm a skeptic on handwriting analysis, so interested to see she refers to the potential practice of the use of handwriting analysis being the determinative factor here, rather than whether it has any legitimacy as a forensic tool.

Next up she tackles Ireland's concern that section 12(b), relating to the right to rectification of inaccurate data, will be used by unscrupulous students to demand incorrect answers to exams be declared correct. She beings by pointing out in paragraphs 32 to 34 that:
"32.      First, it must be remembered that the issue of right of access is only secondary in this case, where the main issue is in fact the interpretation of the concept of ‘personal data’... 
34.      Therefore, the classification of information as personal data cannot be dependent on whether there are specific provisions about access to this information which might apply in addition to the right of access or instead of it[emphasis added] Further, neither can problems connected with the right of rectification be decisive in determining whether there exists personal data. If those factors were regarded as determinative, certain personal data could be excluded from the entire protective system of the Data Protection Directive,[emphasis added] even though the rules applicable in their place do not ensure equivalent protection but fragmentary protection at best."
So, even if there were to be hypothetical problems with what someone might do with the personal data once they gain access to it, that cannot be used as an excuse to exclude access.

On the right to rectification of inaccurate data in this context again she is clear:
"35.      However, if one concentrates on the right of access and the issue of rectification, it must be recognised that in relation to an examination script this right clearly cannot be claimed in order, subsequent to obtaining that access, to demand rectification, pursuant to Article 12(b) of the Data Protection Directive, of the contents of the script, i.e. the solution written down by the examination candidate. [emphasis added] (9) As Poland has rightly emphasised, the accuracy and completeness of personal data pursuant to Article 6(1)(d) must be judged by reference to the purpose for which the data was collected and processed. The purpose of an examination script is to determine the knowledge and skills of the examination candidate at the time of the examination, which is revealed precisely by his examination performance and particularly by the errors in the examination. The existence of errors in the solution does not therefore mean that the personal data incorporated in the script is inaccurate.
36.      However, rectification would be conceivable if it were the case that the script inaccurately or incompletely recorded the examination performance of the data subject. For example, such a situation would arise if — as observed by Greece — the script of another examination candidate had been ascribed to the data subject, [emphasis added] which could be shown by means of, inter alia, the handwriting, or if parts of the script had been lost."
Next up comes the section of the decision - paragraphs 42 to 50 - that exams administrators, especially, are going gnash multitudes of molars on. The Irish Data Protection Commissioner, with the support of the Czech Republic, attempted to have Mr Novak's claim classed as abusive because he didn't follow the requisite procedures laid down for checking exam results. Instead he tried to bypass those procedures and get the information he wanted via data protection legislation.

Now anyone who has spent even a short time working in the education sector will tell you that it is a mortal sin, in the land of educational administrators, to attempt to circumvent their inviolable procedures. Forms must be filled in, boxes must be ticked and procedures must be followed. Even when those procedures are mutually exclusive and diametrically opposed. Exams procedures, in particular, are absolutely sacrosanct. In fairness to the exams zombies, this is often for good reasons - to protect the integrity of the institution, the exams and the interests of the students. But they are, nevertheless, sacrosanct, even if, over the generations, they evolve primarily to serve the interests of the examination bureaucracy.

AG Kokott does not see that Mr Novak was attempting, improperly or fraudulently, to take advantage of provisions of EU law, to gain access to scripts. After all, if he could otherwise have obtained access through exams procedures, why should he be considered to be engaged in abusive exploitation of data protection regulations, just to get access to the same information?
"45.      If examination scripts incorporate personal data, according to the pleadings of the Data Protection Commissioner and Ireland, a misuse of the aim of the Data Protection Directive would arise in so far as a right of access under data protection legislation would allow circumvention of the rules governing the examination procedure and objections to examination decisions.
46.      However, any alleged circumvention of the procedure for the examination and objections to the examination results via the right of access laid down by data protection legislation would have to be dealt with using the provisions of the Data Protection Directive. In that regard, Article 13 in particular comes to mind, which allows for exceptions to the right of access to be established to protect certain interests specified therein.
47.      To the extent that these grounds do not justify exceptions in certain situations, as may be the case in connection with examinations, it must be recognised that the legislature has given precedence to the data protection requirements which are anchored in fundamental rights over any other interests affected in a specific instance.
48.      However, it should be pointed out that the General Data Protection Regulation, which will apply in the future, resolves this tension. First, under Article 15(4) of the regulation, the right to obtain a copy of personal data is not to adversely affect the rights and freedoms of others. Second, Article 23 of the regulation sets out the grounds for a restriction of data protection guarantees in slightly broader terms than Article 13 of the Directive, since, in particular, protection of other important objectives of general public interest of the Union or of a Member State pursuant to Article 23(1)(e) of the regulation may justify restrictions.
49.      On the other hand, the mere existence of other national legislation that also deals with access to examination scripts is not sufficient to allow the assumption that the purpose of the Directive is being misused.
50.      However, even if one wished to assume misuse of purpose, it is still not apparent where the undue advantage lies if an examination candidate were to obtain access to his script via his right of access. In particular, no abuse can be identified in the fact that someone obtains information via the right of access which he could not otherwise have obtained. If there were already access to personal information, the introduction of a right of access under data protection law would not have been required. It is instead the task of the right to access under data protection legislation to make available to the person concerned — subject to the exceptions provided for in Article 13 of the Data Protection Directive — access to his own data, where otherwise no right of access exists."
The unuttered assumption, of course, is that Mr Novak would have had access to the information he was requesting under the requisite exams procedures or other national legislation. Even if there was a clash in relation to degree of access then, as paragraph 47 insists "data protection requirements which are anchored in fundamental rights over any other interests affected in a specific instance" take precedence. The AG is optimistic (para 48) that the GDPR will resolve any such tension in the future. I can't share that optimism until the scope and boundaries of articles 15(4) and 23 become more clearly defined in practice when such clashes do arise, in the wake of the GDPR implementation in May 2018.

That part of the analysis complete the AG declares in paragraph 51 that
"51.      In brief, it can be concluded that a handwritten examination script capable of being ascribed to an examination candidate constitutes personal data within the meaning of Article 2(a) of the Data Protection Directive."
She next tackles the question of examiner's corrections on an exam script in paragraphs 52 to 65. In particular she notes that it is a question for the Irish data protection commissioner whether the examiner's comments corrections are information about Mr Novak:
"53.      However, an answer to this question is not necessary for a decision in the main proceedings since it is not at issue whether any such corrections constitute information about Mr Nowak. Rather, the subject matter of the proceedings is whether the then Irish Data Protection Commissioner was entitled to dismiss the complaint submitted by Mr Nowak on the ground that his examination script was a priori not personal data. The extent to which corrections should also be regarded as data relating to the examination candidate would have to be ruled upon not by the Supreme Court but rather, should the action be successful, at first instance by the present Irish Data Protection Commissioner."
Having said it is a question for the DPC she, nevertheless, goes on to opine that examiner's corrections are information about an examination candidate, as well as the examiner's own personal data.
"61.      Nonetheless, the purpose of comments is the evaluation of the examination performance and thus they relate indirectly to the examination candidate. The organisation holding the examination is also able to identify the candidate without difficulty and link him with the corrections once it receives the marked script back from the examiner.
62. general, comments on an examination script are typically inseparable from the script itself ... because they would not have any informative value without it. However, the script itself incorporates, as previously stated, personal data of the examination candidate. The purpose of collecting and processing this data is precisely to permit the evaluation of the examination candidate’s performance as incorporated in the examiner’s corrections.
63.      Precisely because of that close link between the examination script and any corrections made on it, the latter also are personal data of the examination candidate pursuant to Article 2(a) of the Data Protection Directive.
65.      It should be mentioned for the sake of completeness that corrections made by the examiner are, at the same time, his personal data. His rights are an appropriate basis in principle for justifying restrictions to the right of access pursuant to Article 13(1)(g) of the Data Protection Directive if they outweigh the legitimate interests of the examination candidate. However, the definitive resolution to this potential conflict of interests is likely to be the destruction of the corrected script once it is no longer possible to carry out a subsequent check of the examination procedure because of the lapse of time."
AG Kokott then briefly addresses additional requirements on the application of the data protection directive and its facilitation of restrictions on the right to information.
"67.      However, no questions have been raised about these additional requirements and restriction options and therefore the Court need not address them. It would also appear that their consideration is not necessary in order for the Supreme Court to be able to rule on whether the then Irish Data Protection Commissioner was right to refuse further examination of the complaint made by Mr Nowak.
She finally concludes:
"70.      I therefore propose that the Court should rule as follows:
A handwritten examination script capable of being ascribed to an examination candidate, including any corrections made by examiners that it may contain, constitutes personal data within the meaning of Article 2(a) of Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data."
So it would appear that the Irish Supreme Court will be obliged to rule that the then Irish Data Protection Commissioner was not entitled to dismiss the complaint submitted by Mr Nowak, on the ground that his examination script was a priori not personal data.

As it is the Advocate General's opinion only, it remains advisory and it will be interesting to see if the the Court of Justice comes to the same conclusions. The Court often takes a strong lead from the AG Educational institutions, exams administrators in particular, would do well to take note.

Tuesday, May 23, 2017

Thoughts on our response to terrorism

Earlier today I posted a collection of thoughts on Twitter in response to the tragic bombing attack in Manchester last night. My friend, Tony Hirst, pointed out I had neglected to link them through threading. They are, therefore, reproduced in order below. If we are angry, fearful, sad, vengeful or harboring all of these emotions and more, we should try to focus them on a renewed determination to value our shared humanity and open society based on fundamental rights and the rule of law.

Thursday, May 04, 2017

Hugenholtz on the proposed EU publisher's intellectual property right

Professor Bernt Hugenholtz's 15 minute contribution (starting 3:03:40 into the morning session) at European Copyright - Quo Vadis event at the European University Institute, pointing out the proposed new EU publishing right intended protect news organisations is a fake solution to a very real problem, is well worth viewing.

Prof Hugenholtz recommends his colleague Prof. dr. Mireille M.M. van Eechoud's extremely balanced 65 page report on the issue, A publisher’s intellectual property right: Implications for freedom of expression, authors and open content policies.

Prof van Eechoud has been running a project at IViR, the Institute for Information Law at Amsterdam University, taking a critical look at the proposed introduction of a new intellectual property right for publishers of press publications.

Prof Hugenholtz opens by highlighting the avalanche of negative academic responses to the proposal for the publishing right. It fails the test of being good or making existing regulation better on every count. But he does have some sympathy with the EU officials lumbered with drafting this proposal, most likely under orders from their previous boss, Commissioner Oettinger.

The underlying rationale of finding a way to protect or sustain the news publishing industry which is facing serious decline is a worthy one. That decline constitutes a severe social democratic and economic problem - just witness Trump and fake news amongst the consequences - that academics and others should be investing time and energy in. What truly effective and proportionate means could we come up with to enable sustainable, independent news organisations that challenge and speak truth to power?

Thursday, April 27, 2017

To the Open University Foxcombe Hall-ers who cared, thank you

Tomorrow, Friday, 28 April, 2017, just another day in the calendar for many, is when the Oxford regional centre of the Open University closes down, permanently.

That arrow near the red brick chimney is pointing at the window of my, now largely bare, office where I'm typing these words.

After 41 years - we moved in in 1976 - the biggest university in the UK is withdrawing from one of the geographic educational heartlands of the globe. The main mansion house on the site was built in the 1880s by the Rev Henry Woods, Bursar and subsequently President of Trinity College Oxford and his wife, Margaret, a highly distinguished literary scholar. The site was sold to Lord Berkeley in 1893 and was a theological college from 1934 to the mid 1970s. Couple of pictures of the inside of the hall from the 1900s -

Because of the OU's funding arrangements the purchase of the site needed high level approval in the department for education and the treasury at the time.

Since then this beautiful setting -

- has been filled with amazing, inspirational, dedicated, deeply caring & knowledgeable people, who transformed the lives of thousands of Open University students. Often at significant personal cost.

The secret of the OU’s success, for most of the past half century or so, has been the goodwill of the staff and the students. This institution has simply been about putting people in touch with people, people who care; and creating, enabling and nurturing the materials, support and conditions for learning, personal development and growth.

The people in Foxcombe Hall, on a daily basis, have engaged in nothing short of societal magic and it has been my real privilege to work with you, know you and call you friends, for the past 22 years. The Open University will be a desperately poorer place without you and this enchanting setting, now to be transformed to no more than a cash asset on a balance sheet.

The regional centre in Leeds is also closing tomorrow. East Grinstead, London, Birmingham and Newcastle have already closed. Bristol and Cambridge will follow shortly. Open University Magic flowed from all those places too.

Whatever you all do in the future - and I can only wish you all the very best of good fortune with it - and no matter how unwise you understand the decision to shut down our regional infrastructure was, no one can ever take away the difference you made, here at the OU.

Thank you for caring.

Note: All colour photos in this post © Peter Thompson, our resident photographer and IT specialist.

Now, somewhat appropriately perhaps, as I consider shutting down this computer and carrying the remainder of my belongings to the car, the heavens outside have opened in something of a deluge...

Tuesday, April 04, 2017

Investigatory Powers Act codes consultation

The Home Office consultation on the Investigatory Powers Act codes of practice is due to close this week at 11.45am on 6 April.

The codes run to 400+ pages of provisions with a number of changes from previous versions and don't exactly constitute the most accessible form of prose you're likely to come across this week (or month or year).

I was planning to contribute to the consultation but the consultation period has been very short (23 Feb to 6 April) and I haven't had the capacity or the time to do so.

At the prompting of the good folks at the Open Rights Group I have therefore written to the Home Office requesting an extension in the consultation period, as below.
I am writing to request an extension in the consultation period and some more detailed explanatory materials for the Investigatory Powers Act Codes of Practice on

·         Interception of communications: draft code of practice
·         National security notices: draft code of practice
·         Bulk acquisition of communications data: draft code of practice
·         Equipment interference: draft code of practice
·         Security and intelligence agencies’ retention and use of bulk personal datasets: draft code of practice

Having followed the passage of the Investigatory Powers Bill through Parliament and contributed to a succession of consultations on it, I continue to hold serious reservations about the powers contained in the Investigatory Powers Act passed last year. Provisions on how the expansive powers contained in the more than 300 pages of the Act are going to work in practice that should have been contained in the text of the Act, have been incorporated, in difficult to interpret language, into the 400 plus pages of the codes of practice.

I would like to make a contribution to this consultation but it will not be possible for me to do so before the closing date of 6 April.

I respectfully request that the consultation period be extended by at least three months and that the Home Office provide some further explanatory information about how it is intended that these codes of practice be interpreted.

Thank you.

Yours sincerely,

Ray Corrigan

Wednesday, March 01, 2017

Aircraft windscreens, 3 phase supplies and the power of algebra

Many moons ago I worked on development type testing of aircraft. It meant I got to break bits of airplanes for a living, by building specially tailored flight simulation rigs and testing the parts to destruction. Fun.

One of the components I did a lot of testing on were both military and commercial airliner windscreens and canopies. Before they are allowed anywhere near a flying machine, prototype designs are subject to bird strike, hailstone impact, pressure, lightning strike, thermal shock, chemical resistance and a significant range of other tests to ensure they can comfortably manage operational demands. Typically they will have an operating safety factor of x4. Which means even with the stronger of the two main structural laminates of a windscreen damaged to the point of being completely unable to take any load, the window could still withstand four times standard flight operating pressure.

These things are intentionally vastly over-designed for safety reasons and the testing continues on components passed for flight, to ensure stock rolling off the production line continues to be manufactured to designed and approved standards. Given the broken insecure infrastructure of the internet, the information systems industry has a lot to learn from their counterpart engineers in aerospace.

The average airline passenger would be surprised at both how crude and how complex aircraft windscreens are. They form critical parts of the structure of the plane for a start. Typically they will be laminated, non isotropic, structurally reinforced, electrically heated components, subject to a vast range of three dimensional thermal, structural and corrosive dynamic and shock stress conditions. And they provide an endless stream of challenging, interesting technical problems.

Typically a 3 phase delta connected gold or other metalic thin film is embedded in the window for de-icing purposes. Now being a bit of a techie and fan of maths I occasionally get asked what's the point of algebra, usually off the back of complaints about it being too difficult or useless. Well I do some maths modelling at the Open University summer school structures lab and students click with that because it's done in the context of understanding bridge structures.

The algebra below, though, also had practical application. We had an electrical failure on a windscreen and a critical need to know the actual resistance level of the individual phases of the gold film. Every engineer going through university gets taught the formula for calculating parallel resistances. Unfortunately, we needed to know the resistances of the internal phases of the gold film not the the ones we could read on the meter from the electrical contact points on the exterior of the windscreen. The result was some algebraic manipulation, outlined below, which doesn't appear in the average engineering course to produce the final equations we needed to understand what was going on inside the screen and how far we might push it.

It took a little bit of care and the odd non intuitive jump but it got us out of a hole with the faulty windscreen. I had forgotten the case but came across it again in clearing out my office to move out of Foxcombe Hall which the Open University are sadly closing and have sold to Peking University HSBC Business School.

With luck an engineer or two, stuck on a parallel problem to my compromised windscreen, might trip over this post and save time trying to work out the necessary equations (it took a while) and get to the practical numbers they need to fix their prevailing issue.

Update: The algebra above involved a lot of playing about with letters at the time. The key is getting to equation 10 which is obvious when you see it but the steps to get there, particularly 4,5 and 6 were not initially intuitive to me - I couldn't, at the outset, see where I was going. A friend of mine, Tony Nixon, has developed a terrific game for teaching algebra, using tiddlywinks counters. He teaches people to move the counters around without them realising the rules they are using are those of algebra. The approach is to give people the confidence to mess around with the counters - without the panic induced at the sight of an x or a y (often a result of poor teaching) - whilst knowing that as long as the student follows the rules, each step is legitimate. The trick is then to facilitate the visualisation of the key stages, thereby aiding the process of determining which moves the student is best advised to use to progress towards their solution. In the case of the three phase windscreen problem above, the latter stages probably look more complicated to a student, since they involve keeping track of more letters. Yet all the heavy conceptual lifting is done by the time we reach equations 10 and 11 i.e. the difficult stuff was in determining which moves to make to arrive at a point where the answer essentially falls out.

Friday, November 18, 2016

Irish Senator on election of Donald Trump; and Trump's new gift, the Investigatory Powers Bill

Former Irish junior minister with health, justice and culture briefs, Aodhán Ó Ríordáin, reacted passionately to Donald Trump's election as US President, the seamless normalisation/acceptance of the international community of the new reality and the obsequious behaviour Irish government in particular.

No pulling of punches in this Senate tirade - ..

How are we, Mr Ó Ríordáin asks, supposed to deal with this monster who has just been elected President of America?

It would appear he doesn't believe in calling a spade an earth inverting horticultural implement.

A selection of other highlights...

"America has just selected a fascist and the best thing the good people of Ireland can do is to ring him up and ask him if it's ok to still bring the shamrock on St Patrick's Day. I'm embarrassed by the reaction of the Irish government to what's happened in America"

"Can the government not understand what's happening. We are at an ugly international crossroads. What's happening in Britain is appalling. What's happening across Europe is appalling. It has echoes form the 1930s and America, the most powerful country in the world, has just elected a fascist. And the best you can come out with from a government spokesperson is, well we have to talk about foreign direct investment. We have to be conscious of American investments in Ireland."

"There are 50 thousand Irish people illegal in America who I'm quite sure are fearful of their futures. When are we going to have the moral courage to speak in terms other than economy all the time and to realise what is happening?"

And that's the heart of it really. Power shifts to the scary. The elite, the corporate sector [nothing personal - it's just business], the privileged of every order shift our allegiance to the new masters because we'll be ok if we stay on the right side of those in charge won't we?

None of us pay heed to the warning of Martin Niemöller,
First they came for the Socialists, and I did not speak out—
Because I was not a Socialist.
Then they came for the Trade Unionists, and I did not speak out—
Because I was not a Trade Unionist.
Then they came for the Jews, and I did not speak out—
Because I was not a Jew.
Then they came for me—and there was no one left to speak for me.
Ó Ríordáin continues...

"I am... I am fr-frightened. I am absolutely frightened for what's happening to this world and what's happening to our inability to stand up for it...

I want to ask you leader to ask the Minister for Foreign Affairs into this House and to ask him how we are supposed to deal with this monster who has just been elected President of America; because I don't think any of us, in years to come, should look back on this period and not say that we did everything in our power to call it out for what it is."

Meanwhile UK parliament this week has quietly, without substantive opposition or media interest, passed the most pervasive and invasive mass surveillance legislation in history. The Investigatory Powers Bill is 304 pages of complex permissions for the UK intelligence and security services, police and other public bodies to engage in bulk
  • interception
  • acquisition 
  • retention
of communications data of the entire population and all other communications traversing the UK, access to bulk personal datasets held by other individuals, communities, groups, public services, civil society or economic actors and bulk equipment interference (aka hacking).

The depth and reach of the legislation is quite staggering. That it has been slipped through in the wake of Mr Trump's election really should not escape notice. 

GCHQ, the junior partners of the NSA, shortly itself to come under the control of a short tempered 70 year old toddler ascending to the White House, have now been provided with the legislative surveillance architecture of a police state. Given the close cooperation of the UK and US intelligence services under the Five Eyes arrangement post World War II, that will put this apparatus in the hands of a US President who promised, on the campaign trail, to re-ignite, expand and intensify US engagement in torture.

Slavery, racism, apartheid, the holocaust, rape (a British woman who reported being raped is facing jail in Dubai, right now, after being charged with the crime of engaging in extramarital sex) , homophobia, discrimination of all kinds were and still are legal in some places. Mass surveillance on an unimaginable scale is just about to become legal - pending the mere technicality of Royal Assent - in the UK. That which is legal is not necessarily acceptable in an enlightened and/or civilised society.

How can the UK, with any credibility for example, criticise Russia for blocking LinkedIn because the company refuses to host servers containing personal data of Russia citizens within that jurisdiction, when the Investigatory Powers Act reaches the statute books? They are just, they argue, attempting to protect the privacy of their own people.

Lifelong, genuinely committed intelligence and security services and other government officials, who have supported the expansion of Investigatory Powers Bill type laws on the other side of the Atlantic pond, for years, are nervous about serving in a Trump administration. Can any of the MPs, who were conspicuous by their continual absence from parliamentary debates about the Investigatory Powers Bill but, like well trained puppies, showed up when the division bell ping-ponged, to vote it through its multiple stages, in accordance with party instructions, seriously suggest they would be happy to have these powers in the hands of a dangerous or reckless US president? 

The chairman of the US Nazi party is pleasantly surprised at the president elect's pick for chief White House strategist. The Nazis. As for the opposition in the US congress, the probable minority leader for the Democrats in the US Senate will be Chuck Schumer, a man who reportedly supported the Iraq war, torture and the Patriot Act - the US's original legislative foray into mass surveillance.

Openly racist, homophobic, mysogynist, xenophobic, hate inciting bigots might not be as bad in government as they sounded on the election trail; but we should be very very very wary of smoothly handing them the controls of the infrastructure, the well oiled, indiscriminate, tools and unrestrained tentacles of a an all seeing, all hearing, ubiquitously observing police state. If the temptation to abuse these powers was irresistible when the good guys were in power, what's it going to be like if Trump uses them to follow through with even some of the hateful promises he made in the run up to the election?

Trump is inheriting extraordinary powers. Don't be surprised if he and/or the more extreme elements of his cortege decide to exercise them. As Daniel Miessler and many civil liberties advocates have said for generations, we need to be very careful about building all powerful mass surveillance tools because you never know who is going to get the keys. We gave up our rights under Bush, Blair and their successors because we were told to be scared of terrorism and the other horsemen of the infocalypse. We now bestow the powers decimating those rights to a Donald Trump administration, by proxy, through the US intelligence agencies close relationship with their counterparts in the UK.

Update: An edited version of this post has been published by New Scientist (Registration required for access). New Scientist YouTube video here.